labs.guard.io Open in urlscan Pro
162.159.153.4 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd...
Effective URL:
https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd...
Submission: On August 06 via api (August 6th 2024, 6:26:20 pm UTC) from US — Scanned from CA

Summary HTTP 73 Redirects Links 71 Behaviour Indicators

Summary

This website contacted 12 IPs in 2 countries across 9 domains to perform 73 HTTP transactions. The main IP is 162.159.153.4, located in and belongs to CLOUDFLARENET, US. The main domain is labs.guard.io.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on October 14th 2023. Valid for: a year.

This is the only time labs.guard.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 25	162.159.153.4 162.159.153.4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2606:4700:7::... 2606:4700:7::a29f:9804	13335 (CLOUDFLAR...) (CLOUDFLARENET)
33	2606:4700:7::... 2606:4700:7::a29f:9904	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:4f49	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	162.159.152.4 162.159.152.4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4004:c1d::61	15169 (GOOGLE) (GOOGLE)
1	142.251.174.106 142.251.174.106	15169 (GOOGLE) (GOOGLE)
1	108.138.106.9 108.138.106.9	16509 (AMAZON-02) (AMAZON-02)
1	2607:f8b0:400... 2607:f8b0:400d:c00::5e	15169 (GOOGLE) (GOOGLE)
1	2600:9000:21d... 2600:9000:21da:4c00:19:9934:6a80:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2607:f8b0:400... 2607:f8b0:400d:c1d::66	15169 (GOOGLE) (GOOGLE)
1	142.251.174.105 142.251.174.105	15169 (GOOGLE) (GOOGLE)
3	2600:9000:251... 2600:9000:2512:ce00:11:f728:3040:93a1	16509 (AMAZON-02) (AMAZON-02)
73	12

25 162.159.153.4 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

labs.guard.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
glyph.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:7::a29f:9804 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

33 2606:4700:7::a29f:9904 (United States)

ASN13335 (CLOUDFLARENET, US)

glyph.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
miro.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-client.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:4f49 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 162.159.152.4 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn-client.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
miro.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c1d::61 (Washington, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.174.106 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: qc-in-f106.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.106.9 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-106-9.jfk50.r.cloudfront.net

cdn.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:400d:c00::5e (Morganton, United States)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21da:4c00:19:9934:6a80:93a1 (United States)

ASN16509 (AMAZON-02, US)

app.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:400d:c1d::66 (Morganton, United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.174.105 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: qc-in-f105.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:2512:ce00:11:f728:3040:93a1 (United States)

ASN16509 (AMAZON-02, US)

api2.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
48	medium.com 1 redirects medium.com — Cisco Umbrella Rank: 14991 glyph.medium.com — Cisco Umbrella Rank: 36301 miro.medium.com — Cisco Umbrella Rank: 26890 cdn-client.medium.com — Cisco Umbrella Rank: 39654	1 MB
16	guard.io 1 redirects labs.guard.io	68 KB
4	branch.io cdn.branch.io — Cisco Umbrella Rank: 1086 api2.branch.io — Cisco Umbrella Rank: 1206	25 KB
2	google.com www.google.com — Cisco Umbrella Rank: 10	1 KB
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 104	252 B
1	app.link app.link — Cisco Umbrella Rank: 3609	633 B
1	gstatic.com www.gstatic.com	210 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 112	93 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1223	7 KB
73	9

	Domain	Requested by
32	cdn-client.medium.com	labs.guard.io cdn-client.medium.com
16	labs.guard.io	1 redirects cdn-client.medium.com
10	glyph.medium.com	glyph.medium.com
5	miro.medium.com	labs.guard.io
3	api2.branch.io	cdn-client.medium.com
2	www.google.com	cdn-client.medium.com www.gstatic.com
1	www.google-analytics.com	cdn-client.medium.com
1	app.link	cdn.branch.io
1	www.gstatic.com	www.google.com
1	cdn.branch.io	labs.guard.io
1	www.googletagmanager.com	cdn-client.medium.com
1	static.cloudflareinsights.com	labs.guard.io
1	medium.com	1 redirects
73	13

This site contains links to these domains. Also see Links.

Domain
rsci.app.link
medium.com
www.linkedin.com
www.guard.io
www.proofpoint.com
www.forbes.com
today.ucsd.edu
proofpoint.my.site.com
www.ovh.com
bird.com
guard.io
c0d3x27.medium.com
infosecwriteups.com
justincox.medium.com
osintteam.blog
doublepulsar.com
blog.stackademic.com
help.medium.com
medium.statuspage.io
blog.medium.com
policy.medium.com
speechify.com

Subject Issuer	Validity	Valid
labs.guard.io Cloudflare Inc ECC CA-3	`2023-10-14` - `2024-10-13`	a year	crt.sh
medium.com Cloudflare Inc ECC CA-3	`2024-02-16` - `2024-12-31`	a year	crt.sh
cloudflareinsights.com WE1	`2024-07-06` - `2024-10-04`	3 months	crt.sh
*.google-analytics.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.google.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.branch.io Amazon RSA 2048 M01	`2023-09-11` - `2024-10-09`	a year	crt.sh
*.gstatic.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
appipv4.link Amazon RSA 2048 M03	`2024-03-25` - `2025-04-22`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e
Frame ID: 68CE2D4EDFCFF7B9F166381A4EF33087
Requests: 72 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Le-uGgpAAAAAPprRaokM8AKthQ9KNGdoxaGUvVp&co=aHR0cHM6Ly9sYWJzLmd1YXJkLmlvOjQ0Mw..&hl=en&v=hfUfsXWZFeg83qqxrK27GB8P&size=invisible&cb=plhl8rp6higa
Frame ID: 88AEE354A6BA96FCF41D732294BCBA57
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

“EchoSpoofing” — A Massive Phishing Campaign Exploiting Proofpoint’s Email Protection to Dispatch Millions of Perfectly Spoofed Emails | by Guardio | Jul, 2024 | Medium

Page URL History Show full URLs

https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protec... HTTP 307
https://medium.com/m/global-identity-2?redirectUrl=https%3A%2F%2Flabs.guard.io%2Fechospoofing-a... HTTP 307
https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protec... Page URL

Detected technologies

Medium (Blogs) Expand

Overall confidence: 100%
Detected patterns

medium\.com

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

73
Requests

100 %
HTTPS

62 %
IPv6

9
Domains

13
Subdomains

12
IPs

2
Countries

1550 kB
Transfer

4085 kB
Size

10
Cookies

71 Outgoing links

These are links going to different origins than the main page.

URL: https://rsci.app.link/?%24canonical_url=https%3A%2F%2Fmedium.com%2Fp%2F3dd6b5417db6&%7Efeature=LoOpenInAppButton&%7Echannel=ShowPostUnderUser&source=---two_column_layout_nav----------------------------------
Title: Open in app

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fechospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6&source=post_page---two_column_layout_nav-----------------------global_nav-----------
Title: Sign up

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Flabs.guard.io%2Fechospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6&source=post_page---two_column_layout_nav-----------------------global_nav-----------
Title: Sign in

Search URL Search Domain Scan URL

URL: https://medium.com/?source=---two_column_layout_nav----------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fnew-story&source=---two_column_layout_nav-----------------------new_post_topnav-----------
Title: Write

Search URL Search Domain Scan URL

URL: https://medium.com/search?source=---two_column_layout_nav----------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fuser%2F6a038e71ff0f&operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fechospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6&user=Guardio&userId=6a038e71ff0f&source=post_page-6a038e71ff0f----3dd6b5417db6---------------------post_header-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fp%2F3dd6b5417db6&operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fechospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6&user=Guardio&userId=6a038e71ff0f&source=-----3dd6b5417db6---------------------clap_footer-----------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F3dd6b5417db6&operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fechospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6&source=-----3dd6b5417db6---------------------bookmark_footer-----------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2Fplans%3Fdimension%3Dpost_audio_button%26postId%3D3dd6b5417db6&operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fechospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6&source=-----3dd6b5417db6---------------------post_audio_button-----------
Title: Listen

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/natital/
Title: Nati Tal

Search URL Search Domain Scan URL

URL: http://www.guard.io/
Title: Guardio Labs

Search URL Search Domain Scan URL

URL: https://www.proofpoint.com/
Title: Proofpoint

Search URL Search Domain Scan URL

URL: https://www.forbes.com/sites/daveywinder/2024/03/20/new-mass-gmail-rejections-will-start-in-14-days-google-says/
Title: new anti-spam rules

Search URL Search Domain Scan URL

URL: https://today.ucsd.edu/story/forwarding_based_spoofing
Title: heavily abused

Search URL Search Domain Scan URL

URL: https://proofpoint.my.site.com/community/s/article/How-to-enable-the-Antispoof-policy
Title: tutorial page

Search URL Search Domain Scan URL

URL: https://www.ovh.com/
Title: OVH

Search URL Search Domain Scan URL

URL: https://bird.com/email/power-mta
Title: Bird

Search URL Search Domain Scan URL

URL: https://www.guard.io/
Title: Guardio

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fechospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6&source=---post_footer_upsell--3dd6b5417db6---------------------lo_non_moc_upsell-----------
Title: Sign up for free

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fplans&source=---post_footer_upsell--3dd6b5417db6---------------------lo_non_moc_upsell-----------
Title: Try for US$5 US$4/month

Search URL Search Domain Scan URL

URL: https://medium.com/tag/phishing-email?source=post_page-----3dd6b5417db6---------------phishing_email-----------------
Title: Phishing Email

Search URL Search Domain Scan URL

URL: https://medium.com/tag/vulnerability?source=post_page-----3dd6b5417db6---------------vulnerability-----------------
Title: Vulnerability

Search URL Search Domain Scan URL

URL: https://medium.com/tag/spoofing?source=post_page-----3dd6b5417db6---------------spoofing-----------------
Title: Spoofing

