tw.xrex.io Open in urlscan Pro
162.159.153.4 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
Effective URL:
https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
Submission: On November 28 via manual (November 28th 2022, 4:42:04 am UTC) from SG — Scanned from DE

Summary HTTP 111 Redirects Links 81 Behaviour Indicators

Summary

This website contacted 9 IPs in 3 countries across 7 domains to perform 111 HTTP transactions. The main IP is 162.159.153.4, located in and belongs to CLOUDFLARENET, US. The main domain is tw.xrex.io.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on February 8th 2022. Valid for: a year.

This is the only time tw.xrex.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 20	162.159.153.4 162.159.153.4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 70	2606:4700:7::... 2606:4700:7::a29f:9804	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:3865	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	2606:4700:7::... 2606:4700:7::a29f:9904	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2600:1f18:24e... 2600:1f18:24e6:b901:8f0f:876c:e559:f529	14618 (AMAZON-AES) (AMAZON-AES)
2	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
1	108.138.17.81 108.138.17.81	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:20e... 2600:9000:20eb:7800:19:9934:6a80:93a1	16509 (AMAZON-02) (AMAZON-02)
4	2600:9000:206... 2600:9000:206f:c600:11:f728:3040:93a1	16509 (AMAZON-02) (AMAZON-02)
111	9

20 162.159.153.4 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

tw.xrex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

70 2606:4700:7::a29f:9804 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
glyph.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-client.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
miro.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:3865 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2606:4700:7::a29f:9904 (United States)

ASN13335 (CLOUDFLARENET, US)

glyph.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:24e6:b901:8f0f:876c:e559:f529 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

browser-http-intake.logs.datadoghq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.17.81 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-17-81.fra56.r.cloudfront.net

cdn.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20eb:7800:19:9934:6a80:93a1 (United States)

ASN16509 (AMAZON-02, US)

app.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:206f:c600:11:f728:3040:93a1 (United States)

ASN16509 (AMAZON-02, US)

api2.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
82	medium.com 1 redirects medium.com — Cisco Umbrella Rank: 9963 glyph.medium.com — Cisco Umbrella Rank: 23964 cdn-client.medium.com — Cisco Umbrella Rank: 24950 miro.medium.com — Cisco Umbrella Rank: 17345	2 MB
20	xrex.io 1 redirects tw.xrex.io	51 KB
5	branch.io cdn.branch.io — Cisco Umbrella Rank: 965 api2.branch.io — Cisco Umbrella Rank: 592	24 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 84	20 KB
2	datadoghq.com browser-http-intake.logs.datadoghq.com — Cisco Umbrella Rank: 6250	182 B
1	app.link app.link — Cisco Umbrella Rank: 2338	591 B
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1263	6 KB
111	7

	Domain	Requested by
43	cdn-client.medium.com	tw.xrex.io cdn-client.medium.com
25	miro.medium.com	tw.xrex.io
20	tw.xrex.io	1 redirects cdn-client.medium.com
13	glyph.medium.com	tw.xrex.io glyph.medium.com
4	api2.branch.io	cdn-client.medium.com
2	www.google-analytics.com	tw.xrex.io cdn-client.medium.com
2	browser-http-intake.logs.datadoghq.com	cdn-client.medium.com
1	app.link	cdn.branch.io
1	cdn.branch.io	tw.xrex.io
1	static.cloudflareinsights.com	tw.xrex.io
1	medium.com	1 redirects
111	11

This site contains links to these domains. Also see Links.

Domain
medium.com
rsci.app.link
huangwayne.medium.com
www.ithome.com.tw
www.zdnet.com
www.bleepingcomputer.com
www.theregister.com
blockchair.com
www.xrex.io
www.ciphertrace.com
cryptodefendersalliance.com
twitter.com
www.facebook.com
tw.linkedin.com
policy.medium.com
help.medium.com
itunes.apple.com
play.google.com
fb.me
linkedin.com
akshad0088.medium.com
betterhumans.pub
anangsha.medium.com
baos.pub
louierahil.medium.com
sunilc.medium.com
javascript.plainenglish.io
medium.statuspage.io
about.medium.com
blog.medium.com
speechify.com

Subject Issuer	Validity	Valid
tw.xrex.io Cloudflare Inc ECC CA-3	`2022-02-08` - `2023-02-08`	a year	crt.sh
medium.com Cloudflare Inc ECC CA-3	`2022-10-24` - `2023-01-22`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-11` - `2023-05-10`	a year	crt.sh
*.logs.datadoghq.com DigiCert TLS RSA SHA256 2020 CA1	`2022-04-26` - `2023-04-26`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.branch.io Amazon	`2022-10-11` - `2023-11-09`	a year	crt.sh
appipv4.link Amazon	`2022-05-25` - `2023-06-23`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
Frame ID: 9CBA175382840E51C2261BDFC475C93F
Requests: 110 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

仁寶疑中勒索病毒案，贖金錢包今存入約1500萬台幣。11月9日，仁寶傳遭勒索軟體攻擊，但仁寶否認。| XREX Wayne | XREX 台灣

Page URL History Show full URLs

https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc HTTP 307
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Ftw.xrex.io%2Fdoppelpaymer-compal... HTTP 302
https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485... Page URL

Detected technologies

Medium (Blogs) Expand

Overall confidence: 100%
Detected patterns

medium\.com

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Page Statistics

111
Requests

100 %
HTTPS

78 %
IPv6

7
Domains

11
Subdomains

9
IPs

3
Countries

1884 kB
Transfer

4013 kB
Size

11
Cookies

81 Outgoing links

These are links going to different origins than the main page.

URL: https://medium.com/?source=---three_column_layout_nav----------------------------------

Search URL Search Domain Scan URL

URL: https://rsci.app.link/?%24canonical_url=https%3A%2F%2Fmedium.com%2Fp%2Fe0315e485fc&%7Efeature=LoOpenInAppButton&%7Echannel=ShowPostUnderCollection&%7Estage=mobileNavBar&source=---three_column_layout_nav----------------------------------
Title: Open in app

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Ftw.xrex.io%2Fdoppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc&source=post_page---three_column_layout_nav-----------------------three_column_layout_nav-----------
Title: Sign In

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Ftw.xrex.io%2Fdoppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc&source=post_page---three_column_layout_nav-----------------------three_column_layout_nav-----------
Title: Get started

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fme%2Fnotifications&source=---three_column_layout_nav-----------------------notifications_sidenav-----------
Title: Notifications

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fme%2Flists&source=---three_column_layout_nav-----------------------lists_sidenav-----------
Title: Lists

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fme%2Fstories%2Fdrafts&source=---three_column_layout_nav-----------------------stories_sidenav-----------
Title: Stories

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fnew-story&source=---three_column_layout_nav-----------------------new_post_sidenav-----------
Title: Write

Search URL Search Domain Scan URL

URL: https://huangwayne.medium.com/?source=post_page-----e0315e485fc--------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fuser%2F309f80888fb6&operation=register&redirect=https%3A%2F%2Ftw.xrex.io%2Fdoppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc&user=Wayne+%E9%BB%83%E8%80%80%E6%96%87&userId=309f80888fb6&source=post_page-309f80888fb6----e0315e485fc---------------------follow_byline-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2Fe0315e485fc&operation=register&redirect=https%3A%2F%2Ftw.xrex.io%2Fdoppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc&source=--------------------------bookmark_header-----------

Search URL Search Domain Scan URL

URL: https://www.ithome.com.tw/news/141011
Title: 仁寶傳遭勒索軟體攻擊

Search URL Search Domain Scan URL

URL: https://www.zdnet.com/article/compal-the-second-largest-laptop-manufacturer-in-the-world-hit-by-ransomware/
Title: 外媒關注

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/security/laptop-maker-compal-hit-by-ransomware-17-million-demanded/
Title: BleepingComputer

Search URL Search Domain Scan URL

URL: https://www.theregister.com/2020/11/09/compal_ransomware_report/
Title: DoppelPaymer

Search URL Search Domain Scan URL

URL: https://blockchair.com/bitcoin/address/bc1q2se6clfjqgnlcvnajz8aljsmpn8wcea83xuc47
Title: bc1q2se6clfjqgnlcvnajz8aljsmpn8wcea83xuc47

Search URL Search Domain Scan URL

URL: https://www.xrex.io/
Title: XREX

Search URL Search Domain Scan URL

URL: https://blockchair.com/bitcoin/transaction/fa31cad6632af8595563c432429e5376bf5a071369dc5c0b1ec746df1bb0b47e
Title: 一筆交易

Search URL Search Domain Scan URL

URL: https://www.ciphertrace.com/
Title: CipherTrace

Search URL Search Domain Scan URL

URL: https://cryptodefendersalliance.com/
Title: CDA

Search URL Search Domain Scan URL

URL: https://twitter.com/1nf0s3cpt
Title: Sun Huang

Search URL Search Domain Scan URL

URL: https://twitter.com/wj_hSahAcdOkw
Title: Wolf Chan

Search URL Search Domain Scan URL

URL: https://www.facebook.com/wayne.armorize
Title: Wayne 黃耀文

Search URL Search Domain Scan URL

URL: https://tw.linkedin.com/in/chih-wei-%E8%8A%B7%E8%96%87-yu-%E5%B0%A4-73953711a
Title: Yoyo Yu

Search URL Search Domain Scan URL

URL: https://www.xrex.io/?utm_source=blog&utm_medium=english
Title: XREX

Search URL Search Domain Scan URL

URL: https://medium.com/xrextaiwan/xrex-%E4%B8%8A%E7%B7%9A%E4%B8%83%E9%80%B1-%E5%81%B5%E6%B8%AC%E5%88%B0%E7%AC%AC%E4%B8%80%E4%BB%B6%E5%8F%AF%E7%96%91%E6%AF%94%E7%89%B9%E5%B9%A3-3b6baf828029
Title: XREX 上線七週，偵測到第一件可疑比特幣

Search URL Search Domain Scan URL

URL: https://medium.com/xrextaiwan/nigerian-crypto-scam-xrex-ciphertrace-aml-548e0249fee5
Title: 揭露比特幣詐騙集團 N-Fiverr 之手法、工具、人頭戶、金流、錢包、網域、IP：XREX 防洗錢調查報告

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fxrextaiwan%2Fe0315e485fc&operation=register&redirect=https%3A%2F%2Ftw.xrex.io%2Fdoppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc&user=Wayne+%E9%BB%83%E8%80%80%E6%96%87&userId=309f80888fb6&source=-----e0315e485fc---------------------clap_footer-----------

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-privacy-policy-f03bf92035c9?source=newsletter_v3_promo--------------------------newsletter_v3_promo----------d9add3ac1159-
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=%2F_%2Fapi%2Fsubscriptions%2Fnewsletters%2Fd9add3ac1159&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40huangwayne&newsletterV3=309f80888fb6&newsletterV3Id=d9add3ac1159&user=Wayne+%E9%BB%83%E8%80%80%E6%96%87&userId=309f80888fb6&source=--------------------------subscribe_user----------d9add3ac1159-
Title: Subscribe

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fcollection%2Fxrextaiwan%2Fe0315e485fc&operation=register&redirect=https%3A%2F%2Ftw.xrex.io%2Fdoppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc&collection=XREX+%E5%8F%B0%E7%81%A3&collectionId=7650b8b90ccf&source=post_page-----e0315e485fc---------------------follow_footer-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://huangwayne.medium.com/?source=post_page-----e0315e485fc----0----------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/tag/%E8%A9%90%E9%A8%99?source=post_page-----e0315e485fc---------------%E8%A9%90%E9%A8%99-----------------
Title: 詐騙

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F548e0249fee5&operation=register&redirect=https%3A%2F%2Ftw.xrex.io%2Fnigerian-crypto-scam-xrex-ciphertrace-aml-548e0249fee5&source=-----e0315e485fc----0-----------------bookmark_preview-----------

Search URL Search Domain Scan URL

URL: https://medium.com/new-story?source=post_page_footer_cta_write-------------------------------------
Title: Write on Medium

Search URL Search Domain Scan URL

URL: https://huangwayne.medium.com/?source=post_page-----e0315e485fc----1----------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/tag/%E6%AF%94%E7%89%B9%E5%B9%A3?source=post_page-----e0315e485fc---------------%E6%AF%94%E7%89%B9%E5%B9%A3-----------------
Title: 比特幣

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F3b6baf828029&operation=register&redirect=https%3A%2F%2Ftw.xrex.io%2Fxrex-%25E4%25B8%258A%25E7%25B7%259A%25E4%25B8%2583%25E9%2580%25B1-%25E5%2581%25B5%25E6%25B8%25AC%25E5%2588%25B0%25E7%25AC%25AC%25E4%25B8%2580%25E4%25BB%25B6%25E5%258F%25AF%25E7%2596%2591%25E6%25AF%2594%25E7%2589%25B9%25E5%25B9%25A3-3b6baf828029&source=-----e0315e485fc----1-----------------bookmark_preview-----------

Search URL Search Domain Scan URL

URL: https://huangwayne.medium.com/?source=post_page-----e0315e485fc----2----------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/tag/%E5%8D%80%E5%A1%8A%E9%8F%88?source=post_page-----e0315e485fc---------------%E5%8D%80%E5%A1%8A%E9%8F%88-----------------
Title: 區塊鏈

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F2346d347d220&operation=register&redirect=https%3A%2F%2Ftw.xrex.io%2Fschneier-theres-no-good-reason-to-trust-blockchain-technology-2346d347d220&source=-----e0315e485fc----2-----------------bookmark_preview-----------

Search URL Search Domain Scan URL

URL: https://huangwayne.medium.com/?source=post_page-----e0315e485fc----3----------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/tag/crypto?source=post_page-----e0315e485fc---------------crypto-----------------
Title: Crypto

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F1231c4ad4915&operation=register&redirect=https%3A%2F%2Ftw.xrex.io%2Ffake-decentralization-1231c4ad4915&source=-----e0315e485fc----3-----------------bookmark_preview-----------

Search URL Search Domain Scan URL

URL: https://medium.com/?source=post_page-----e0315e485fc--------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/about?autoplay=1&source=post_page-----e0315e485fc--------------------------------
Title: About

Search URL Search Domain Scan URL

URL: https://help.medium.com/hc/en-us?source=post_page-----e0315e485fc--------------------------------
Title: Help

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-terms-of-service-9db0094a1e0f?source=post_page-----e0315e485fc--------------------------------
Title: Terms

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-privacy-policy-f03bf92035c9?source=post_page-----e0315e485fc--------------------------------
Title: Privacy

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/app/medium-everyones-stories/id828256236?pt=698524&mt=8&ct=post_page&source=post_page-----e0315e485fc--------------------------------

