blog.delivr.to Open in urlscan Pro
162.159.152.4 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?utm_source=The%2BInQu...
Effective URL:
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_c...
Submission Tags: falconsandbox
Submission: On May 01 via api (May 1st 2023, 5:10:14 am UTC) from US — Scanned from DE

Summary HTTP 121 Redirects Links 99 Behaviour Indicators

Summary

This website contacted 9 IPs in 3 countries across 6 domains to perform 121 HTTP transactions. The main IP is 162.159.152.4, located in and belongs to CLOUDFLARENET, US. The main domain is blog.delivr.to.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on December 5th 2022. Valid for: a year.

This is the only time blog.delivr.to was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 20	162.159.152.4 162.159.152.4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 80	2606:4700:7::... 2606:4700:7::a29f:9904	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:3865	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	2606:4700:7::... 2606:4700:7::a29f:9804	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:82f::200e	15169 (GOOGLE) (GOOGLE)
1	108.138.17.45 108.138.17.45	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:239... 2600:9000:2396:9a00:19:9934:6a80:93a1	16509 (AMAZON-02) (AMAZON-02)
4	2600:9000:249... 2600:9000:2491:8600:11:f728:3040:93a1	16509 (AMAZON-02) (AMAZON-02)
121	9

20 162.159.152.4 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

blog.delivr.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

80 2606:4700:7::a29f:9904 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
glyph.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
miro.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-client.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:3865 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2606:4700:7::a29f:9804 (United States)

ASN13335 (CLOUDFLARENET, US)

glyph.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.17.45 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-17-45.fra56.r.cloudfront.net

cdn.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2396:9a00:19:9934:6a80:93a1 (United States)

ASN16509 (AMAZON-02, US)

app.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:2491:8600:11:f728:3040:93a1 (United States)

ASN16509 (AMAZON-02, US)

api2.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
90	medium.com 1 redirects medium.com — Cisco Umbrella Rank: 13000 glyph.medium.com — Cisco Umbrella Rank: 32913 miro.medium.com — Cisco Umbrella Rank: 24012 cdn-client.medium.com — Cisco Umbrella Rank: 34157	1 MB
20	delivr.to 1 redirects blog.delivr.to	105 KB
5	branch.io cdn.branch.io — Cisco Umbrella Rank: 783 api2.branch.io — Cisco Umbrella Rank: 514	24 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 91	21 KB
1	app.link app.link — Cisco Umbrella Rank: 2772	636 B
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1274	7 KB
121	6

	Domain	Requested by
53	cdn-client.medium.com	blog.delivr.to cdn-client.medium.com
25	miro.medium.com	blog.delivr.to cdn-client.medium.com
20	blog.delivr.to	1 redirects cdn-client.medium.com
11	glyph.medium.com	blog.delivr.to glyph.medium.com
4	api2.branch.io	cdn-client.medium.com
2	www.google-analytics.com	blog.delivr.to cdn-client.medium.com
1	app.link	cdn.branch.io
1	cdn.branch.io	blog.delivr.to
1	static.cloudflareinsights.com	blog.delivr.to
1	medium.com	1 redirects
121	10

This site contains links to these domains. Also see Links.

Domain
rsci.app.link
medium.com
any.run
delivr.to
app.any.run
www.trustwave.com
outflank.nl
www.outflank.nl
twitter.com
bitofhex.com
files.delivrto.me
playground.sublimesecurity.com
gchq.github.io
www.microsoft.com
developer.mozilla.org
github.com
sublimesecurity.com
www.linkedin.com
gist.github.com
atos.net
blog.talosintelligence.com
micahbabinski.medium.com
help.medium.com
policy.medium.com
itunes.apple.com
play.google.com
adamgoss.medium.com
markernest.medium.com
medium.statuspage.io
about.medium.com
blog.medium.com
speechify.com

Subject Issuer	Validity	Valid
blog.delivr.to Cloudflare Inc ECC CA-3	`2022-12-05` - `2023-12-04`	a year	crt.sh
medium.com Cloudflare Inc ECC CA-3	`2023-04-22` - `2023-07-21`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-04-10` - `2024-04-09`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.branch.io Amazon RSA 2048 M01	`2023-02-21` - `2023-11-09`	9 months	crt.sh
appipv4.link Amazon RSA 2048 M02	`2023-04-25` - `2024-05-23`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Frame ID: B5DE48B7134B5553DB46829E557DF5C4
Requests: 121 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

HTML Smuggling: Recent observations of threat actor techniques | by delivr.to | Medium

Page URL History Show full URLs

https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?u... HTTP 307
https://medium.com/m/global-identity-2?redirectUrl=https%3A%2F%2Fblog.delivr.to%2Fhtml-smugglin... HTTP 307
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?g... Page URL

Detected technologies

Medium (Blogs) Expand

Overall confidence: 100%
Detected patterns

medium\.com

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Page Statistics

121
Requests

97 %
HTTPS

75 %
IPv6

6
Domains

10
Subdomains

9
IPs

3
Countries

1232 kB
Transfer

3508 kB
Size

11
Cookies

99 Outgoing links

These are links going to different origins than the main page.

URL: https://rsci.app.link/?%24canonical_url=https%3A%2F%2Fmedium.com%2Fp%2F74501d5c8a06&%7Efeature=LoOpenInAppButton&%7Echannel=ShowPostUnderUser&source=---two_column_layout_nav----------------------------------
Title: Open in app

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fblog.delivr.to%2Fhtml-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06&source=post_page---two_column_layout_nav-----------------------global_nav-----------
Title: Sign up

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fblog.delivr.to%2Fhtml-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06&source=post_page---two_column_layout_nav-----------------------global_nav-----------
Title: Sign In

Search URL Search Domain Scan URL

URL: https://medium.com/?source=---two_column_layout_nav----------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fnew-story&source=---two_column_layout_nav-----------------------new_post_sidenav-----------
Title: Write

Search URL Search Domain Scan URL

URL: https://medium.com/search?source=---two_column_layout_nav----------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fuser%2F1242be189bc&operation=register&redirect=https%3A%2F%2Fblog.delivr.to%2Fhtml-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06&user=delivr.to&userId=1242be189bc&source=post_page-1242be189bc----74501d5c8a06---------------------follow_byline-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2Fplans%3Fdimension%3Dpost_audio_button%26postId%3D74501d5c8a06&operation=register&redirect=https%3A%2F%2Fblog.delivr.to%2Fhtml-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06&source=-----74501d5c8a06---------------------post_audio_button-----------
Title: Listen

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F74501d5c8a06&operation=register&redirect=https%3A%2F%2Fblog.delivr.to%2Fhtml-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06&source=--------------------------bookmark_header-----------

Search URL Search Domain Scan URL

URL: https://any.run/
Title: ANY.RUN

Search URL Search Domain Scan URL

URL: https://delivr.to/
Title: delivr.to

Search URL Search Domain Scan URL

URL: https://delivr.to/payloads?id=0e04949a-24f3-4acd-b77c-bbffc4cb3cb9
Title: here

Search URL Search Domain Scan URL

URL: https://app.any.run/tasks/ebc7365c-272e-4d13-978a-2b730e6a1493/
Title: Overdue#8500.html (MD5: 01D7ECF62BE2C81BD134AF488478E00B) - Interactive analysis - ANY.RUNInteractive malware hunting service. Live testing of most type of threats in any environments. No installation and no…app.any.run

Search URL Search Domain Scan URL

URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/html-file-attachments-still-a-threat/
Title: Others

Search URL Search Domain Scan URL

URL: https://outflank.nl/blog/2018/08/14/html-smuggling-explained/
Title: blog

Search URL Search Domain Scan URL

URL: https://www.outflank.nl/demo/html_smuggling.html
Title: here

Search URL Search Domain Scan URL

URL: https://twitter.com/JohnLaTwC/status/1096550619794395136
Title: relatively trivial

Search URL Search Domain Scan URL

URL: https://bitofhex.com/2019/02/19/base64-encoded-signatures/
Title: common file types

Search URL Search Domain Scan URL

URL: https://delivr.to/payloads?id=8ae3dc1d-b025-4133-bbf1-6a4dd5f5e362
Title: here

Search URL Search Domain Scan URL

URL: https://app.any.run/tasks/57bf410f-a669-4ea6-ab91-e78a9b553fe6/
Title: ef43ad2327c74d2ac4343209325b004a15f4f858bb68e871adcca5a320573025.html (MD5…Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no…app.any.run

Search URL Search Domain Scan URL

URL: https://delivr.to/payloads?id=cf6c9867-4358-4b3b-b7eb-3432ac39e71d
Title: here

Search URL Search Domain Scan URL

URL: https://files.delivrto.me/smuggled_reversed_b64_iso.html
Title: here

Search URL Search Domain Scan URL

URL: https://playground.sublimesecurity.com/?id=1c9531ea-f25b-41dc-9aeb-848a211293fb
Title: in the wild

Search URL Search Domain Scan URL

URL: https://gchq.github.io/CyberChef/#recipe=From_Hex('Auto')&input=MHg1MCAweDRi
Title: CyberChef

Search URL Search Domain Scan URL

URL: https://delivr.to/payloads?id=05f28907-ce2e-49e4-87ee-d11545403ca0
Title: here

Search URL Search Domain Scan URL

URL: https://files.delivrto.me/smuggled_hex_string_iso_zip.html
Title: here

Search URL Search Domain Scan URL

URL: https://app.any.run/tasks/e49f70e8-1c9c-470a-a219-97d7ad30aba6/
Title: PO-12-5-2022.html (MD5: 7779D429E7E17385F55B48880F0989CF) - Interactive analysis - ANY.RUNInteractive malware hunting service. Live testing of most type of threats in any environments. No installation and no…app.any.run

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/en-us/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/
Title: blog

Search URL Search Domain Scan URL

URL: https://delivr.to/payloads?id=7dbf0d83-1557-4345-bf67-d18c4256b0c1
Title: here

Search URL Search Domain Scan URL

URL: https://files.delivrto.me/smuggled_xor_zip.html
Title: here

Search URL Search Domain Scan URL

URL: https://app.any.run/tasks/b3dae8a3-e28f-4fa0-9e5f-f0a011990005/
Title: Analysis StatusUpdate 331708 Apr 4.xhtml (MD5: DFC1983C3E7A041BA251B2310B6D1524) No threats…Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no…app.any.run

Search URL Search Domain Scan URL

URL: https://delivr.to/payloads?id=8180fa30-084a-4898-a18d-2acec7881848
Title: here

Search URL Search Domain Scan URL

URL: https://delivr.to/payloads?id=54a90abf-b944-4100-b805-c3c1279825b3
Title: here

Search URL Search Domain Scan URL

URL: https://twitter.com/pr0xylife
Title: @pr0xylife

Search URL Search Domain Scan URL

URL: https://developer.mozilla.org/en-US/docs/Learn/JavaScript/Building_blocks/Events
Title: Event listeners

Search URL Search Domain Scan URL

URL: https://delivr.to/payloads?id=52a32746-f58e-43b5-b041-ce4ec1e84b6f
Title: here

Search URL Search Domain Scan URL

URL: https://files.delivrto.me/smuggled_mousemove_b64_iso.html
Title: here

Search URL Search Domain Scan URL

URL: https://delivr.to/payloads?id=e07847b4-c013-458c-8c9a-6f9d81e96da2
Title: here

Search URL Search Domain Scan URL

URL: https://files.delivrto.me/smuggled_imageload_local_b64_zip.html
Title: here

Search URL Search Domain Scan URL

URL: https://delivr.to/payloads?id=7caa3e98-73b1-40f1-8f13-4abcd4d68bfc
Title: here

Search URL Search Domain Scan URL

URL: https://files.delivrto.me/smuggled_imageload_remote_b64_zip.html
Title: here

Search URL Search Domain Scan URL

URL: https://twitter.com/cyb3rops
Title: Florian Roth

Search URL Search Domain Scan URL

URL: https://github.com/Neo23x0/signature-base/blob/master/yara/mal_qbot_payloads.yar
Title: signature-base/mal_qbot_payloads.yar at master · Neo23x0/signature-baseYou can't perform that action at this time. You signed in with another tab or window. You signed out in another tab or…github.com

Search URL Search Domain Scan URL

URL: https://sublimesecurity.com/
Title: Sublime

Search URL Search Domain Scan URL

URL: https://github.com/sublime-security/sublime-rules/blob/main/detection-rules/attachment_html_smuggling_double_encoded_zip.yml
Title: sublime-rules/attachment_html_smuggling_double_encoded_zip.yml at main ·…Sublime rules for phishing detection, prevention, and threat hunting. …github.com

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/feed/update/urn:li:activity:7014836341960032256
Title: embedding the SVG directly into the HTML

Search URL Search Domain Scan URL

URL: https://delivr.to/payloads?id=ef39f124-6766-491c-a46c-00f2b60aa7a7
Title: here

Search URL Search Domain Scan URL

URL: https://developer.mozilla.org/en-US/docs/Web/API/setTimeout
Title: setTimeout

Search URL Search Domain Scan URL

URL: https://delivr.to/payloads?id=23a26968-4457-4ed7-a04a-a1d2084ae410
Title: here

Search URL Search Domain Scan URL

URL: https://files.delivrto.me/smuggled_hex_string_map_iso_zip.html
Title: here

Search URL Search Domain Scan URL

URL: https://gist.github.com/chrisveness/b28bd30b2b0c03806b0c
Title: AES CTR block cipher

Search URL Search Domain Scan URL

URL: https://delivr.to/payloads?id=1d261011-6de8-49ac-8ed3-3f695c9f4551
Title: here

Search URL Search Domain Scan URL

URL: https://delivr.to/payloads?id=779923e9-a49b-471e-890c-59dd3f688544
Title: here

Search URL Search Domain Scan URL

URL: https://files.delivrto.me/smuggled_aes_iso.html
Title: here

Search URL Search Domain Scan URL

URL: https://atos.net/en/lp/securitydive/phishing-campaign-using-html-smuggling-to-get-your-office365-credentials
Title: https://atos.net/en/lp/securitydive/phishing-campaign-using-html-smuggling-to-get-your-office365-credentials

Search URL Search Domain Scan URL

URL: https://github.com/nccgroup/demiguise
Title: https://github.com/nccgroup/demiguise

Search URL Search Domain Scan URL

URL: https://blog.talosintelligence.com/html-smugglers-turn-to-svg-images/
Title: https://blog.talosintelligence.com/html-smugglers-turn-to-svg-images/

Search URL Search Domain Scan URL

URL: https://micahbabinski.medium.com/html-smuggling-detection-5adefebb6841
Title: https://micahbabinski.medium.com/html-smuggling-detection-5adefebb6841

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/posts/activity-7013900051353657344-IyJC
Title: https://www.linkedin.com/posts/activity-7013900051353657344-IyJC

Search URL Search Domain Scan URL

URL: https://medium.com/tag/email-security?source=post_page-----74501d5c8a06---------------email_security-----------------
Title: Email Security

Search URL Search Domain Scan URL

URL: https://medium.com/tag/purple-team?source=post_page-----74501d5c8a06---------------purple_team-----------------
Title: Purple Team

Search URL Search Domain Scan URL

URL: https://medium.com/tag/malware-analysis?source=post_page-----74501d5c8a06---------------malware_analysis-----------------
Title: Malware Analysis

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fp%2F74501d5c8a06&operation=register&redirect=https%3A%2F%2Fblog.delivr.to%2Fhtml-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06&user=delivr.to&userId=1242be189bc&source=-----74501d5c8a06---------------------clap_footer-----------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fuser%2F1242be189bc%2F74501d5c8a06&operation=register&redirect=https%3A%2F%2Fblog.delivr.to%2Fhtml-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06&user=delivr.to&userId=1242be189bc&source=post_page-1242be189bc----74501d5c8a06---------------------follow_footer-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=%2F_%2Fapi%2Fsubscriptions%2Fnewsletters%2Fd1c4b65cca4f&operation=register&redirect=https%3A%2F%2Fblog.delivr.to%2Fhtml-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06&newsletterV3=1242be189bc&newsletterV3Id=d1c4b65cca4f&user=delivr.to&userId=1242be189bc&source=-----74501d5c8a06---------------------subscribe_user-----------