Search URL Search Domain Scan URL

URL: https://medium.com/tag/cybersecurity?source=post_page-----3dd6b5417db6---------------cybersecurity-----------------
Title: Cybersecurity

Search URL Search Domain Scan URL

URL: https://medium.com/tag/proofpoint?source=post_page-----3dd6b5417db6---------------proofpoint-----------------
Title: Proofpoint

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=%2F_%2Fapi%2Fsubscriptions%2Fnewsletters%2Ff776b280f31b&operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fechospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6&newsletterV3=6a038e71ff0f&newsletterV3Id=f776b280f31b&user=Guardio&userId=6a038e71ff0f&source=-----3dd6b5417db6---------------------subscribe_user-----------

Search URL Search Domain Scan URL

URL: https://guard.io/
Title: https://guard.io

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2Fa2225e51898e&operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fscammers-paradise-exploring-telegrams-dark-markets-breeding-ground-for-modern-phishing-a2225e51898e&source=-----3dd6b5417db6----0-----------------bookmark_preview----cbca5399_c65e_4070_8596_cb5154a4bf08-------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F65ea78efad16&operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fetherhiding-hiding-web2-malicious-code-in-web3-smart-contracts-65ea78efad16&source=-----3dd6b5417db6----1-----------------bookmark_preview----cbca5399_c65e_4070_8596_cb5154a4bf08-------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2Fa5e5fb892935&operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fsubdomailing-thousands-of-hijacked-major-brand-subdomains-found-bombarding-users-with-millions-a5e5fb892935&source=-----3dd6b5417db6----2-----------------bookmark_preview----cbca5399_c65e_4070_8596_cb5154a4bf08-------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F3182cfb12f4d&operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fmrtonyscam-botnet-of-facebook-users-launch-high-intent-messenger-phishing-attack-on-business-3182cfb12f4d&source=-----3dd6b5417db6----3-----------------bookmark_preview----cbca5399_c65e_4070_8596_cb5154a4bf08-------

Search URL Search Domain Scan URL

URL: https://c0d3x27.medium.com/?source=read_next_recirc-----3dd6b5417db6----0---------------------d10f74ce_4c96_49f3_b879_db2c391aa656-------

Search URL Search Domain Scan URL

URL: https://infosecwriteups.com/?source=read_next_recirc-----3dd6b5417db6----0---------------------d10f74ce_4c96_49f3_b879_db2c391aa656-------
Title: InfoSec Write-ups

Search URL Search Domain Scan URL

URL: https://c0d3x27.medium.com/lfi-with-phpinfo-to-rce-78318f0dc9ce?source=read_next_recirc-----3dd6b5417db6----0---------------------d10f74ce_4c96_49f3_b879_db2c391aa656-------
Title: LFI WITH PHPINFO TO RCELFI vulnerabilities when testing PHP applications

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F78318f0dc9ce&operation=register&redirect=https%3A%2F%2Finfosecwriteups.com%2Flfi-with-phpinfo-to-rce-78318f0dc9ce&source=-----3dd6b5417db6----0-----------------bookmark_preview----d10f74ce_4c96_49f3_b879_db2c391aa656-------

Search URL Search Domain Scan URL

URL: https://medium.com/@jonathanmondaut?source=read_next_recirc-----3dd6b5417db6----1---------------------d10f74ce_4c96_49f3_b879_db2c391aa656-------

Search URL Search Domain Scan URL

URL: https://medium.com/@jonathanmondaut/how-chatgpt-turned-me-into-a-hacker-7469d5b43026?source=read_next_recirc-----3dd6b5417db6----1---------------------d10f74ce_4c96_49f3_b879_db2c391aa656-------
Title: How ChatGPT Turned Me into a HackerDiscover how ChatGPT helped me become a hacker, from gathering resources to tackling CTF challenges, all with the power of AI.

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F7469d5b43026&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40jonathanmondaut%2Fhow-chatgpt-turned-me-into-a-hacker-7469d5b43026&source=-----3dd6b5417db6----1-----------------bookmark_preview----d10f74ce_4c96_49f3_b879_db2c391aa656-------

Search URL Search Domain Scan URL

URL: https://medium.com/@wearedelicious/list/tech-tools-541154dfb3ae?source=read_next_recirc-----3dd6b5417db6--------------------------------
Title: Tech & Tools17 stories·278 saves

Search URL Search Domain Scan URL

URL: https://justincox.medium.com/list/best-of-the-writing-cooperative-9fe477bf6581?source=read_next_recirc-----3dd6b5417db6--------------------------------
Title: Best of The Writing Cooperative67 stories·364 saves

Search URL Search Domain Scan URL

URL: https://medium.com/@MediumStaff/list/mediums-huge-list-of-publications-accepting-submissions-7c0ec8037e61?source=read_next_recirc-----3dd6b5417db6--------------------------------
Title: Medium's Huge List of Publications Accepting Submissions334 stories·3218 saves

Search URL Search Domain Scan URL

URL: https://medium.com/@MediumStaff/list/staff-picks-c7bc6e1ee00f?source=read_next_recirc-----3dd6b5417db6--------------------------------
Title: Staff Picks706 stories·1194 saves

Search URL Search Domain Scan URL

URL: https://medium.com/@enigma_?source=read_next_recirc-----3dd6b5417db6----0---------------------d10f74ce_4c96_49f3_b879_db2c391aa656-------

Search URL Search Domain Scan URL

URL: https://osintteam.blog/?source=read_next_recirc-----3dd6b5417db6----0---------------------d10f74ce_4c96_49f3_b879_db2c391aa656-------
Title: OSINT Team

Search URL Search Domain Scan URL

URL: https://medium.com/@enigma_/the-art-of-osint-discovering-locations-with-image-analysis-and-aritifical-intelligence-tools-820a4b74d426?source=read_next_recirc-----3dd6b5417db6----0---------------------d10f74ce_4c96_49f3_b879_db2c391aa656-------
Title: The Art of OSINT: Discovering Locations with Image Analysis and Aritifical Intelligence ToolsRecently I participated in a private challenge. The challenge was to find the exact location of a building given only a picture and with…

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F820a4b74d426&operation=register&redirect=https%3A%2F%2Fosintteam.blog%2Fthe-art-of-osint-discovering-locations-with-image-analysis-and-aritifical-intelligence-tools-820a4b74d426&source=-----3dd6b5417db6----0-----------------bookmark_preview----d10f74ce_4c96_49f3_b879_db2c391aa656-------

Search URL Search Domain Scan URL

URL: https://medium.com/@networksecurity?source=read_next_recirc-----3dd6b5417db6----1---------------------d10f74ce_4c96_49f3_b879_db2c391aa656-------

Search URL Search Domain Scan URL

URL: https://doublepulsar.com/?source=read_next_recirc-----3dd6b5417db6----1---------------------d10f74ce_4c96_49f3_b879_db2c391aa656-------
Title: DoublePulsar

Search URL Search Domain Scan URL

URL: https://medium.com/@networksecurity/microsoft-need-to-be-transparent-about-customer-impacting-ddos-attacks-763a9c0d46ef?source=read_next_recirc-----3dd6b5417db6----1---------------------d10f74ce_4c96_49f3_b879_db2c391aa656-------
Title: Microsoft need to be transparent about customer impacting DDoS attacksMicrosoft are hiding another customer impacting DDoS attack.

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F763a9c0d46ef&operation=register&redirect=https%3A%2F%2Fdoublepulsar.com%2Fmicrosoft-need-to-be-transparent-about-customer-impacting-ddos-attacks-763a9c0d46ef&source=-----3dd6b5417db6----1-----------------bookmark_preview----d10f74ce_4c96_49f3_b879_db2c391aa656-------

Search URL Search Domain Scan URL

URL: https://medium.com/@haiou-a?source=read_next_recirc-----3dd6b5417db6----2---------------------d10f74ce_4c96_49f3_b879_db2c391aa656-------

Search URL Search Domain Scan URL

URL: https://blog.stackademic.com/?source=read_next_recirc-----3dd6b5417db6----2---------------------d10f74ce_4c96_49f3_b879_db2c391aa656-------
Title: Stackademic

Search URL Search Domain Scan URL

URL: https://medium.com/@haiou-a/optimizing-mysql-queries-from-190-seconds-to-1-second-for-tens-of-millions-of-records-c9d61b7e75b9?source=read_next_recirc-----3dd6b5417db6----2---------------------d10f74ce_4c96_49f3_b879_db2c391aa656-------
Title: Optimizing MySQL Queries from 190 Seconds to 1 Second for Tens of Millions of RecordsMy article is open to everyone; non-member readers can click this link to read the full text.