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.medium.reader&source=post_page-----e0315e485fc--------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Ftw.xrex.io%2Fdoppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc&source=post_page---three_column_layout_sidebar-----------------------three_column_layout_nav-----------
Title: Get started

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Ftw.xrex.io%2Fdoppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc&source=post_page---three_column_layout_sidebar-----------------------three_column_layout_nav-----------
Title: Sign In

Search URL Search Domain Scan URL

URL: https://huangwayne.medium.com/?source=---three_column_layout_sidebar----------------------------------

Search URL Search Domain Scan URL

URL: https://fb.me/wayne.armorize
Title: https://fb.me/wayne.armorize

Search URL Search Domain Scan URL

URL: https://linkedin.com/in/armorizewayne/
Title: https://linkedin.com/in/armorizewayne/

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fuser%2F309f80888fb6&operation=register&redirect=https%3A%2F%2Ftw.xrex.io%2Fdoppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc&user=Wayne+%E9%BB%83%E8%80%80%E6%96%87&userId=309f80888fb6&source=post_page-309f80888fb6--three_column_layout_sidebar-----------------------follow_profile-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=%2F_%2Fapi%2Fsubscriptions%2Fnewsletters%2Fd9add3ac1159&operation=register&redirect=https%3A%2F%2Ftw.xrex.io%2Fdoppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc&newsletterV3=309f80888fb6&newsletterV3Id=d9add3ac1159&user=Wayne+%E9%BB%83%E8%80%80%E6%96%87&userId=309f80888fb6&source=---three_column_layout_sidebar-----------------------subscribe_user-----------

Search URL Search Domain Scan URL

URL: https://akshad0088.medium.com/?source=read_next_recirc---three_column_layout_sidebar------0---------------------67156500_9f0b_4066_87cd_e6eb7e91c622-------

Search URL Search Domain Scan URL

URL: https://betterhumans.pub/?source=read_next_recirc---three_column_layout_sidebar------0---------------------67156500_9f0b_4066_87cd_e6eb7e91c622-------
Title: Better Humans

Search URL Search Domain Scan URL

URL: https://betterhumans.pub/4-unsexy-one-minute-habits-that-save-me-30-hours-every-week-5eb49e42f84e?source=read_next_recirc---three_column_layout_sidebar------0---------------------67156500_9f0b_4066_87cd_e6eb7e91c622-------
Title: 4 Unsexy One-Minute Habits That Save Me 30+ Hours Every Week

Search URL Search Domain Scan URL

URL: https://anangsha.medium.com/?source=read_next_recirc---three_column_layout_sidebar------1---------------------67156500_9f0b_4066_87cd_e6eb7e91c622-------

Search URL Search Domain Scan URL

URL: https://baos.pub/?source=read_next_recirc---three_column_layout_sidebar------1---------------------67156500_9f0b_4066_87cd_e6eb7e91c622-------
Title: Books Are Our Superpower

Search URL Search Domain Scan URL

URL: https://baos.pub/4-books-so-powerful-they-can-rewire-your-brain-40aa39e3d91c?source=read_next_recirc---three_column_layout_sidebar------1---------------------67156500_9f0b_4066_87cd_e6eb7e91c622-------
Title: 4 Books So Powerful, They Can Rewire Your Brain

Search URL Search Domain Scan URL

URL: https://louierahil.medium.com/?source=read_next_recirc---three_column_layout_sidebar------2---------------------67156500_9f0b_4066_87cd_e6eb7e91c622-------

Search URL Search Domain Scan URL

URL: https://medium.com/illumination?source=read_next_recirc---three_column_layout_sidebar------2---------------------67156500_9f0b_4066_87cd_e6eb7e91c622-------
Title: ILLUMINATION

Search URL Search Domain Scan URL

URL: https://medium.com/illumination/elon-musk-eliminated-remote-work-becuase-working-from-home-doesnt-work-1b8a3ab54c3?source=read_next_recirc---three_column_layout_sidebar------2---------------------67156500_9f0b_4066_87cd_e6eb7e91c622-------
Title: Elon Musk Eliminated Remote Work Because Working From Home "Doesn't Work"

Search URL Search Domain Scan URL

URL: https://sunilc.medium.com/?source=read_next_recirc---three_column_layout_sidebar------3---------------------67156500_9f0b_4066_87cd_e6eb7e91c622-------

Search URL Search Domain Scan URL

URL: https://javascript.plainenglish.io/?source=read_next_recirc---three_column_layout_sidebar------3---------------------67156500_9f0b_4066_87cd_e6eb7e91c622-------
Title: JavaScript in Plain English

Search URL Search Domain Scan URL

URL: https://javascript.plainenglish.io/my-salary-increased-13-times-in-5-years-here-is-how-i-did-it-bb3a2a945037?source=read_next_recirc---three_column_layout_sidebar------3---------------------67156500_9f0b_4066_87cd_e6eb7e91c622-------
Title: My Salary Increased 13 Times in 5 Years — Here Is How I Did It

Search URL Search Domain Scan URL

URL: https://help.medium.com/hc/en-us?source=---three_column_layout_sidebar----------------------------------
Title: Help

Search URL Search Domain Scan URL

URL: https://medium.statuspage.io/?source=---three_column_layout_sidebar----------------------------------
Title: Status

Search URL Search Domain Scan URL

URL: https://about.medium.com/creators/?source=---three_column_layout_sidebar----------------------------------
Title: Writers

Search URL Search Domain Scan URL

URL: https://blog.medium.com/?source=---three_column_layout_sidebar----------------------------------
Title: Blog

Search URL Search Domain Scan URL

URL: https://medium.com/jobs-at-medium/work-at-medium-959d1a85284e?source=---three_column_layout_sidebar----------------------------------
Title: Careers

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-privacy-policy-f03bf92035c9?source=---three_column_layout_sidebar----------------------------------
Title: Privacy

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-terms-of-service-9db0094a1e0f?source=---three_column_layout_sidebar----------------------------------
Title: Terms

Search URL Search Domain Scan URL

URL: https://medium.com/about?autoplay=1&source=---three_column_layout_sidebar----------------------------------
Title: About

Search URL Search Domain Scan URL

URL: https://speechify.com/medium?source=---three_column_layout_sidebar----------------------------------
Title: Text to speech

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-privacy-policy-f03bf92035c9
Title: Privacy Policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc HTTP 307
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Ftw.xrex.io%2Fdoppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc HTTP 302
https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

111 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc Show response
tw.xrex.io/
Redirect Chain

https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Ftw.xrex.io%2Fdoppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

129 KB
31 KB

826ms
825ms

Document
text/html

162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c6d4d20316319f207dadedd33bb015f293934f7abbdbd3cb482dd11a6b66d03

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://medium.com
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache, no-store, max-age=0, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 77106f1a8df69193-FRA
content-encoding: gzip
content-security-policy: frame-ancestors 'self' https://medium.com
content-type: text/html; charset=utf-8
date: Mon, 28 Nov 2022 04:41:56 GMT
medium-fulfilled-by: edgy/8.3.0, valencia/main-20221124-190537-b538f35fba, lite/main-20221125-221030-fa50693f12, rito/main-20221125-145949-d82dc40c19, tutu/main-20221125-145536-13c16229ad
medium-missing-time: 605
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 652
x-request-received-at: 1669610515714

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache, no-store, max-age=0, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 77106f196da9912a-FRA
content-length: 0
content-security-policy: default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://medium.com https://*.medium.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
content-type: text/plain;charset=UTF-8
date: Mon, 28 Nov 2022 04:41:55 GMT
expires: Thu, 09 Sep 1999 09:09:09 GMT
link: <https://medium.com/humans.txt>; rel="humans"
location: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
medium-fulfilled-by: edgy/8.3.0, valencia/main-20221124-190537-b538f35fba
pragma: no-cache
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
worker-missing-cookies: 1
x-content-type-options: nosniff
x-envoy-upstream-service-time: 41
x-frame-options: sameorigin
x-obvious-info: 20221125-1456-root,13c16229
x-obvious-tid: 1669610515508:cb0a019a2aa0
x-opentracing: {"ot-tracer-spanid":"0c9174275d1bcf0b","ot-tracer-traceid":"6efa10da35d694ad","ot-tracer-sampled":"true"}
x-powered-by: Medium
x-ua-compatible: IE=edge, Chrome=1
x-xss-protection: 1; mode=block

GET
H2 200 unbound.css
glyph.medium.com/css/ 18 KB
1 KB 75ms
63ms Stylesheet
text/css 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/css/unbound.css

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ca2b6c294049540bb3cf90a4425ee46c65a114fba4d1a91b0c76b644b95e4d2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 2950
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=7200
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 77106f1fef64912a-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Mon, 28 Nov 2022 06:41:56 GMT

GET
H2 200 manifest.96f3a489.js Show response
cdn-client.medium.com/lite/static/js/ 11 KB
5 KB 87ms
75ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/manifest.96f3a489.js

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d100a6a4103fc5ea16a4678108808f09bded12fa36472deeaae8c12fbc0a6006

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
x-amz-version-id: QduLLxnrGk.ksrDoolxn_kXaTw69rm7b
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: CG97VX5F8F8YD9Y2
age: 195407
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: /QKblRptF/pZaDYLMN3HJ1Z392PsNS1M/hZwtQtD7Wdy60xiVRgkhYOKR/7jnhw0oFK8mgN9krc=
last-modified: Fri, 25 Nov 2022 21:18:39 GMT
server: cloudflare
etag: W/"fe06e5f306bd8559eb8d63be508c3a08"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 77106f200fba912a-FRA
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H2 200 3034.5bf7db30.js Show response
cdn-client.medium.com/lite/static/js/ 698 KB
216 KB 88ms
76ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3034.5bf7db30.js

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

955c47ee44b0feca62780cf5cb5aaba68e9fe3a04677da7795a333c19bc572e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
x-amz-version-id: y1rYgVhPualMEnaz6jRgLipmQEO8IsWZ
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: TKBCH6NBJQ8Z13X0
age: 417788
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: AUsXzcuegx1uEV4qBtmPsXVrs9yGeDzF0mujF+pDrFUlTnEkugR8EYgN7dmyhbNbmJISlX4v/7s=
last-modified: Wed, 26 Oct 2022 07:23:02 GMT
server: cloudflare
etag: W/"7110b0720ae180303abf08a9f0824e88"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 77106f200fb4912a-FRA
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H2 200 main.594130a9.js Show response
cdn-client.medium.com/lite/static/js/ 784 KB
194 KB 81ms
70ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/main.594130a9.js

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

02737ef7d93dfdec1c19a4825329b4eeb3a84c35fb8b93587affc608734eaf3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
x-amz-version-id: GY.SiYFwVzSZ32UGsoyUOBt5ChRRo_0W
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: KSE7BRVJZX0GV02E
age: 195407
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: vNj/kVOcvIUrY6f68I1g5XNdqQwc5a3qOVgFihzZtC5QD8Y1N+4jNvtXY47fU50s4ykz+fekvLw=
last-modified: Fri, 25 Nov 2022 10:50:43 GMT
server: cloudflare
etag: W/"6ba046e59bec92fc7596c32ed50e0bd3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 77106f200faf912a-FRA
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H2 200 instrumentation.c71f0248.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 3 KB
2 KB 82ms
71ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/instrumentation.c71f0248.chunk.js

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be18a208d4e5e0c3f3343588333535ac1efad32afa983e2ce0d6c42a80fff5d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
x-amz-version-id: 5yZx.RXNRFD2wk5kW8slm2OPTbsuZqQM
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: DN80NP6MC45XWT2W
age: 818829
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: XL/2Jb9u14qm8cCj//wgdYe0Ggn1t1G4gX21uBRkpd82xhiecCSbOyioU4BrWRYiv2q6edekGpo=
last-modified: Wed, 07 Sep 2022 22:21:02 GMT
server: cloudflare
etag: W/"1c4019035217766e8fa41b4d396c90c0"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 77106f200faa912a-FRA
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H2 200 8732.9d4e0df2.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 65 KB
19 KB 83ms
72ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8732.9d4e0df2.chunk.js

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

008b735b5e27e2ddea50ac42eeaef63fae74d969ff15e3144c7b9f7c927baffd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
x-amz-version-id: NxzGjDoZXtQ2GwkHKvwxxgw5Nexyfnov
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: VKC99QTCBK1JJRSK
age: 385355
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: q5KO0l+kDDFVGCiz9TdU1XKQr813wXW0hWzBb+kJKHGPuS2cbr/qlFqjRQD4lviAyLSsWb0H0qU=
last-modified: Tue, 28 Jun 2022 21:50:52 GMT
server: cloudflare
etag: W/"6282534288238b33d8aa9c488837d8c9"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 77106f200fb9912a-FRA
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H2 200 3447.00c8d7d7.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
5 KB 83ms
73ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3447.00c8d7d7.chunk.js

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc3bdd29c56ec82f7f192a18193d47f93dc2c4ae6096a69d1158e9f1460a5a11

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
x-amz-version-id: wxcXSCM_bcSaX49t4LfRSeBOd.4Ud2pL
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 1XA25KRDFWDB23VX
age: 366241
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: ObsPuQDpb7QQfFdBdSvGiHiRGg8dzGcxdM3TEhz7uSJWBOPIc0zHvTU1TUnr44JtGcjtkpIySoM=
last-modified: Wed, 23 Nov 2022 20:58:56 GMT
server: cloudflare
etag: W/"d7b3b7ed2a28aa9ee1d728f93856180c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 77106f200fb1912a-FRA
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H2 200 AppLayout.a1978922.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 114 KB
22 KB 82ms
72ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/AppLayout.a1978922.chunk.js

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

16e3dcd75e1daaf10976ad4429c5ce4beea593fa261186e45d6434626480d783

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
x-amz-version-id: wZQzUBAU7nnVdTsvXsAelXxgOtZUBb0H
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: M9D9XMD0YP7JX1PM
age: 291666
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: Y0ePad26EfckawmZeQll/xD3/+Ixx5Xa4xqwv5w/x1HVdlvhLuvB9c+x8VVwZp6wDrQNEsTmF9w=
last-modified: Thu, 24 Nov 2022 19:27:53 GMT
server: cloudflare
etag: W/"25f409a716f1e4406d8225fd60bb86d5"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 77106f200fb7912a-FRA
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H2 200 reporting.bbdcaa9d.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 1 KB
917 B 79ms
69ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/reporting.bbdcaa9d.chunk.js

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a96cae42b1009fa744e6e9d4149f69da1ad14892d80a57ca04f6b0e3f1d9e46