Search URL Search Domain Scan URL

URL: https://medium.com/tag/email-security?source=author_recirc-----74501d5c8a06---------------email_security-----------------
Title: Email Security

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F7a8840ff5ed5&operation=register&redirect=https%3A%2F%2Fblog.delivr.to%2Fintroducing-delivrto-7a8840ff5ed5&source=-----74501d5c8a06----0-----------------bookmark_preview-----------

Search URL Search Domain Scan URL

URL: https://medium.com/new-story?source=post_page_footer_cta_write-------------------------------------
Title: Write on Medium

Search URL Search Domain Scan URL

URL: https://medium.com/tag/purple-team?source=author_recirc-----74501d5c8a06---------------purple_team-----------------
Title: Purple Team

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F8289a76cb886&operation=register&redirect=https%3A%2F%2Fblog.delivr.to%2Fusing-delivr-to-and-sublime-security-to-bootstrap-your-email-defences-8289a76cb886&source=-----74501d5c8a06----1-----------------bookmark_preview-----------

Search URL Search Domain Scan URL

URL: https://medium.com/?source=post_page-----74501d5c8a06--------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/about?autoplay=1&source=post_page-----74501d5c8a06--------------------------------
Title: About

Search URL Search Domain Scan URL

URL: https://help.medium.com/hc/en-us?source=post_page-----74501d5c8a06--------------------------------
Title: Help

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-terms-of-service-9db0094a1e0f?source=post_page-----74501d5c8a06--------------------------------
Title: Terms

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-privacy-policy-f03bf92035c9?source=post_page-----74501d5c8a06--------------------------------
Title: Privacy

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/app/medium-everyones-stories/id828256236?pt=698524&mt=8&ct=post_page&source=post_page-----74501d5c8a06--------------------------------

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.medium.reader&source=post_page-----74501d5c8a06--------------------------------

Search URL Search Domain Scan URL

URL: http://delivr.to/
Title: delivr.to

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fuser%2F1242be189bc&operation=register&redirect=https%3A%2F%2Fblog.delivr.to%2Fhtml-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06&user=delivr.to&userId=1242be189bc&source=post_page-1242be189bc--two_column_layout_sidebar-----------------------follow_profile-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=%2F_%2Fapi%2Fsubscriptions%2Fnewsletters%2Fd1c4b65cca4f&operation=register&redirect=https%3A%2F%2Fblog.delivr.to%2Fhtml-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06&newsletterV3=1242be189bc&newsletterV3Id=d1c4b65cca4f&user=delivr.to&userId=1242be189bc&source=---two_column_layout_sidebar-----------------------subscribe_user-----------

Search URL Search Domain Scan URL

URL: https://medium.com/@adamdryden?source=read_next_recirc---two_column_layout_sidebar------0---------------------d93526fe_dff5_407b_8bd4_9ce12cca9cf3-------

Search URL Search Domain Scan URL

URL: https://medium.com/@adamdryden/offensive-security-how-to-use-burp-suite-sql-injection-penetration-testing-execution-standard-46dde992e8a9?source=read_next_recirc---two_column_layout_sidebar------0---------------------d93526fe_dff5_407b_8bd4_9ce12cca9cf3-------
Title: Offensive Security: How to Use Burp Suite, SQL Injection, Penetration Testing Execution Standard…

Search URL Search Domain Scan URL

URL: https://adamgoss.medium.com/?source=read_next_recirc---two_column_layout_sidebar------1---------------------d93526fe_dff5_407b_8bd4_9ce12cca9cf3-------

Search URL Search Domain Scan URL

URL: https://adamgoss.medium.com/certified-red-team-operator-crto-review-71ea4edef62a?source=read_next_recirc---two_column_layout_sidebar------1---------------------d93526fe_dff5_407b_8bd4_9ce12cca9cf3-------
Title: Certified Red Team Operator (CRTO) Review

Search URL Search Domain Scan URL

URL: https://medium.com/@adamdryden?source=read_next_recirc---two_column_layout_sidebar------2---------------------d93526fe_dff5_407b_8bd4_9ce12cca9cf3-------

Search URL Search Domain Scan URL

URL: https://medium.com/@adamdryden/how-to-use-tools-like-burp-suite-or-sqlmap-to-craft-malicious-requests-that-inject-code-or-commands-2349f8dca4a2?source=read_next_recirc---two_column_layout_sidebar------2---------------------d93526fe_dff5_407b_8bd4_9ce12cca9cf3-------
Title: How to Use Tools like Burp Suite or sqlmap to Craft Malicious Requests that Inject Code or Commands…

Search URL Search Domain Scan URL

URL: https://markernest.medium.com/?source=read_next_recirc---two_column_layout_sidebar------3---------------------d93526fe_dff5_407b_8bd4_9ce12cca9cf3-------

Search URL Search Domain Scan URL

URL: https://markernest.medium.com/mitre-att-ck-defender-cyber-threat-intelligence-training-leadership-recommendations-review-3f24d22aed57?source=read_next_recirc---two_column_layout_sidebar------3---------------------d93526fe_dff5_407b_8bd4_9ce12cca9cf3-------
Title: MITRE ATT&CK DEFENDER™ Cyber Threat Intelligence Training — Leadership Recommendations & Review

Search URL Search Domain Scan URL

URL: https://help.medium.com/hc/en-us?source=---two_column_layout_sidebar----------------------------------
Title: Help

Search URL Search Domain Scan URL

URL: https://medium.statuspage.io/?source=---two_column_layout_sidebar----------------------------------
Title: Status

Search URL Search Domain Scan URL

URL: https://about.medium.com/creators/?source=---two_column_layout_sidebar----------------------------------
Title: Writers

Search URL Search Domain Scan URL

URL: https://blog.medium.com/?source=---two_column_layout_sidebar----------------------------------
Title: Blog

Search URL Search Domain Scan URL

URL: https://medium.com/jobs-at-medium/work-at-medium-959d1a85284e?source=---two_column_layout_sidebar----------------------------------
Title: Careers

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-privacy-policy-f03bf92035c9?source=---two_column_layout_sidebar----------------------------------
Title: Privacy

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-terms-of-service-9db0094a1e0f?source=---two_column_layout_sidebar----------------------------------
Title: Terms

Search URL Search Domain Scan URL

URL: https://medium.com/about?autoplay=1&source=---two_column_layout_sidebar----------------------------------
Title: About

Search URL Search Domain Scan URL

URL: https://speechify.com/medium?source=---two_column_layout_sidebar----------------------------------
Title: Text to speech

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-privacy-policy-f03bf92035c9
Title: Privacy Policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?utm_source=The%2BInQuest%2BInsider&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D HTTP 307
https://medium.com/m/global-identity-2?redirectUrl=https%3A%2F%2Fblog.delivr.to%2Fhtml-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06%3Futm_campaign%3Dc64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23%26utm_medium%3Demail%26utm_source%3DThe%252BInQuest%252BInsider%26utm_term%3D0_-c64cca00e7-%255BLIST_EMAIL_ID%255D HTTP 307
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

121 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06 Show response
blog.delivr.to/
Redirect Chain

https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?utm_source=The%2BInQuest%2BInsider&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medi...
https://medium.com/m/global-identity-2?redirectUrl=https%3A%2F%2Fblog.delivr.to%2Fhtml-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06%3Futm_campaign%3Dc64cca00e7-EMAIL_CAMPAI...
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source...

325 KB
69 KB

863ms
862ms

Document
text/html

162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

34d8595679bfca62736f65443196d50b1ecd4bc91dc2c166795f70b961cb0bd4

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://medium.com
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache, no-store, max-age=0, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7c0584233a1b2c7b-FRA
content-encoding: gzip
content-security-policy: frame-ancestors 'self' https://medium.com
content-type: text/html; charset=utf-8
date: Mon, 01 May 2023 05:10:07 GMT
medium-fulfilled-by: edgy/8.3.0, valencia/main-20230428-203318-aaad2de49e, lite/main-20230428-203318-aaad2de49e, rito/main-20230428-225134-947047c49c, tutu/main-20230428-171126-272d4798c4
medium-missing-time: 249
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 551
x-request-received-at: 1682917806685

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7c0584224cba39ee-FRA
content-length: 0
content-type: text/plain;charset=UTF-8
date: Mon, 01 May 2023 05:10:06 GMT
location: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
medium-fulfilled-by: edgy/8.3.0, valencia/main-20230428-203318-aaad2de49e
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
worker-missing-cookies: 1
x-content-type-options: nosniff
x-envoy-upstream-service-time: 11

GET
H2 200 unbound.css
glyph.medium.com/css/ 18 KB
1 KB 50ms
35ms Stylesheet
text/css 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/css/unbound.css

Requested by

Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ca2b6c294049540bb3cf90a4425ee46c65a114fba4d1a91b0c76b644b95e4d2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 1525
x-envoy-upstream-service-time: 2404
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=7200
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 7c058428da6739ee-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Mon, 01 May 2023 07:10:07 GMT

GET
H2 200 1*C-oov1hPATgpC9aJkKpm_w.png
miro.medium.com/v2/resize:fit:720/format:webp/ 7 KB
8 KB 47ms
39ms Image
image/webp 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fit:720/format:webp/1*C-oov1hPATgpC9aJkKpm_w.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ca419d293aea6be37299c6d398b7bbff362c7108fd94042dea0f0f3b24fbcf79

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 288933
x-envoy-upstream-service-time: 456
content-disposition: inline; filename="1*C-oov1hPATgpC9aJkKpm_w.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 7582
x-request-id: 32b8ae2d-ad5d-4238-b82b-18378de7918c
sepia-upstream: medium
server: cloudflare
etag: "YXzh1miX4qndlYVobhq_bxorivcuaUlJ2JfvURNm1xU/RIjBiZWEyOGJmNTg0ZjAxMzgyOTBiZDY4OTkwYWE2NmZmIg"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20230425-162607-a984df2d9b
accept-ranges: bytes
cf-ray: 7c058428ca5d39ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 manifest.8d489425.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
6 KB 67ms
54ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/manifest.8d489425.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

18368d07cd53cd2a938e89d068ebb70ab2fac476f7bb58e8586d7d6cbf12cd55

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: mVAPnDyvR43Fih8EiFFIeDfyQX0ZhBLQ
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: B99HCYJCTJ6YMTB2
age: 225049
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: oE4DUS1ZqRQc8aLtmQOsMnlyabFI+mfKIsk787wBy5Wfxs9H7V/KAIpLSn9iTygPUWsMYE8iybX5OBVXemazi8tXtHeAkjTXpnmgh2spK2o=
last-modified: Fri, 28 Apr 2023 12:39:32 GMT
server: cloudflare
etag: W/"9765fe76fc18bf608b33d74318269695"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c058428ea7839ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 8493.12cd6497.js Show response
cdn-client.medium.com/lite/static/js/ 699 KB
215 KB 66ms
52ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8493.12cd6497.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3b7f1614e5eedf77fce5ff9d7bc8773033173d49af61ec3a624063bc8a304a88

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: rJVrE76uQ_PjgOqvkJU09xpRgRqsRm3m
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 0PJ233NTYTMEJGMS
age: 567721
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: +RMu5HcSaWqbkdLXpX8erzkIMYRCR2sGfma7Y9fymXevFKiWh6tIUOLhQdLjX8l4PXNTcC4/RTw=
last-modified: Mon, 24 Apr 2023 14:19:07 GMT
server: cloudflare
etag: W/"45dc22e63c94a914ddbbe5e4773608fb"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c058428ea7339ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 main.e44d912a.js Show response
cdn-client.medium.com/lite/static/js/ 769 KB
188 KB 48ms
35ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/main.e44d912a.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a054981357a01eda3130a3303e830c3a1c131ad5e1ef9b7ae26cd5528f4c298a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: O8Wkbs4vqwkBCnqNKBhYSsR22tgloZE8
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: SQT9YZMDD9YFC64Y
age: 225049
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: BQV15QJ3kW/wAsSsuZz9RJUGRjcJWfhyJvTNR9hnpuSLIaYyF10zIub/WuZvMQh2trzE9OnfsY44QU5pEZga+eLYTVf80DZWHpkgIPkhyT4=
last-modified: Fri, 28 Apr 2023 07:02:31 GMT
server: cloudflare
etag: W/"53c4c68fddc590ecd70da17386c22b1f"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c058428ea7c39ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 instrumentation.c71f0248.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 3 KB
2 KB 46ms
33ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/instrumentation.c71f0248.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be18a208d4e5e0c3f3343588333535ac1efad32afa983e2ce0d6c42a80fff5d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: 5yZx.RXNRFD2wk5kW8slm2OPTbsuZqQM
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 835SQSN2WCD6BDVB
age: 437208
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: CIbKMR+t1FwOgWV5FFaSjLXobXH66piRTPGhGH8z/BWltP4A8xUkL0PtGWirKXHw6vOBEepMsnQ=
last-modified: Wed, 07 Sep 2022 22:21:02 GMT
server: cloudflare
etag: W/"1c4019035217766e8fa41b4d396c90c0"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c058428ea7639ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 reporting.bbdcaa9d.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 1 KB
946 B 56ms
43ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/reporting.bbdcaa9d.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a96cae42b1009fa744e6e9d4149f69da1ad14892d80a57ca04f6b0e3f1d9e46

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: hDbV.8OiTMB.Vn8rqDBCJ.dxBb4bMoaR
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 2R4YTKBCDDS6HF3J
age: 437208
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: hpLJFwZLVe3kLMmVyN1xu6SbW8NO3o//weOaZ5BXpjjUY6yHS7cvPj69YBWyN1dhbN/YbQe1UB4=
last-modified: Fri, 01 Jul 2022 00:11:40 GMT
server: cloudflare
etag: W/"72bc359fe3377069bd162b3be6ed3d05"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c058428ea7a39ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 5642.36172d8f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
3 KB 64ms
52ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5642.36172d8f.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

32579933fa7409a851f4fed587cb4a19111bf097eb787ba275666500c1dc1596

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: N5zfrX_fPDUkHADIaE9IDKP_E9o4ZXJV
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: YR1ZGVFT1MNTYCTH
age: 317204
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: jMGCKZpGzM44arO02in2I0BYsPyPlVIFsc5ZXNzHfQBw3KY8qagbEVElI6vDQVHafDsuyPG4Eyg=
last-modified: Wed, 08 Mar 2023 20:47:45 GMT
server: cloudflare
etag: W/"96030f693a075a8ed90e715174adf06f"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c058428ea7b39ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 799.361fd2fb.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 30 KB
13 KB 39ms
35ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/799.361fd2fb.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

03339318237f203c39972793a5232b2c94f3ea7a2c814641ae62660d8dd6e02b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: QMhsOw..2z7t_WH9w.ZD6x4nreWG.vQr
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: QG33HRZ7DN7FBY2W
age: 1161367
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: JKaC1fn4iEDQS+SX7HMP5xGUVhmcDNQ9Cn4YrY0Sl/YORAv8Dp0FrFoMP3GMpoaYgZuLl5TdcGQ=
last-modified: Fri, 03 Mar 2023 20:16:01 GMT
server: cloudflare
etag: W/"3064a40f043f886dcc4f589b5706495b"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584292aa539ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 1860.abea291f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 6 KB
3 KB 48ms
44ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1860.abea291f.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6173a1b363b6bffdf4ec8d533f260644b17cc6f8a747f2d4f529795a3cdf0c04

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: uS1tfjVEi120fx7YYvwb1tmcC69xBC_N
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: CKH6YE43QJ55AQA6
age: 1159663
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: Q2BPbM1yg27+tTLenM0rnN6OFZaeLeGLVxQ+u+6Q13qKVuysDCpWVYYfoGtG4AKACwHCX1oWUp0=
last-modified: Fri, 06 Jan 2023 21:37:55 GMT
server: cloudflare
etag: W/"85d86a66b898bcf1f697adede4c175db"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584292aa639ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 3838.7ae103cd.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 7 KB
3 KB 48ms
44ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3838.7ae103cd.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0573eb7e1b3f0dbaad578ead6eb03bfbd6280ae5d9a2827ad95b260717410939