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2Fc9d61b7e75b9&operation=register&redirect=https%3A%2F%2Fblog.stackademic.com%2Foptimizing-mysql-queries-from-190-seconds-to-1-second-for-tens-of-millions-of-records-c9d61b7e75b9&source=-----3dd6b5417db6----2-----------------bookmark_preview----d10f74ce_4c96_49f3_b879_db2c391aa656-------

Search URL Search Domain Scan URL

URL: https://medium.com/@anton.chuvakin?source=read_next_recirc-----3dd6b5417db6----3---------------------d10f74ce_4c96_49f3_b879_db2c391aa656-------

Search URL Search Domain Scan URL

URL: https://medium.com/anton-on-security?source=read_next_recirc-----3dd6b5417db6----3---------------------d10f74ce_4c96_49f3_b879_db2c391aa656-------
Title: Anton on Security

Search URL Search Domain Scan URL

URL: https://medium.com/@anton.chuvakin/guide-your-soc-leaders-to-more-engineering-wisdom-for-detection-part-9-a46319bd362c?source=read_next_recirc-----3dd6b5417db6----3---------------------d10f74ce_4c96_49f3_b879_db2c391aa656-------
Title: Guide your SOC Leaders to More Engineering Wisdom for Detection(Part 9)This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous…

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2Fa46319bd362c&operation=register&redirect=https%3A%2F%2Fmedium.com%2Fanton-on-security%2Fguide-your-soc-leaders-to-more-engineering-wisdom-for-detection-part-9-a46319bd362c&source=-----3dd6b5417db6----3-----------------bookmark_preview----d10f74ce_4c96_49f3_b879_db2c391aa656-------

Search URL Search Domain Scan URL

URL: https://medium.com/?source=post_page-----3dd6b5417db6--------------------------------
Title: See more recommendations

Search URL Search Domain Scan URL

URL: https://help.medium.com/hc/en-us?source=post_page-----3dd6b5417db6--------------------------------
Title: Help

Search URL Search Domain Scan URL

URL: https://medium.statuspage.io/?source=post_page-----3dd6b5417db6--------------------------------
Title: Status

Search URL Search Domain Scan URL

URL: https://medium.com/about?autoplay=1&source=post_page-----3dd6b5417db6--------------------------------
Title: About

Search URL Search Domain Scan URL

URL: https://medium.com/jobs-at-medium/work-at-medium-959d1a85284e?source=post_page-----3dd6b5417db6--------------------------------
Title: Careers

Search URL Search Domain Scan URL

URL: https://blog.medium.com/?source=post_page-----3dd6b5417db6--------------------------------
Title: Blog

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-privacy-policy-f03bf92035c9?source=post_page-----3dd6b5417db6--------------------------------
Title: Privacy

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-terms-of-service-9db0094a1e0f?source=post_page-----3dd6b5417db6--------------------------------
Title: Terms

Search URL Search Domain Scan URL

URL: https://speechify.com/medium?source=post_page-----3dd6b5417db6--------------------------------
Title: Text to speech

Search URL Search Domain Scan URL

URL: https://medium.com/business?source=post_page-----3dd6b5417db6--------------------------------
Title: Teams

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6 HTTP 307
https://medium.com/m/global-identity-2?redirectUrl=https%3A%2F%2Flabs.guard.io%2Fechospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6 HTTP 307
https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

73 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6 Show response
labs.guard.io/
Redirect Chain

https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
https://medium.com/m/global-identity-2?redirectUrl=https%3A%2F%2Flabs.guard.io%2Fechospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e

264 KB
56 KB

639ms
638ms

Document
text/html

162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

80fd2f7d274e84dfcc6789e0b7151e52c0658d703fc6cee0a2408232cbbb0f99

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://medium.com
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache, no-store, max-age=0, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8af112efbc97ab7c-YYZ
content-encoding: gzip
content-security-policy: frame-ancestors 'self' https://medium.com
content-type: text/html; charset=utf-8
date: Tue, 06 Aug 2024 18:26:13 GMT
link: <https://glyph.medium.com/css/unbound.css>; as="style"; rel="preload"
medium-fulfilled-by: edgy/8.8.0, valencia/main-20240805-153438-68158efee2, lite/main-20240806-171742-fa7f991470, rito/main-20240806-152534-340ea1ecd8, tutu/main-20240805-222238-1545676626
medium-missing-time: 146
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 535
x-request-received-at: 1722968773134

Redirect headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8af112ef4a3da2c6-YUL
content-length: 0
content-type: text/plain;charset=UTF-8
date: Tue, 06 Aug 2024 18:26:13 GMT
location: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e
medium-fulfilled-by: edgy/8.8.0, valencia/main-20240805-153438-68158efee2
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
worker-missing-cookies: 1
x-content-type-options: nosniff
x-envoy-upstream-service-time: 14

GET
H2 200 unbound.css
glyph.medium.com/css/ 19 KB
0 0ms
0ms Stylesheet
text/css 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/css/unbound.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

45dbf060ec052a3b0ca5ae7211eaa27c950db65b019aa456e1e686a85f8a327e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1116
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=7200
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 8af112efeec1a2fa-YUL
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 06 Aug 2024 20:26:13 GMT

GET
H3 200 sohne-400-normal.woff
glyph.medium.com/font/b492c44/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 12 KB
13 KB 205ms
175ms Font
application/font-woff 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/b492c44/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8f6e7bfd316a160cd611c23c79c3d0cf8fcbfe22e16592f4afffd03eedf45756

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://labs.guard.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 141883
x-envoy-upstream-service-time: 21
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 8af112f4887239cb-YYZ
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Wed, 06 Aug 2025 18:26:13 GMT

GET
H3 200 sohne-700-normal.woff
glyph.medium.com/font/cf896f3/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 13 KB
13 KB 232ms
203ms Font
application/font-woff 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/cf896f3/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-700-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0d63477fd28c0476d71f7d94269d37ebc13ee81002807b40bdcee28351da2019

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://labs.guard.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 141883
x-envoy-upstream-service-time: 17
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 8af112f4887439cb-YYZ
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Wed, 06 Aug 2025 18:26:13 GMT

GET
H3 200 source-serif-pro-400-normal.woff
glyph.medium.com/font/8e059b2/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 12 KB
12 KB 255ms
225ms Font
application/font-woff 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/8e059b2/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/source-serif-pro-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7cb0607a963a4d571ab612d010e4c124c2bb4cc0fd27048efa5f92eedab98ebe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://labs.guard.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 141883
x-envoy-upstream-service-time: 14
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 8af112f4887539cb-YYZ
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Wed, 06 Aug 2025 18:26:13 GMT

GET
H3 200 source-serif-pro-700-normal.woff
glyph.medium.com/font/b156742/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 12 KB
13 KB 270ms
241ms Font
application/font-woff 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/b156742/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/source-serif-pro-700-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b579cb06b725609666aeb9fec66152efd7e687c9ba13096c2ce7c1db44c82558

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://labs.guard.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 141883
x-envoy-upstream-service-time: 16
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 8af112f4887739cb-YYZ
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Wed, 06 Aug 2025 18:26:13 GMT

GET
H3 200 source-serif-pro-400-italic.woff
glyph.medium.com/font/76c214a/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 12 KB
13 KB 90ms
61ms Font
application/font-woff 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/76c214a/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/source-serif-pro-400-italic.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7725f2e70b6a54d4e4f93c2ea20bdc4ac549a289a806828e73dfcd3a2969b870

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://labs.guard.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
x-envoy-upstream-service-time: 15
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 8af112f4887139cb-YYZ
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Wed, 06 Aug 2025 18:26:13 GMT

GET
H3 200 source-code-pro-400-normal.woff
glyph.medium.com/font/3bd49b7/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 7 KB
7 KB 66ms
38ms Font
application/font-woff 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/3bd49b7/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/source-code-pro-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

07e3ee7afcbc3462ebf2164763c7f050fc4195d5efa4b039646ae0192c49e2fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://labs.guard.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 141883
x-envoy-upstream-service-time: 25
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 8af112f4886b39cb-YYZ
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Wed, 06 Aug 2025 18:26:13 GMT

GET
H3 200 source-code-pro-700-normal.woff
glyph.medium.com/font/a9cd261/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 7 KB
7 KB 89ms
61ms Font
application/font-woff 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/a9cd261/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/source-code-pro-700-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8ed9ffd0607f63bb2030024abc5225df6b2fa2a081774e13744d04b12a9be6ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://labs.guard.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 141883
x-envoy-upstream-service-time: 18
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 8af112f4886f39cb-YYZ
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Wed, 06 Aug 2025 18:26:13 GMT

GET
H3 200 sohne-500-normal.woff
glyph.medium.com/font/df9ba7f/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 12 KB
13 KB 68ms
40ms Font
application/font-woff 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/df9ba7f/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-500-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

45bd34ce2bf3511cc126b1b12bc1597486e925141c10b05627857cb79810140c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://labs.guard.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 141883
x-envoy-upstream-service-time: 47
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 8af112f4886d39cb-YYZ
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Wed, 06 Aug 2025 18:26:13 GMT

GET
H3 200 source-serif-pro-400-normal.woff
glyph.medium.com/font/8e059b2/3k-4f_4h-52_54-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 57 KB
57 KB 72ms
44ms Font
application/font-woff 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/8e059b2/3k-4f_4h-52_54-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/source-serif-pro-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

202a8c194cdbd74e42b1fc8c8e48b741204e6c7b368af1147740855268887dbe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://labs.guard.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 141883
x-envoy-upstream-service-time: 23
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 8af112f4886c39cb-YYZ
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Wed, 06 Aug 2025 18:26:13 GMT

GET
H2 200 1*dmbNkD5D-u45r44go_cf0g.png
miro.medium.com/v2/resize:fill:64:64/ 1 KB
2 KB 109ms
37ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fill:64:64/1*dmbNkD5D-u45r44go_cf0g.png

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f90d19259478cca4381bea7e760845de9bcf2155ee96cd8b06049add894022d3

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:13 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 343537
x-envoy-upstream-service-time: 43
content-disposition: inline; filename="1*dmbNkD5D-u45r44go_cf0g.png"
alt-svc: h3=":443"; ma=86400
content-length: 1310
x-request-id: ad4c7a57-6f79-4fb6-85d3-f9a456f053c1
server: cloudflare
etag: "qUlGJkYhB4LINmyi_TVOvM25Dy409gGbmK5EqrHhPd0/RImNiNjU3ZGRlN2RhNjI0NjU3YTVmNmQ0ZDdhNzEyMDM3Ig"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20240724-071343-5e5ed7a543
accept-ranges: bytes
cf-ray: 8af112f4da3fa2fa-YUL
expires: Wed, 06 Aug 2025 18:26:13 GMT

GET
H2 200 1*s7SJaF9dODo7rWqa2rFQ6Q.png
miro.medium.com/v2/resize:fill:88:88/ 6 KB
6 KB 113ms
42ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fill:88:88/1*s7SJaF9dODo7rWqa2rFQ6Q.png

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3177c0013737d38f7a9fc5f06b3e7ba3d6d7ea0d02406d8c5beb176d26b701ab