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
x-amz-version-id: hDbV.8OiTMB.Vn8rqDBCJ.dxBb4bMoaR
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 2R4YTKBCDDS6HF3J
age: 1152913
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: hpLJFwZLVe3kLMmVyN1xu6SbW8NO3o//weOaZ5BXpjjUY6yHS7cvPj69YBWyN1dhbN/YbQe1UB4=
last-modified: Fri, 01 Jul 2022 00:11:40 GMT
server: cloudflare
etag: W/"72bc359fe3377069bd162b3be6ed3d05"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 77106f200fa5912a-FRA
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H2 200 9658.17030d28.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 5 KB
1 KB 77ms
67ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9658.17030d28.chunk.js

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

601f0395312c80eca646294da8644382a9187a1ba327cd2e61afeaebf72d404c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
x-amz-version-id: LU4sW2n.29KPKm37dv0UiACV943hIOiN
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: W2PN8GSGWHAHQJ9Z
age: 799005
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: zcUAQn0HWwZuYfxpPxJrwGEaUadYpYRbalVguqAYCRPp4TaHIYxWesViclQc9OGHGbVwAGwOaRg=
last-modified: Fri, 04 Nov 2022 21:15:59 GMT
server: cloudflare
etag: W/"980d4d6173178591ee5013487f00755c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 77106f200fa1912a-FRA
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H2 200 1752.a348f767.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 23 KB
10 KB 81ms
71ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1752.a348f767.chunk.js

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

961f2b3e92eba06b032c090511ab8fb8b65ff7f0b471c7bd22817061288f8368

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
x-amz-version-id: tE2Oq32GJtDB6jVcHF3DcPbZYJQJcUaP
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: KZ14F4DJ39Z3KD31
age: 563163
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: EH9a3SVQgwGg+xgKP+wLoMBxv4vi3bqNF1lLFBsPfty2oXINnyDdoXCZNr63aUDBWO4Du/Lj2Tk=
last-modified: Tue, 25 May 2021 18:36:29 GMT
server: cloudflare
etag: W/"7741f0aa651938c2144d2a015cea95e3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 77106f200fa7912a-FRA
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H2 200 1961.72b183c8.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
4 KB 79ms
69ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1961.72b183c8.chunk.js

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

020cd8f8d0924d2122db07b848a8bd3217502a2cac01ab2349d71d6b8efce2eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
x-amz-version-id: 2UFNHQ528nazPWxJLXg3xgI4xct9fQKg
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: Q560EA8RWSJNZ228
age: 558501
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: 5nJF/5DbOofSrJm286aWs7mzJkI6QEw1wqXGxYOJ3CaAegeeOkDjXIHWD5G3HflQDdr5fkFLhk8=
last-modified: Mon, 24 Oct 2022 03:04:44 GMT
server: cloudflare
etag: W/"3f014355f94dd90a298dfaea41b43523"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 77106f200fa8912a-FRA
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H2 200 5472.a7dd22a2.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
1 KB 81ms
71ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5472.a7dd22a2.chunk.js

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e53ebfbcc9c25748543c93340d2eb361c3fae51ae63261e01e54758703593afc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
x-amz-version-id: gSXxPhc0hcRrksmL2PGhPrVOkWw4VC83
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: TYK0PEA01R37Z2AF
age: 803870
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: /HTy1mXHJwPGew/xYMqQ7tFbF5Jg3lNbiP2FCK1QESRXm8fU5OQ78/pj2bTQ3xJ5WF5PwhIz13s=
last-modified: Fri, 21 Oct 2022 21:04:08 GMT
server: cloudflare
etag: W/"bfe1dd364c3e6da6632a1d6c3b6fb9a0"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 77106f200fb5912a-FRA
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H2 200 2130.6486b60e.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 23 KB
7 KB 81ms
72ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2130.6486b60e.chunk.js

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5b10679da501e35dcd0458c7efbdd56d75dc37d9b106b4c64e7161d91ac191e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
x-amz-version-id: 57Wfa4GAPD.CfscPUtI1TAr9uQTiER7z
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 2K2YMBR0R6NAHA0Q
age: 279030
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: MT74i3/e+rFyTTSggAftxHHPPUSwxbooL165j3IxqvSB7Y4d1DSSWIZcKQqwDdMor4aWDWhdENA=
last-modified: Thu, 24 Nov 2022 22:33:28 GMT
server: cloudflare
etag: W/"5649924db14b5cdc3b48d7aa55574742"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 77106f200fb3912a-FRA
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H2 200 2981.3c13b705.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 8 KB
3 KB 76ms
66ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2981.3c13b705.chunk.js

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a2cfff7f9e5ae872a94184b0fc2a35af5c0c1687ba0099349708d02972ba0e1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
x-amz-version-id: flgBQ3ITusZieO73Mu0xsSFY2vYmHZMO
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: VP9RBAQK0GXSF95J
age: 1172555
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: Tg8vtbqTsgAOFtd/8IGSjt/HyZ6t+xQ8455LuQ09mi0EU7RrMx2snMBTF70/Bl3Fj8gqMwap+f4=
last-modified: Mon, 17 Oct 2022 13:57:10 GMT
server: cloudflare
etag: W/"5f0c27fb992a26bd3f0d8b1937fc0595"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 77106f200fa4912a-FRA
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H2 200 6507.a4abc234.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
2 KB 80ms
71ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6507.a4abc234.chunk.js

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cc6113c3869738a8a1291e62775ba7ac6fcec4a176301e3d3c07a7767a338fd9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
x-amz-version-id: xxHw5EB0KmU6461d7cV_zmckBCOyJUl4
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 6S3KZ8456AXXVR64
age: 444473
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: Q6dTMTGJ6Lnjsy+4XyMp8NRrQqjGP0TBDl8LkbtEuwWKRppA52IhXWzAvUwVnU/HhcO31nsdm7M=
last-modified: Tue, 22 Nov 2022 21:01:03 GMT
server: cloudflare
etag: W/"9b1eff53e6fc3d7e16a822a6c74dfbcc"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 77106f200fa6912a-FRA
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H2 200 3115.e2c29797.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 132 KB
38 KB 85ms
76ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3115.e2c29797.chunk.js

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7684af0eaf8bb3c4caf740ad39e27a0020f2c196d63ccc2eabc9848e210f4703

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
x-amz-version-id: aOViubQ9YEAu1QOF4aQW9wVuZZ8c08df
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 0DKF3KBMV3G986E0
age: 546566
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: XHWxS00ic/iMR24V4dem1hoADoXUeM0B/M5AA4PatWO6MUjPrNiIJgNRl9DQPXZ9dP+ZGw766Qc=
last-modified: Mon, 21 Nov 2022 20:28:58 GMT
server: cloudflare
etag: W/"b0f6acf3d2ed9e729ffa505e4e1ec350"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 77106f200fad912a-FRA
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H2 200 4869.b295fc9d.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
4 KB 82ms
73ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4869.b295fc9d.chunk.js

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e791eab5353305b0759468002527abbd57394578f316c23fbe6e4d328eb4cc9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
x-amz-version-id: VJmBoRwUC4qOME3KibvLQxdYvUiDdG0q
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: WHACM2PKH7JR7FED
age: 450962
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: KPDAe4pTHwtTc/7oi0/i+/hVT3wntTqkxT/8sBRovcE9kRIznitPzBt07uTq809Z+3Sa8uE2E4o=
last-modified: Thu, 27 Oct 2022 18:06:00 GMT
server: cloudflare
etag: W/"a0f5d01998daff7f114343030c119e8a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 77106f200fab912a-FRA
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H2 200 6336.6353f868.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 24 KB
4 KB 82ms
73ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6336.6353f868.chunk.js

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f8208ed3f5800f2f02cc71aaf1aa172cc36366ac6b668675b5b37fe7181db33e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
x-amz-version-id: P20dW67vNiBWSsMUWJtPZu36oImbtXva
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: N0WAXP6JA0DP8PKJ
age: 488718
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: VNPZdrlNPvedE9gwqgaXlSm7bomV/wLmf2ob6yjJJvFh4jfTm0pQT1Glcol7Qyykqen2wMyEmU4=
last-modified: Mon, 07 Nov 2022 20:08:10 GMT
server: cloudflare
etag: W/"b9826131f30281b3ca262505fed0d243"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 77106f200fb6912a-FRA
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H2 200 8195.8fa5f056.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 22 KB
6 KB 79ms
70ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8195.8fa5f056.chunk.js

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d85efd0decd34dd9ac9febc273792e117aa841f658fca364ea0b592f806d469

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
x-amz-version-id: sDtJWnaWn3OCZm74ubWgWzUW5ioEah6H
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: M9D9P1HAVYWFPQ83
age: 291666
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: w6Sg3ZJi1aHBUSyTzWvwe3R5yFRm4vUehhmtJkFkmFCeW0zSi7j4BR1X22md4mkcMO3L6RZ/eS4=
last-modified: Wed, 23 Nov 2022 21:40:01 GMT
server: cloudflare
etag: W/"b5b59a315edf37303de2706eaf006098"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 77106f200f96912a-FRA
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H2 200 5067.1c54a9d4.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 43 KB
12 KB 78ms
70ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5067.1c54a9d4.chunk.js

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

39bd6c9b67b1ec40abe0ff0c01626d34fb0029a7419b30df3903eee71e974f8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
x-amz-version-id: 5556rhGfj7p8JIVJaWeeLZvlcEq4Kxkr
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 1XA3GGV3V4FXWYFR
age: 366241
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: hc61QZuuu0zO1hySTI7ZOgKaPcBMILA8SOmjBMlQoYF287++te95145XWEeFory8tSnwEKfsZZ8=
last-modified: Wed, 23 Nov 2022 20:58:58 GMT
server: cloudflare
etag: W/"10f024e76ea05c72775e9bb6f9793902"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 77106f200fa3912a-FRA
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H2 200 5429.1b7eec2b.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 20 KB
6 KB 48ms
39ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5429.1b7eec2b.chunk.js

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8c3a1f6cce5a398a4577f88e6984b1182d7f5899e37d92043673f57b65c41714

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
x-amz-version-id: heEy3XSBoz_bp..mswar7t9cq9ag3X.i
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 1XA6Q6RGWGQD4FVR
age: 366241
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: IC6MB2iWE6fwEmmWk3D2sYO98Hvp0RhnyIDRYjLjUZLpVnrsJHNepN7G7yqZEhZx1Aa4KqtDaj4=
last-modified: Wed, 23 Nov 2022 20:58:58 GMT
server: cloudflare
etag: W/"a11e51283ff929be1861b5f4b0e99dd0"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 77106f1fef70912a-FRA
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H2 200 7070.9daf5359.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 16 KB
5 KB 84ms
76ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7070.9daf5359.chunk.js

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

89716be7d15a49a6a138a59d2870795274f7308291864a3bd32a57871c89aadc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
x-amz-version-id: r_KhEvkO3Nh_6kx1eOr.aNhQngcGCtM1
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: N0WE3TB8V59S2KY9
age: 488718
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: apSLpY0NqrkC5YVxl8MOe0V8+yeQv5dDYa4+5Nl2dKJLao2/DnbvvTCpQfJteIQEd03hyYb5Ra4=
last-modified: Mon, 07 Nov 2022 20:08:11 GMT
server: cloudflare
etag: W/"048c955a3bb9bd72394beee57c5d3fa3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 77106f200f99912a-FRA
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H2 200 1462.7cfff3f7.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 23 KB
6 KB 72ms
64ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1462.7cfff3f7.chunk.js

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

236a3b0cf63b069b7fac35f2fee86294e148a9f283878efe204c79781a1da427

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
x-amz-version-id: n684cTUQRVVvnVlGBp4yS18vluz810XK
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: M9DDW9MKVR46K5VZ
age: 291665
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: /qJGZrYUXSb2TFCzA8m5pog1gXYvLBRZkECCehu0VX3hdaEVulpVsiQsBVWPpiX3pszCz+chWmo=
last-modified: Wed, 23 Nov 2022 21:39:52 GMT
server: cloudflare
etag: W/"36b731f1c61de6ec7344fcf29963dd7b"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 77106f200f93912a-FRA
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H2 200 6804.3651d6ad.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 32 KB
11 KB 75ms
68ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6804.3651d6ad.chunk.js

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

07b60df462e09543e3ad6724353944aa5826afd5b38388a383aebcdb9f0b4863

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
x-amz-version-id: OU4N6tl..T9OWctGa67ZOBlXTe4uiYNL
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 1XA84DNNZFDDSTBN
age: 366241
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: +jfInuRGcZNyxFpxPyx7OhqqyQtDWxGO6ZwGqnBYBt9hrv/gq6Z3pbHz/+oefYj5YKd7LKo8tUo=
last-modified: Wed, 23 Nov 2022 20:59:01 GMT
server: cloudflare
etag: W/"7e1b793230c0c9c7e794ea52a634955c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 77106f200f94912a-FRA
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H2 200 864.6aa5d16c.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 14 KB
4 KB 43ms
36ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/864.6aa5d16c.chunk.js

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a35a1e3c3a7b45a11ff5dd6a07dab7680a4966f449c5cdb7cfeb476d8b424ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
x-amz-version-id: qgqYN4R_F_5Nf3DkPD49jizEiq1OngK2
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 1XA1EHRPX0HFXFM3
age: 366241
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: EaGFo6lr0TE5MnCfl1I0phVWli1WHCEoIa9KJQ08kcSK05L+aO904WE2r/2Qtzzpwxt0iw7cCQA=
last-modified: Wed, 23 Nov 2022 20:59:03 GMT
server: cloudflare
etag: W/"66ecba0ba3303de7d788e81492e66aaf"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 77106f1fef66912a-FRA
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H2 200 7589.e71c558f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
3 KB 77ms
69ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7589.e71c558f.chunk.js

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be315126edf7056fa1fbcd85cb2eb1f1912ca76d0951118c4b61030f9c6f90a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
x-amz-version-id: rPNXD2Xtr2na.m_0Cef7IuhicyGF0EHP
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 1XA8GSV2EKN4HCGE
age: 366241
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: cnch57NkmFLRzet0etXcqGFYFc1EIBjt/XLsGSMGB+wObc8DlEi4cE6G4aD3U4dCh3qc3xWi+Oo=
last-modified: Wed, 23 Nov 2022 20:59:02 GMT
server: cloudflare
etag: W/"3fd1bc66cb4ab68ed37dc5d8570d12ac"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 77106f200f9c912a-FRA
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H2 200 2519.d0072a44.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
4 KB 84ms
77ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2519.d0072a44.chunk.js