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: 2W.hiqflZMS1Uu78pZoO3HKgXmMTqecm
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: CKH3FJ3BAV5QG9A3
age: 1159663
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: ZaIhFcLEkMb+8UMOJN8mZZ39MZMo1pkb+NEaDWNgT/xigPBH6WegPId2pY/Uacn7Qn7xh8faisc=
last-modified: Mon, 06 Mar 2023 18:50:07 GMT
server: cloudflare
etag: W/"7be8dacf1eb69da190ae2840037680db"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584292aa739ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 2905.914a6a4c.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
5 KB 49ms
45ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2905.914a6a4c.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2334df49a3450802cab73e955c936a122a29bc92ffee9cd6196bb7902a47c713

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: uSXeeWXh5yPNiLrPeA3_u6DdUYOG6zmg
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: X75WMZEY01VF1BPA
age: 289193
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: Nt+IUqTqq7BR5HB9tyKKEOKt1v/bbbDpe/hV76p7RgnpTVw19OMiXugNllQaOXpScZI3zps7VuI=
last-modified: Thu, 27 Apr 2023 20:25:50 GMT
server: cloudflare
etag: W/"bac067749b82a9589a1b9ac546aa87a5"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584292aa839ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 8007.e7e42be3.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
1 KB 75ms
72ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8007.e7e42be3.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae4a152dbc443cb2190ebe669b3604fa97bae75f8012b0364ffb2ff2d4def713

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: GCST7lvuIH0KJ0ZTnx.wLhYNBstOq8pl
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: QG36YP10HMAVEYNT
age: 1161367
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: tF5q+jafuBhzt+0SKoPKSaq6cCgnwGVA4BcgHoYQA16tBd96pb0AZZKir5g/qPdcj909ZK37kkA=
last-modified: Fri, 03 Mar 2023 20:16:01 GMT
server: cloudflare
etag: W/"70cde53a50943875dc8cdadc6cc02d19"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584293ad339ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 8695.ac0f83b3.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
3 KB 82ms
78ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8695.ac0f83b3.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

50a979f6e8a062abeacd9791b81cbedbe908659d6bc12d73f1102167bfc41937

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: QHLtf7kDTyQGy0BXV0UCGe3J0J3T3OiS
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: QG31NKHVD77TXP3A
age: 1161367
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: FqYubMp9+/5UC9f6/cfezA9WW3lwATrYE6pbEFHLrK++2E+q+nJaEbWJTsqOteFXOGM5O35IW2o=
last-modified: Fri, 03 Mar 2023 20:16:02 GMT
server: cloudflare
etag: W/"de93ef1b6b3aae9065a3d952e34db489"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584293ad539ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 8.5980bcd4.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 26 KB
7 KB 84ms
80ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8.5980bcd4.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

17b661a486215879018ecdf2463102d385f2c4fb74558fd15582e9f4844523d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: pJvmeAlpCD1R.goLN3jYFb7dMtAGD1zw
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: CSJ5NY1QV5J2JWQP
age: 299277
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: rFAMOZJmj+HO0YhJ4cJXyBRSKJbo7tCfv1y49srFaSbQakg/7BJ77llXjtWzlAVP84vXnp873Yw=
last-modified: Thu, 16 Mar 2023 13:52:09 GMT
server: cloudflare
etag: W/"90db6c8a443715167c389219177065f2"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584293ad639ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 9683.1c418a4d.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 38 KB
9 KB 83ms
79ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9683.1c418a4d.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0017449cfda81bb089bf3cdcd944fc19f450c9e6d3bbcc0f752c7c9a44b5c88e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: o73a3y0m9k5mMwOEoTAey.E3arKRWOBX
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: K5286B2SKHNFRVEX
age: 314416
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: zbhppjpREoCvomhjDg//ouAc8lZFKrgvbBA+Jq6XYyDvygxbU9XaDjONF3IarJz5tF73KEcoOwk=
last-modified: Wed, 26 Apr 2023 20:43:59 GMT
server: cloudflare
etag: W/"53f26193240542678947856ff22eedc3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584293ad739ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 7702.c5a5a368.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
4 KB 76ms
72ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7702.c5a5a368.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c1c223b155a0b1cc4ab40250ddeeec6031a768c2417f0144392a8680b99d7282

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: 8umP.hczxtJxocgIVknlhG_09oMzTtvl
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: MAG6YPVFV242P5D2
age: 463180
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: toufDF6n6mGHhhgoudJujJuj1+n0oFYxa8tKId01+p93ep96xCrMhCtwYevq07WkdLkWOyWpVzM=
last-modified: Tue, 11 Apr 2023 19:43:06 GMT
server: cloudflare
etag: W/"50c13097a4d521f40633401ca2e79140"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584293ad839ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 5203.23a22ad8.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 15 KB
4 KB 65ms
61ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5203.23a22ad8.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0d19349e1a7fc17631e75d4434c94ded800f5bcb8cf8e019abe59369b9e574e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: uD1TB8JyXvDbJEXNxavvZswpYfa1t9.8
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: GSFGAJCPCBSTEX37
age: 1178867
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: KSOdEcL9rQFokNvNoFX4ZsWX2macqyPYpdFQa87GxIXH5h+v22v6M4Y/vfhgw8+HVRbRocAun0g=
last-modified: Fri, 17 Mar 2023 21:03:22 GMT
server: cloudflare
etag: W/"9fefde6e96381be6edeb30aa4a60c1b1"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584293ada39ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 8708.546db97b.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 6 KB
1 KB 73ms
69ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8708.546db97b.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6d0f1f91751d635fce38f3af610e536f348ef6e22a9a9fc34d5c6d375169b3c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: ShoXATpSnyxNrxbWU6kTvwZIjAQProNM
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 3H5JRKDTHZH184D1
age: 317203
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: GfwrWEVxgWccwYm0zBK2Fs8auFXIsssnPkZobHnngjoox2Tz4/R9513/prbuHGtWo50EgWhDSQU=
last-modified: Wed, 05 Apr 2023 16:29:16 GMT
server: cloudflare
etag: W/"60e21df57ea608b0d63cb407029b234a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584293adb39ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 1957.6c5d9d7a.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 15 KB
5 KB 64ms
61ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1957.6c5d9d7a.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a2dccb0664aa6be074668f722bd5e206d0632b561ed15eb7f4975bfdfc126605

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: WamoeO4c4UGRv.JG907c.YH8.QClHifI
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 2HB1B5BHTZYD1HNT
age: 482929
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: fxlphlNxfzqzuqjSS9AVm1aB86KNvEr4tYGCKhSjcD+WkFobIv5JVMer2ybGYXkslbaJsYUS4QQ=
last-modified: Mon, 10 Apr 2023 21:06:04 GMT
server: cloudflare
etag: W/"41104231374609f10e95b6c0e48b4576"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584293adc39ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 9174.90036714.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 99 KB
28 KB 72ms
69ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9174.90036714.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fd5bf01b4c556dfeba2a6382aab7a4520cc6574394567e97a3a5e09ec8cdddd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: n1lnAZcrnGrofh7BNLq2v42q6PIp0sBL
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: ZSADVEBR1P0YZ4HB
age: 391114
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: vlc6oMYr1si5XVesbwUpzfueOoU3EAUH2JiRmKJ5m/Kd2y6ZNY0Kwzsy3yuGGH3+LQRKFWw4J8w=
last-modified: Wed, 26 Apr 2023 16:20:56 GMT
server: cloudflare
etag: W/"63aec800e788e4c7e9f7c3d968880592"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584293add39ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 3635.c351368e.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 23 KB
7 KB 69ms
66ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3635.c351368e.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a7d86022f2a24e2797798001ea8b3cbf6b4a6d9de3fa1d3ad1ab9e596e6c0a78

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: 1q0F51Do48uHb0zXeJvcmG7dMPiVWnNP
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: MAG76EEGBS2Z01AC
age: 314757
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: wkPNewSMZTTiLbBpiOtZ0oBqSFHlGbzRyRHhn1bmCk2mgbgumemLqzl9BIB52BYow5fb5oYLdTE=
last-modified: Tue, 11 Apr 2023 19:43:01 GMT
server: cloudflare
etag: W/"02cf73a2006c9014811cc907ede8a7aa"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584293ade39ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 5472.a7dd22a2.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
1 KB 65ms
61ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5472.a7dd22a2.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e53ebfbcc9c25748543c93340d2eb361c3fae51ae63261e01e54758703593afc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: gSXxPhc0hcRrksmL2PGhPrVOkWw4VC83
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: TYK0PEA01R37Z2AF
age: 437208
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: /HTy1mXHJwPGew/xYMqQ7tFbF5Jg3lNbiP2FCK1QESRXm8fU5OQ78/pj2bTQ3xJ5WF5PwhIz13s=
last-modified: Fri, 21 Oct 2022 21:04:08 GMT
server: cloudflare
etag: W/"bfe1dd364c3e6da6632a1d6c3b6fb9a0"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584293adf39ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 4129.9a8d63eb.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 18 KB
7 KB 64ms
60ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4129.9a8d63eb.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2911927df6c0a93829e78411112c7814bc7b90ecb78c3656c43d501ce89a0a65

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: WfRiIovzGKzIBXx4jbOQWkmNpcHVogDv
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: GK4751DSD4JH2506
age: 314827
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: 8TnspiZej79grd94InR+zjOaNmgcRTL5ZylBmkOcJfzk7LnfoVNYBTTtYSyrfXICT6Kwtu6QDgo=
last-modified: Fri, 17 Mar 2023 21:03:20 GMT
server: cloudflare
etag: W/"d6fa6c4407818897ed25daf584a5dd7c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584293ae039ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 8580.1d3cbd2a.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 19 KB
2 KB 64ms
60ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8580.1d3cbd2a.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

366bfb267958cf08b1d2dab865f82a1f9065bb019fe1db867815579503b0176d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: 9t7goFlXzXd.Z2YB3u_pt2EvH9na42q1
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: ZSA23NVGQVQBCWC0
age: 314757
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: x+P7LhXVb/CSmh+GBEi1NN0PotvbaFtwMPBGWNIOBz82647eslcqUZWr46n3gGSXmcX+ehPncEU=
last-modified: Tue, 25 Apr 2023 19:43:37 GMT
server: cloudflare
etag: W/"d058f853abfd147d6129009ec60d93a0"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584293ae139ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 1802.0f7ac4a6.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 22 KB
6 KB 65ms
61ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1802.0f7ac4a6.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e479fe502330044c7e5957eaad0ecc55227da44e2f8d614e384d4e139e66dbc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: D.5nVMueuViXvVSn.YFoPJcHVbJpZci6
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: RQK8M4DZVH434QW0
age: 981001
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: CU2yVjxOvw1v6ah/2A/RYBSm/b1MCVCa4IkwjBsnex8k1eQOJGVk4aPpbSCT8AqgowomdP41z4E=
last-modified: Tue, 18 Apr 2023 15:09:51 GMT
server: cloudflare
etag: W/"ed235eec9522978936c7e8d0256e164c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584293ae239ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 2371.6ba1ff25.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 14 KB
3 KB 65ms
62ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2371.6ba1ff25.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b400a4ec8b292df5747de9b0fca9f6528b1b1e027e1189db9ce24f15d5e1749

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: dIAdAOXpzVD1iJmsmvzsYqCUXYFeHtPn
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: VQVPTB1DTFNM02ZS
age: 269298
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: Z0JbF4OWww5CeVFIYXWNQxPwSIFllxyR9x6Lv18DgBHTVkVwPMPm+2r1s0RfLAtHJO5xlaVUhJ6X3AlC1fdvjs3xN5ZjP2eG9l1bMJuRaZM=
last-modified: Wed, 12 Apr 2023 18:31:59 GMT
server: cloudflare
etag: W/"4db431b1ab8ca132084d1db94dec3cf8"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584293ae339ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 4078.182beff5.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
1 KB 69ms
66ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4078.182beff5.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a9538496fc598aef8185ce64a1416f66dbb480363eacd5466477f888985c161

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: xjtc1w3dA5YeyATt8lkc6IY7tO0v2BCH
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 97NSSTE6BHWPZPWE
age: 314826
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: TKMzwc4qqgLaceiuzfHxqsIMLxkgGp4pzOero8twZKE2GR4jbg+iTIkXOaqcSUVPogPR7hY8FNtQJr47gyVkZA==
last-modified: Thu, 09 Mar 2023 20:25:05 GMT
server: cloudflare
etag: W/"46c9eaa275cbf3108a4c9c63c30a6a5a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584293ae439ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 8093.00ba3eb9.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 22 KB
6 KB 47ms
44ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8093.00ba3eb9.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bb13425885ee713fb8e0df5308e088502decb5ba7bdeda770a6588c71d2e8583

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: gjUcW7gqPr8rNLnnE9owqe9ILinhR3l2
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 9KQ38HQEEWSJQT48
age: 306330
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: GWnTGRsDEh/Pf7Va9pFbw2bU1+Fy7YeyltrO7aD/iFgslwwreRjswHpYc2m5uDiMyWHaPIoILZQ=
last-modified: Thu, 27 Apr 2023 15:37:37 GMT
server: cloudflare
etag: W/"70f542420964161fe4493acc8b6938d5"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584292ab339ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 1743.42985c62.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
4 KB 65ms
62ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1743.42985c62.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b7a186a71840944885d3c455f4e3c5b73fcc575b75fcd91f4e111ea512e75b8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: lln_mSqQczRjOIEMXIxBEgGqsFD3hyhB
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 4MRBKHCZY7DRMFQB
age: 1187628
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: KqcGk24OpH7ZWFOxUYIgH34J0m9KAUpMr75iwZBkQ+OBkUzh/p+97sMnOtwWasDQIYIQ+BpiYOI=
last-modified: Mon, 20 Mar 2023 10:25:00 GMT
server: cloudflare
etag: W/"3e107f7798febeec4247918bdd418957"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584293ac939ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 3115.3302bd02.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 30 KB
10 KB 65ms
61ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3115.3302bd02.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be1f68b533d20ee61daf543dff9e6a9b3aebb19e6ec07a3bc7a84db8b1b4d86d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: LX.xmLrHZit_3s_CTGft2De1szzi28Pj
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: D2A1E8KWY7GF1JZV
age: 314739
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: lKvLus5i3TTdHLL0+rnGA3/bPdjKpcHeee0KJwnR7Caa6+2QQ7ASA7zASlfyeN03kW/QmyA8siw=
last-modified: Tue, 25 Apr 2023 20:34:02 GMT
server: cloudflare
etag: W/"63eb68c2d07c896cb05506cf9bc7b0ff"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584293acb39ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 2287.a89f9d21.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 15 KB
5 KB 60ms
57ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2287.a89f9d21.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

93ec15dd15d0b36925c06e9cd208be62b2bd75010d9681c067867fc429b29d9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: rqICbRIWEFamsXMFg_kW4QvWWY96KbA7
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: QG33HSDPZ5HZSASJ
age: 1037431
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: yhtm1SybL3c0lowTHiSFTNcc2ZWjKza/zm/yMdsfCwxjRiGYMBXAiPFXl/vTmzKEKIBMe3KpULo=
last-modified: Fri, 03 Mar 2023 20:15:53 GMT
server: cloudflare
etag: W/"a73a2c40d4fc740817809c493ef138ba"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584293acc39ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 3685.22fa1dc7.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 31 KB
5 KB 69ms
66ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3685.22fa1dc7.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

26bb5d52850ebd86df6c5f1e39549d6caa9c730fa614748d465be34fe3ad02a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: 6qTAq.IzY8gMWzP3po8oIauvLpMW7K2O
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: ZSAACD20X5RDKR19
age: 314774
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: +jMX7OLpRPBb1oC+nI0OztPSA1tujHY+GjTdeA9Oxy1anIxPFc0NRsnywZ3v0/CKVw6HdtMwLPE=
last-modified: Tue, 25 Apr 2023 19:43:31 GMT
server: cloudflare
etag: W/"e251379d2c9cb9c45e496d8a3046ae0e"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584293acd39ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 2092.0b9868e3.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 21 KB
3 KB 68ms
65ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2092.0b9868e3.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0497bc851b9b9d3211ae22c89f36c5e47fd708bc7239ed6cdde7f39cb5ea3664