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:13 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 272608
x-envoy-upstream-service-time: 121
content-disposition: inline; filename="1*s7SJaF9dODo7rWqa2rFQ6Q.png"
alt-svc: h3=":443"; ma=86400
content-length: 5653
x-request-id: f8488d54-f664-4f9e-a354-5a9b642bdc76
server: cloudflare
etag: "9ivaNyhTKaKecaYmZr68Fn9V98S0df7YQu7TMR33mwc/RImIzYjQ4OTY4NWY1ZDM4M2EzYmFkNmE5YWRhYjE1MGU5Ig"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20240724-071343-5e5ed7a543
accept-ranges: bytes
cf-ray: 8af112f4da41a2fa-YUL
expires: Wed, 06 Aug 2025 18:26:13 GMT

GET
H2 200 1*olxDjak5YFCRW7-Ji0VMXg.png
miro.medium.com/v2/resize:fit:720/format:webp/ 34 KB
35 KB 111ms
40ms Image
image/webp 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fit:720/format:webp/1*olxDjak5YFCRW7-Ji0VMXg.png

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

000a678322b18de6649abef6ad26479df03f66c6000d31a159f2a913c081ecd1

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:13 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 353154
x-envoy-upstream-service-time: 338
content-disposition: inline; filename="1*olxDjak5YFCRW7-Ji0VMXg.webp"
alt-svc: h3=":443"; ma=86400
content-length: 34934
x-request-id: 5e9f522c-90ca-49b3-8f16-80d9f754d03a
server: cloudflare
etag: "YXzh1miX4qndlYVobhq_bxorivcuaUlJ2JfvURNm1xU/RImEyNWM0MzhkYTkzOTYwNTA5MTViYmY4OThiNDU0YzVlIg"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20240724-071343-5e5ed7a543
accept-ranges: bytes
cf-ray: 8af112f4da40a2fa-YUL
expires: Wed, 06 Aug 2025 18:26:13 GMT

GET
H2 200 manifest.f02b74bc.js Show response
cdn-client.medium.com/lite/static/js/ 13 KB
6 KB 47ms
35ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/manifest.f02b74bc.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0da8ee03bdba69b1c0e3ea1bf1d2e0486eae8c3216f4e9bebc8bc1e99b059e82

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:13 GMT
x-amz-version-id: i7LOdlvtai06kL__0e1bFX6CmUbyIAzL
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: F2SC3Y6CZF88B98Y
age: 3287
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Tz5c0oDLHg4THqcs2+8Zj260AeA8xqnKUmOffClTVskLoq9/wLz5LNI8dY5bJG9vt7dQk7gPjuo=
last-modified: Tue, 06 Aug 2024 17:24:52 GMT
server: cloudflare
etag: W/"4696fe59b7f363aab03ed9cb14ff9d73"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8af112f479faa2fa-YUL
expires: Wed, 06 Aug 2025 18:26:13 GMT

GET
H2 200 3905.cfd85a7e.js Show response
cdn-client.medium.com/lite/static/js/ 658 KB
206 KB 62ms
51ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3905.cfd85a7e.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2965c84559c6551a0e441cbec208a5f3e834968f15b20af2dc821af2cf83b2d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:13 GMT
x-amz-version-id: kX6NYOizmQ2ZmKFJVS2lcixie8.Tn.qU
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: E7BDS3Q8DTVP7YQR
age: 366854
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: GDzrpLm4KLhAWRXvK/mRS7CiPOYpX8E4NCfi8zDZn1kG9MEFofChfX+AvHAwNCVO8lcW/J1SXkc=
last-modified: Fri, 02 Aug 2024 09:41:38 GMT
server: cloudflare
etag: W/"10c10f8038712060500a3790f6498a01"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8af112f479fba2fa-YUL
expires: Wed, 06 Aug 2025 18:26:13 GMT

GET
H2 200 main.4d996939.js Show response
cdn-client.medium.com/lite/static/js/ 870 KB
200 KB 46ms
35ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/main.4d996939.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

73025c8fa379f82a80720172888702ff49593ebce422e1668f5d873b83f75aa6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:13 GMT
x-amz-version-id: pIkOjYcPUtB2lQfIf8.pRgAcO2N0TR4e
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: F2S6AQ9H94RV9354
age: 3287
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: o31n2CrRUBDarGSaUdwbHOn7OAQ0vT7D5gtkVseOOsXUSfg6G292NH3YSWtdioay2dBLaP6EYZowJvKzutlvivYSCnW7pw9I/k5OucFqu4c=
last-modified: Tue, 06 Aug 2024 17:24:40 GMT
server: cloudflare
etag: W/"d40ffe4e066a7b3fcaf96f476b76e0a5"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8af112f479fda2fa-YUL
expires: Wed, 06 Aug 2025 18:26:13 GMT

GET
H2 200 instrumentation.d9108df7.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 3 KB
2 KB 40ms
29ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/instrumentation.d9108df7.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3edb3930e433b6ee76c26ed156d44196652363b4fa881a3e140b3e0b43d2a3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:13 GMT
x-amz-version-id: .o.5Xe59BjAug.2i7CIo5xR8KvX9Uh6Q
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 6PS8G29Z5H1WM2X9
age: 696870
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: BybGD4PWIghsqmsdPy9UA3nQrUPfoYlS/R5yV+zzyyC1pW0v1aZhcP4RtoxZYOaksEgvYoVlHVA=
last-modified: Mon, 01 Jul 2024 15:12:51 GMT
server: cloudflare
etag: W/"4d3916cdf704b083082b21a733ef176c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8af112f479fca2fa-YUL
expires: Wed, 06 Aug 2025 18:26:13 GMT

GET
H2 200 reporting.ff22a7a5.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 1 KB
1 KB 60ms
50ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/reporting.ff22a7a5.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eada6d1c06b5d675e0c143a2fbef8bf83e3060e9ba20ceeb37ec9415ce9bdbaa

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:13 GMT
x-amz-version-id: WdqYVC5hKfoxJxknk7bO0he3xYL6sW.H
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: K11CV5MR43B7K2CW
age: 343473
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: HJUreF5CjFASFzLta0aW0WSXjLCeHT0fXKS0KTrnN0ah8gPS/3Nm8TW2kqKptMOiQIOelNyxkW2pOP1zYdNPNPQP8aoOvd9+
last-modified: Mon, 27 May 2024 12:15:10 GMT
server: cloudflare
etag: W/"d5998f5c1de61a2837a52be8d7d89310"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8af112f479fea2fa-YUL
expires: Wed, 06 Aug 2025 18:26:13 GMT

GET
H2 200 3171.5b0ceee8.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 22 KB
10 KB 44ms
34ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3171.5b0ceee8.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79eb6859c9a6c235e1d70b932415c90a5315a3e327a4d6c4e086d61f40d6999c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:13 GMT
x-amz-version-id: KqBCN83v94Uk9LlH2c5IQVDtaLrk9OA8
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: K11A39CQHS06MTHQ
age: 357231
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: /5ARveaZog69zTdTXDutGRL8OGtS/Z8N3SxurQgz18AsiNsF87XYj4YMfecoNRdUYy3Lwq6nuFg/zK3qTW839A==
last-modified: Mon, 27 May 2024 12:14:30 GMT
server: cloudflare
etag: W/"830afe36784cfae1961ac9d6aea82166"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8af112f479ffa2fa-YUL
expires: Wed, 06 Aug 2025 18:26:13 GMT

GET
H2 200 4810.988332a1.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 6 KB
3 KB 36ms
30ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4810.988332a1.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ba7072a7fc413971fa79ad1c5f4fc98fbaf7a5ac321885f5d3886a0b5c28680

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:13 GMT
x-amz-version-id: cZWaDRHA1DODGwy5T526WHpRG2LGqdAb
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 49MMD510QPG9Q0ER
age: 332608
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: T74PMgUKu4FxGFT1YWR6OtezOl9Tli93KfIw+yUmd/5YPDWeww6g0k2Q/kvaeXbWs/P3LyoUcyQ=
last-modified: Tue, 02 Jul 2024 17:39:38 GMT
server: cloudflare
etag: W/"9d339bd2a1cbea977ed88ff67f98786b"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8af112f4ba1aa2fa-YUL
expires: Wed, 06 Aug 2025 18:26:13 GMT

GET
H2 200 6618.db187378.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 3 KB
2 KB 48ms
43ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6618.db187378.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

12c333a76ec82d35a4541956e0e8b4591b55d76f1d1ee4e47f3dd0ec33229e43

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:13 GMT
x-amz-version-id: ZwCMHuCQ5h9dAQvOvOTD_48maUvIlL_r
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: W9V2XWBBT3ES4TJ9
age: 347046
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: W98ctDW23HSDoxpjwhkx6vz3mmUwUFenhEjwGKQCm97Cuo15YrUMSCRUsOVYNVY32jvPQMsqKUc=
last-modified: Thu, 04 Jul 2024 13:33:59 GMT
server: cloudflare
etag: W/"7bbe09830788bb18d63591d1a7e255ce"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8af112f4ba1ba2fa-YUL
expires: Wed, 06 Aug 2025 18:26:13 GMT

GET
H2 200 1386.e126dec1.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 15 KB
5 KB 35ms
30ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1386.e126dec1.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

090bc42941d1aa8c149649433dbfc58083dc8b5024d865a3eeb6b6cf962bb9fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:13 GMT
x-amz-version-id: QG_k5h0.u3vNsJ2yik6nfnfhZnPr.z6W
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: RW8T3KCBSAN4T2VY
age: 357148
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: tE+buEsdIkZfjm428j+A7ekMLNLu4CoIXQmeQQOReGh0hcRLbTCL2EIcw0IXyE84URoBqVHnhDM=
last-modified: Fri, 26 Jul 2024 17:53:40 GMT
server: cloudflare
etag: W/"feeff2a8b384410506194ff5a6d9bbd0"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8af112f4ba1da2fa-YUL
expires: Wed, 06 Aug 2025 18:26:13 GMT