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

08d8377aacac4a618dee062500ceab645094820a3470a0db2a98bb1fc74d6f9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
x-amz-version-id: CxZFJBQdDVtVB54kTTujEV3Zf6.M9lxZ
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 1XAAG0N8YF9EV8H8
age: 366241
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: vhMNbM41LBKSCMOKKdBSpB/7U/1XpPRU1r+F2r3zZZ763pa+8tT1FAgXZMYucmuu8kO5l9B/qD4=
last-modified: Wed, 23 Nov 2022 20:58:54 GMT
server: cloudflare
etag: W/"545c4284f6e5b9e42e6f1c01c751a1ee"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 77106f200f92912a-FRA
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H2 200 5722.6f39656a.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 26 KB
7 KB 46ms
39ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5722.6f39656a.chunk.js

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

16bc64e283626db91df5a8defe54030f24e31c44589f7adb103bfba48f21ccfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
x-amz-version-id: eNq1u1pYsDiIwA9BHHVkRl3nVy.D.tJe
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 1XA6ZS8BGSNA55A5
age: 366241
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: KqQOsqxTDensPQ0eQUCHNor/WtjhoxwCnn1GZ+zlzAVRNJ7vlDw/9nJZaQFTHwG5dbIob72aVe4=
last-modified: Wed, 23 Nov 2022 20:58:59 GMT
server: cloudflare
etag: W/"589d331bd6b6ee90c43cb1bb6f2b6106"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 77106f1fef6b912a-FRA
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H2 200 4897.9582ba06.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
3 KB 74ms
67ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4897.9582ba06.chunk.js

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3bbe50ac7cc6cac42792dca94f357c04f3639a85114c6210c3266f9322f7d350

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
x-amz-version-id: sKAUDU_hPJTlDRxn_ylKer2mW1.XlLRB
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: TZPKP4GG1P9PEXAS
age: 183113
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: ilT3yuhvwqCMFmgcyBcpRpn3Mb5Z8lCrnCldVF6A+OClgeCIxIoQn5giYEee+bbkgwoNEqxzKss=
last-modified: Tue, 25 Oct 2022 13:46:48 GMT
server: cloudflare
etag: W/"ee10ac9c3480a5f37e6e78215ec30e82"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 77106f200f97912a-FRA
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H2 200 6912.32116829.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 13 KB
2 KB 33ms
27ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6912.32116829.chunk.js

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bccaab228d8683e2292c683c73b54ab145855b33f5bce0884b4b15c5fe1fcb14

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
x-amz-version-id: bvWKJjmv3APLMBo6vryDjaLiZ.5lUghI
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: SX3108JYQ1CAD2MQ
age: 843940
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: uAwbJjWcjalNZob6iozAPdYa+bA/LYT0OdK9KMUNxFT+97ZyH0w/Mi91CdbEjCMZDnRKyn6GBas=
last-modified: Thu, 03 Nov 2022 11:11:11 GMT
server: cloudflare
etag: W/"8a542445b415876feab2407b21f58d20"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 77106f1fef6f912a-FRA
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H2 200 8051.2f647101.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 59 KB
14 KB 46ms
40ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8051.2f647101.chunk.js

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f8a9419c6b434d633e2728c97782267bc1936722c8deacc8a7ecd76949dbcc15

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
x-amz-version-id: zzByOQdt6cyq0vMrU4UCKappvQCIYlds
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 1XA9BYNDJACZKQZ1
age: 366241
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: 8SKy3nI4TgyCL4sW1/coZ+P0wzrzDJsDzYdP43X3XPXIXYH7FKbWSgmnUnbefVAaCG/20PCtG5E=
last-modified: Wed, 23 Nov 2022 20:59:02 GMT
server: cloudflare
etag: W/"3f7455fa498ea702ab8e5391403e9a02"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 77106f1fef74912a-FRA
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H2 200 8501.944bf2ee.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 40 KB
11 KB 76ms
70ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8501.944bf2ee.chunk.js

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e7e1a8566d21a3b245083d5ae6a14b6a334ce0e77b7ebc8a24ecb38b2c56ba5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
x-amz-version-id: 9SQyPEIgGt9ULsEfVzm8YgXbJlxrn9y4
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 1XACZK1Z7Y1TNF5Z
age: 366240
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: JIQr3gHJm1zUxR/1W672s/iBHvS0nVPfo8KVmzOL13ZiZyzu/PRSxCocbL2tJfeCEf0NFdHJX2o=
last-modified: Wed, 23 Nov 2022 20:59:03 GMT
server: cloudflare
etag: W/"3ab91e241a19c6c90b9d32371438667e"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 77106f200f9f912a-FRA
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H2 200 3443.6d9ec777.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 24 KB
6 KB 74ms
68ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3443.6d9ec777.chunk.js

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

855056fbdac9c7954f2e0cef4b24e0416f1eebb42c8781ddf575fdd76863ea97

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
x-amz-version-id: TaFWEjz.ZllYpr_rnYEsa4e6a2MwWode
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 1XAD2XTGSHG05XRN
age: 366240
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: 3yAS2icxAFEEZrzRDIgCIpi1KHMIY2kaxtW3C1hV7mAjaaz1HU7tAGq8GNMxwQDQubtDDHJ1vHA=
last-modified: Wed, 23 Nov 2022 20:58:56 GMT
server: cloudflare
etag: W/"771843d63700da47a2a98daa0f14ca07"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 77106f200f9a912a-FRA
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H2 200 7129.bfaa754e.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 26 KB
6 KB 43ms
38ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7129.bfaa754e.chunk.js

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a4d35c7a9d627398567e75636b5a070fda249db29eac7b19bdd8077a43468887

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
x-amz-version-id: JHV0H4.jbSO5KhhHY0ueuzW3oLpFmbF2
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: K92689KFZ5F3HNRB
age: 883267
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: ih0l4lwU8XjcVwi3SPLIHrwVh70ovDZhtxpb+s2PK2NRNMDnJQj3qVJEjArnC5ZAHRmSAtd5X0Q=
last-modified: Thu, 03 Nov 2022 21:15:48 GMT
server: cloudflare
etag: W/"0db7ee9db293738b618fa7bb5dcf7fd3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 77106f1fef6a912a-FRA
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H2 200 PostPage.MainContent.a58434e7.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 119 KB
30 KB 55ms
50ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/PostPage.MainContent.a58434e7.chunk.js

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e26683486bcc3dd84443ea62d9467fbe25bfb195f54c938c708d2d72e7bd7f8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
x-amz-version-id: CMGziPjDP.6bv3RBb.1lxBlkjIzrZo5d
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: M9DD39MK5CM8E05Z
age: 291665
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: kQqzMUyQqZQz+zLLXUVQhyHn/F5Tc4XyuCIb3xevIHH1quUEf8H3xbU5kUPLslX09c3wQwPGVtY=
last-modified: Thu, 24 Nov 2022 14:56:57 GMT
server: cloudflare
etag: W/"3836ab213940ba2dd26453dce43e2e1c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 77106f1fef68912a-FRA
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H2 200 8261.6cab4c40.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
3 KB 42ms
37ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8261.6cab4c40.chunk.js

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7c8b5a0c598adf72f65dc9c8d0827a1b914574fb0b7ed6db847264f0f305f0ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
x-amz-version-id: fL6QAjAb3jhFkwjLtf1rtjd7pp7NT3IM
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 6S3N9MFE76E4N39D
age: 444473
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: OnpLnII7YpLxP4FlncttIoyTbPFIwfKOxvafWPd0HI4wewSGkInEk1FMK4lrQcywCKhdeMJb5vw=
last-modified: Tue, 22 Nov 2022 21:01:06 GMT
server: cloudflare
etag: W/"cd141b9a12f67e6f6ed18a75b9094448"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 77106f1fef6e912a-FRA
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H2 200 5180.e5024f60.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 31 KB
3 KB 74ms
69ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5180.e5024f60.chunk.js

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7629cd255f8951b3c3dfcbff6856fad272f902cccfe2278b10c10e437401cf35

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
x-amz-version-id: ST35cIcrlhP7mKfDWrEgZoFreVmNAxd9
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 6S3MXXKQKA7XAG59
age: 444473
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: PkOUa3KafoOylG1iC5vzumSEtpQM7yosMeIY3W7MwbbaJFrzYfq3RbmB7P0T/3yUDRtUHsW2/uA=
last-modified: Tue, 22 Nov 2022 21:01:02 GMT
server: cloudflare
etag: W/"7a7c9e256978b3b8dd77e5b126e33366"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 77106f200f9d912a-FRA
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H2 200 7994.93b960fa.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 27 KB
7 KB 87ms
82ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7994.93b960fa.chunk.js

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

69f3de8ac047d9cb332fd141163b53a385e8f1ef33ac97bc36f7b2adcebe3665

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
x-amz-version-id: pnH9k.J_qE.DkI3e21U9bW1rt9KndbT2
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 1XAC3MAB53SBBSFE
age: 366240
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: pbA5rA0uSIpFMMyqSb7MNjvUHiVI71I0tW8MDfg4Wl++V99kNlu0cEAEO2adgVP1HDkxTGQMdmk=
last-modified: Wed, 23 Nov 2022 20:59:02 GMT
server: cloudflare
etag: W/"23b924021275ea1854496ebc652b0832"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 77106f200fa0912a-FRA
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H2 200 PostPage.RightColumnContent.7583ad6a.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 33 KB
8 KB 68ms
64ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/PostPage.RightColumnContent.7583ad6a.chunk.js

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

56c55ff45ed7801af8e89a44254e6c4304308d3bb0730377a99fc95958d08d31

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
x-amz-version-id: 2AoTTzCwDbGeZIkL3YxwL7Z3uTfAE9m6
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: B7VQ72HXW3Q0WHNV
age: 799523
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: iBOh4H5RwbMUYLXvYel7uLCiFe6MtlLmZSkQLabW4A9/MnoLN7tBqllrQtERrNDToc8MhbhebGk=
last-modified: Fri, 04 Nov 2022 21:16:15 GMT
server: cloudflare
etag: W/"8a9b60e696f090b6ea2579223105ee6d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 77106f1fef71912a-FRA
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H2 200 vaafb692b2aea4879b33c060e79fe94621666317369993 Show response
static.cloudflareinsights.com/beacon.min.js/ 17 KB
6 KB 105ms
59ms Script
text/javascript 2606:4700::6810:3865
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
Requested by: Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:3865 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0f48c5678ce459a596423b0e55344e7ad8eb3d3b1b27c54cd76a9d4cee7dd6c3

Request headers

Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
Origin: https://tw.xrex.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
content-encoding: gzip
last-modified: Fri, 21 Oct 2022 01:56:09 GMT
server: cloudflare
etag: W/2022.10.1
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 77106f203ec99189-FRA

GET
H3 200 sohne-400-normal.woff
glyph.medium.com/font/b492c44/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 19 KB
19 KB 78ms
59ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/b492c44/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b0f424bafe993b016ea96973894f95dfc4290608478a2d7d3fdd080d9b0a60d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://tw.xrex.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 25132511
x-envoy-upstream-service-time: 32
server-timing: cf-q-config;dur=6.0000165831298e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 77106f20b9c0913d-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H3 200 sohne-700-normal.woff
glyph.medium.com/font/cf896f3/3k-4f_4h-52_54-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 28 KB
29 KB 61ms
43ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/cf896f3/3k-4f_4h-52_54-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/sohne-700-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ed76cfe62861007eee5b0ef44f3bd185ce3b60f0b9ead0b91ab62af01e9efa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://tw.xrex.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 26512923
server-timing: cf-q-config;dur=5.0000089686364e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 77106f20b9be913d-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H3 200 source-serif-pro-400-italic.woff
glyph.medium.com/font/76c214a/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 12 KB
13 KB 74ms
57ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/76c214a/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/source-serif-pro-400-italic.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ca820b9aa7681184130d09157ea679d1d31390bee2af294c088f6dcaa24923b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://tw.xrex.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 6925299
x-envoy-upstream-service-time: 32
server-timing: cf-q-config;dur=5.0000089686364e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 77106f20b9bf913d-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H3 200 source-serif-pro-400-italic.woff
glyph.medium.com/font/76c214a/3k-4f_4h-52_54-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 55 KB
55 KB 114ms
96ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/76c214a/3k-4f_4h-52_54-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/source-serif-pro-400-italic.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa2dcb49178e613d7c504bf451d47354109e9dbd3cf5ad3c9e87896005398878

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://tw.xrex.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 5297574
x-envoy-upstream-service-time: 47
server-timing: cf-q-config;dur=5.9999874792993e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 77106f20b9c9913d-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H3 200 source-serif-pro-700-normal.woff
glyph.medium.com/font/b156742/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 12 KB
13 KB 107ms
89ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/b156742/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/source-serif-pro-700-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b0bb60d88b2542c309808da080e6c3bfe7c4c3ff03e679ab29a4394c00a11c4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://tw.xrex.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 6925296
x-envoy-upstream-service-time: 1475
server-timing: cf-q-config;dur=6.9999950937927e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 77106f20b9c5913d-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H3 200 source-serif-pro-700-normal.woff
glyph.medium.com/font/b156742/3k-4f_4h-52_54-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 58 KB
59 KB 107ms
90ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/b156742/3k-4f_4h-52_54-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/source-serif-pro-700-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

33b3315b3529cf5a3c513032bf5d44c311d52f0ba8356ebf5b220656d405f120

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://tw.xrex.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 7058969
x-envoy-upstream-service-time: 7878
server-timing: cf-q-config;dur=5.9999874792993e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 77106f20b9c8913d-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H3 200 source-serif-pro-400-normal.woff
glyph.medium.com/font/8e059b2/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 12 KB
12 KB 40ms
26ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/8e059b2/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/source-serif-pro-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d5d7947aa3e6131478a97f06e72913cb7b9e19161e03502ad1de3eb67f447213

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://tw.xrex.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 8328779
x-envoy-upstream-service-time: 60
server-timing: cf-q-config;dur=6.0000165831298e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 77106f20b9c6913d-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H3 200 source-serif-pro-400-normal.woff
glyph.medium.com/font/8e059b2/3k-4f_4h-52_54-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 57 KB
57 KB 88ms
74ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/8e059b2/3k-4f_4h-52_54-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/source-serif-pro-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4e8c5141a45860f1cf10629c45600c1c98754d05e3254d586950d9ec0f060b14

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://tw.xrex.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 8328778
x-envoy-upstream-service-time: 39
server-timing: cf-q-config;dur=8.000002708286e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 77106f20b9c3913d-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H3 200 sohne-400-normal.woff
glyph.medium.com/font/b492c44/3k-4f_4h-52_54-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 28 KB
28 KB 117ms
103ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/b492c44/3k-4f_4h-52_54-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/sohne-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c4e595378a4c2585a1eb91b7f65ed0526940ed8fd37a31810cd1e2eb2920b12