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: tk03ftqRtY0SsD83PSYlEo4CJTXYXqep
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: MAG85M1BMPNG9AQT
age: 463174
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: +Gs4WHGFXx1mIIwwoL4LNLZIGWr+tYbN13s5DtgaXU5sXblpJ5WHXo17CGWxyqOn7ts17RHuOOU=
last-modified: Tue, 11 Apr 2023 19:42:58 GMT
server: cloudflare
etag: W/"f50afecac7a61bf276ac5115c0113efb"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584293ace39ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 8824.e4a9134e.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 23 KB
7 KB 82ms
79ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8824.e4a9134e.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e2913d7530f3f6c73b724c9882136bae20c7a5939038a4a1f3dbf3aea33dba79

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: neRlkFcyWMOpvcNZg2IlDkGh1jbXJmPK
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: X3AFN7VK90AAFZC6
age: 391114
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: 0mMwUm8FGTGr5TR3R/N0mZLGSEjoPbzN0V3Js4Cje6pxYzGvLKqEVLVad6fLNuBxUrqRWnq5v9oAPTl14QLNbQ==
last-modified: Thu, 09 Mar 2023 22:28:11 GMT
server: cloudflare
etag: W/"16a0e081b5bc3b11a05cfd283a41011f"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584293acf39ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 9225.9cfbe85d.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 24 KB
9 KB 72ms
69ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9225.9cfbe85d.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7b9e8109c78ad9e76bff06adea00cb379e26a2d11a9a3498b200c3df0be3331c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: Wv79.y3emBILIFd04WPjj7dzLiC3hCzE
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: Z1TCBDV402Q70YB0
age: 1156388
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: 5upxKuFLkMj3IUHw7v91/CpPofRM9SRn6vafES4WU9ZRchYJZGZYhHYayRVCFoZnocTUhUi7y88=
last-modified: Fri, 14 Apr 2023 15:53:59 GMT
server: cloudflare
etag: W/"7ca308acced522a9edd9ab9385b9994c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584293ad239ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 6804.9f6509a8.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 8 KB
3 KB 49ms
45ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6804.9f6509a8.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cdda40bda76a0adaed3fe045e8396748669078e1b15c59975119e243bc6b45c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: NVrQH4q4xvrcfoHdLeIg.51Iv_sCsOy.
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: R86TS9RKJR39HDTS
age: 314794
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: yvofB+N+7t4ktlj+eCKJ4lY3l8oa9D/9X3aKUAF/j0+ad1QXBHxR5xegiyWz0d3GT8ycGT7XLGNLMzi7C0oLHQ==
last-modified: Fri, 14 Apr 2023 15:53:56 GMT
server: cloudflare
etag: W/"f2cbb9f705f073135ecf5a1894d992de"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584292aa939ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 8051.3f4b510b.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 60 KB
15 KB 49ms
46ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8051.3f4b510b.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a8385e7b05d48e9989413e1cb765038ac3f15f5aea672954c765bd7f19c9a058

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: wbqD_5.G38v4LtmYmwLRN_J6S5qHAUye
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: VYCZ46HP0BB1AKEK
age: 317203
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: MfYwultGOpTO1AXXFAter+eHtKJVdEBaJVFrE+9/edKVCiGAA+3vzeSdVFBDE7HIeY8RGj8CkUE=
last-modified: Tue, 18 Apr 2023 13:01:28 GMT
server: cloudflare
etag: W/"45a649fd3bd02f4d793f6ecb55d1ac13"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584292aaa39ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 1069.c2523576.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 24 KB
7 KB 47ms
44ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1069.c2523576.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

08efafd9f373304b3cfa3b84b75d5913cb39b2b1ebcefa8061f94882a4408985

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: Ssoe0adrL3_Sxy_AwvpunUjJpXQo15Ik
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: QQJCDV14FF7EWM41
age: 554771
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: UcrTDdhczV0jorihihFLJYRXnps9ujsY8+4Li5J8D4vtMF5l/IjaFlyCyvDLmB+R3aiUxUH9o60=
last-modified: Fri, 21 Apr 2023 20:03:55 GMT
server: cloudflare
etag: W/"d7d4146f92563c078a230e76f94bcdda"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584292aab39ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 5076.1a6c0ef7.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 20 KB
4 KB 59ms
55ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5076.1a6c0ef7.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

28b2e2a4c843a58cf41b34958d7abfcaca4c2c8e2f8edb32089fba5fa18b30bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: GXLyhUzNC2ioOiLmVUK768IOKYnWpaZs
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: Z1T6HT6YPBXGK4AY
age: 1156388
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: XpdzwH4w6IqNrqZYwcorsOQ3+CttfgD2m8ZLSMeDTH3x3WUOt7VnuczCndeJdSMlkC59RTI7CTM=
last-modified: Fri, 14 Apr 2023 15:53:55 GMT
server: cloudflare
etag: W/"895e481a80bd53b47249ed6f7aee7336"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584292aac39ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 847.383abb1d.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 26 KB
9 KB 59ms
56ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/847.383abb1d.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

135b7b1da534d97eb7e05355530e0af783c988f9a34815185c0e75400d175cf9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: tIFIpUVmQ5XxKdglDqwVMYOBz3DPjrFd
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: A5R5R8AYQQ5BJ8KN
age: 900245
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: Qsto+LMwZkJmy8TfZh6HgU9PzwC/mKG89BW6fCAPeIa2C29mrFGwsw76MFwHSB3avMAaHdHXjpI=
last-modified: Tue, 18 Apr 2023 18:04:01 GMT
server: cloudflare
etag: W/"f326dada9781e6e6d193ee6fb0a75029"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584292aae39ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 8316.a8c19480.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 21 KB
4 KB 59ms
56ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8316.a8c19480.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4756b8554d2e2b0ea985aefed9d0000d175c5c9ae6536b143adedf436531a834

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: n10lg5iK.NQ3tiJuMjoA37pzqxcxwvKS
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: KNQ6HWR2PTCKDP6C
age: 997886
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: u0TaRiAMBvxCzmp4mrz7CAPRCb7IGlh0DJ7DaykDhuFz7hO5uzkt/B5qyknReLbNMOOJOOe+pas=
last-modified: Wed, 19 Apr 2023 02:25:41 GMT
server: cloudflare
etag: W/"669a41f9156da71861ea524bc4cb415c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584292aaf39ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 8908.4e0cfe80.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 127 KB
30 KB 60ms
56ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8908.4e0cfe80.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3a2a69f3e2ba94d54c995b56440590df5ec1f82cc4e16443c97566de4095328b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: Lmyp2hpQlv.QFsl0TqNdFWGCGvxatvcK
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: YG3W9QTVP1GE63BT
age: 280497
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: H0Yq8cX44U/XrxIHVu1SuCcYovKNSg95h+5ZiYAP+d1CnqKI8cM2HBWliVIE2QwDiHfxUWBXduo=
last-modified: Tue, 25 Apr 2023 19:43:37 GMT
server: cloudflare
etag: W/"3bbf75a173d5d07d1475fe9b765956d9"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584292ab039ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 PostPage.MainContent.1bb15d52.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 29 KB
10 KB 47ms
43ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/PostPage.MainContent.1bb15d52.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6482695d7a4f61334413b48d08762f0741c24cf2f5fac96d097ee76f7864b9a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: YKfdwlTs6p6gka75rTQmq0AyGTPvZ28j
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: Q1XRG0YWA085G11P
age: 314794
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: 5Tn6pqVUHv1i7PlctWiApS569f1YneOafikln8AkjjuT0hyAd901+bqTG6fT+XU2nnJ6sJYKoOQ=
last-modified: Mon, 17 Apr 2023 20:31:42 GMT
server: cloudflare
etag: W/"b46ab08db7999e91b79c8ea497e12a7d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584292ab139ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 5627.b01cea75.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 17 KB
5 KB 39ms
36ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5627.b01cea75.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d1bb0e18dda94e73f54955d08e8579d5958e168fb032edb5a01d4766acea6d10

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: pAN2lVNCNXEWOxnmSxK0qtaqQKF6UxqN
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 4Z9D2AKRGK5GJDC1
age: 289193
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: px2h2Fs111qqEAmbZxI3xnrMgj/Oub3RcqfiW0ziQQbNBWDBsmS5uO5RVO35iltM21oMTm8TfmA=
last-modified: Thu, 27 Apr 2023 20:25:53 GMT
server: cloudflare
etag: W/"6ccf1e17d32f569df8a6de7e315ca899"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584291aa039ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 8880.97b5ed81.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 24 KB
7 KB 48ms
45ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8880.97b5ed81.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9310c83c18743911f4124d65452c68aca614a19c2426e4c406b8297824f26563

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: prPQkSIaxhwMEL9Tu7Ept69eIWrIE7nJ
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: R86JC9RTTASRFPRP
age: 317203
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: gDGf1+H7FrSjBk26LefNsB9pWhB6TBmHC+PUJ/TindxUWY9Di1YIsLrUbaKILphYK7nA+oyihdzSVYLwqHz+XQ==
last-modified: Fri, 14 Apr 2023 15:53:59 GMT
server: cloudflare
etag: W/"a1d5901136728fe526dbc7a8142102a7"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584292aa239ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 PostPage.RightColumnContent.153512e3.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 37 KB
8 KB 48ms
45ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/PostPage.RightColumnContent.153512e3.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3fe5d07b773a4441577b5ae257f3bfbebb10c308c73d6664656c172080f363bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
x-amz-version-id: UCRvhoapQk.boWvpc7tzj.QQybUaYtYK
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: R86T8F02MTYXQ8TV
age: 1156388
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: tDIcOSGX/cyrnBY3HRCCiWimxMCHkjum8+5GvyaiBixt9TEqiyadjyWkspcc5KRiD9kZ2ZVOnQHBSvgMmMkgHA==
last-modified: Mon, 17 Apr 2023 09:09:32 GMT
server: cloudflare
etag: W/"0433c4a2b9aefb94957db15db1ab5910"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584292aa339ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 v52afc6f149f6479b8c77fa569edb01181681764108816 Show response
static.cloudflareinsights.com/beacon.min.js/ 19 KB
7 KB 110ms
53ms Script
text/javascript 2606:4700::6810:3865
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v52afc6f149f6479b8c77fa569edb01181681764108816
Requested by: Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:3865 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 13a548e040a1ec08f77911fed1d559b95e5daae0ee227e632140e003c7268e7b

Request headers

Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Origin: https://blog.delivr.to
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
content-encoding: gzip
last-modified: Mon, 17 Apr 2023 20:41:48 GMT
server: cloudflare
etag: W/2023.4.2
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 7c0584293e452bf3-FRA

GET
H2 200 0*xvsytvO6lgHgDL8a
miro.medium.com/v2/resize:fit:320/ 12 KB
13 KB 57ms
56ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fit:320/0*xvsytvO6lgHgDL8a

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a56d29a9c88368029672af32583293e1cfb7de32fa9a3b07014cb6349a291906

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: script-src 'none'
cf-cache-status: HIT
age: 144003
x-envoy-upstream-service-time: 109
content-disposition: inline; filename="0*xvsytvO6lgHgDL8a.jpg"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 12586
x-request-id: 70bd5140-650f-4dd2-9083-1e19a21ef96c
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "QgkCGObhu9H76OOV2_SFzmfsG2NyRcPJJUM5pcMsGEg/RIjRhZDNmYTViMjQwZmYxNjgyZWRiZTkwNWEyZmZmOTYzIg"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20230425-162607-a984df2d9b
accept-ranges: bytes
cf-ray: 7c0584293ae739ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 0*tDfVLFwZ5eKJPy87
miro.medium.com/v2/resize:fit:320/ 10 KB
11 KB 58ms
57ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fit:320/0*tDfVLFwZ5eKJPy87

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e5a5c8bf0e32d365e821fd8f6d94d7c397c95ff6f10bbac9304b2e3a72470653

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: script-src 'none'
cf-cache-status: HIT
age: 288933
x-envoy-upstream-service-time: 79
content-disposition: inline; filename="0*tDfVLFwZ5eKJPy87.jpg"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 10679
x-request-id: a2199298-0ea1-47ed-9248-ead7eed39c5a
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "QgkCGObhu9H76OOV2_SFzmfsG2NyRcPJJUM5pcMsGEg/RIjQwMmZiMDM4YjRkMDk2ZmQ5MTJkOWM5M2YwMDVmZDJmIg"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20230425-162607-a984df2d9b
accept-ranges: bytes
cf-ray: 7c0584293ae539ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 0*g4a2Ixq-13Tsq2N_
miro.medium.com/v2/resize:fit:320/ 7 KB
7 KB 56ms
56ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fit:320/0*g4a2Ixq-13Tsq2N_

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

456d098310cccea8bfc4879a194168a41a37adb126ccc4f1416ccf90ee392d8f

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: script-src 'none'
cf-cache-status: HIT
age: 288927
x-envoy-upstream-service-time: 67
content-disposition: inline; filename="0*g4a2Ixq-13Tsq2N_.jpg"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6741
x-request-id: 6ed5aae9-ec74-43ee-bf1d-5165c12c41c4
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "QgkCGObhu9H76OOV2_SFzmfsG2NyRcPJJUM5pcMsGEg/RImIyNGI1OTc5MjdmYTAzNTAzNmNlNzY0ZGU5MDE4NmYyIg"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20230420-004520-1827075847
accept-ranges: bytes
cf-ray: 7c0584293aea39ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 0*-I13UndM4B1w2brg
miro.medium.com/v2/resize:fit:320/ 7 KB
7 KB 56ms
54ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fit:320/0*-I13UndM4B1w2brg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0f653a4f4e90f0ef0df3f84e2e9877a0af5ada92528d458bdd26d9a8cb08e417

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: script-src 'none'
cf-cache-status: HIT
age: 144003
x-envoy-upstream-service-time: 110
content-disposition: inline; filename="0*-I13UndM4B1w2brg.jpg"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6734
x-request-id: 99e78f6d-d100-4c65-baf9-13d4230946f4
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "QgkCGObhu9H76OOV2_SFzmfsG2NyRcPJJUM5pcMsGEg/RImEwYTVmMjU2ZjAyOWIwN2JmMGNiMDFjNzhlNzY0MzFmIg"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20230425-162607-a984df2d9b
accept-ranges: bytes
cf-ray: 7c0584293aeb39ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 0*ltWN9AmW2cs4SW_j
miro.medium.com/v2/resize:fit:320/ 10 KB
11 KB 54ms
53ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fit:320/0*ltWN9AmW2cs4SW_j

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e5a5c8bf0e32d365e821fd8f6d94d7c397c95ff6f10bbac9304b2e3a72470653

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: script-src 'none'
cf-cache-status: HIT
age: 288927
x-envoy-upstream-service-time: 118
content-disposition: inline; filename="0*ltWN9AmW2cs4SW_j.jpg"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 10679
x-request-id: 3ab1a372-6178-4963-8c89-6ff0fb341fbc
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "QgkCGObhu9H76OOV2_SFzmfsG2NyRcPJJUM5pcMsGEg/RIjQwMmZiMDM4YjRkMDk2ZmQ5MTJkOWM5M2YwMDVmZDJmIg"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20230420-004520-1827075847
accept-ranges: bytes
cf-ray: 7c0584293aed39ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H2 200 0*1dhkKaICnAftKKM2
miro.medium.com/v2/resize:fit:320/ 29 KB
30 KB 61ms
61ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fit:320/0*1dhkKaICnAftKKM2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7ae83513752ee9a8181dd755a464c8f4d6fa6f2de549342a91b5013857318c03