GET
H2 200 9977.343f5002.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
4 KB 46ms
41ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9977.343f5002.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

26ff9b8f504c301368c15975fe82c899b4d773044dc8ebfeb2e8b824b84deae6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:13 GMT
x-amz-version-id: N7UuHEtxfN06.FPagPPTXS4SGH1d7vg4
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: RW8RVN56VQQAYAHP
age: 332523
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 3m1gewjv/u2KtBdf6OmXVfCQaCvE0DQKFjF9XODl6JeX60C6CmC8JsBWpdZvbkT4NMUCem/owa/EVuINsMvHol18EaJgKzqY
last-modified: Fri, 26 Jul 2024 17:53:52 GMT
server: cloudflare
etag: W/"037509434c68779878bdd7ccb0b86dc5"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8af112f4ba1ea2fa-YUL
expires: Wed, 06 Aug 2025 18:26:13 GMT

GET
H2 200 5250.fc15c18c.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 33 KB
8 KB 52ms
47ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5250.fc15c18c.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f64e1663932ee61acc447f098d51cc369d7cee286df892fb2633826c6683cfe5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:13 GMT
x-amz-version-id: 77iX2gYbkSLBDQOY.ANuWFEbtuUBuxHE
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: W8VKM5W7QY91CPWT
age: 347056
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: +a1rm0siFRgtfHmgw5l1o8tV59ZtdBtvVVguT6qRdpPdLTYe0TYLN4QRg2w4lMB7g+56N8Ry7SCo8HaB1wQBzg==
last-modified: Tue, 23 Jul 2024 14:16:04 GMT
server: cloudflare
etag: W/"50668a99c3a198b3a31122b271e506ee"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8af112f4ba1fa2fa-YUL
expires: Wed, 06 Aug 2025 18:26:13 GMT

GET
H2 200 8261.08d8d6be.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 23 KB
7 KB 51ms
46ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8261.08d8d6be.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ce1089c6c643c96cc75c9ee1c07b2d526910aa1b1216c1bfa46887422c4ceecf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:13 GMT
x-amz-version-id: WiYwcBrD4clj3rriOhfmDauuGNabvLMR
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: Y93CD8EX9PWKHN3N
age: 347037
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: DgM+teVeAs7XPxVni2i/BonpDt3vA/qFb2l/6NUazo7GN1MtjRZZPtd09lnH01kX7y/GDjZAoLI=
last-modified: Tue, 30 Jul 2024 15:47:46 GMT
server: cloudflare
etag: W/"cd331497d539b1ed5631f9fea61d3b9a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8af112f4ba20a2fa-YUL
expires: Wed, 06 Aug 2025 18:26:13 GMT

GET
H2 200 7975.19e89f16.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 38 KB
13 KB 48ms
44ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7975.19e89f16.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dd7d8887325c56a8110185a2dfccb5be2827e391c8d67f6e486c2d3fb4f47e05

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:13 GMT
x-amz-version-id: yqD8VeFNzLFkqOxDKd0w7lC7Gu7cTJup
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: Y932PQG6ZJK62J7P
age: 350683
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: tJu8SUaeCkdrQPBny7z4qEJOZWLdkMi3wBjYvP7D6lRkqqQLVfExyrFz9ywSbUgjljDGklT8GDA=
last-modified: Fri, 26 Jul 2024 17:53:49 GMT
server: cloudflare
etag: W/"6d026c72f05a7499c26e17d6281e06b5"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8af112f4ba22a2fa-YUL
expires: Wed, 06 Aug 2025 18:26:13 GMT

GET
H2 200 2648.a582e725.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 13 KB
4 KB 52ms
47ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2648.a582e725.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3f4802b980b851baa044b8629c38620e440e34f813f194ff59f3e0b07841e9e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:13 GMT
x-amz-version-id: JmQicT0yfVKHGmXo0kvv8nZJKyruBIMi
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: Y931GRVW6P45FAFG
age: 613678
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: pJQHLM7V9IWtzlytgcy71zr/+H6RQTRoheHni6GPUmjecazDLKb68JOfsj1/ZujkENugeU/8ZAs=
last-modified: Fri, 26 Jul 2024 17:53:42 GMT
server: cloudflare
etag: W/"0c0f500397d18d725d15d1a62ffee39b"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8af112f4ba23a2fa-YUL
expires: Wed, 06 Aug 2025 18:26:13 GMT

GET
H2 200 2712.0f6c85f5.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 16 KB
6 KB 47ms
43ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2712.0f6c85f5.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ef4af1b67eb6f8f8c3c533a53beec35f341eca89965b94622e96db335173353

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:13 GMT
x-amz-version-id: O6CXJG.oJQRhW.lKZ6tSg2FTv8QHAfVk
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: Y930P5TD9Y1E8TFC
age: 332527
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: G5fLtsUjIf4FBDs6jOa01l9SZomW2gs6vOxYb7klO9ashCn87j4uSIE9JU2dqhV7zMwvPWPN1nlATmarmd4NEHbhpBXv/zmX
last-modified: Fri, 26 Jul 2024 17:53:42 GMT
server: cloudflare
etag: W/"7073e67c69c598d5d6704b209b354973"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8af112f4ba24a2fa-YUL
expires: Wed, 06 Aug 2025 18:26:13 GMT

GET
H2 200 2793.01d2b056.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 11 KB
4 KB 46ms
41ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2793.01d2b056.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dae884ca218724d7aa7ad0a9b88fc11ffe37edb3e2f1738dcb3a73b92e5979ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:13 GMT
x-amz-version-id: RYfGrMF2yEVwxEBbV81vpl2Ldv2lYMit
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: Y93EY73036R3B6XZ
age: 332625
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: ICb6/ph839/9xyhI49fLh19BxnOBdd/Gn1IdBjFkDV1t7zDtUVEudMxhMGYVzb6lAlH6mmFXB5RRtCJiB33MOQZSMOPcXxPt
last-modified: Fri, 26 Jul 2024 17:53:42 GMT
server: cloudflare
etag: W/"62fa0804355a6527dc1ac0b2c7efdab1"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8af112f4ba25a2fa-YUL
expires: Wed, 06 Aug 2025 18:26:13 GMT

GET
H2 200 6636.ef641110.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 72 KB
19 KB 51ms
46ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6636.ef641110.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ecbdd06d681360e5cdd0484a09c4c1643c607d6925ca5ccbd236ea5c7d1e59de

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:13 GMT
x-amz-version-id: NbfIn1J4_e.Mg.agk9M.wnOL_9YUsGxX
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: SE63MDDX3NRA0T40
age: 532406
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: xMqiYBIS97/b152hAFAUPmnefMIOCLfFGBjgspnu+mEt5g1qS+a+vUaAFxxkk1gqn5GATkCiImK18YmaK9/uCQ==
last-modified: Wed, 31 Jul 2024 14:22:47 GMT
server: cloudflare
etag: W/"b37ec8d56f5d49f351d1c8dc9f3679de"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8af112f4ba26a2fa-YUL
expires: Wed, 06 Aug 2025 18:26:13 GMT

GET
H2 200 3735.ca2f95e3.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 19 KB
6 KB 47ms
43ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3735.ca2f95e3.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c7d7d9270eceea5c971942507e9453e43761c75a3dc152a1c5307f95d9a125f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:13 GMT
x-amz-version-id: 0TnunSVN6tN37PXgIEIMeRgeOGxmHr.w
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: Y93FNSCBAS75K40Z
age: 613678
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 33mAkN43KhMDio7j2BuF9BiDbV6AdZFJ8r/9IjBCx/mmxdoUX1ybkZIUVCNlIwqYtGls4j7+5lc=
last-modified: Fri, 26 Jul 2024 17:53:44 GMT
server: cloudflare
etag: W/"6c3b3d23153ec1fb033a383e9a36db50"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8af112f4ba27a2fa-YUL
expires: Wed, 06 Aug 2025 18:26:13 GMT

GET
H2 200 5642.b8216689.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 22 KB
8 KB 50ms
46ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5642.b8216689.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

821f305a1e867384acc6d5ffe26bfd6073dcd263fee17e4ea26f311c0de6752d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:13 GMT
x-amz-version-id: 8TX8lBFezlhSfYbf4yy47CkmQcUYjrB9
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: RW8T6D1BE3SP9R01
age: 353932
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: KL6t5dA3SVgv4b0aYd6hOCamq/JWnRaC4qWsjqdoreCrVvK5L+bxGA5BtSq0DhJK4CbY7KIcEgY=
last-modified: Fri, 26 Jul 2024 17:53:46 GMT
server: cloudflare
etag: W/"6e222789049d72fa62a3adeec5e19906"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8af112f4ba28a2fa-YUL
expires: Wed, 06 Aug 2025 18:26:13 GMT

GET
H2 200 6546.0f97e7cb.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 134 KB
35 KB 51ms
47ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6546.0f97e7cb.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c1846ba30141060fb2a1325977174bc50bc5b530328f04b85a5a65ca79894d00

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:13 GMT
x-amz-version-id: rXDQ63cHsqa_cWs2Yn8XVK7Jx2r29p.Y
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: W9VDBKMJS6J89904
age: 1070305
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: F9m5vYGLhRmY8+uvfwK0VXlzjcUoaqoTY1Z85/9FnO2YeshXtfugz1yzyr0HkUEpjyOzYdfZrAc=
last-modified: Tue, 16 Jul 2024 08:46:19 GMT
server: cloudflare
etag: W/"9bc1af09b2d45969f9f1747c1d451746"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8af112f4ba29a2fa-YUL
expires: Wed, 06 Aug 2025 18:26:13 GMT