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://tw.xrex.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 26513058
x-envoy-upstream-service-time: 44
server-timing: cf-q-config;dur=7.0000241976231e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 77106f20b9cd913d-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H3 200 sohne-500-normal.woff
glyph.medium.com/font/df9ba7f/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 18 KB
19 KB 115ms
101ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/df9ba7f/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-500-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

65f0c65b5db3aa0568c7986479a4a3e909a05a84fb34ced48d70a2d628dd1444

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://tw.xrex.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 23551353
x-envoy-upstream-service-time: 31
server-timing: cf-q-config;dur=6.9999950937927e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 77106f20b9cb913d-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H3 200 sohne-700-normal.woff
glyph.medium.com/font/cf896f3/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 19 KB
19 KB 99ms
99ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/cf896f3/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-700-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78661d3e6871b6e5c37f3113d811cb3dfc69546449e3b2c28095b6e7f28d9a7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://tw.xrex.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 4782096
x-envoy-upstream-service-time: 16
server-timing: cf-q-config;dur=6.9999950937927e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 77106f20b9d2913d-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H3 200 sohne-500-normal.woff
glyph.medium.com/font/df9ba7f/3k-4f_4h-52_54-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 27 KB
28 KB 75ms
75ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/df9ba7f/3k-4f_4h-52_54-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/sohne-500-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

37359d2c6eb82ca5b4a6c0567aa5d0d22d0d4d85a9aa5950490f330253795d44

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://tw.xrex.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 25131654
x-envoy-upstream-service-time: 93
server-timing: cf-q-config;dur=6.9999950937927e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 77106f20ea14913d-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 28 Nov 2023 04:41:56 GMT

GET
H2 200 1*TRh4TcixRAQrJBMPN1b0CA.jpeg
miro.medium.com/fit/c/64/64/ 2 KB
2 KB 38ms
29ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/64/64/1*TRh4TcixRAQrJBMPN1b0CA.jpeg

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

61d88768bfa8f0a61054d85a6edb9f5674a18d65ffd010914f23b2ff8a29ed5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 83071
x-envoy-upstream-service-time: 40
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1810
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220309-195817-93688b9a29
accept-ranges: bytes
cf-ray: 77106f21094f912a-FRA
expires: Wed, 28 Dec 2022 04:41:56 GMT

GET
H2 200 1*cOGlZC1CUrr5py2OSNiLJQ.jpeg
miro.medium.com/fit/c/96/96/ 3 KB
3 KB 122ms
113ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/96/96/1*cOGlZC1CUrr5py2OSNiLJQ.jpeg

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0674fbea6c380f6013035d134356b78efbf1154c1f9230e696d4a506073897d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 37
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3042
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20221118-171949-4cd2abe4aa
accept-ranges: bytes
cf-ray: 77106f210956912a-FRA
expires: Wed, 28 Dec 2022 04:41:56 GMT

GET
H2 200 1*ILVfxylzwYMonVJOg_x2jA.jpeg
miro.medium.com/max/720/ 86 KB
86 KB 124ms
115ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/720/1*ILVfxylzwYMonVJOg_x2jA.jpeg

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2a2441a15316fb5cd528ec95311d31660cb45c9d530bde5e2d04db4c91d51a70

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 78
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 87930
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20221122-003601-db8b653b35
accept-ranges: bytes
cf-ray: 77106f210951912a-FRA
expires: Wed, 28 Dec 2022 04:41:56 GMT

GET
H2 200 1*ipQEbLAcZxggwqTYYxgDFQ.png
miro.medium.com/max/720/ 108 KB
108 KB 137ms
129ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/720/1*ipQEbLAcZxggwqTYYxgDFQ.png

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f069f936f8d1edbaf89f867d74e407e09c2422daab733f23fc7d1a98c4e612ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 82
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 110390
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20221122-003601-db8b653b35
accept-ranges: bytes
cf-ray: 77106f210958912a-FRA
expires: Wed, 28 Dec 2022 04:41:56 GMT

GET
H2 200 1*ZWRilekN0PBRQP3HSeWLpw.png
miro.medium.com/max/720/ 94 KB
94 KB 132ms
125ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/720/1*ZWRilekN0PBRQP3HSeWLpw.png

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2763cc2e25670dcad7a13d97d6259d25001a58048747af652ec02047dd281e2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 99
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 96380
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20221122-003601-db8b653b35
accept-ranges: bytes
cf-ray: 77106f210953912a-FRA
expires: Wed, 28 Dec 2022 04:41:56 GMT

GET
H2 200 1*j7QNoHjw7OFWmWObui9vcg.png
miro.medium.com/max/720/ 29 KB
29 KB 128ms
121ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/720/1*j7QNoHjw7OFWmWObui9vcg.png

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

39cff80b0a8477a4dcae2e7fd75c2a4b36214e9ae0c32cef390371f03355362c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 58
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 29333
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20221122-003601-db8b653b35
accept-ranges: bytes
cf-ray: 77106f210959912a-FRA
expires: Wed, 28 Dec 2022 04:41:56 GMT

GET
H3 200 1*cOGlZC1CUrr5py2OSNiLJQ.jpeg
miro.medium.com/fit/c/176/176/ 7 KB
7 KB 130ms
109ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/176/176/1*cOGlZC1CUrr5py2OSNiLJQ.jpeg

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5ff96bebf1979e570cc54f5811740b5d0c57c91dc8e29adf751855b8b0643587

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:56 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 62
server-timing: cf-q-config;dur=5.0000089686364e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6924
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20221118-171949-4cd2abe4aa
accept-ranges: bytes
cf-ray: 77106f215ac8bbfb-FRA
expires: Wed, 28 Dec 2022 04:41:56 GMT

OPTIONS
H2 200 pub853ea8d17ad6821d9f8f11861d23dfed
browser-http-intake.logs.datadoghq.com/v1/input/ 0
0 334ms
99ms Preflight 2600:1f18:24e6:b901:8f0f:876c:e559:f529
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://browser-http-intake.logs.datadoghq.com/v1/input/pub853ea8d17ad6821d9f8f11861d23dfed

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f18:24e6:b901:8f0f:876c:e559:f529 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800;
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://tw.xrex.io
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

access-control-allow-headers: x-logmatic-add-useragent,x-logmatic-add-ip,content-type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 0
content-length: 0
date: Mon, 28 Nov 2022 04:41:57 GMT
strict-transport-security: max-age=15724800;
x-content-type-options: nosniff

GET
H3 200 2230.571ed6c4.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 20 KB
8 KB 22ms
22ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2230.571ed6c4.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.96f3a489.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

293cb36ca1c002f569bcbce51360a20745ce87b2e515be849d83d5269d7d2174

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:57 GMT
x-amz-version-id: jyYM.ZgM9PE2gJOEnsek2uD4i4PcWdTK
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 5B1CYTHMK2616DY7
age: 558433
server-timing: cf-q-config;dur=5.0000089686364e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: Otu4Bzadtbnet2y7EcEb8o/GGiEGQboxNDtYyXCV5GM+59Q94+pwvBgKKEOrg9xRHn4Y4uwRjlE=
last-modified: Mon, 24 Oct 2022 03:04:44 GMT
server: cloudflare
etag: W/"80138a2fe8e56b8f784a37863eea34c5"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 77106f26f9e0bbfb-FRA
expires: Tue, 28 Nov 2023 04:41:57 GMT

POST
H2 200 pub853ea8d17ad6821d9f8f11861d23dfed Show response
browser-http-intake.logs.datadoghq.com/v1/input/ 2 B
182 B 169ms
168ms Fetch
application/json 2600:1f18:24e6:b901:8f0f:876c:e559:f529
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://browser-http-intake.logs.datadoghq.com/v1/input/pub853ea8d17ad6821d9f8f11861d23dfed

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.594130a9.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f18:24e6:b901:8f0f:876c:e559:f529 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800;
X-Content-Type-Options	nosniff

Request headers

Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Mon, 28 Nov 2022 04:41:58 GMT
strict-transport-security: max-age=15724800;
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
content-length: 2
content-type: application/json

GET
H3 200 PostGiveTipOnExternalPlatform.00ea0cc1.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 8 KB
4 KB 18ms
18ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/PostGiveTipOnExternalPlatform.00ea0cc1.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.96f3a489.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

41b8c750933df03e0beb11e1e362c1fd918eca7536d5480fb1dc74e58a93a19e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:57 GMT
x-amz-version-id: hc4z7sYPnnI95L7G2Lv8B8ITjxs6sci6
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 6GZHVJXD4BP93ZM2
age: 798567
server-timing: cf-q-config;dur=4.000001354143e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: 87jdKStWmhZhCCn0awZYmomLWe8TnUtSLUwj0FBrxq/P9pKAT4uO2pTYeeR57mhmntoXgIM2pqg=
last-modified: Fri, 04 Nov 2022 21:16:14 GMT
server: cloudflare
etag: W/"3aaaaf7df87a1de9c96c2f8e94669f30"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 77106f27aad5bbfb-FRA
expires: Tue, 28 Nov 2023 04:41:57 GMT

GET
H3 200 1*ILVfxylzwYMonVJOg_x2jA.jpeg
miro.medium.com/max/720/ 86 KB
86 KB 135ms
133ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/720/1*ILVfxylzwYMonVJOg_x2jA.jpeg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2a2441a15316fb5cd528ec95311d31660cb45c9d530bde5e2d04db4c91d51a70

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:57 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 78
server-timing: cf-q-config;dur=4.000001354143e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 87930
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20221122-003601-db8b653b35
accept-ranges: bytes
cf-ray: 77106f27eb35bbfb-FRA
expires: Wed, 28 Dec 2022 04:41:57 GMT

GET
H3 200 1*ipQEbLAcZxggwqTYYxgDFQ.png
miro.medium.com/max/720/ 108 KB
108 KB 116ms
113ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/720/1*ipQEbLAcZxggwqTYYxgDFQ.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f069f936f8d1edbaf89f867d74e407e09c2422daab733f23fc7d1a98c4e612ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:57 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 82
server-timing: cf-q-config;dur=6.0000165831298e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 110390
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20221122-003601-db8b653b35
accept-ranges: bytes
cf-ray: 77106f27eb37bbfb-FRA
expires: Wed, 28 Dec 2022 04:41:57 GMT

GET
H3 200 1*ZWRilekN0PBRQP3HSeWLpw.png
miro.medium.com/max/720/ 94 KB
95 KB 137ms
135ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/720/1*ZWRilekN0PBRQP3HSeWLpw.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2763cc2e25670dcad7a13d97d6259d25001a58048747af652ec02047dd281e2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:57 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 99
server-timing: cf-q-config;dur=4.000001354143e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 96380
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20221122-003601-db8b653b35
accept-ranges: bytes
cf-ray: 77106f27eb39bbfb-FRA
expires: Wed, 28 Dec 2022 04:41:57 GMT

GET
H3 200 1*j7QNoHjw7OFWmWObui9vcg.png
miro.medium.com/max/720/ 29 KB
29 KB 153ms
151ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/720/1*j7QNoHjw7OFWmWObui9vcg.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

39cff80b0a8477a4dcae2e7fd75c2a4b36214e9ae0c32cef390371f03355362c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:57 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 58
server-timing: cf-q-config;dur=5.9999874792993e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 29333
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20221122-003601-db8b653b35
accept-ranges: bytes
cf-ray: 77106f27eb3abbfb-FRA
expires: Wed, 28 Dec 2022 04:41:57 GMT

GET
H3 200 1*TRh4TcixRAQrJBMPN1b0CA.jpeg
miro.medium.com/fit/c/32/32/ 1 KB
1 KB 154ms
151ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/32/32/1*TRh4TcixRAQrJBMPN1b0CA.jpeg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7202adacdd49efe46b3c2aadf5c6214e0939967e13df394b9bca3d9544e38dfe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:57 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 48
server-timing: cf-q-config;dur=5.0000089686364e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1057
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20221122-003601-db8b653b35
accept-ranges: bytes
cf-ray: 77106f27eb3dbbfb-FRA
expires: Wed, 28 Dec 2022 04:41:57 GMT

GET
H3 200 1*cOGlZC1CUrr5py2OSNiLJQ.jpeg
miro.medium.com/fit/c/48/48/ 1 KB
2 KB 107ms
105ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/48/48/1*cOGlZC1CUrr5py2OSNiLJQ.jpeg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6d932c054afc5092c8fcc912d6ad92e71184653e6c13b07581306b005d739dd3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:57 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 47
server-timing: cf-q-config;dur=4.000001354143e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1437
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20221116-204659-eba8c81ce7
accept-ranges: bytes
cf-ray: 77106f27eb3ebbfb-FRA
expires: Wed, 28 Dec 2022 04:41:57 GMT

GET
H3 200 1*cOGlZC1CUrr5py2OSNiLJQ.jpeg
miro.medium.com/fit/c/88/88/ 3 KB
3 KB 203ms
201ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/88/88/1*cOGlZC1CUrr5py2OSNiLJQ.jpeg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dd88416b57f4b840e75795ee5730075d21357e1e4b63f74acca6a72998335869

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:57 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-envoy-upstream-service-time: 79
server-timing: cf-q-config;dur=6.0000165831298e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2864
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20221122-003601-db8b653b35
accept-ranges: bytes
cf-ray: 77106f27eb40bbfb-FRA
expires: Wed, 28 Dec 2022 04:41:57 GMT

POST
H3 204 rum Show response
tw.xrex.io/cdn-cgi/ 0
174 B 25ms
25ms XHR
text/plain 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tw.xrex.io/cdn-cgi/rum?