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 224196
x-envoy-upstream-service-time: 290
content-disposition: inline; filename="0*1dhkKaICnAftKKM2.png"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 29955
x-request-id: ca469353-7500-487b-a650-589c810fb6a5
sepia-upstream: medium
server: cloudflare
etag: "QgkCGObhu9H76OOV2_SFzmfsG2NyRcPJJUM5pcMsGEg/RIjlmMDhjNjZlYzA4ODdjNTdhZjNmMTNkZTA2ZDNhYmFjIg"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20230425-162607-a984df2d9b
accept-ranges: bytes
cf-ray: 7c0584293aee39ee-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H3 200 sohne-400-normal.woff
glyph.medium.com/font/b492c44/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 19 KB
19 KB 64ms
39ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/b492c44/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b0f424bafe993b016ea96973894f95dfc4290608478a2d7d3fdd080d9b0a60d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://blog.delivr.to
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 7687307
x-envoy-upstream-service-time: 39
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 7c05842958cd368c-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H3 200 sohne-700-normal.woff
glyph.medium.com/font/cf896f3/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 19 KB
19 KB 121ms
96ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/cf896f3/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-700-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78661d3e6871b6e5c37f3113d811cb3dfc69546449e3b2c28095b6e7f28d9a7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://blog.delivr.to
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 7687307
x-envoy-upstream-service-time: 51
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 7c05842958cb368c-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H3 200 source-serif-pro-400-normal.woff
glyph.medium.com/font/8e059b2/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 12 KB
12 KB 104ms
79ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/8e059b2/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/source-serif-pro-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d5d7947aa3e6131478a97f06e72913cb7b9e19161e03502ad1de3eb67f447213

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://blog.delivr.to
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 7687307
x-envoy-upstream-service-time: 30
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 7c05842958ca368c-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H3 200 source-serif-pro-700-italic.woff
glyph.medium.com/font/7f2eb60/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 13 KB
14 KB 101ms
77ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/7f2eb60/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/source-serif-pro-700-italic.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e2be45fe7a399b7cd926a3daf4d472a60b61eefe3e9c19a68cd0acc2e4b3d991

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://blog.delivr.to
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 385060
x-envoy-upstream-service-time: 1039
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 7c05842958c0368c-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H3 200 source-serif-pro-400-italic.woff
glyph.medium.com/font/76c214a/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 12 KB
13 KB 102ms
78ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/76c214a/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/source-serif-pro-400-italic.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ca820b9aa7681184130d09157ea679d1d31390bee2af294c088f6dcaa24923b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://blog.delivr.to
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 7687307
x-envoy-upstream-service-time: 32
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 7c05842958be368c-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H3 200 source-serif-pro-700-normal.woff
glyph.medium.com/font/b156742/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 12 KB
13 KB 81ms
57ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/b156742/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/source-serif-pro-700-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b0bb60d88b2542c309808da080e6c3bfe7c4c3ff03e679ab29a4394c00a11c4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://blog.delivr.to
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 7687304
x-envoy-upstream-service-time: 34
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 7c05842958c3368c-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H3 200 source-code-pro-400-normal.woff
glyph.medium.com/font/3bd49b7/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 7 KB
7 KB 103ms
79ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/3bd49b7/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/source-code-pro-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d6c90ff7bddb2b437a4130fbfaad1dd6fdc87a532ed4a97b5a4484c659e632ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://blog.delivr.to
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 425627
x-envoy-upstream-service-time: 31
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 7c05842958c8368c-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H3 200 sohne-500-normal.woff
glyph.medium.com/font/df9ba7f/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 18 KB
19 KB 80ms
58ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/df9ba7f/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-500-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

65f0c65b5db3aa0568c7986479a4a3e909a05a84fb34ced48d70a2d628dd1444

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://blog.delivr.to
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 428322
x-envoy-upstream-service-time: 48
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 7c05842958c5368c-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H3 200 1*dmbNkD5D-u45r44go_cf0g.png
miro.medium.com/v2/resize:fill:64:64/ 1 KB
2 KB 39ms
35ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fill:64:64/1*dmbNkD5D-u45r44go_cf0g.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f90d19259478cca4381bea7e760845de9bcf2155ee96cd8b06049add894022d3

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 225546
x-envoy-upstream-service-time: 43
content-disposition: inline; filename="1*dmbNkD5D-u45r44go_cf0g.png"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1310
x-request-id: b019cc1c-dc12-4f57-a350-e915bc339ed4
sepia-upstream: medium
server: cloudflare
etag: "qUlGJkYhB4LINmyi_TVOvM25Dy409gGbmK5EqrHhPd0/RImNiNjU3ZGRlN2RhNjI0NjU3YTVmNmQ0ZDdhNzEyMDM3Ig"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7c0584299a8fbb95-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H3 200 1*tPw5vhej02IQk7SGTNWSmg.png
miro.medium.com/v2/resize:fill:96:96/ 5 KB
6 KB 129ms
125ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fill:96:96/1*tPw5vhej02IQk7SGTNWSmg.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5b4a371c6adf95bf152794e200975d8c9944a326cf6d08862f3f9a7dadd679f8

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-envoy-upstream-service-time: 87
content-disposition: inline; filename="1*tPw5vhej02IQk7SGTNWSmg.png"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5579
x-request-id: 5afd8fc9-c6cc-411f-aced-8d2657e4689b
sepia-upstream: medium
server: cloudflare
etag: "2ClxYkeZkhLd4kUTfpOdRzBNwICgGzimHBVrQIKoB9U/RImI0ZmMzOWJlMTdhM2QzNjIxMDkzYjQ4NjRjZDU5MjlhIg"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20230425-162607-a984df2d9b
accept-ranges: bytes
cf-ray: 7c0584299a90bb95-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H3 200 1*tPw5vhej02IQk7SGTNWSmg.png
miro.medium.com/v2/resize:fill:176:176/ 10 KB
11 KB 149ms
146ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fill:176:176/1*tPw5vhej02IQk7SGTNWSmg.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dee0b96b9a0b8d892256c83ca6b65c0660e33e57c8ce1bb89b91351135c91540

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:07 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-envoy-upstream-service-time: 89
content-disposition: inline; filename="1*tPw5vhej02IQk7SGTNWSmg.png"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 10502
x-request-id: 7df876a2-c814-45c4-8153-c227f319c9dc
sepia-upstream: medium
server: cloudflare
etag: "cYOHBppU5_IQqNc_J_FqxtylWztmHm-fdmnA7PgkwUg/RImI0ZmMzOWJlMTdhM2QzNjIxMDkzYjQ4NjRjZDU5MjlhIg"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20230424-181312-96029c8415
accept-ranges: bytes
cf-ray: 7c0584299a91bb95-FRA
expires: Tue, 30 Apr 2024 05:10:07 GMT

GET
H3 200 2230.571ed6c4.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 20 KB
8 KB 37ms
35ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2230.571ed6c4.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.8d489425.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

293cb36ca1c002f569bcbce51360a20745ce87b2e515be849d83d5269d7d2174

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:08 GMT
x-amz-version-id: jyYM.ZgM9PE2gJOEnsek2uD4i4PcWdTK
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 5B1CYTHMK2616DY7
age: 560100
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: Otu4Bzadtbnet2y7EcEb8o/GGiEGQboxNDtYyXCV5GM+59Q94+pwvBgKKEOrg9xRHn4Y4uwRjlE=
last-modified: Mon, 24 Oct 2022 03:04:44 GMT
server: cloudflare
etag: W/"80138a2fe8e56b8f784a37863eea34c5"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c05842edfd9bb95-FRA
expires: Tue, 30 Apr 2024 05:10:08 GMT

GET
H3 200 PostGiveTipOnExternalPlatform.9d2f1bb0.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
4 KB 46ms
45ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/PostGiveTipOnExternalPlatform.9d2f1bb0.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.8d489425.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c4a0cb6328126994438b5a127dc9d3bb890323c339df243cc9f19bc3bde40bfa

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:08 GMT
x-amz-version-id: gfVC0i9ar1hRC7yHzx0kIpM2hym2t6ri
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 2A6P84E28JSP8YA7
age: 1161479
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: vA9lirNj43z6QkmTpGbyFmB32LEvivucepjrDE0ZWsI6trIBiNDiFEsb6NNY/jhQK3K7powF82o=
last-modified: Fri, 03 Mar 2023 20:16:19 GMT
server: cloudflare
etag: W/"0c24ccc2ef91aca3121eafe35386f13a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c05842ff8c6bb95-FRA
expires: Tue, 30 Apr 2024 05:10:08 GMT

POST
H3 200 graphql Show response
blog.delivr.to/_/ 143 B
532 B 164ms
164ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.delivr.to/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/8493.12cd6497.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

283453fb590c1bb91cf12de03939141676763a42d24247ba3ca932bdca3a4c36

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 691130a46d44881b
medium-frontend-path: /html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
graphql-operation: VisitorQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
medium-frontend-app: lite/main-20230428-203318-aaad2de49e
apollographql-client-version: main-20230428-203318-aaad2de49e
ot-tracer-spanid: 1dc4a3732258f42a

Response headers

date: Mon, 01 May 2023 05:10:09 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 22
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"8f-nOP3yM4xK3SvtRhTkHRQ5PXxDNU"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20230428-203318-aaad2de49e, rito/main-20230428-225134-947047c49c
cf-ray: 7c0584318e9abb53-FRA
x-request-received-at: 1682917808967

POST graphql
blog.delivr.to/_/ 0
0

POST
H3 200 graphql Show response
blog.delivr.to/_/ 210 B
580 B 188ms
187ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.delivr.to/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/8493.12cd6497.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

031886f7433e0909d6f8e2ad67fb6210288484a9f7282596193a28762fda2382

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 691130a46d44881b
medium-frontend-path: /html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
graphql-operation: NewsletterV3ViewerEdge
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
medium-frontend-app: lite/main-20230428-203318-aaad2de49e
apollographql-client-version: main-20230428-203318-aaad2de49e
ot-tracer-spanid: 1dc4a3732258f42a

Response headers

date: Mon, 01 May 2023 05:10:09 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 43
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"d2-uDFsXskmIAHE6knNH/Nnnyh+8z8"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20230428-203318-aaad2de49e, rito/main-20230428-225134-947047c49c, tutu/main-20230428-171126-272d4798c4
cf-ray: 7c0584318ea0bb53-FRA
x-request-received-at: 1682917808967

POST
H3 200 graphql Show response
blog.delivr.to/_/ 108 B
544 B 205ms
204ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.delivr.to/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/8493.12cd6497.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

02e9e1939e214dfa38c8eab94afca48043e7f00c46e95908662548a7d19819e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 691130a46d44881b
medium-frontend-path: /html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
graphql-operation: usePostPageMeterQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
medium-frontend-app: lite/main-20230428-203318-aaad2de49e
apollographql-client-version: main-20230428-203318-aaad2de49e
ot-tracer-spanid: 1dc4a3732258f42a

Response headers

date: Mon, 01 May 2023 05:10:09 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 63
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"6c-I3CG28DxUiEEF9QH3iLEotaTHR8"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20230428-203318-aaad2de49e, rito/main-20230428-225134-947047c49c, tutu/main-20230428-171126-272d4798c4
cf-ray: 7c0584318ea2bb53-FRA
x-request-received-at: 1682917808966

POST
H3 200 graphql Show response
blog.delivr.to/_/ 8 KB
2 KB 319ms
317ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.delivr.to/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/8493.12cd6497.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae507ee2bfe00fa148c510313787de5cd7058e71fd4dac3b0d8112aa58056ff2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 691130a46d44881b
medium-frontend-path: /html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
graphql-operation: RecircSidebarQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
medium-frontend-app: lite/main-20230428-203318-aaad2de49e
apollographql-client-version: main-20230428-203318-aaad2de49e
ot-tracer-spanid: 1dc4a3732258f42a

Response headers

date: Mon, 01 May 2023 05:10:09 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 124
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"1eb3-p9BvkzuWupvwOOuMEa7X5OzTgr0"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20230428-203318-aaad2de49e, rito/main-20230428-225134-947047c49c, tutu/main-20230428-171126-272d4798c4
cf-ray: 7c0584318ea4bb53-FRA
x-request-received-at: 1682917809018

POST
H3 200 graphql Show response
blog.delivr.to/_/ 27 B
418 B 416ms
414ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.delivr.to/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/8493.12cd6497.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

706e568e0c4a22004a1c177674ae9489b5a3ca9f5a97e4addb3c626c03016548

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 691130a46d44881b
medium-frontend-path: /html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
graphql-operation: ViewerQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
medium-frontend-app: lite/main-20230428-203318-aaad2de49e
apollographql-client-version: main-20230428-203318-aaad2de49e
ot-tracer-spanid: 1dc4a3732258f42a

Response headers

date: Mon, 01 May 2023 05:10:09 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-envoy-upstream-service-time: 23
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 27
x-xss-protection: 0
server: cloudflare
etag: W/"1b-zcE2qsOE110W+7rHoTa9C+cwT68"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20230428-203318-aaad2de49e, rito/main-20230428-225134-947047c49c
cf-ray: 7c0584318ea7bb53-FRA
x-request-received-at: 1682917809206

POST graphql
blog.delivr.to/_/ 0
0

POST
H3 204 rum Show response
blog.delivr.to/cdn-cgi/ 0
176 B 30ms
27ms XHR
text/plain 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.delivr.to/cdn-cgi/rum?

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/8493.12cd6497.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
content-type: application/json

Response headers

date: Mon, 01 May 2023 05:10:08 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://blog.delivr.to
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 7c058431bec4bb53-FRA

POST
H3 200 graphql Show response
blog.delivr.to/_/ 122 KB
24 KB 299ms
290ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.delivr.to/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/8493.12cd6497.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3690a7b3df28cfc856949fd1290c08cfa026a5d7ad8ee9c06ee02070b3c9d76e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 691130a46d44881b
medium-frontend-path: /html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
graphql-operation: PostPageQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
medium-frontend-app: lite/main-20230428-203318-aaad2de49e
apollographql-client-version: main-20230428-203318-aaad2de49e
ot-tracer-spanid: 1dc4a3732258f42a

Response headers

date: Mon, 01 May 2023 05:10:09 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 115
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"1e709-li3NRDWzh+XPHV38wBndQ4sKoyU"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20230428-203318-aaad2de49e, rito/main-20230428-225134-947047c49c, tutu/main-20230428-171126-272d4798c4
cf-ray: 7c058431cecbbb53-FRA
x-request-received-at: 1682917809046

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 51 KB
21 KB 74ms
21ms Script
text/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 01 May 2023 04:35:44 GMT
last-modified: Mon, 17 Apr 2023 22:36:01 GMT
server: Golfe2
age: 2065
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20737
expires: Mon, 01 May 2023 06:35:44 GMT

GET
H2 200 branch-latest.min.js Show response
cdn.branch.io/ 73 KB
22 KB 83ms
28ms Script
text/javascript 108.138.17.45
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.branch.io/branch-latest.min.js
Requested by: Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=d79ab7821c96&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The%2BInQuest%2BInsider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.17.45 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-17-45.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cdc2bb26fe76a79d54a6f197edf1188e4829093003f26707eed349267a8a96d3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-version-id: RcGafUhyGoCBAIKL0sPQaqgYc5MW5qY6
content-encoding: gzip
via: 1.1 6be461c5a9399007c1540eee90371674.cloudfront.net (CloudFront)
date: Mon, 01 May 2023 05:08:17 GMT
last-modified: Tue, 04 Apr 2023 19:50:38 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P7
age: 113
etag: "ce82fd24f9c8aae0ff0fa6e15c400c97"
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: max-age=300
content-length: 22498
x-amz-cf-id: uy3KOvpqF83nY_8X3flnJvNF1_pEf08sFMhgACaX5pLxjGiQjOPvyw==

POST
H3 200 /
blog.delivr.to/_/clientele/reports/performance/ 0
0 205ms
204ms Fetch
text/plain 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.delivr.to/_/clientele/reports/performance/

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.e44d912a.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
Medium-Clientele-Client: lite
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 01 May 2023 05:10:09 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
medium-fulfilled-by: edgy/8.3.0, valencia/main-20230428-203318-aaad2de49e, clientele/main-20230331-165901-ac9beed054
x-envoy-upstream-service-time: 12
cf-ray: 7c058432bf92bb53-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0

POST
H3 200 /
blog.delivr.to/_/clientele/reports/performance/ 0
0 171ms
170ms Fetch
text/plain 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.delivr.to/_/clientele/reports/performance/

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.e44d912a.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
Medium-Clientele-Client: lite
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 01 May 2023 05:10:09 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
medium-fulfilled-by: edgy/8.3.0, valencia/main-20230428-203318-aaad2de49e, clientele/main-20230331-165901-ac9beed054
x-envoy-upstream-service-time: 22
cf-ray: 7c058432bf93bb53-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0