GET
H2 200 6834.f2d3924e.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 20 KB
7 KB 56ms
53ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6834.f2d3924e.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b54187c08d16f6492780c02344ddc87057e150494196f0f8860dfb7f7b769bc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:13 GMT
x-amz-version-id: o1es8sE.cZmyaYqu.4nKiCbux9A2sGad
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: DADE8Y5V055Q9Y1R
age: 360479
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: cl+jwexHSxgmOnI8o4RnKGRLVBO++9k7B8BNEQsa4dwaYdu8MT69cfJwd9B4heq+7TbnXWq0/2U=
last-modified: Wed, 03 Jul 2024 10:04:06 GMT
server: cloudflare
etag: W/"047a986937c5d63a5762092c09992f7c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8af112f4ca33a2fa-YUL
expires: Wed, 06 Aug 2025 18:26:13 GMT

GET
H2 200 2420.0330d157.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 24 KB
4 KB 56ms
52ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2420.0330d157.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

171cece4ac2237f1003b18b0fe31873be2d2dfcd6b835525fef7734dd3885b72

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:13 GMT
x-amz-version-id: _5P0lSJaufDrl5cajeATE6F_8uI.XcAy
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: ZYBDYYSEDJ8ED4AW
age: 363866
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: u6AxHRrQoMuMvihevNS2W0fhwzvBLJnQoaYSaPxTqTenbrFWdry2EEyJ/QKqu39cnqgj46hfQhde5Z5+n+5uaw==
last-modified: Mon, 08 Jul 2024 15:08:52 GMT
server: cloudflare
etag: W/"ab60dc899e489dc43eb7fb5e1321ec32"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8af112f4ca35a2fa-YUL
expires: Wed, 06 Aug 2025 18:26:13 GMT

GET
H2 200 2106.21ff89d3.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 19 KB
5 KB 57ms
53ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2106.21ff89d3.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

642e68e2920d83ca866b88006ef18212354e0d5acd026ccdc0b21cdafe72746f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:13 GMT
x-amz-version-id: ZAOTHsY5yzhFtAIVlxWuUUSMd6WiuHdq
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: RW8ZHAD35DWSGZP2
age: 332625
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: r2+RwMmFTAdc/zzwTMOJU2wi6e/1mvoxdRzQgLqnPw7Gt/o7Ow4JlYMkLJDzbnn7Lcw2Uq8UYD4=
last-modified: Fri, 26 Jul 2024 17:53:41 GMT
server: cloudflare
etag: W/"a33b4282f0980a9d6bfbebc42268cfe8"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8af112f4ca37a2fa-YUL
expires: Wed, 06 Aug 2025 18:26:13 GMT

GET
H2 200 6696.92b2dfc3.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 24 KB
9 KB 63ms
60ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6696.92b2dfc3.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

631fa83890e3eca0286f2031373cd81e15b26bef6ac66510eb20c293d485f7d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:13 GMT
x-amz-version-id: fLu07dD.4p7TwvDn0jorSMsqg86HrjUa
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: RW8TZDM6J3CKHKQS
age: 360393
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: aIK7E9kUTVg8mjrWtgCHpcr6FXoENdvn9/Oean9ckMkfHAG40NzS6zDEqjs5srYSMV33sO2dIWs=
last-modified: Fri, 26 Jul 2024 17:53:48 GMT
server: cloudflare
etag: W/"c1e1e1db1cdd0dfef5b50bef88b7dc76"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8af112f4ca38a2fa-YUL
expires: Wed, 06 Aug 2025 18:26:13 GMT

GET
H2 200 5832.07d4db30.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 23 KB
8 KB 59ms
55ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5832.07d4db30.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

97bcccc88ca7586da014b033d245ef6b6a3d809980c235253a0175013d269279

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:13 GMT
x-amz-version-id: OailDEncbopuhGpocJHW6yjTjA0054XY
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: Y93C56WD6ZQE43XW
age: 360479
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: I6MK81cSD/Kqkxm2UNaUlEccdfRnJv9OuRGhivOetdeMa4RLxRu319NtRhzHy4ZIIbuv8AdWNn/fJXyuy/9rUQ==
last-modified: Fri, 26 Jul 2024 17:53:46 GMT
server: cloudflare
etag: W/"2b95a976d4743ffdcbead4643ccc9f87"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8af112f4ca39a2fa-YUL
expires: Wed, 06 Aug 2025 18:26:13 GMT

GET
H2 200 3366.16d43002.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 24 KB
7 KB 58ms
54ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3366.16d43002.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

51c2d15085e1bea1acc8c289aaf02248b99a2d7af841a490af98b075ce1bd335

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:13 GMT
x-amz-version-id: iRx_Sa3wOj2D3iu5351xbA_j6U9WJs22
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: RW8K5542K999C3Q9
age: 343639
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: uAls9BGWoAlg+79y9vHfbIEWhy15j1Vdd0YJVvCAprO+yAf0Zb4EinKYHQqsRxMXruuNM3y9X+Q=
last-modified: Fri, 26 Jul 2024 17:53:43 GMT
server: cloudflare
etag: W/"f7d652fe9ab72992c826f85b6e6df7fd"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8af112f4ca3aa2fa-YUL
expires: Wed, 06 Aug 2025 18:26:13 GMT

GET
H2 200 6040.6ceb7f43.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 39 KB
6 KB 57ms
54ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6040.6ceb7f43.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6a839d8b35bf8434f24f1f80677762baa5f6b99855fef78fd1adf3ad4566e0c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:13 GMT
x-amz-version-id: U8YjgT4vGYNjdzQyRhBEV8U4zckVjhAJ
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: ZYBE5ZZMB8EV5PQV
age: 363828
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: ZMlX930vbIcGTOJCbNKUszZ6xZSKTeplIpvhobWn7+Q19wtpd9ULexV7dJq5fLPz05XWZ4eg8F0=
last-modified: Fri, 12 Jul 2024 16:10:59 GMT
server: cloudflare
etag: W/"b99a824dd4e9656c1c0e034c85d116ce"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8af112f4ca3ba2fa-YUL
expires: Wed, 06 Aug 2025 18:26:13 GMT

GET
H2 200 4391.3e417aeb.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 24 KB
7 KB 61ms
57ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4391.3e417aeb.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc8368078dd9744e4f4332aa3cc3864c656efb269889e273bdf7ec0ec05ae764

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:13 GMT
x-amz-version-id: .878.TNn.VbjSoYR7aafua6z9z3nN0il
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: ZYBE6WCNGNP29KHG
age: 347033
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: jtmwINjVVM0asnKRpHt9oys6NHFRmSZicSJOxwk2i4jW9CSLUUc0+KLeevdt9hnaVdB+GKieqt4=
last-modified: Fri, 12 Jul 2024 16:10:57 GMT
server: cloudflare
etag: W/"4c03d49a14c2d9cbaacd98dd39c48c1c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8af112f4ca3da2fa-YUL
expires: Wed, 06 Aug 2025 18:26:13 GMT

GET
H2 200 PostPage.MainContent.8a1aec03.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 188 KB
42 KB 58ms
54ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/PostPage.MainContent.8a1aec03.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e6857cc540eb7db2a09a89dab618614f9b6a9bba7e42ca20996a7d9b0eb015af

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:13 GMT
x-amz-version-id: MhCLBtI1j3sHG3syTJdSeLE0h8C5.cAn
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 4ZSV2Q6EQCRC43N0
age: 536227
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Y+e3IPubGF+LO9GEjy6UxFSGmzwEfdWjIq1R20E+5Ggivd+Sy7AqR396DxZnIkvXcxMNk2x++SI=
last-modified: Wed, 31 Jul 2024 13:16:20 GMT
server: cloudflare
etag: W/"dea5cae1312038b90c469b3d3e87c388"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8af112f4ca3ea2fa-YUL
expires: Wed, 06 Aug 2025 18:26:13 GMT

GET
H2 200 vcd15cbe7772f49c399c6a5babf22c1241717689176015 Show response
static.cloudflareinsights.com/beacon.min.js/ 19 KB
7 KB 95ms
52ms Script
text/javascript 2606:4700::6810:4f49
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
Requested by: Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:4f49 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e
Origin: https://labs.guard.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:13 GMT
content-encoding: gzip
last-modified: Thu, 06 Jun 2024 15:52:56 GMT
server: cloudflare
etag: W/"2024.6.1"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 8af112f4adbfa2a0-YUL

POST
H3 200 /
labs.guard.io/_/clientele/reports/performance/ 0
0 77ms
77ms Fetch
text/plain 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/clientele/reports/performance/

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.4d996939.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
Medium-Clientele-Client: lite
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 06 Aug 2024 18:26:14 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
medium-fulfilled-by: edgy/8.8.0, valencia/main-20240805-153438-68158efee2, clientele/main-20240805-135812-805ed58476
x-envoy-upstream-service-time: 12
cf-ray: 8af112f99c5da1e0-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 200 11.51005c90.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 20 KB
8 KB 41ms
41ms Script
application/javascript 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/11.51005c90.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.f02b74bc.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f0451a587442fca6a380afc042f676122b442146e9aa1feae9e49b0e1151a4d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:14 GMT
x-amz-version-id: 36cCO0pOnWiejNqRlW7IWOfErAeUvPZN
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 5KFJSQ8VXX3TC6FB
age: 725262
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: xnhq1tMgHtQHO1+bozFMR8eD/aACOp2PbA4CvoT34PDUs4XrXdDAdsAZfMIO6yDt4AVYtl0GRpQ=
last-modified: Mon, 27 May 2024 12:14:27 GMT
server: cloudflare
etag: W/"05baeb0cc66e723dd05d50bed964c411"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8af112f99bfc36ac-YYZ
expires: Wed, 06 Aug 2025 18:26:14 GMT

POST
H3 200 /
labs.guard.io/_/clientele/reports/performance/ 0
0 82ms
82ms Fetch
text/plain 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/clientele/reports/performance/