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3034.5bf7db30.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
content-type: application/json

Response headers

date: Mon, 28 Nov 2022 04:41:57 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://tw.xrex.io
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 77106f27e80390b5-FRA

POST
H3 200 graphql Show response
tw.xrex.io/_/ 143 B
568 B 181ms
181ms Fetch
application/json 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tw.xrex.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3034.5bf7db30.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

80b895a0bf5548fc74dc6fda0ca620f0871551a6203e811cd5dc76b5a6b69541

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 75a02b33e19e080c
medium-frontend-path: /doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
graphql-operation: VisitorQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
medium-frontend-app: lite/main-20221125-221030-fa50693f12
apollographql-client-version: main-20221125-221030-fa50693f12
ot-tracer-spanid: 487b815d72026f8f

Response headers

date: Mon, 28 Nov 2022 04:41:58 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 19
server-timing: cf-q-config;dur=8.000002708286e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"8f-pkf+tV3SSwWg6FOi6/mETkghmss"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20221124-190537-b538f35fba, rito/main-20221125-145949-d82dc40c19
cf-ray: 77106f28f8b290b5-FRA
x-request-received-at: 1669610518027

POST
H3 200 graphql Show response
tw.xrex.io/_/ 1 KB
958 B 227ms
227ms Fetch
application/json 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tw.xrex.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3034.5bf7db30.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e4ae9711d250d82f39630e17a504b0181b18c83c512f5a83d80d169d4cce4a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 75a02b33e19e080c
medium-frontend-path: /doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
graphql-operation: CollectionViewerEdge
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
medium-frontend-app: lite/main-20221125-221030-fa50693f12
apollographql-client-version: main-20221125-221030-fa50693f12
ot-tracer-spanid: 487b815d72026f8f

Response headers

date: Mon, 28 Nov 2022 04:41:58 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 79
server-timing: cf-q-config;dur=5.9999874792993e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"4af-PJ1Lrm8WdFOwWmE9+hZ1pdjtc4g"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20221124-190537-b538f35fba, rito/main-20221125-145949-d82dc40c19, tutu/main-20221125-145536-13c16229ad
cf-ray: 77106f28f8b390b5-FRA
x-request-received-at: 1669610518018

POST
H3 200 graphql Show response
tw.xrex.io/_/ 1 KB
1 KB 272ms
272ms Fetch
application/json 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tw.xrex.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3034.5bf7db30.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6afbb1b620710017f09f1fd6e9428d21cd2ec869f7cd98f80b09181540ab740d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 75a02b33e19e080c
medium-frontend-path: /doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
graphql-operation: FloatingPostActionsQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
medium-frontend-app: lite/main-20221125-221030-fa50693f12
apollographql-client-version: main-20221125-221030-fa50693f12
ot-tracer-spanid: 487b815d72026f8f

Response headers

date: Mon, 28 Nov 2022 04:41:58 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 73
server-timing: cf-q-config;dur=5.9999874792993e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"4f0-OyES8QQ/8rTu/HOven2LG2Cq+7Y"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20221124-190537-b538f35fba, rito/main-20221125-145949-d82dc40c19, tutu/main-20221125-145536-13c16229ad
cf-ray: 77106f2908b490b5-FRA
x-request-received-at: 1669610518058

POST
H3 200 graphql Show response
tw.xrex.io/_/ 210 B
617 B 194ms
194ms Fetch
application/json 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tw.xrex.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3034.5bf7db30.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

274df013dff439e09b69915ff7ce156d9dd9d185c200d9dd5bf7e16ccdac91cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 75a02b33e19e080c
medium-frontend-path: /doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
graphql-operation: NewsletterV3ViewerEdge
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
medium-frontend-app: lite/main-20221125-221030-fa50693f12
apollographql-client-version: main-20221125-221030-fa50693f12
ot-tracer-spanid: 487b815d72026f8f

Response headers

date: Mon, 28 Nov 2022 04:41:58 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 53
server-timing: cf-q-config;dur=4.000001354143e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"d2-XbZABppEgFWfUDq5hYdWCrsutzQ"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20221124-190537-b538f35fba, rito/main-20221125-145949-d82dc40c19, tutu/main-20221125-145536-13c16229ad
cf-ray: 77106f2908b890b5-FRA
x-request-received-at: 1669610518014

POST
H3 200 graphql Show response
tw.xrex.io/_/ 108 B
582 B 220ms
219ms Fetch
application/json 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tw.xrex.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3034.5bf7db30.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

02e9e1939e214dfa38c8eab94afca48043e7f00c46e95908662548a7d19819e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 75a02b33e19e080c
medium-frontend-path: /doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
graphql-operation: PostPageMeterQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
medium-frontend-app: lite/main-20221125-221030-fa50693f12
apollographql-client-version: main-20221125-221030-fa50693f12
ot-tracer-spanid: 487b815d72026f8f

Response headers

date: Mon, 28 Nov 2022 04:41:58 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 79
server-timing: cf-q-config;dur=6.9999950937927e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"6c-I3CG28DxUiEEF9QH3iLEotaTHR8"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20221124-190537-b538f35fba, rito/main-20221125-145949-d82dc40c19, tutu/main-20221125-145536-13c16229ad
cf-ray: 77106f2908b990b5-FRA
x-request-received-at: 1669610518017

POST
H3 200 graphql Show response
tw.xrex.io/_/ 3 KB
2 KB 222ms
222ms Fetch
application/json 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tw.xrex.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3034.5bf7db30.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

932972f4173baf8ce0e9a3527f5ede4a2d5334e1e03433ffd93ef8fbf458c291

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 75a02b33e19e080c
medium-frontend-path: /doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
graphql-operation: PublisherFollowersDialogUserQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
medium-frontend-app: lite/main-20221125-221030-fa50693f12
apollographql-client-version: main-20221125-221030-fa50693f12
ot-tracer-spanid: 487b815d72026f8f

Response headers

date: Mon, 28 Nov 2022 04:41:58 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 83
server-timing: cf-q-config;dur=5.9999874792993e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"d0b-H5EjHduG4s75N+IuuCyX2pb//fQ"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20221124-190537-b538f35fba, rito/main-20221125-145949-d82dc40c19, tutu/main-20221125-145536-13c16229ad
cf-ray: 77106f2908ba90b5-FRA
x-request-received-at: 1669610518016

POST
H3 200 graphql Show response
tw.xrex.io/_/ 6 KB
2 KB 346ms
346ms Fetch
application/json 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tw.xrex.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3034.5bf7db30.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5659e980e902322be27f735dff044b9812176c61cbbfcae852ef4ece7b15a32f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 75a02b33e19e080c
medium-frontend-path: /doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
graphql-operation: RecircSidebarQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
medium-frontend-app: lite/main-20221125-221030-fa50693f12
apollographql-client-version: main-20221125-221030-fa50693f12
ot-tracer-spanid: 487b815d72026f8f

Response headers

date: Mon, 28 Nov 2022 04:41:58 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 205
server-timing: cf-q-config;dur=6.9999950937927e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"1605-madZ8dhpD6v1FgrxDpRlhdoVFTs"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20221124-190537-b538f35fba, rito/main-20221125-145949-d82dc40c19, tutu/main-20221125-145536-13c16229ad
cf-ray: 77106f2908bb90b5-FRA
x-request-received-at: 1669610518017

POST
H3 200 graphql Show response
tw.xrex.io/_/ 95 B
568 B 202ms
201ms Fetch
application/json 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tw.xrex.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3034.5bf7db30.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

47200aa27f038215a62c8a307ddb66f4ecccd30b5a6a99d5fa549ff332c83cd9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 75a02b33e19e080c
medium-frontend-path: /doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
graphql-operation: InteractivePostBodyQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
medium-frontend-app: lite/main-20221125-221030-fa50693f12
apollographql-client-version: main-20221125-221030-fa50693f12
ot-tracer-spanid: 487b815d72026f8f

Response headers

date: Mon, 28 Nov 2022 04:41:58 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 65
server-timing: cf-q-config;dur=6.9999950937927e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"5f-tC3aVKeqI53mMs8O8rar/WcHqi4"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20221124-190537-b538f35fba, rito/main-20221125-145949-d82dc40c19, tutu/main-20221125-145536-13c16229ad
cf-ray: 77106f2908bd90b5-FRA
x-request-received-at: 1669610518017

POST
H3 200 graphql Show response
tw.xrex.io/_/ 105 B
555 B 169ms
169ms Fetch
application/json 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tw.xrex.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3034.5bf7db30.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

adaa3c4ae5291d81b0e20d43a8510788e6f844d646ecc680027a4e14168faf88

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 75a02b33e19e080c
medium-frontend-path: /doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
graphql-operation: MaybeTextToSpeechQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
medium-frontend-app: lite/main-20221125-221030-fa50693f12
apollographql-client-version: main-20221125-221030-fa50693f12
ot-tracer-spanid: 487b815d72026f8f

Response headers

date: Mon, 28 Nov 2022 04:41:58 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 34
server-timing: cf-q-config;dur=6.9999950937927e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"69-zJoM5P+mycg2AAEYwMKtdotXRno"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20221124-190537-b538f35fba, rito/main-20221125-145949-d82dc40c19
cf-ray: 77106f2908c090b5-FRA
x-request-received-at: 1669610518017

GET
H3 200 4560.7c827f62.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 46 KB
12 KB 19ms
18ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4560.7c827f62.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.96f3a489.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

46406595abdf5b050b86bef20faf1365e6af15d614d7985573e7df98f11e317c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:57 GMT
x-amz-version-id: 9Ogke8tPlkxv2BvuNwnZ_5tMCcRu9Wdz
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: YESD24KSKFZH7GZJ
age: 366159
server-timing: cf-q-config;dur=5.0000089686364e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: LVo360DHLdyP99i9W6oJy2q06dnwBqHILbnOhVTrDjcCZPZvcfoA0XbdMIwPqu6Zc8hlm7XUy4c=
last-modified: Wed, 23 Nov 2022 20:58:57 GMT
server: cloudflare
etag: W/"28e8b4d27b5a12a9edf76a939bdbe1ba"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 77106f291cadbbfb-FRA
expires: Tue, 28 Nov 2023 04:41:57 GMT

GET
H3 200 PostNextFiveStories.22db494d.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 4 KB
2 KB 17ms
17ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/PostNextFiveStories.22db494d.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.96f3a489.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3fe1086c9071386e664fa4394b17a001c3ae16501d07184acf670fcb5c25c629

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:57 GMT
x-amz-version-id: 1ypCNt4sSMzK1KiQpZsqUZJLaEUR2cQx
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: YESEJRSZZSQEAYNS
age: 366159
server-timing: cf-q-config;dur=5.9999874792993e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: VviaL6DnF8L2vU5yoBMD6LPP11DKXr2Nv19XGz+uH9yrekOPaYZ+5fgesLkrmcjbahFGet/czio=
last-modified: Wed, 23 Nov 2022 20:59:22 GMT
server: cloudflare
etag: W/"eb2cae3089469bea54ddd1e9124b2d4e"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 77106f291caebbfb-FRA
expires: Tue, 28 Nov 2023 04:41:57 GMT

POST
H3 200 graphql Show response
tw.xrex.io/_/ 81 B
535 B 160ms
159ms Fetch
application/json 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tw.xrex.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3034.5bf7db30.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

26d00b9cfa224dc6051d141d3affc084c8c1b05c996bdad37f9306cc872cce65

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 75a02b33e19e080c
medium-frontend-path: /doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
graphql-operation: PostGiveTipOnExternalPlatformQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
medium-frontend-app: lite/main-20221125-221030-fa50693f12
apollographql-client-version: main-20221125-221030-fa50693f12
ot-tracer-spanid: 487b815d72026f8f

Response headers

date: Mon, 28 Nov 2022 04:41:58 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 26
server-timing: cf-q-config;dur=5.9999874792993e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"51-Le9dkvSzwxuMfCqvnS9UaXHOLro"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20221124-190537-b538f35fba, rito/main-20221125-145949-d82dc40c19
cf-ray: 77106f29790790b5-FRA
x-request-received-at: 1669610518078

POST
H3 200 graphql Show response
tw.xrex.io/_/ 42 KB
9 KB 360ms
360ms Fetch
application/json 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tw.xrex.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3034.5bf7db30.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d57ad57efc89382d56af60a4fb2bb13a80fdaf2a83df810cf3968722596ad912

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 75a02b33e19e080c
medium-frontend-path: /doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
graphql-operation: PostNextFiveStoriesCollection
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
medium-frontend-app: lite/main-20221125-221030-fa50693f12
apollographql-client-version: main-20221125-221030-fa50693f12
ot-tracer-spanid: 487b815d72026f8f

Response headers

date: Mon, 28 Nov 2022 04:41:58 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 183
server-timing: cf-q-config;dur=5.0000089686364e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"a7b2-2/A5ENF2gmJfHlC8KZnNDHFwH54"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20221124-190537-b538f35fba, rito/main-20221125-145949-d82dc40c19, tutu/main-20221125-145536-13c16229ad
cf-ray: 77106f29a91a90b5-FRA
x-request-received-at: 1669610518114

POST
H3 200 /
tw.xrex.io/_/clientele/reports/performance/ 0
0 145ms
145ms Fetch
text/plain 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tw.xrex.io/_/clientele/reports/performance/

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.594130a9.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
Medium-Clientele-Client: lite
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 28 Nov 2022 04:41:58 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
medium-fulfilled-by: edgy/8.3.0, valencia/main-20221124-190537-b538f35fba, clientele/main-20221122-003601-db8b653b35
x-envoy-upstream-service-time: 11
server-timing: cf-q-config;dur=5.9999874792993e-06
cf-ray: 77106f2b09f690b5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0

POST
H3 200 /
tw.xrex.io/_/clientele/reports/performance/ 0
0 142ms
141ms Fetch
text/plain 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tw.xrex.io/_/clientele/reports/performance/

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.594130a9.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
Medium-Clientele-Client: lite
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 28 Nov 2022 04:41:58 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
medium-fulfilled-by: edgy/8.3.0, valencia/main-20221124-190537-b538f35fba, clientele/main-20221122-003601-db8b653b35
x-envoy-upstream-service-time: 10
server-timing: cf-q-config;dur=7.0000241976231e-06
cf-ray: 77106f2b09f790b5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0

POST
H3 200 /
tw.xrex.io/_/clientele/reports/performance/ 0
0 145ms
144ms Fetch
text/plain 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tw.xrex.io/_/clientele/reports/performance/

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.594130a9.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
Medium-Clientele-Client: lite
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 28 Nov 2022 04:41:58 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
medium-fulfilled-by: edgy/8.3.0, valencia/main-20221124-190537-b538f35fba, clientele/main-20221122-003601-db8b653b35
x-envoy-upstream-service-time: 11
server-timing: cf-q-config;dur=6.0000165831298e-06
cf-ray: 77106f2b09fa90b5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 127ms
39ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 28 Nov 2022 03:15:54 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 5164
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Mon, 28 Nov 2022 05:15:54 GMT

GET
H2 200 branch-latest.min.js Show response
cdn.branch.io/ 72 KB
22 KB 48ms
8ms Script
text/javascript 108.138.17.81
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.branch.io/branch-latest.min.js
Requested by: Host: tw.xrex.io
URL: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc?gi=11191123842
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.17.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-17-81.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 83cad37f70113f7b8bbb98c2ef8ee949f9a611e402e55ee826aef65130f2ef77