POST
H3 200 /
blog.delivr.to/_/clientele/reports/performance/ 0
0 160ms
160ms Fetch
text/plain 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.delivr.to/_/clientele/reports/performance/

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.e44d912a.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
Medium-Clientele-Client: lite
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 01 May 2023 05:10:09 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
medium-fulfilled-by: edgy/8.3.0, valencia/main-20230428-203318-aaad2de49e, clientele/main-20230331-165901-ac9beed054
x-envoy-upstream-service-time: 11
cf-ray: 7c058432bf95bb53-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0

GET
H3 200 1*C-oov1hPATgpC9aJkKpm_w.png
miro.medium.com/v2/resize:fit:720/format:webp/ 7 KB
8 KB 516ms
515ms Image
image/webp 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fit:720/format:webp/1*C-oov1hPATgpC9aJkKpm_w.png

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/8493.12cd6497.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ca419d293aea6be37299c6d398b7bbff362c7108fd94042dea0f0f3b24fbcf79

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:09 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
cf-cache-status: MISS
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-envoy-upstream-service-time: 373
content-disposition: inline; filename="1*C-oov1hPATgpC9aJkKpm_w.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 7582
x-request-id: 1a305aab-5089-4e40-8331-f5accd9e9a03
sepia-upstream: medium
server: cloudflare
etag: "YXzh1miX4qndlYVobhq_bxorivcuaUlJ2JfvURNm1xU/RIjBiZWEyOGJmNTg0ZjAxMzgyOTBiZDY4OTkwYWE2NmZmIg"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20230428-203318-aaad2de49e
accept-ranges: bytes
cf-ray: 7c058432fb70bb95-FRA
expires: Tue, 30 Apr 2024 05:10:09 GMT

GET
H3 200 0*xvsytvO6lgHgDL8a
miro.medium.com/v2/resize:fit:160/ 4 KB
5 KB 142ms
141ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fit:160/0*xvsytvO6lgHgDL8a

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf2d179ea542c4a803f261321baa76b4628ee1ceb56fadd5b112f49467d7fca

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:09 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: script-src 'none'
cf-cache-status: HIT
x-envoy-upstream-service-time: 260
content-disposition: inline; filename="0*xvsytvO6lgHgDL8a.jpg"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4420
x-request-id: 92c0cc90-d2d2-43c5-8b9c-2d659776bb67
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "QL2g0cdE-mpe-sOzDSBnkCHVu8hdS8-dZPLKmjfV4wU/RIjRhZDNmYTViMjQwZmYxNjgyZWRiZTkwNWEyZmZmOTYzIg"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20230420-004520-1827075847
accept-ranges: bytes
cf-ray: 7c058433fc59bb95-FRA
expires: Tue, 30 Apr 2024 05:10:09 GMT

GET
H3 200 0*tDfVLFwZ5eKJPy87
miro.medium.com/v2/resize:fit:160/ 3 KB
4 KB 142ms
141ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fit:160/0*tDfVLFwZ5eKJPy87

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

37c3a926af9b28967f6f870ebdc232b2f6fb00246727741939e920af3fb867b4

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:09 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: script-src 'none'
cf-cache-status: HIT
x-envoy-upstream-service-time: 70
content-disposition: inline; filename="0*tDfVLFwZ5eKJPy87.jpg"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3562
x-request-id: d8199d01-c52a-4ed1-b238-8f9dacd8e8af
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "QL2g0cdE-mpe-sOzDSBnkCHVu8hdS8-dZPLKmjfV4wU/RIjQwMmZiMDM4YjRkMDk2ZmQ5MTJkOWM5M2YwMDVmZDJmIg"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20230420-004520-1827075847
accept-ranges: bytes
cf-ray: 7c058433fc5abb95-FRA
expires: Tue, 30 Apr 2024 05:10:09 GMT

GET
H3 200 0*g4a2Ixq-13Tsq2N_
miro.medium.com/v2/resize:fit:160/ 3 KB
3 KB 142ms
141ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fit:160/0*g4a2Ixq-13Tsq2N_

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c7f33f9d86d68e8710c412762af168f3fc741c778f0eced14a2e3295ae8918eb

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:09 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: script-src 'none'
cf-cache-status: HIT
x-envoy-upstream-service-time: 102
content-disposition: inline; filename="0*g4a2Ixq-13Tsq2N_.jpg"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2564
x-request-id: ef2c060f-14ca-4de4-8f9b-90854dd57697
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "QL2g0cdE-mpe-sOzDSBnkCHVu8hdS8-dZPLKmjfV4wU/RImIyNGI1OTc5MjdmYTAzNTAzNmNlNzY0ZGU5MDE4NmYyIg"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20230420-004520-1827075847
accept-ranges: bytes
cf-ray: 7c058433fc5bbb95-FRA
expires: Tue, 30 Apr 2024 05:10:09 GMT

GET
H3 200 0*-I13UndM4B1w2brg
miro.medium.com/v2/resize:fit:160/ 2 KB
3 KB 142ms
141ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fit:160/0*-I13UndM4B1w2brg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8d00a4a3f4fd39488c2b2f0e587a7727a144a22c7b42e62e5a19a2ec456b0510

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:09 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: script-src 'none'
cf-cache-status: HIT
x-envoy-upstream-service-time: 124
content-disposition: inline; filename="0*-I13UndM4B1w2brg.jpg"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2470
x-request-id: 315e86d3-3adb-4cce-9ea0-c7590c7ee382
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "QL2g0cdE-mpe-sOzDSBnkCHVu8hdS8-dZPLKmjfV4wU/RImEwYTVmMjU2ZjAyOWIwN2JmMGNiMDFjNzhlNzY0MzFmIg"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20230425-162607-a984df2d9b
accept-ranges: bytes
cf-ray: 7c058433fc5cbb95-FRA
expires: Tue, 30 Apr 2024 05:10:09 GMT

GET
H3 200 0*ltWN9AmW2cs4SW_j
miro.medium.com/v2/resize:fit:160/ 3 KB
4 KB 126ms
126ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fit:160/0*ltWN9AmW2cs4SW_j

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

37c3a926af9b28967f6f870ebdc232b2f6fb00246727741939e920af3fb867b4

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:09 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: script-src 'none'
cf-cache-status: HIT
x-envoy-upstream-service-time: 203
content-disposition: inline; filename="0*ltWN9AmW2cs4SW_j.jpg"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3562
x-request-id: 34e2a0e6-86a1-497c-bb13-4c374ca03f86
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "QL2g0cdE-mpe-sOzDSBnkCHVu8hdS8-dZPLKmjfV4wU/RIjQwMmZiMDM4YjRkMDk2ZmQ5MTJkOWM5M2YwMDVmZDJmIg"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20230420-004520-1827075847
accept-ranges: bytes
cf-ray: 7c058433fc5dbb95-FRA
expires: Tue, 30 Apr 2024 05:10:09 GMT

GET
H3 200 0*1dhkKaICnAftKKM2
miro.medium.com/v2/resize:fit:160/ 10 KB
11 KB 120ms
120ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fit:160/0*1dhkKaICnAftKKM2

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dd0b37cbbaf700e3e7c52e849242a854118a8625f6e18bd01a84af825092f04f

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:09 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-envoy-upstream-service-time: 166
content-disposition: inline; filename="0*1dhkKaICnAftKKM2.png"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 10353
x-request-id: 7eabf2e1-d805-4807-b157-9353c5b669eb
sepia-upstream: medium
server: cloudflare
etag: "QL2g0cdE-mpe-sOzDSBnkCHVu8hdS8-dZPLKmjfV4wU/RIjlmMDhjNjZlYzA4ODdjNTdhZjNmMTNkZTA2ZDNhYmFjIg"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20230420-004520-1827075847
accept-ranges: bytes
cf-ray: 7c058433fc5ebb95-FRA
expires: Tue, 30 Apr 2024 05:10:09 GMT

GET
H3 200 9410.207f1d22.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 6 KB
3 KB 31ms
30ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9410.207f1d22.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.8d489425.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bb1ed19249c07f3ad9aa269ca1a0a5a41096960f35bddb839fbdad08767e3017

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id: b8aj3gwm6vL2ggzrCpcbINd9fTj43ZJu
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: GY2FGSRF1VA9017M
age: 284880
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: xr1KXaeT3EFtZxqnwafTL5aRp0ioTXXF99Bry62UPS3Sr6GDikSBYs6K6HmagKspVdmSeQEV+8o=
last-modified: Fri, 14 Oct 2022 16:15:50 GMT
server: cloudflare
etag: W/"3597e61f2093f3a02a7f54ef5ab8a2fb"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584341c77bb95-FRA
expires: Tue, 30 Apr 2024 05:10:09 GMT

GET
H3 200 7136.50c74aec.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 2 KB
1 KB 31ms
31ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7136.50c74aec.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.8d489425.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8403c71b056bddf7eae34e0bb4c66b4a445668fdd126efbd9bb0649ab77a4bd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id: dZrf7KxB1JsNSGkYRohQTWrDktmi3A8d
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: P86DRX9PRA1C1A6J
age: 178291
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: Zd1AtRLh4giufpmjDz/rWHsjDqYgmFWDIR2wWudfLWhUALgG+elZyvzS2z4A0KzGWDWUvrqHVDY=
last-modified: Fri, 14 Oct 2022 16:15:46 GMT
server: cloudflare
etag: W/"577c727d64dc93cb7770df6b7cbba0cb"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584341c78bb95-FRA
expires: Tue, 30 Apr 2024 05:10:09 GMT

GET
H3 200 8501.e569a7f8.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 3 KB
2 KB 37ms
36ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8501.e569a7f8.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.8d489425.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

934a49c11a620a3958d807963c7a4927df9c64b243849e0ab1ea1576c29eb6c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id: 38toCBLUC8GBtkniMIBTooDoc6N6trGE
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: H0DWTBJGPWY9DQBN
age: 993438
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: oOzJVsFnvSLE3SlLi6RzVG9cbQpqHX542IKwHM+0tXxXkNpid+wkpunyEqae9THuMDX4Oi0A9z8=
last-modified: Fri, 14 Oct 2022 16:15:48 GMT
server: cloudflare
etag: W/"9bc243cc8eeb777dcf487b9f531dd90e"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584341c7cbb95-FRA
expires: Tue, 30 Apr 2024 05:10:09 GMT

GET
H3 200 1*tPw5vhej02IQk7SGTNWSmg.png
miro.medium.com/v2/resize:fill:48:48/ 3 KB
3 KB 135ms
135ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fill:48:48/1*tPw5vhej02IQk7SGTNWSmg.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

23cddb42622b81f34d4c55b8d5f0e214b59bbea178f733d397c7ff947bc082dc

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:09 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-envoy-upstream-service-time: 65
content-disposition: inline; filename="1*tPw5vhej02IQk7SGTNWSmg.png"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2716
x-request-id: 7fb3f846-190d-4b64-98ba-40ab544ee63e
sepia-upstream: medium
server: cloudflare
etag: "c1CjgVkcafhdh7F-WEYEpOglzgQoBxTrHiRusf4J2s4/RImI0ZmMzOWJlMTdhM2QzNjIxMDkzYjQ4NjRjZDU5MjlhIg"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20230428-203318-aaad2de49e
accept-ranges: bytes
cf-ray: 7c0584342c88bb95-FRA
expires: Tue, 30 Apr 2024 05:10:09 GMT

POST
H3 200 graphql Show response
blog.delivr.to/_/ 103 B
512 B 164ms
163ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.delivr.to/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/8493.12cd6497.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4808ccff977940729ce03387d0583d44a1061e1e3e13c8da41f0ff1edfeefb16

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 691130a46d44881b
medium-frontend-path: /html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
graphql-operation: MaybeTextToSpeechQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
medium-frontend-app: lite/main-20230428-203318-aaad2de49e
apollographql-client-version: main-20230428-203318-aaad2de49e
ot-tracer-spanid: 1dc4a3732258f42a

Response headers

date: Mon, 01 May 2023 05:10:09 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 30
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"67-js9EjsjpqfgZHcScPWgryxiAuNc"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20230428-203318-aaad2de49e, rito/main-20230428-225134-947047c49c
cf-ray: 7c0584351944bb53-FRA
x-request-received-at: 1682917809531

POST
H3 200 graphql Show response
blog.delivr.to/_/ 985 B
847 B 209ms
209ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.delivr.to/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/8493.12cd6497.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d3dab00ef4c9c1aa4457659e997cc96b887f3006e0558119d406613dba55d285

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 691130a46d44881b
medium-frontend-path: /html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
graphql-operation: ClapCountQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
medium-frontend-app: lite/main-20230428-203318-aaad2de49e
apollographql-client-version: main-20230428-203318-aaad2de49e
ot-tracer-spanid: 1dc4a3732258f42a

Response headers

date: Mon, 01 May 2023 05:10:09 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 54
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"3d9-oaWbCneLOcj92lU1yp9eCJ/rhpw"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20230428-203318-aaad2de49e, rito/main-20230428-225134-947047c49c, tutu/main-20230428-171126-272d4798c4
cf-ray: 7c05843609ddbb53-FRA
x-request-received-at: 1682917809701

POST
H3 200 graphql Show response
blog.delivr.to/_/ 452 B
727 B 184ms
183ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.delivr.to/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/8493.12cd6497.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

03bde33743d3f2802ffbe7f4ac896a9ea3662b7187a1ee2756bef2a1e68c3fff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 691130a46d44881b
medium-frontend-path: /html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
graphql-operation: FloatingPostActionsQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
medium-frontend-app: lite/main-20230428-203318-aaad2de49e
apollographql-client-version: main-20230428-203318-aaad2de49e
ot-tracer-spanid: 1dc4a3732258f42a

Response headers

date: Mon, 01 May 2023 05:10:09 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 52
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"1c4-ZwuMUDwcZtGe8qr0z6+GSbijY70"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20230428-203318-aaad2de49e, rito/main-20230428-225134-947047c49c, tutu/main-20230428-171126-272d4798c4
cf-ray: 7c05843609debb53-FRA
x-request-received-at: 1682917809683

POST
H3 200 graphql Show response
blog.delivr.to/_/ 80 B
495 B 184ms
184ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.delivr.to/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/8493.12cd6497.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55ca412eac0d644ec6acbaf1fdffc069665d6253bdc3ae15940bd6c9732b643e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 691130a46d44881b
medium-frontend-path: /html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
graphql-operation: PostGiveTipOnExternalPlatformQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
medium-frontend-app: lite/main-20230428-203318-aaad2de49e
apollographql-client-version: main-20230428-203318-aaad2de49e
ot-tracer-spanid: 1dc4a3732258f42a

Response headers

date: Mon, 01 May 2023 05:10:09 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 39
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"50-d/l2GWqSQwieQlOFwoQSAVR+35s"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20230428-203318-aaad2de49e, rito/main-20230428-225134-947047c49c
cf-ray: 7c05843609dfbb53-FRA
x-request-received-at: 1682917809695

POST
H3 200 graphql Show response
blog.delivr.to/_/ 96 B
532 B 192ms
192ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.delivr.to/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/8493.12cd6497.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

54a23671bc26755b7dad45ce48462d8731698480cce458ce91df295e3082f3f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 691130a46d44881b
medium-frontend-path: /html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
graphql-operation: InteractivePostBodyQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
medium-frontend-app: lite/main-20230428-203318-aaad2de49e
apollographql-client-version: main-20230428-203318-aaad2de49e
ot-tracer-spanid: 1dc4a3732258f42a

Response headers

date: Mon, 01 May 2023 05:10:09 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 43
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"60-Oro7QSUARndcmElH6iONx3Ieg4Q"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20230428-203318-aaad2de49e, rito/main-20230428-225134-947047c49c, tutu/main-20230428-171126-272d4798c4
cf-ray: 7c05843609e0bb53-FRA
x-request-received-at: 1682917809696