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.4d996939.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
Medium-Clientele-Client: lite
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 06 Aug 2024 18:26:14 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
medium-fulfilled-by: edgy/8.8.0, valencia/main-20240805-153438-68158efee2, clientele/main-20240805-135812-805ed58476
x-envoy-upstream-service-time: 15
cf-ray: 8af112f9ac72a1e0-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 200 GiveTipButton.4c9e5077.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 5 KB
3 KB 40ms
39ms Script
application/javascript 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/GiveTipButton.4c9e5077.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.f02b74bc.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

993bfcfdb1e6a8363b8149607ae266bef7e6ec40769d08ab17a217e6e3872351

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:14 GMT
x-amz-version-id: MrWUz7CPQDO92U2W.8YPYXDbInaVvcpu
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 37SGA2BTS4THF4BS
age: 1151116
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: E3F1c3vqRJqQfyNr9M3rjjwwdpfuNICLKIYtEc+NDM+Fh0u0t/s2V9JiyakNc17zYQr50gZrOp4=
last-modified: Wed, 10 Jul 2024 09:06:47 GMT
server: cloudflare
etag: W/"69fb2ec4893f24097742510245144d3a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8af112fa4c9036ac-YYZ
expires: Wed, 06 Aug 2025 18:26:14 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 268 KB
93 KB 118ms
51ms Script
application/javascript 2607:f8b0:4004:c1d::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-7JY7T788PK

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3905.cfd85a7e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

965c7dd278e5240c95c0cd28c781f10f37ec7cd707575a96a45e94d19c2f0138

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:14 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 94919
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 06 Aug 2024 18:26:14 GMT

GET
H3 200 enterprise.js Show response
www.google.com/recaptcha/ 2 KB
1 KB 125ms
47ms Script
text/javascript 142.251.174.106
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise.js?render=6Le-uGgpAAAAAPprRaokM8AKthQ9KNGdoxaGUvVp

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3905.cfd85a7e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.174.106 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

qc-in-f106.1e100.net

Software

GSE /

Resource Hash

d9c54972a7c3ad4cdb7324471d33f0fb959ea449e610cc83121738c14c001b36

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Tue, 06 Aug 2024 18:26:14 GMT

GET
H2 200 branch-latest.min.js Show response
cdn.branch.io/ 75 KB
23 KB 140ms
29ms Script
text/javascript 108.138.106.9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.branch.io/branch-latest.min.js
Requested by: Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.106.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-106-9.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d8c436394846ea20127a8db032f848015d4d239789429b7e0202609089b5525a

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id: JdSJSDd4bnNFPjlwdZ2RC7ixUU_rrhPQ
content-encoding: gzip
via: 1.1 2301ef513d768666e30ce282b9045098.cloudfront.net (CloudFront)
date: Tue, 06 Aug 2024 18:23:12 GMT
last-modified: Wed, 10 Apr 2024 21:44:10 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P3
age: 182
etag: "f4ec9657a3dc111d088e2eca7b9796a4"
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: max-age=300
content-length: 23431
x-amz-cf-id: EEazq9ETc989ax93BQLfTpf47LvCtbj3EVucNuvAg66MMqYj-MGhKA==

GET
H3 200 5c50caa54067fd622d2f0fac18392213bf92f6e2fae89b691e62bceb40885e74
miro.medium.com/v2/da:true/resize:fit:0/ 300 KB
300 KB 50ms
50ms Image
image/png 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/da:true/resize:fit:0/5c50caa54067fd622d2f0fac18392213bf92f6e2fae89b691e62bceb40885e74

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

67c2e60e6e47776cd0394b8dca668b89acaadee5198bbf9172a61ecc33dec97a

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:14 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 515460
x-envoy-upstream-service-time: 127
content-disposition: inline; filename="5c50caa54067fd622d2f0fac18392213bf92f6e2fae89b691e62bceb40885e74.png"
alt-svc: h3=":443"; ma=86400
content-length: 306868
x-request-id: 991dd0fb-1de2-44c3-bc9f-a48778f3310b
sepia-upstream: medium
server: cloudflare
etag: "_89iZTbMWFrDAXoszgLV1LA1pq4J7sBwEDXleeW4l1U/RIjIwZDEwN2Y4NjUyZGRjYWYzMDBkNGYxNjllNjMwODQ5Ig"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20240226-230532-797fb80223
accept-ranges: bytes
cf-ray: 8af112fa7cab36ac-YYZ
expires: Wed, 06 Aug 2025 18:26:14 GMT

POST
H3 200 graphql Show response
labs.guard.io/_/ 129 B
497 B 87ms
86ms Fetch
application/json 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3905.cfd85a7e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a9886a8966c8e381fe7360f39d6638fb28c91ff91e9507db8bea3e738dedb4e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
medium-frontend-path: /echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
graphql-operation: VisitorQuery
content-type: application/json
accept: */*
Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
medium-frontend-app: lite/main-20240806-171742-fa7f991470
apollographql-client-version: main-20240806-171742-fa7f991470

Response headers

date: Tue, 06 Aug 2024 18:26:14 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 22
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"81-YqHmeamUsz5df21jNYhnDB3GLOM"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.8.0, valencia/main-20240805-153438-68158efee2, rito/main-20240806-152534-340ea1ecd8
cf-ray: 8af112fb1d90a1e0-YYZ
x-request-received-at: 1722968774934

POST
H3 200 graphql Show response
labs.guard.io/_/ 80 B
476 B 88ms
86ms Fetch
application/json 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3905.cfd85a7e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f6adb47c34f420ef114d5ecdb9b7daab2948c5e9c6d7e3441fee907e5a8fef3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
medium-frontend-path: /echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
graphql-operation: AvatarMenuQuery
content-type: application/json
accept: */*
Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
medium-frontend-app: lite/main-20240806-171742-fa7f991470
apollographql-client-version: main-20240806-171742-fa7f991470

Response headers

date: Tue, 06 Aug 2024 18:26:14 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 24
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"50-uwdNQiS1cauYvMsRotgPVGuGSSE"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.8.0, valencia/main-20240805-153438-68158efee2, rito/main-20240806-152534-340ea1ecd8
cf-ray: 8af112fb1d91a1e0-YYZ
x-request-received-at: 1722968774935

POST
H3 200 graphql Show response
labs.guard.io/_/ 807 B
789 B 133ms
131ms Fetch
application/json 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3905.cfd85a7e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

81bfeec9940d043f1fdaed024c6ded30001e8ca9b4a275fd126c95981d5aebf4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
medium-frontend-path: /echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
graphql-operation: ClapCountQuery
content-type: application/json
accept: */*
Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
medium-frontend-app: lite/main-20240806-171742-fa7f991470
apollographql-client-version: main-20240806-171742-fa7f991470

Response headers

date: Tue, 06 Aug 2024 18:26:15 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 62
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"327-Asvz39F6ycnMUmIrgcw8pnDAIyI"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.8.0, valencia/main-20240805-153438-68158efee2, rito/main-20240806-152534-340ea1ecd8, tutu/main-20240805-222238-1545676626
cf-ray: 8af112fb1d92a1e0-YYZ
x-request-received-at: 1722968774947

POST
H3 200 graphql Show response
labs.guard.io/_/ 96 B
513 B 119ms
115ms Fetch
application/json 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3905.cfd85a7e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

337f27d79005e22074511c664c90544bfb2e55284bd5516753751e179d4f334f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
medium-frontend-path: /echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
graphql-operation: InteractivePostBodyQuery
content-type: application/json
accept: */*
Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
medium-frontend-app: lite/main-20240806-171742-fa7f991470
apollographql-client-version: main-20240806-171742-fa7f991470

Response headers

date: Tue, 06 Aug 2024 18:26:14 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 53
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"60-va5mJ2PZf2PqP9C65Jg8OScc+Kc"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.8.0, valencia/main-20240805-153438-68158efee2, rito/main-20240806-152534-340ea1ecd8, tutu/main-20240805-222238-1545676626
cf-ray: 8af112fb1d94a1e0-YYZ
x-request-received-at: 1722968774939

POST
H3 200 graphql Show response
labs.guard.io/_/ 210 B
560 B 132ms
129ms Fetch
application/json 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3905.cfd85a7e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5cf408525ca7329fbc7f7aa733f70933f96db1493cd046c1227c0e9ea293f015

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
medium-frontend-path: /echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
graphql-operation: NewsletterV3ViewerEdge
content-type: application/json
accept: */*
Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
medium-frontend-app: lite/main-20240806-171742-fa7f991470
apollographql-client-version: main-20240806-171742-fa7f991470

Response headers

date: Tue, 06 Aug 2024 18:26:15 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 57
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"d2-9oA/luHxxcNI75KEnIZC3jYbh8c"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.8.0, valencia/main-20240805-153438-68158efee2, rito/main-20240806-152534-340ea1ecd8, tutu/main-20240805-222238-1545676626
cf-ray: 8af112fb1d96a1e0-YYZ
x-request-received-at: 1722968774941

POST
H3 200 graphql Show response
labs.guard.io/_/ 27 KB
6 KB 326ms
315ms Fetch
application/json 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3905.cfd85a7e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd5956ca54d3cf7d36f1140e40933efb601b4a8d206e6427dec061ba1f3b520b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
medium-frontend-path: /echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
graphql-operation: MoreFromMediumRecircQuery
content-type: application/json
accept: */*
Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
medium-frontend-app: lite/main-20240806-171742-fa7f991470
apollographql-client-version: main-20240806-171742-fa7f991470

Response headers

date: Tue, 06 Aug 2024 18:26:15 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 233
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"6bda-j7mBgzyxlhDnSqQu0R/KcMYrP8Q"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.8.0, valencia/main-20240805-153438-68158efee2, rito/main-20240806-152534-340ea1ecd8, tutu/main-20240805-222238-1545676626
cf-ray: 8af112fb1d99a1e0-YYZ
x-request-received-at: 1722968774975

POST
H3 200 graphql Show response
labs.guard.io/_/ 27 B
400 B 85ms
83ms Fetch
application/json 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3905.cfd85a7e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