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

x-amz-version-id: LzwY9oP1_KD6QZAz0SCDQRP53VCVCZV0
content-encoding: gzip
via: 1.1 9672a97668a5842cedcfaee3e743019e.cloudfront.net (CloudFront)
date: Mon, 28 Nov 2022 04:39:08 GMT
last-modified: Thu, 17 Nov 2022 20:07:47 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P7
age: 189
etag: "2a6320386437cc44ae1713f25f6ea30b"
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: max-age=300
content-length: 22048
x-amz-cf-id: iDP75uVQKtozpW3RIMPNjxEUeoHJb66GrenbxvOc4MwaLCpJ13nPrA==

GET
H2 200 _r Show response
app.link/ 91 B
591 B 192ms
162ms Script
text/javascript 2600:9000:20eb:7800:19:9934:6a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.link/_r?sdk=web2.71.0&branch_key=key_live_ofxXr2qTrrU9NqURK8ZwEhknBxiI6KBm&callback=branch_callback__0

Requested by

Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20eb:7800:19:9934:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

openresty /

Resource Hash

1a2c2f71ab617b33e35fe728235b0d0cde6d08554686ca116820174e208f4c67

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
via: 1.1 41f60102fc29156bc5001d6646f75c02.cloudfront.net (CloudFront)
server: openresty
x-amz-cf-pop: FRA2-C1
etag: W/"5b-mESGNrEPf5m0ergIs4FyvgShlwM"
x-cache: Miss from cloudfront
content-type: text/javascript; charset=utf-8
content-length: 91
x-amz-cf-id: Einv61VZ63DnXp5DLOBJhE4wihRS7kmR59yJQ8-athm79Lcr677nUA==

POST
H3 200 graphql Show response
tw.xrex.io/_/ 82 B
537 B 195ms
194ms Fetch
application/json 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tw.xrex.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3034.5bf7db30.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8a72763dcbf2b466a3d8c9eb19659dc07a400e429af5cfbe35af431f485e28d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 75a02b33e19e080c
medium-frontend-path: /doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
graphql-operation: ClapCountQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
medium-frontend-app: lite/main-20221125-221030-fa50693f12
apollographql-client-version: main-20221125-221030-fa50693f12
ot-tracer-spanid: 487b815d72026f8f

Response headers

date: Mon, 28 Nov 2022 04:41:58 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 31
server-timing: cf-q-config;dur=5.9999874792993e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"52-e/4Cs4jsB7zGC1eQF6al7xyjKRU"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20221124-190537-b538f35fba, rito/main-20221125-145949-d82dc40c19
cf-ray: 77106f2d8bab90b5-FRA
x-request-received-at: 1669610518749

GET
H3 200 1*LagkZVOWSkjAJuzVJI6zSA.jpeg
miro.medium.com/fit/c/20/20/ 1 KB
1 KB 27ms
26ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*LagkZVOWSkjAJuzVJI6zSA.jpeg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99034ec9c9d1e442ecc5b50cca56a3c70a426cb08b7f71b7af6f2fc9b5b5df26

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:58 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 88164
x-envoy-upstream-service-time: 127
server-timing: cf-q-config;dur=4.9999798648059e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1032
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20221013-221357-a07bc57c32
accept-ranges: bytes
cf-ray: 77106f2e2ae7bbfb-FRA
expires: Wed, 28 Dec 2022 04:41:58 GMT

GET
H3 200 1*2IjWavPYnLqdEHOkQ-w_QQ.jpeg
miro.medium.com/focal/56/56/50/50/ 2 KB
2 KB 31ms
30ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/1*2IjWavPYnLqdEHOkQ-w_QQ.jpeg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f130b6d3579a39a22311ea9b10c037f6fb0c7b68d9a438ecf4587373270c9e65

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:58 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 369806
x-envoy-upstream-service-time: 82
server-timing: cf-q-config;dur=5.9999874792993e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1884
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220930-203142-057a4d4bc6
accept-ranges: bytes
cf-ray: 77106f2e2aeabbfb-FRA
expires: Wed, 28 Dec 2022 04:41:58 GMT

GET
H3 200 1*n7FgM6BXvvmNsSCrI4zSYQ.jpeg
miro.medium.com/fit/c/20/20/ 1 KB
1 KB 19ms
18ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*n7FgM6BXvvmNsSCrI4zSYQ.jpeg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

edc4e551ac059d5491686edb71101da891ea4fd72ab8a3ebd1c2b35ea5d27acf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:58 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 4843
x-envoy-upstream-service-time: 57
server-timing: cf-q-config;dur=6.0000165831298e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1094
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220525-094934-61c2d29c30
accept-ranges: bytes
cf-ray: 77106f2e2aedbbfb-FRA
expires: Wed, 28 Dec 2022 04:41:58 GMT

GET
H3 200 1*ZoV6Swruo3ZXre_wbqfzYw.jpeg
miro.medium.com/focal/56/56/50/50/ 3 KB
3 KB 30ms
29ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/1*ZoV6Swruo3ZXre_wbqfzYw.jpeg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dada9f11f6c29f52c2d124719aca129ad6693d575073ba9c60fa226c47131ed9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:58 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 583936
x-envoy-upstream-service-time: 3384
server-timing: cf-q-config;dur=6.0000165831298e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2738
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20221110-232540-7dbbb888f8
accept-ranges: bytes
cf-ray: 77106f2e2aeebbfb-FRA
expires: Wed, 28 Dec 2022 04:41:58 GMT

GET
H3 200 1*pznXubgWImCX6XqwLywW1w.jpeg
miro.medium.com/fit/c/20/20/ 1 KB
1 KB 29ms
28ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*pznXubgWImCX6XqwLywW1w.jpeg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f5889fdf1c6cb0ce08b8d96f2e3420ef0962d373585e55e5a099a1746734625

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:58 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 74171
x-envoy-upstream-service-time: 40
server-timing: cf-q-config;dur=8.000002708286e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1086
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220303-000533-8c0cdff0ab
accept-ranges: bytes
cf-ray: 77106f2e2aefbbfb-FRA
expires: Wed, 28 Dec 2022 04:41:58 GMT

GET
H3 200 1*G-5GPLepmhmpR1DByEpG3g.jpeg
miro.medium.com/focal/56/56/50/50/ 2 KB
3 KB 28ms
27ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/1*G-5GPLepmhmpR1DByEpG3g.jpeg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a86d9ce1dc4802dd0cfba6e34a63338b6b17b53059baeaf650c9308845cabc3e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:58 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 74171
x-envoy-upstream-service-time: 28
server-timing: cf-q-config;dur=5.0000089686364e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2353
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20221110-232540-7dbbb888f8
accept-ranges: bytes
cf-ray: 77106f2e2af1bbfb-FRA
expires: Wed, 28 Dec 2022 04:41:58 GMT

GET
H3 200 1*kWY_1ycAucK76sGxZ23bHA.jpeg
miro.medium.com/fit/c/20/20/ 963 B
1 KB 27ms
26ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*kWY_1ycAucK76sGxZ23bHA.jpeg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b202597503ee1131db25d5adbc6bfcdde7b81de590d20532464ba71a7d63db97

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:58 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 116520
x-envoy-upstream-service-time: 39
server-timing: cf-q-config;dur=5.9999874792993e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 963
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 77106f2e2af2bbfb-FRA
expires: Wed, 28 Dec 2022 04:41:58 GMT

GET
H3 200 1*Wi9ToWPgaHoAYI0KlLgrmA.png
miro.medium.com/focal/56/56/50/50/ 2 KB
2 KB 27ms
26ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/1*Wi9ToWPgaHoAYI0KlLgrmA.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bdafffd8a3dbb29d74aac776aa768cedb3fc604a9f15a6b59ee190d99b121af1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:58 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 425950
x-envoy-upstream-service-time: 31
server-timing: cf-q-config;dur=5.9999874792993e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2177
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20221110-002248-0f8074516d
accept-ranges: bytes
cf-ray: 77106f2e2af3bbfb-FRA
expires: Wed, 28 Dec 2022 04:41:58 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 133ms
52ms XHR
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&a=80685949&t=pageview&_s=1&dl=https%3A%2F%2Ftw.xrex.io%2Fdoppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc&ul=en-us&de=UTF-8&dt=%E4%BB%81%E5%AF%B6%E7%96%91%E4%B8%AD%E5%8B%92%E7%B4%A2%E7%97%85%E6%AF%92%E6%A1%88%EF%BC%8C%E8%B4%96%E9%87%91%E9%8C%A2%E5%8C%85%E4%BB%8A%E5%AD%98%E5%85%A5%E7%B4%841500%E8%90%AC%E5%8F%B0%E5%B9%A3%E3%80%8211%E6%9C%889%E6%97%A5%EF%BC%8C%E4%BB%81%E5%AF%B6%E5%82%B3%E9%81%AD%E5%8B%92%E7%B4%A2%E8%BB%9F%E9%AB%94%E6%94%BB%E6%93%8A%EF%BC%8C%E4%BD%86%E4%BB%81%E5%AF%B6%E5%90%A6%E8%AA%8D%E3%80%82%7C%20XREX%20Wayne%20%7C%20XREX%20%E5%8F%B0%E7%81%A3&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=360902869&gjid=278478340&cid=1170980406.1669610519&tid=UA-24232453-2&_gid=2136818969.1669610519&_r=1&_slc=1&z=329759119

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3034.5bf7db30.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 28 Nov 2022 04:41:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://tw.xrex.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 1*cOGlZC1CUrr5py2OSNiLJQ.jpeg
miro.medium.com/fit/c/24/24/ 949 B
1 KB 176ms
175ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/24/24/1*cOGlZC1CUrr5py2OSNiLJQ.jpeg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d1ee2d4b8859ec27a5384f48d92bca059584900826a8312a41e840a372c01295

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:59 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-envoy-upstream-service-time: 48
server-timing: cf-q-config;dur=1.4999997802079e-05
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 949
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20221122-003601-db8b653b35
accept-ranges: bytes
cf-ray: 77106f2f2c44bbfb-FRA
expires: Wed, 28 Dec 2022 04:41:59 GMT

GET
H3 200 1*HncxC4DghjGazDT9otOrQQ.png
miro.medium.com/fit/c/112/112/ 16 KB
16 KB 170ms
168ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/112/112/1*HncxC4DghjGazDT9otOrQQ.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e4327a08b59e55cb5f5f1a00c62da1323fd1ebacf599f9a8b271dddd6427f40

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:59 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-envoy-upstream-service-time: 44
server-timing: cf-q-config;dur=4.9999798648059e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 16191
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20221122-003601-db8b653b35
accept-ranges: bytes
cf-ray: 77106f2f3c4abbfb-FRA
expires: Wed, 28 Dec 2022 04:41:59 GMT

GET
H3 200 1*owp9BjTj_8eS793m3ULXqA.png
miro.medium.com/fit/c/112/112/ 16 KB
17 KB 171ms
169ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/112/112/1*owp9BjTj_8eS793m3ULXqA.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c8e6daa1d1963c9900ef5f168ed82e76349463d4e34ec50bacf698b2536e2abe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Mon, 28 Nov 2022 04:41:59 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-envoy-upstream-service-time: 44
server-timing: cf-q-config;dur=6.9999950937927e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 16688
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20221122-003601-db8b653b35
accept-ranges: bytes
cf-ray: 77106f2f3c4bbbfb-FRA
expires: Wed, 28 Dec 2022 04:41:59 GMT

POST
H2 200 open Show response
api2.branch.io/v1/ 316 B
675 B 188ms
164ms XHR
application/json 2600:9000:206f:c600:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/open

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3034.5bf7db30.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:206f:c600:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

1a258c604c550183200bd71e72b0ff6bea69fb47e302f2ec9582b31c800aa6ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 28 Nov 2022 04:41:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 c4a2e8b9ec0bdec016055cf127d5dad8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache
x-branch-request-id: 03d0cf2899504c9a8bee3ae6e543e364-2022112804
content-length: 316
x-amz-cf-id: iYHKekIpMP1D_249DVuTk2hDdFd93o9QgxZs6R4iejicVY76P9SgFg==

POST
H2 200 profile Show response
api2.branch.io/v1/ 183 B
612 B 170ms
170ms XHR
application/json 2600:9000:206f:c600:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/profile

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3034.5bf7db30.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:206f:c600:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ Express

Resource Hash

2fb8d991e464a4e94accbadfea12d0542ba4f4c76df659ddb72065ca9a5a36d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 28 Nov 2022 04:41:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
via: 1.1 c4a2e8b9ec0bdec016055cf127d5dad8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
etag: W/"b7-CSd8rT2U2Y1JY+CtHrEkx4tl3lw"
x-powered-by: Express
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: 26e36f1706dd447ca451240e0872ab00-2022112804
content-length: 183
x-amz-cf-id: 1WzKe37kWwIWTI30mowBaajpe_SWU20lTTALdCLbQf3tZSuGZQSuqg==

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
433 B 193ms
193ms XHR
application/json 2600:9000:206f:c600:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/pageview

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3034.5bf7db30.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:206f:c600:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ Express

Resource Hash

a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 28 Nov 2022 04:41:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 c4a2e8b9ec0bdec016055cf127d5dad8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: 7d7e9b4510db420daa6698135a33b748-2022112804
content-length: 28
x-amz-cf-id: UdsAhqlV0nnFn1LmadrNGLVV-YOVvncpLoiceRVh5KJ7WaquFbp8fQ==

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
433 B 175ms
175ms XHR
application/json 2600:9000:206f:c600:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/pageview

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3034.5bf7db30.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:206f:c600:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ Express

Resource Hash

a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 28 Nov 2022 04:41:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 c4a2e8b9ec0bdec016055cf127d5dad8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: c30754c9f2d745f0a7401e8148ce0c72-2022112804
content-length: 28
x-amz-cf-id: oEOafsTE0YC6NM_8Ep6IetFguXHBTJ2-5ylurvIrUC1y6b3XygHSqg==

POST
H3 200 oh-noes
tw.xrex.io/_/ 101 B
0 168ms
167ms Fetch
application/json 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tw.xrex.io/_/oh-noes

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.594130a9.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Medium

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src https://localhost https://.instapaper.com https://.stripe.com https://glyph.medium.com https://.paypal.com https://.braintree-api.com https://.braintreegateway.com https://accounts.google.com https://getpocket.com https://tw.xrex.io https://.tw.xrex.io https://.medium.com https://medium.com https://.medium.com https://.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://.branch.io 'self'; font-src data: https://.amazonaws.com https://.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
x-xsrf-token: 1
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
content-type: application/json