GET
H2 200 _r Show response
app.link/ 91 B
636 B 995ms
672ms Script
text/javascript 2600:9000:2396:9a00:19:9934:6a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.link/_r?sdk=web2.74.0&branch_key=key_live_ofxXr2qTrrU9NqURK8ZwEhknBxiI6KBm&callback=branch_callback__0

Requested by

Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2396:9a00:19:9934:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

openresty /

Resource Hash

c4dfed30773ed0b7ecbd98204731371a1e39c0c120449cabb01c840b3950708d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
via: 1.1 43d47d0158bc461a90165b6d286cc9d6.cloudfront.net (CloudFront)
server: openresty
accept-ch: Sec-CH-UA-Platform-Version,Sec-CH-UA-Model
x-amz-cf-pop: MCT50-P1
etag: W/"5b-KKMwIYvHvsgF0m3X1KKpG3L2K4I"
x-cache: Miss from cloudfront
content-type: text/javascript; charset=utf-8
content-length: 91
x-amz-cf-id: cyZJ1A0aFh7cs0_0Q-0ujVI9olhAAwzZ2EiQ_qFtcBXGsl2WfbGd3g==

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
207 B 28ms
28ms XHR
text/plain 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j100&a=1347835581&t=pageview&_s=1&dl=https%3A%2F%2Fblog.delivr.to%2Fhtml-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06&ul=en-us&de=UTF-8&dt=HTML%20Smuggling%3A%20Recent%20observations%20of%20threat%20actor%20techniques%20%7C%20by%20delivr.to%20%7C%20Medium&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=1317987963&gjid=685870444&cid=602007875.1682917810&tid=UA-24232453-2&_gid=750250071.1682917810&_r=1&_slc=1&z=1651479178

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/8493.12cd6497.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 01 May 2023 05:10:09 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.delivr.to
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 5969.58b2c011.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 14 KB
5 KB 34ms
33ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5969.58b2c011.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.8d489425.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ffdb21f71e508c3aa7ce86275ceb73abd418d760aa38f1812e3e3e0a5013241

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id: .wbAioAG4Lcw8qAocrqkpqzIEmOAT2WV
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: NSX3KKXX5ETC4MTT
age: 390232
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: 3yy6NBylUhwhFbPHa2+UMmluCcQfC3oyjUBVg/uH4PZWQez60OD6aiy9q/s8LO1p9SBaeGn2alm1jx+eIMKPCzJ2C2mcBdoqT4RQJtPjnsI=
last-modified: Wed, 26 Apr 2023 14:13:40 GMT
server: cloudflare
etag: W/"5f0fa5b6873f9ac9366636ca8c152947"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584365e65bb95-FRA
expires: Tue, 30 Apr 2024 05:10:09 GMT

GET
H3 200 2998.8b0b57c6.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 14 KB
5 KB 31ms
30ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2998.8b0b57c6.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.8d489425.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

337309e684b0643d1e2eb03b3be3e3df4e7183de1595f9f3575cd5f186f3a424

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id: .IE9zAA_DN7bxYuqvVhg_YxteBAu8OXx
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 1CQM2K0SY718A6XK
age: 391136
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: aC5hiAY8x2HWKrUoarJYO+dzElRO0i8jg+mRIbNeBz6LhvDgjccaeRkbyA6IKCo2gkiX2mHf+ZA=
last-modified: Tue, 25 Apr 2023 19:43:30 GMT
server: cloudflare
etag: W/"a8645dd24b5ebbbd890131f0f27fb4d9"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584365e67bb95-FRA
expires: Tue, 30 Apr 2024 05:10:09 GMT

GET
H3 200 PostNextFiveStories.10a929c7.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 3 KB
2 KB 30ms
29ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/PostNextFiveStories.10a929c7.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.8d489425.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79eb96070f46bdfc877526347043fbe369069bd10ced3801aea4fae9c3a02405

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id: s3rnI8YlAYWIm5lqf6PbRBhoE00NmZwQ
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: Y76XYP4PNN79A6B4
age: 463065
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: gyoPm0FNxCEM9JfB55cMRKjWitw21U5nPbvB/pqB1iWEWV4CJ/7LLx8ens9vg3wkmrvgYxkrjqY=
last-modified: Tue, 11 Apr 2023 19:43:25 GMT
server: cloudflare
etag: W/"8cc3a1cdb912499a31a0c32569d93cae"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7c0584365e68bb95-FRA
expires: Tue, 30 Apr 2024 05:10:09 GMT

GET
H3 200 sohne-700-normal.woff
glyph.medium.com/font/cf896f3/3k-4f_4h-52_54-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 28 KB
29 KB 32ms
32ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/cf896f3/3k-4f_4h-52_54-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/sohne-700-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ed76cfe62861007eee5b0ef44f3bd185ce3b60f0b9ead0b91ab62af01e9efa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://blog.delivr.to
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:09 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 7687292
x-envoy-upstream-service-time: 28
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 7c0584368d2d368c-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 30 Apr 2024 05:10:09 GMT

GET
H3 200 1*CENyvmUBnmAnOCfFoTNyFw.jpeg
miro.medium.com/v2/resize:fill:20:20/ 636 B
1 KB 38ms
37ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fill:20:20/1*CENyvmUBnmAnOCfFoTNyFw.jpeg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

05f58f4713341ff1b2cbd045e254a438e1c8ee2cb41a21e0ece2570b38266532

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:09 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: script-src 'none'
cf-cache-status: HIT
age: 232158
x-envoy-upstream-service-time: 98
content-disposition: inline; filename="1*CENyvmUBnmAnOCfFoTNyFw.jpg"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 636
x-request-id: 746f5474-0efe-4bde-91c1-50fd5890292c
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "otqmLAd0vwSg8JnocfiFOlzcufMbpEtiQZGBgUclANM/RIjA4NDM3MmJlNjUwMTllNjAyNzM4MjdjNWExMzM3MjE3Ig"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20230331-165901-ac9beed054
accept-ranges: bytes
cf-ray: 7c0584369eaabb95-FRA
expires: Tue, 30 Apr 2024 05:10:09 GMT

GET
H3 200 0*LLv00uaoWKv56e0D
miro.medium.com/v2/resize:fill:56:56/g:fp:0.5:0.5/ 2 KB
2 KB 35ms
34ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fill:56:56/g:fp:0.5:0.5/0*LLv00uaoWKv56e0D

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d76b4ee6a984d23489a153fc293a0a08007c7a8daeb1ed5c3bfa87e58a34cd98

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:09 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: script-src 'none'
cf-cache-status: HIT
age: 588813
x-envoy-upstream-service-time: 1231
content-disposition: inline; filename="0*LLv00uaoWKv56e0D.jpg"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1741
x-request-id: 18bed306-7e0c-46c2-a337-264c196ea22f
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "CEJCrFHfG4y6nbf_epJhcTgOn_SkbQA5Li5dB0M7VUE/RIjU2MWM4NGI4ZWYzNjFiNjVmMzY0MWNiYjlmMzNlZTJlLTQi"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20230420-004520-1827075847
accept-ranges: bytes
cf-ray: 7c0584369eb0bb95-FRA
expires: Tue, 30 Apr 2024 05:10:09 GMT

GET
H3 200 1*39EmsUc5QYyKGj7vST2CXA.jpeg
miro.medium.com/v2/resize:fill:20:20/ 736 B
1 KB 41ms
40ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fill:20:20/1*39EmsUc5QYyKGj7vST2CXA.jpeg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3f055f8001b617ca9be7a7cd3bb751515f7db6b5323adf1305d55d3a972d0442

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:09 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: script-src 'none'
cf-cache-status: HIT
age: 123010
x-envoy-upstream-service-time: 67
content-disposition: inline; filename="1*39EmsUc5QYyKGj7vST2CXA.jpg"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 736
x-request-id: 4ada319e-67d2-47ac-8f4f-230f8c9b3d14
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "otqmLAd0vwSg8JnocfiFOlzcufMbpEtiQZGBgUclANM/RImRmZDEyNmIxNDczOTQxOGM4YTFhM2VlZjQ5M2Q4MjVjIg"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20230303-101917-2bba7b0c9d
accept-ranges: bytes
cf-ray: 7c0584369eb2bb95-FRA
expires: Tue, 30 Apr 2024 05:10:09 GMT

GET
H3 200 1*otiV9Az7L0Xtw3w-tsYa4w.png
miro.medium.com/v2/resize:fill:56:56/g:fp:0.5:0.5/ 8 KB
9 KB 42ms
41ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fill:56:56/g:fp:0.5:0.5/1*otiV9Az7L0Xtw3w-tsYa4w.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1b675cf46d0b6de52083440daff415ecf33a9f38bbdc549cce55d68801c77ee9

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:09 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 588316
x-envoy-upstream-service-time: 116
content-disposition: inline; filename="1*otiV9Az7L0Xtw3w-tsYa4w.png"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 8288
x-request-id: a7433c93-f7b5-40f9-b4f3-e2206f3c5e3b
sepia-upstream: medium
server: cloudflare
etag: "CEJCrFHfG4y6nbf_epJhcTgOn_SkbQA5Li5dB0M7VUE/RImEyZDg5NWY0MGNmYjJmNDVlZGMzN2MzZWI2YzYxYWUzIg"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20230308-234401-14525b721d
accept-ranges: bytes
cf-ray: 7c0584369eb3bb95-FRA
expires: Tue, 30 Apr 2024 05:10:09 GMT

GET
H3 200 0*Wmsm_zoOjQfYiqqb
miro.medium.com/v2/resize:fill:56:56/g:fp:0.5:0.5/ 2 KB
2 KB 134ms
133ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fill:56:56/g:fp:0.5:0.5/0*Wmsm_zoOjQfYiqqb

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

67a83af9433bfca6f02e8960f7557bfa07a1ac6fa66895f8cae71ed3af9f8294

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:09 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: script-src 'none'
cf-cache-status: HIT
x-envoy-upstream-service-time: 161
content-disposition: inline; filename="0*Wmsm_zoOjQfYiqqb.jpg"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1714
x-request-id: e973bf5c-0189-4b41-8da8-2f300425593e
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "CEJCrFHfG4y6nbf_epJhcTgOn_SkbQA5Li5dB0M7VUE/RIjQxNzYxYjgyMjI2MzA1NWFlNzRiYjgwYzAzODg5NDc2Ig"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20230425-162607-a984df2d9b
accept-ranges: bytes
cf-ray: 7c0584369eb5bb95-FRA
expires: Tue, 30 Apr 2024 05:10:09 GMT

GET
H3 200 1*btXDmVSikt1P-_PVrx6UDA.png
miro.medium.com/v2/resize:fill:20:20/ 1 KB
2 KB 38ms
37ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fill:20:20/1*btXDmVSikt1P-_PVrx6UDA.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

31f2941787b000deb56a7607dd7922bc98bd20d64bcedeb37aa6e4208a438bf9

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:09 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 503088
x-envoy-upstream-service-time: 78
content-disposition: inline; filename="1*btXDmVSikt1P-_PVrx6UDA.png"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1206
x-request-id: 51f7f39a-a04c-4511-9602-7adc1b0d3d54
sepia-upstream: medium
server: cloudflare
etag: "otqmLAd0vwSg8JnocfiFOlzcufMbpEtiQZGBgUclANM/RIjZlZDVjMzk5NTRhMjkyZGQ0ZmZiZjNkNWFmMWU5NDBjIg"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20230420-004520-1827075847
accept-ranges: bytes
cf-ray: 7c0584369eb8bb95-FRA
expires: Tue, 30 Apr 2024 05:10:09 GMT

GET
H3 200 1*S2WkwQU3LWpttmPfrQiI9Q.jpeg
miro.medium.com/v2/resize:fill:56:56/g:fp:0.5:0.5/ 2 KB
2 KB 35ms
34ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fill:56:56/g:fp:0.5:0.5/1*S2WkwQU3LWpttmPfrQiI9Q.jpeg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e6c4743badcee0a99f2822bb55470e7fdf831dfcc17b818f0612794fb85396de

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:09 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: script-src 'none'
cf-cache-status: HIT
age: 503088
x-envoy-upstream-service-time: 212
content-disposition: inline; filename="1*S2WkwQU3LWpttmPfrQiI9Q.jpg"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1853
x-request-id: d989836d-ee0a-487c-a7ab-d78ebce93da2
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "CEJCrFHfG4y6nbf_epJhcTgOn_SkbQA5Li5dB0M7VUE/RIjRiNjVhNGMxMDUzNzJkNmE2ZGI2NjNkZmFkMDg4OGY1Ig"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20230331-165901-ac9beed054
accept-ranges: bytes
cf-ray: 7c0584369eb9bb95-FRA
expires: Tue, 30 Apr 2024 05:10:09 GMT

POST
H3 200 graphql Show response
blog.delivr.to/_/ 82 B
497 B 162ms
161ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.delivr.to/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/8493.12cd6497.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

90d004f37900892380a8ec6321e4821317be7ff6fa52b05651f927f4b663e833

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 691130a46d44881b
medium-frontend-path: /html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
graphql-operation: ClapCountQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
medium-frontend-app: lite/main-20230428-203318-aaad2de49e
apollographql-client-version: main-20230428-203318-aaad2de49e
ot-tracer-spanid: 1dc4a3732258f42a

Response headers

date: Mon, 01 May 2023 05:10:10 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 24
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"52-p5J1pmhjoeW1rY5uHO6xq3F6qjE"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20230428-203318-aaad2de49e, rito/main-20230428-225134-947047c49c
cf-ray: 7c0584390bfcbb53-FRA
x-request-received-at: 1682917810160

POST
H3 200 graphql Show response
blog.delivr.to/_/ 8 KB
3 KB 255ms
255ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.delivr.to/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/8493.12cd6497.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e58ea73342f43bb80304dd85bac784d79bfbd64a472a510b0aaf5c230f68f441

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 691130a46d44881b
medium-frontend-path: /html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
graphql-operation: PostNextFiveStoriesQuery
content-type: application/json
accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
medium-frontend-app: lite/main-20230428-203318-aaad2de49e
apollographql-client-version: main-20230428-203318-aaad2de49e
ot-tracer-spanid: 1dc4a3732258f42a

Response headers

date: Mon, 01 May 2023 05:10:10 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 97
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"2153-vHjMWK2HOYxHFPp4wxjYYJPLHqI"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.3.0, valencia/main-20230428-203318-aaad2de49e, rito/main-20230428-225134-947047c49c, tutu/main-20230428-171126-272d4798c4
cf-ray: 7c0584391c0bbb53-FRA
x-request-received-at: 1682917810187

GET
H3 200 source-serif-pro-400-normal.woff
glyph.medium.com/font/8e059b2/3k-4f_4h-52_54-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 57 KB
57 KB 35ms
35ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/8e059b2/3k-4f_4h-52_54-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/source-serif-pro-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4e8c5141a45860f1cf10629c45600c1c98754d05e3254d586950d9ec0f060b14

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://blog.delivr.to
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 01 May 2023 05:10:10 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 425856
x-envoy-upstream-service-time: 46
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 7c05843b090e368c-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 30 Apr 2024 05:10:10 GMT

POST
H2 200 open Show response
api2.branch.io/v1/ 316 B
692 B 227ms
174ms XHR
application/json 2600:9000:2491:8600:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/open

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/8493.12cd6497.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2491:8600:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

bf7f20d48f0b72564bca524d12e659e6ed80f341e1bfa6a11c483fd623376346

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 01 May 2023 05:10:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 78720628b37ebf3e33c42dc098252ee8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P7
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache
x-branch-request-id: d8208556-c9ad-4174-8b67-35faa9800c96-2023050105
content-length: 316
x-amz-cf-id: 5bgvYJ0D7qqBO5vyKaGB0ltubAMjd1TT6fbg57fpKFDkWgewKmm1kA==

POST
H2 200 profile Show response
api2.branch.io/v1/ 183 B
613 B 237ms
237ms XHR
application/json 2600:9000:2491:8600:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/profile

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/8493.12cd6497.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2491:8600:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ Express