Response headers

date: Mon, 28 Nov 2022 04:42:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
content-security-policy: default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://tw.xrex.io https://*.tw.xrex.io https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
x-powered-by: Medium
x-obvious-info: 20221125-1456-root,13c16229
x-envoy-upstream-service-time: 32
server-timing: cf-q-config;dur=8.000002708286e-06
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge, Chrome=1
pragma: no-cache
x-obvious-tid: 1669610522667:eaeebb2df0e6
server: cloudflare
worker-missing-cookies: 0
x-frame-options: sameorigin
content-type: application/json; charset=utf-8
vary: Accept-Encoding
cache-control: no-cache, no-store, max-age=0, must-revalidate
medium-fulfilled-by: edgy/8.3.0, valencia/main-20221124-190537-b538f35fba
cf-ray: 77106f462b4b90b5-FRA
link: <https://medium.com/humans.txt>; rel="humans"
x-opentracing: {"ot-tracer-spanid":"7031f6e672db19fa","ot-tracer-traceid":"238bab54a3921a21","ot-tracer-sampled":"true"}
expires: Thu, 09 Sep 1999 09:09:09 GMT

POST
H3 200 batch Show response
tw.xrex.io/_/ 17 B
334 B 301ms
300ms Fetch
application/json 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tw.xrex.io/_/batch

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.594130a9.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tw.xrex.io/doppelpaymer-compal-ransomware-crypto-aml-xrex-ciphertrace-bitcoin-e0315e485fc
x-xsrf-token: 1
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
content-type: application/json

Response headers

date: Mon, 28 Nov 2022 04:42:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json
medium-fulfilled-by: edgy/8.3.0, valencia/main-20221124-190537-b538f35fba
x-envoy-upstream-service-time: 161
server-timing: cf-q-config;dur=6.0000165831298e-06
cf-ray: 77106f462b5690b5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 17

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.tw.xrex.io/	1969-12-31 23:59:59	Name: __cfruid Value: 1db4af9e22853de36d8b755bf24a260b347fcec8-1669610515
.medium.com/	1970-01-20 16:32:26	Name: sid Value: 1:VvciG/3Nb8CIjOEW+bOFo2i3VQUiahpsr3AMn9i8+gkD5fqYgrV97r8tl9+k4mzl
.medium.com/	1970-01-20 16:32:26	Name: uid Value: lo_69125cb63721
.medium.com/	1969-12-31 23:59:59	Name: __cfruid Value: 530a84d7deaca2a45c619608d8f54303bdad4f85-1669610515
tw.xrex.io/	1970-01-20 16:32:26	Name: uid Value: lo_69125cb63721
tw.xrex.io/	1970-01-20 16:32:26	Name: sid Value: 1:rBG8cwG/48W/Q0LtXGH84tWyXmFREn7GBGWT6gwRPwLnEKlhGM8W8xPcOPHt2RVo
tw.xrex.io/	1970-01-20 07:46:51	Name: _dd_s Value: rum=0&expire=1669611417617
.app.link/	1970-01-20 16:32:26	Name: _s Value: zzzpPcgGrASSbGLNbdGtR3Hrf3ruUphg5EAEOj%2FemzP6R8vCalWiyS3CvWjDOJkr
.xrex.io/	1970-01-20 17:22:50	Name: _ga Value: GA1.2.1170980406.1669610519
.xrex.io/	1970-01-20 07:48:16	Name: _gid Value: GA1.2.2136818969.1669610519
.xrex.io/	1970-01-20 07:46:50	Name: _gat Value: 1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' https://medium.com
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api2.branch.io
app.link
browser-http-intake.logs.datadoghq.com
cdn-client.medium.com
cdn.branch.io
glyph.medium.com
medium.com
miro.medium.com
static.cloudflareinsights.com
tw.xrex.io
www.google-analytics.com
108.138.17.81
162.159.153.4
2600:1f18:24e6:b901:8f0f:876c:e559:f529
2600:9000:206f:c600:11:f728:3040:93a1
2600:9000:20eb:7800:19:9934:6a80:93a1
2606:4700:7::a29f:9804
2606:4700:7::a29f:9904
2606:4700::6810:3865
2a00:1450:4001:82b::200e
008b735b5e27e2ddea50ac42eeaef63fae74d969ff15e3144c7b9f7c927baffd
020cd8f8d0924d2122db07b848a8bd3217502a2cac01ab2349d71d6b8efce2eb
02737ef7d93dfdec1c19a4825329b4eeb3a84c35fb8b93587affc608734eaf3b
02e9e1939e214dfa38c8eab94afca48043e7f00c46e95908662548a7d19819e1
0674fbea6c380f6013035d134356b78efbf1154c1f9230e696d4a506073897d9
07b60df462e09543e3ad6724353944aa5826afd5b38388a383aebcdb9f0b4863
08d8377aacac4a618dee062500ceab645094820a3470a0db2a98bb1fc74d6f9c
0a35a1e3c3a7b45a11ff5dd6a07dab7680a4966f449c5cdb7cfeb476d8b424ed
0c4e595378a4c2585a1eb91b7f65ed0526940ed8fd37a31810cd1e2eb2920b12
0f48c5678ce459a596423b0e55344e7ad8eb3d3b1b27c54cd76a9d4cee7dd6c3
16bc64e283626db91df5a8defe54030f24e31c44589f7adb103bfba48f21ccfd
16e3dcd75e1daaf10976ad4429c5ce4beea593fa261186e45d6434626480d783
1a258c604c550183200bd71e72b0ff6bea69fb47e302f2ec9582b31c800aa6ac
1a2c2f71ab617b33e35fe728235b0d0cde6d08554686ca116820174e208f4c67
1ca820b9aa7681184130d09157ea679d1d31390bee2af294c088f6dcaa24923b
236a3b0cf63b069b7fac35f2fee86294e148a9f283878efe204c79781a1da427
26d00b9cfa224dc6051d141d3affc084c8c1b05c996bdad37f9306cc872cce65
274df013dff439e09b69915ff7ce156d9dd9d185c200d9dd5bf7e16ccdac91cb
2763cc2e25670dcad7a13d97d6259d25001a58048747af652ec02047dd281e2d
293cb36ca1c002f569bcbce51360a20745ce87b2e515be849d83d5269d7d2174
2a2441a15316fb5cd528ec95311d31660cb45c9d530bde5e2d04db4c91d51a70
2fb8d991e464a4e94accbadfea12d0542ba4f4c76df659ddb72065ca9a5a36d7
33b3315b3529cf5a3c513032bf5d44c311d52f0ba8356ebf5b220656d405f120
37359d2c6eb82ca5b4a6c0567aa5d0d22d0d4d85a9aa5950490f330253795d44
39bd6c9b67b1ec40abe0ff0c01626d34fb0029a7419b30df3903eee71e974f8f
39cff80b0a8477a4dcae2e7fd75c2a4b36214e9ae0c32cef390371f03355362c
3bbe50ac7cc6cac42792dca94f357c04f3639a85114c6210c3266f9322f7d350
3d85efd0decd34dd9ac9febc273792e117aa841f658fca364ea0b592f806d469
3e4327a08b59e55cb5f5f1a00c62da1323fd1ebacf599f9a8b271dddd6427f40
3e791eab5353305b0759468002527abbd57394578f316c23fbe6e4d328eb4cc9
3e7e1a8566d21a3b245083d5ae6a14b6a334ce0e77b7ebc8a24ecb38b2c56ba5
3fe1086c9071386e664fa4394b17a001c3ae16501d07184acf670fcb5c25c629
41b8c750933df03e0beb11e1e362c1fd918eca7536d5480fb1dc74e58a93a19e
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
46406595abdf5b050b86bef20faf1365e6af15d614d7985573e7df98f11e317c
47200aa27f038215a62c8a307ddb66f4ecccd30b5a6a99d5fa549ff332c83cd9
4a96cae42b1009fa744e6e9d4149f69da1ad14892d80a57ca04f6b0e3f1d9e46
4e8c5141a45860f1cf10629c45600c1c98754d05e3254d586950d9ec0f060b14
4f5889fdf1c6cb0ce08b8d96f2e3420ef0962d373585e55e5a099a1746734625
5659e980e902322be27f735dff044b9812176c61cbbfcae852ef4ece7b15a32f
56c55ff45ed7801af8e89a44254e6c4304308d3bb0730377a99fc95958d08d31
5b10679da501e35dcd0458c7efbdd56d75dc37d9b106b4c64e7161d91ac191e7
5c6d4d20316319f207dadedd33bb015f293934f7abbdbd3cb482dd11a6b66d03
5ff96bebf1979e570cc54f5811740b5d0c57c91dc8e29adf751855b8b0643587
601f0395312c80eca646294da8644382a9187a1ba327cd2e61afeaebf72d404c
61d88768bfa8f0a61054d85a6edb9f5674a18d65ffd010914f23b2ff8a29ed5d
65f0c65b5db3aa0568c7986479a4a3e909a05a84fb34ced48d70a2d628dd1444
69f3de8ac047d9cb332fd141163b53a385e8f1ef33ac97bc36f7b2adcebe3665
6afbb1b620710017f09f1fd6e9428d21cd2ec869f7cd98f80b09181540ab740d
6d932c054afc5092c8fcc912d6ad92e71184653e6c13b07581306b005d739dd3
7202adacdd49efe46b3c2aadf5c6214e0939967e13df394b9bca3d9544e38dfe
7629cd255f8951b3c3dfcbff6856fad272f902cccfe2278b10c10e437401cf35
7684af0eaf8bb3c4caf740ad39e27a0020f2c196d63ccc2eabc9848e210f4703
78661d3e6871b6e5c37f3113d811cb3dfc69546449e3b2c28095b6e7f28d9a7d
7c8b5a0c598adf72f65dc9c8d0827a1b914574fb0b7ed6db847264f0f305f0ff
80b895a0bf5548fc74dc6fda0ca620f0871551a6203e811cd5dc76b5a6b69541
83cad37f70113f7b8bbb98c2ef8ee949f9a611e402e55ee826aef65130f2ef77
855056fbdac9c7954f2e0cef4b24e0416f1eebb42c8781ddf575fdd76863ea97
89716be7d15a49a6a138a59d2870795274f7308291864a3bd32a57871c89aadc
8a72763dcbf2b466a3d8c9eb19659dc07a400e429af5cfbe35af431f485e28d2
8c3a1f6cce5a398a4577f88e6984b1182d7f5899e37d92043673f57b65c41714
8e4ae9711d250d82f39630e17a504b0181b18c83c512f5a83d80d169d4cce4a3
932972f4173baf8ce0e9a3527f5ede4a2d5334e1e03433ffd93ef8fbf458c291
955c47ee44b0feca62780cf5cb5aaba68e9fe3a04677da7795a333c19bc572e8
961f2b3e92eba06b032c090511ab8fb8b65ff7f0b471c7bd22817061288f8368
99034ec9c9d1e442ecc5b50cca56a3c70a426cb08b7f71b7af6f2fc9b5b5df26
9ed76cfe62861007eee5b0ef44f3bd185ce3b60f0b9ead0b91ab62af01e9efa4
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a2cfff7f9e5ae872a94184b0fc2a35af5c0c1687ba0099349708d02972ba0e1e
a4d35c7a9d627398567e75636b5a070fda249db29eac7b19bdd8077a43468887
a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb
a86d9ce1dc4802dd0cfba6e34a63338b6b17b53059baeaf650c9308845cabc3e
aa2dcb49178e613d7c504bf451d47354109e9dbd3cf5ad3c9e87896005398878
adaa3c4ae5291d81b0e20d43a8510788e6f844d646ecc680027a4e14168faf88
b0bb60d88b2542c309808da080e6c3bfe7c4c3ff03e679ab29a4394c00a11c4f
b0f424bafe993b016ea96973894f95dfc4290608478a2d7d3fdd080d9b0a60d1
b202597503ee1131db25d5adbc6bfcdde7b81de590d20532464ba71a7d63db97
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
bccaab228d8683e2292c683c73b54ab145855b33f5bce0884b4b15c5fe1fcb14
bdafffd8a3dbb29d74aac776aa768cedb3fc604a9f15a6b59ee190d99b121af1
be18a208d4e5e0c3f3343588333535ac1efad32afa983e2ce0d6c42a80fff5d3
be315126edf7056fa1fbcd85cb2eb1f1912ca76d0951118c4b61030f9c6f90a4
c8e6daa1d1963c9900ef5f168ed82e76349463d4e34ec50bacf698b2536e2abe
ca2b6c294049540bb3cf90a4425ee46c65a114fba4d1a91b0c76b644b95e4d2f
cc6113c3869738a8a1291e62775ba7ac6fcec4a176301e3d3c07a7767a338fd9
d100a6a4103fc5ea16a4678108808f09bded12fa36472deeaae8c12fbc0a6006
d1ee2d4b8859ec27a5384f48d92bca059584900826a8312a41e840a372c01295
d57ad57efc89382d56af60a4fb2bb13a80fdaf2a83df810cf3968722596ad912
d5d7947aa3e6131478a97f06e72913cb7b9e19161e03502ad1de3eb67f447213
dada9f11f6c29f52c2d124719aca129ad6693d575073ba9c60fa226c47131ed9
dc3bdd29c56ec82f7f192a18193d47f93dc2c4ae6096a69d1158e9f1460a5a11
dd88416b57f4b840e75795ee5730075d21357e1e4b63f74acca6a72998335869
e26683486bcc3dd84443ea62d9467fbe25bfb195f54c938c708d2d72e7bd7f8f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e53ebfbcc9c25748543c93340d2eb361c3fae51ae63261e01e54758703593afc
edc4e551ac059d5491686edb71101da891ea4fd72ab8a3ebd1c2b35ea5d27acf
f069f936f8d1edbaf89f867d74e407e09c2422daab733f23fc7d1a98c4e612ca
f130b6d3579a39a22311ea9b10c037f6fb0c7b68d9a438ecf4587373270c9e65
f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
f8208ed3f5800f2f02cc71aaf1aa172cc36366ac6b668675b5b37fe7181db33e
f8a9419c6b434d633e2728c97782267bc1936722c8deacc8a7ecd76949dbcc15

tw.xrex.io Open in urlscan Pro 162.159.153.4 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

111 Requests

100 %HTTPS

78 %IPv6

7 Domains

11 Subdomains

9 IPs

3 Countries

1884 kBTransfer

4013 kBSize

11 Cookies

81 Outgoing links

Page URL History

Redirected requests

111 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

tw.xrex.io Open in urlscan Pro
162.159.153.4 Public Scan

Screenshot
Live screenshot

Full Image

111
Requests

100 %
HTTPS

78 %
IPv6

7
Domains

11
Subdomains

9
IPs

3
Countries

1884 kB
Transfer

4013 kB
Size

11
Cookies

111 HTTP transactions
0 data transactions