Resource Hash

49e5fefc4fec461ffb87c1fcfb92cf9772ca24cd4485774e33b2284c58793dec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 01 May 2023 05:10:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
via: 1.1 78720628b37ebf3e33c42dc098252ee8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P7
etag: W/"b7-ASoiE9Jprg+g4i7jsUthgl6MAGk"
x-powered-by: Express
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: a16384073519492da47430dd5f40b620-2023050105
content-length: 183
x-amz-cf-id: vnESf7eFcVlZbVJDDcauyhhZXU6v_7TAwiIprXvFtS_K1a3GOwimMQ==

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
435 B 187ms
187ms XHR
application/json 2600:9000:2491:8600:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/pageview

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/8493.12cd6497.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2491:8600:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ Express

Resource Hash

a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 01 May 2023 05:10:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 78720628b37ebf3e33c42dc098252ee8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P7
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: 92c729aba02e44a78c90afaf68941fd2-2023050105
content-length: 28
x-amz-cf-id: YbVwmWTNS3LmuqqcQX-5BD0hw4VJOFyZVZDaBakQQ0sVYnsppjSWBg==

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
435 B 211ms
211ms XHR
application/json 2600:9000:2491:8600:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/pageview

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/8493.12cd6497.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2491:8600:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ Express

Resource Hash

a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 01 May 2023 05:10:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 78720628b37ebf3e33c42dc098252ee8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P7
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: a3460d22fa444691a557b2dadc4ff154-2023050105
content-length: 28
x-amz-cf-id: ycvk1MYlVrqJjsk3FrUzzkWZLW-QWgwc0rWWUJC5bcjnB56PzNC4JA==

POST
H3 200 batch Show response
blog.delivr.to/_/ 17 B
296 B 299ms
298ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.delivr.to/_/batch

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.e44d912a.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
x-xsrf-token: 1
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
content-type: application/json

Response headers

date: Mon, 01 May 2023 05:10:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json
medium-fulfilled-by: edgy/8.3.0, valencia/main-20230428-203318-aaad2de49e
x-envoy-upstream-service-time: 149
cf-ray: 7c05844e1af4bb53-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 17

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: blog.delivr.to
URL: https://blog.delivr.to/_/graphql

Domain: blog.delivr.to
URL: https://blog.delivr.to/_/graphql

Domain: blog.delivr.to
URL: https://blog.delivr.to/_/graphql

Domain: blog.delivr.to
URL: https://blog.delivr.to/_/graphql

Verdicts & Comments Add Verdict or Comment

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.blog.delivr.to/	1969-12-31 23:59:59	Name: __cfruid Value: 4c2fe7136267e1bce24b604b4739afc8d94445d8-1682917806
.medium.com/	1970-01-20 20:15:40	Name: uid Value: lo_44741e28b277
.medium.com/	1970-01-20 20:15:40	Name: sid Value: 1:jGYhVTQxYg7UIjK0LnRrG6un3OK4Cg+FlbflDUeWQ9piAz7jJ+BII6xZr/79iyDl
.medium.com/	1969-12-31 23:59:59	Name: __cfruid Value: 40080df31f87665dad40775b48a5b161e8e74108-1682917806
blog.delivr.to/	1970-01-20 20:15:40	Name: uid Value: lo_44741e28b277
blog.delivr.to/	1970-01-20 20:15:40	Name: sid Value: 1:b4sMoA7R4x+vS2unCME7GC/e8RrsfeKalWZFqd/zhgWqpHhF7FYBQniJ26cW2Ryq
blog.delivr.to/	1970-01-20 11:28:38	Name: _dd_s Value: rum=0&expire=1682918708455
.delivr.to/	1970-01-20 21:04:37	Name: _ga Value: GA1.2.602007875.1682917810
.delivr.to/	1970-01-20 11:30:04	Name: _gid Value: GA1.2.750250071.1682917810
.delivr.to/	1970-01-20 11:28:37	Name: _gat Value: 1
.app.link/	1970-01-20 20:14:13	Name: _s Value: qOIZ4EEULp92q95k3KfdJapzTOx9%2BL%2FXO4EXQ8PZFMG8BVNWcei1P1j1KOF%2FnG3K

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' https://medium.com
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api2.branch.io
app.link
blog.delivr.to
cdn-client.medium.com
cdn.branch.io
glyph.medium.com
medium.com
miro.medium.com
static.cloudflareinsights.com
www.google-analytics.com
blog.delivr.to
108.138.17.45
162.159.152.4
2600:9000:2396:9a00:19:9934:6a80:93a1
2600:9000:2491:8600:11:f728:3040:93a1
2606:4700:7::a29f:9804
2606:4700:7::a29f:9904
2606:4700::6810:3865
2a00:1450:4001:82f::200e
0017449cfda81bb089bf3cdcd944fc19f450c9e6d3bbcc0f752c7c9a44b5c88e
02e9e1939e214dfa38c8eab94afca48043e7f00c46e95908662548a7d19819e1
031886f7433e0909d6f8e2ad67fb6210288484a9f7282596193a28762fda2382
03339318237f203c39972793a5232b2c94f3ea7a2c814641ae62660d8dd6e02b
03bde33743d3f2802ffbe7f4ac896a9ea3662b7187a1ee2756bef2a1e68c3fff
0497bc851b9b9d3211ae22c89f36c5e47fd708bc7239ed6cdde7f39cb5ea3664
0573eb7e1b3f0dbaad578ead6eb03bfbd6280ae5d9a2827ad95b260717410939
05f58f4713341ff1b2cbd045e254a438e1c8ee2cb41a21e0ece2570b38266532
08efafd9f373304b3cfa3b84b75d5913cb39b2b1ebcefa8061f94882a4408985
0d19349e1a7fc17631e75d4434c94ded800f5bcb8cf8e019abe59369b9e574e0
0f653a4f4e90f0ef0df3f84e2e9877a0af5ada92528d458bdd26d9a8cb08e417
135b7b1da534d97eb7e05355530e0af783c988f9a34815185c0e75400d175cf9
13a548e040a1ec08f77911fed1d559b95e5daae0ee227e632140e003c7268e7b
17b661a486215879018ecdf2463102d385f2c4fb74558fd15582e9f4844523d3
18368d07cd53cd2a938e89d068ebb70ab2fac476f7bb58e8586d7d6cbf12cd55
1b675cf46d0b6de52083440daff415ecf33a9f38bbdc549cce55d68801c77ee9
1ca820b9aa7681184130d09157ea679d1d31390bee2af294c088f6dcaa24923b
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
2334df49a3450802cab73e955c936a122a29bc92ffee9cd6196bb7902a47c713
23cddb42622b81f34d4c55b8d5f0e214b59bbea178f733d397c7ff947bc082dc
26bb5d52850ebd86df6c5f1e39549d6caa9c730fa614748d465be34fe3ad02a2
283453fb590c1bb91cf12de03939141676763a42d24247ba3ca932bdca3a4c36
28b2e2a4c843a58cf41b34958d7abfcaca4c2c8e2f8edb32089fba5fa18b30bb
2911927df6c0a93829e78411112c7814bc7b90ecb78c3656c43d501ce89a0a65
293cb36ca1c002f569bcbce51360a20745ce87b2e515be849d83d5269d7d2174
31f2941787b000deb56a7607dd7922bc98bd20d64bcedeb37aa6e4208a438bf9
32579933fa7409a851f4fed587cb4a19111bf097eb787ba275666500c1dc1596
337309e684b0643d1e2eb03b3be3e3df4e7183de1595f9f3575cd5f186f3a424
34d8595679bfca62736f65443196d50b1ecd4bc91dc2c166795f70b961cb0bd4
366bfb267958cf08b1d2dab865f82a1f9065bb019fe1db867815579503b0176d
3690a7b3df28cfc856949fd1290c08cfa026a5d7ad8ee9c06ee02070b3c9d76e
37c3a926af9b28967f6f870ebdc232b2f6fb00246727741939e920af3fb867b4
3a2a69f3e2ba94d54c995b56440590df5ec1f82cc4e16443c97566de4095328b
3b7f1614e5eedf77fce5ff9d7bc8773033173d49af61ec3a624063bc8a304a88
3e479fe502330044c7e5957eaad0ecc55227da44e2f8d614e384d4e139e66dbc
3f055f8001b617ca9be7a7cd3bb751515f7db6b5323adf1305d55d3a972d0442
3fe5d07b773a4441577b5ae257f3bfbebb10c308c73d6664656c172080f363bb
3ffdb21f71e508c3aa7ce86275ceb73abd418d760aa38f1812e3e3e0a5013241
456d098310cccea8bfc4879a194168a41a37adb126ccc4f1416ccf90ee392d8f
4756b8554d2e2b0ea985aefed9d0000d175c5c9ae6536b143adedf436531a834
4808ccff977940729ce03387d0583d44a1061e1e3e13c8da41f0ff1edfeefb16
49e5fefc4fec461ffb87c1fcfb92cf9772ca24cd4485774e33b2284c58793dec
4a96cae42b1009fa744e6e9d4149f69da1ad14892d80a57ca04f6b0e3f1d9e46
4e8c5141a45860f1cf10629c45600c1c98754d05e3254d586950d9ec0f060b14
50a979f6e8a062abeacd9791b81cbedbe908659d6bc12d73f1102167bfc41937
54a23671bc26755b7dad45ce48462d8731698480cce458ce91df295e3082f3f5
55ca412eac0d644ec6acbaf1fdffc069665d6253bdc3ae15940bd6c9732b643e
5a9538496fc598aef8185ce64a1416f66dbb480363eacd5466477f888985c161
5b4a371c6adf95bf152794e200975d8c9944a326cf6d08862f3f9a7dadd679f8
5fd5bf01b4c556dfeba2a6382aab7a4520cc6574394567e97a3a5e09ec8cdddd
6173a1b363b6bffdf4ec8d533f260644b17cc6f8a747f2d4f529795a3cdf0c04
6482695d7a4f61334413b48d08762f0741c24cf2f5fac96d097ee76f7864b9a1
65f0c65b5db3aa0568c7986479a4a3e909a05a84fb34ced48d70a2d628dd1444
67a83af9433bfca6f02e8960f7557bfa07a1ac6fa66895f8cae71ed3af9f8294
6b400a4ec8b292df5747de9b0fca9f6528b1b1e027e1189db9ce24f15d5e1749
6d0f1f91751d635fce38f3af610e536f348ef6e22a9a9fc34d5c6d375169b3c0
706e568e0c4a22004a1c177674ae9489b5a3ca9f5a97e4addb3c626c03016548
78661d3e6871b6e5c37f3113d811cb3dfc69546449e3b2c28095b6e7f28d9a7d
79eb96070f46bdfc877526347043fbe369069bd10ced3801aea4fae9c3a02405
7ae83513752ee9a8181dd755a464c8f4d6fa6f2de549342a91b5013857318c03
7b9e8109c78ad9e76bff06adea00cb379e26a2d11a9a3498b200c3df0be3331c
8403c71b056bddf7eae34e0bb4c66b4a445668fdd126efbd9bb0649ab77a4bd2
8d00a4a3f4fd39488c2b2f0e587a7727a144a22c7b42e62e5a19a2ec456b0510
90d004f37900892380a8ec6321e4821317be7ff6fa52b05651f927f4b663e833
9310c83c18743911f4124d65452c68aca614a19c2426e4c406b8297824f26563
934a49c11a620a3958d807963c7a4927df9c64b243849e0ab1ea1576c29eb6c3
93ec15dd15d0b36925c06e9cd208be62b2bd75010d9681c067867fc429b29d9f
9ed76cfe62861007eee5b0ef44f3bd185ce3b60f0b9ead0b91ab62af01e9efa4
a054981357a01eda3130a3303e830c3a1c131ad5e1ef9b7ae26cd5528f4c298a
a2dccb0664aa6be074668f722bd5e206d0632b561ed15eb7f4975bfdfc126605
a56d29a9c88368029672af32583293e1cfb7de32fa9a3b07014cb6349a291906
a7d86022f2a24e2797798001ea8b3cbf6b4a6d9de3fa1d3ad1ab9e596e6c0a78
a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb
a8385e7b05d48e9989413e1cb765038ac3f15f5aea672954c765bd7f19c9a058
ae4a152dbc443cb2190ebe669b3604fa97bae75f8012b0364ffb2ff2d4def713
ae507ee2bfe00fa148c510313787de5cd7058e71fd4dac3b0d8112aa58056ff2
b0bb60d88b2542c309808da080e6c3bfe7c4c3ff03e679ab29a4394c00a11c4f
b0f424bafe993b016ea96973894f95dfc4290608478a2d7d3fdd080d9b0a60d1
b7a186a71840944885d3c455f4e3c5b73fcc575b75fcd91f4e111ea512e75b8f
bb13425885ee713fb8e0df5308e088502decb5ba7bdeda770a6588c71d2e8583
bb1ed19249c07f3ad9aa269ca1a0a5a41096960f35bddb839fbdad08767e3017
be18a208d4e5e0c3f3343588333535ac1efad32afa983e2ce0d6c42a80fff5d3
be1f68b533d20ee61daf543dff9e6a9b3aebb19e6ec07a3bc7a84db8b1b4d86d
bf7f20d48f0b72564bca524d12e659e6ed80f341e1bfa6a11c483fd623376346
c1c223b155a0b1cc4ab40250ddeeec6031a768c2417f0144392a8680b99d7282
c4a0cb6328126994438b5a127dc9d3bb890323c339df243cc9f19bc3bde40bfa
c4dfed30773ed0b7ecbd98204731371a1e39c0c120449cabb01c840b3950708d
c7f33f9d86d68e8710c412762af168f3fc741c778f0eced14a2e3295ae8918eb
ca2b6c294049540bb3cf90a4425ee46c65a114fba4d1a91b0c76b644b95e4d2f
ca419d293aea6be37299c6d398b7bbff362c7108fd94042dea0f0f3b24fbcf79
ccf2d179ea542c4a803f261321baa76b4628ee1ceb56fadd5b112f49467d7fca
cdc2bb26fe76a79d54a6f197edf1188e4829093003f26707eed349267a8a96d3
cdda40bda76a0adaed3fe045e8396748669078e1b15c59975119e243bc6b45c0
d1bb0e18dda94e73f54955d08e8579d5958e168fb032edb5a01d4766acea6d10
d3dab00ef4c9c1aa4457659e997cc96b887f3006e0558119d406613dba55d285
d5d7947aa3e6131478a97f06e72913cb7b9e19161e03502ad1de3eb67f447213
d6c90ff7bddb2b437a4130fbfaad1dd6fdc87a532ed4a97b5a4484c659e632ee
d76b4ee6a984d23489a153fc293a0a08007c7a8daeb1ed5c3bfa87e58a34cd98
dd0b37cbbaf700e3e7c52e849242a854118a8625f6e18bd01a84af825092f04f
dee0b96b9a0b8d892256c83ca6b65c0660e33e57c8ce1bb89b91351135c91540
e2913d7530f3f6c73b724c9882136bae20c7a5939038a4a1f3dbf3aea33dba79
e2be45fe7a399b7cd926a3daf4d472a60b61eefe3e9c19a68cd0acc2e4b3d991
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e53ebfbcc9c25748543c93340d2eb361c3fae51ae63261e01e54758703593afc
e58ea73342f43bb80304dd85bac784d79bfbd64a472a510b0aaf5c230f68f441
e5a5c8bf0e32d365e821fd8f6d94d7c397c95ff6f10bbac9304b2e3a72470653
e6c4743badcee0a99f2822bb55470e7fdf831dfcc17b818f0612794fb85396de
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
f90d19259478cca4381bea7e760845de9bcf2155ee96cd8b06049add894022d3

blog.delivr.to Open in urlscan Pro 162.159.152.4 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

121 Requests

97 %HTTPS

75 %IPv6

6 Domains

10 Subdomains

9 IPs

3 Countries

1232 kBTransfer

3508 kBSize

11 Cookies

99 Outgoing links

Page URL History

Redirected requests

121 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

blog.delivr.to Open in urlscan Pro
162.159.152.4 Public Scan

Screenshot
Live screenshot

Full Image

121
Requests

97 %
HTTPS

75 %
IPv6

6
Domains

10
Subdomains

9
IPs

3
Countries

1232 kB
Transfer

3508 kB
Size

11
Cookies

121 HTTP transactions
0 data transactions