706e568e0c4a22004a1c177674ae9489b5a3ca9f5a97e4addb3c626c03016548

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
medium-frontend-path: /echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
graphql-operation: ViewerQuery
content-type: application/json
accept: */*
Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
medium-frontend-app: lite/main-20240806-171742-fa7f991470
apollographql-client-version: main-20240806-171742-fa7f991470

Response headers

date: Tue, 06 Aug 2024 18:26:14 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-envoy-upstream-service-time: 22
alt-svc: h3=":443"; ma=86400
content-length: 27
x-xss-protection: 0
server: cloudflare
etag: W/"1b-zcE2qsOE110W+7rHoTa9C+cwT68"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.8.0, valencia/main-20240805-153438-68158efee2, rito/main-20240806-152534-340ea1ecd8
cf-ray: 8af112fb1d9aa1e0-YYZ
x-request-received-at: 1722968774942

GET
H3 200 3265.63e510f8.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 2 KB
1 KB 39ms
39ms Script
application/javascript 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3265.63e510f8.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.f02b74bc.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e69fb4a6fafd9dd151f7f445763bbb862d7a6257a3910048f27d82bda0165443

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:14 GMT
x-amz-version-id: IRG.9t8YiKDNfOjf9m9lBNTC1lzYIBpH
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: YERTSNHHA8P5F88T
age: 721265
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: HHFkF5r9SdbEMMucs9oFW3i34S0ALGbaPClZ70f1vMM41So0h9aKk64G0CcXmQ5L0NW3RbanY1o=
last-modified: Mon, 27 May 2024 12:14:30 GMT
server: cloudflare
etag: W/"f4080e499842240df25257ede40aa84e"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8af112fb6d6136ac-YYZ
expires: Wed, 06 Aug 2025 18:26:14 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/hfUfsXWZFeg83qqxrK27GB8P/ 531 KB
210 KB 116ms
38ms Script
text/javascript 2607:f8b0:400d:c00::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/hfUfsXWZFeg83qqxrK27GB8P/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js?render=6Le-uGgpAAAAAPprRaokM8AKthQ9KNGdoxaGUvVp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c00::5e Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e96a5e1e04ee3d7ffd8118f853ec2c0bcbf73b571cfa1c710238557baf5dd896

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
Origin: https://labs.guard.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 02 Aug 2024 21:43:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 333769
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 214556
x-xss-protection: 0
last-modified: Mon, 29 Jul 2024 04:00:39 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 02 Aug 2025 21:43:26 GMT

GET
H2 200 _r Show response
app.link/ 91 B
633 B 239ms
109ms Script
text/javascript 2600:9000:21da:4c00:19:9934:6a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.link/_r?sdk=web2.85.0&branch_key=key_live_ofxXr2qTrrU9NqURK8ZwEhknBxiI6KBm&callback=branch_callback__0

Requested by

Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21da:4c00:19:9934:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

openresty /

Resource Hash

46edf17ab150f3a1f10bc48289bf08cd1ce2dbda0a6f45d8457fa8a795ae14ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
via: 1.1 fd6ee8ff46440f33e22da71450793e70.cloudfront.net (CloudFront)
server: openresty
accept-ch: Sec-CH-UA-Platform-Version,Sec-CH-UA-Model
x-amz-cf-pop: EWR53-C1
etag: W/"5b-WWk1IXxFh28pi1t7YJqe1KNNhQ8"
x-cache: Miss from cloudfront
content-type: text/javascript; charset=utf-8
content-length: 91
x-amz-cf-id: GANUQTMM2yydIZQwwnvohY1uFnWWGNKuuSPWauYL7jrbMuP6N9AyIw==

POST
H3 200 graphql Show response
labs.guard.io/_/ 81 B
477 B 107ms
106ms Fetch
application/json 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3905.cfd85a7e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14630d61ff002f2fc564d00a080ba2cef7e0811be983a192549c43335b1d706e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
medium-frontend-path: /echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
graphql-operation: PostGiveTipOnExternalPlatformQuery
content-type: application/json
accept: */*
Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
medium-frontend-app: lite/main-20240806-171742-fa7f991470
apollographql-client-version: main-20240806-171742-fa7f991470

Response headers

date: Tue, 06 Aug 2024 18:26:15 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 36
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"51-hbfNDSGVO0/XLJV9LgsKsOBLP4E"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.8.0, valencia/main-20240805-153438-68158efee2, rito/main-20240806-152534-340ea1ecd8
cf-ray: 8af112fb8e04a1e0-YYZ
x-request-received-at: 1722968775018

POST
H2 204 collect Show response
www.google-analytics.com/g/ 0
252 B 114ms
37ms Fetch
text/plain 2607:f8b0:400d:c1d::66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-7JY7T788PK&gtm=45je47v0v9123887712za200&_p=1722968774783&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=95250753&cid=1706914477.1722968775&ul=en-ca&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1722968775&sct=1&seg=0&dl=https%3A%2F%2Flabs.guard.io%2Fechospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6&dt=%E2%80%9CEchoSpoofing%E2%80%9D%20%E2%80%94%20A%20Massive%20Phishing%20Campaign%20Exploiting%20Proofpoint%E2%80%99s%20Email%20Protection%20to%20Dispatch%20Millions%20of%20Perfectly%20Spoofed%20Emails%20%7C%20by%20Guardio%20%7C%20Jul%2C%202024%20%7C%20Medium&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=2316
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3905.cfd85a7e.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:400d:c1d::66 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Aug 2024 18:26:15 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://labs.guard.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 anchor
www.google.com/recaptcha/enterprise/ Frame 88AE 0
0 120ms
47ms Document
text/html 142.251.174.105
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Le-uGgpAAAAAPprRaokM8AKthQ9KNGdoxaGUvVp&co=aHR0cHM6Ly9sYWJzLmd1YXJkLmlvOjQ0Mw..&hl=en&v=hfUfsXWZFeg83qqxrK27GB8P&size=invisible&cb=plhl8rp6higa

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/hfUfsXWZFeg83qqxrK27GB8P/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.174.105 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

qc-in-f105.1e100.net

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-0EnaKLOQ9OqOymQ-_YNyhA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-0EnaKLOQ9OqOymQ-_YNyhA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 06 Aug 2024 18:26:15 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

POST
H2 200 open Show response
api2.branch.io/v1/ 316 B
708 B 227ms
111ms XHR
application/json 2600:9000:2512:ce00:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/open

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3905.cfd85a7e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2512:ce00:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ Branch

Resource Hash

3fdc1368a84ba642429f9759d8fd53473f415c8454a726187d1ba4c21eae3d60

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 06 Aug 2024 18:26:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 af81a253e57ed5b111fa0052bfc87f2e.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P7
x-powered-by: Branch
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache
x-branch-request-id: ab6fd849-f599-4285-a337-c9ed25666283-2024080618
content-length: 316
x-amz-cf-id: TgGP7C_YozipbDEE8GDAkurmn1SihhWZ333vBh4h4K8tk2mruv3qyQ==

POST
H3 200 graphql Show response
labs.guard.io/_/ 817 B
607 B 132ms
130ms Fetch
application/json 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3905.cfd85a7e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f0e14d1076345c8a099f4cef10b1c344ceb64b8ad276b1274aebf35dcff4791a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
medium-frontend-path: /echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
graphql-operation: ClapCountQuery
content-type: application/json
accept: */*
Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
medium-frontend-app: lite/main-20240806-171742-fa7f991470
apollographql-client-version: main-20240806-171742-fa7f991470

Response headers

date: Tue, 06 Aug 2024 18:26:15 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 60
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"331-Fu3w5zfRVOuybgQaJUtiPQUKl08"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.8.0, valencia/main-20240805-153438-68158efee2, rito/main-20240806-175451-bdf095f3a4
cf-ray: 8af112ff5922a1e0-YYZ
x-request-received-at: 1722968775623

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
349 B 137ms
135ms XHR
application/json 2600:9000:2512:ce00:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/pageview

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3905.cfd85a7e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2512:ce00:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ Branch

Resource Hash

a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 06 Aug 2024 18:26:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 af81a253e57ed5b111fa0052bfc87f2e.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P7
x-powered-by: Branch
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
content-length: 28
x-amz-cf-id: bOvsWO0Eh0A5ckNcRbFrkEmxR3omNeV5C6wUytPKjT--Vpeb5lTsEQ==

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
348 B 119ms
117ms XHR
application/json 2600:9000:2512:ce00:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/pageview

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3905.cfd85a7e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2512:ce00:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ Branch

Resource Hash

a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 06 Aug 2024 18:26:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 af81a253e57ed5b111fa0052bfc87f2e.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P7
x-powered-by: Branch
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
content-length: 28
x-amz-cf-id: kkBKUNFh9RhobvuKw1lPj6B3mxbFxtHBQshX9bSOcri3tlalsqhnow==

POST
H3 200 /
labs.guard.io/_/clientele/reports/performance/ 0
0 88ms
87ms Fetch
text/plain 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/clientele/reports/performance/

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.4d996939.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
Medium-Clientele-Client: lite
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 06 Aug 2024 18:26:15 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
medium-fulfilled-by: edgy/8.8.0, valencia/main-20240805-153438-68158efee2, clientele/main-20240805-135812-805ed58476
x-envoy-upstream-service-time: 19
cf-ray: 8af11300ea4aa1e0-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 0

POST
H3 204 rum Show response
labs.guard.io/cdn-cgi/ 0
139 B 30ms
29ms XHR
text/plain 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/cdn-cgi/rum?

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/3905.cfd85a7e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type: application/json

Response headers

date: Tue, 06 Aug 2024 18:26:15 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://labs.guard.io
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 8af11300ea4ba1e0-YYZ

GET
H3 200 1*m-R_BkNf1Qjr1YbyOIJY2w.png
miro.medium.com/v2/ 737 B
1 KB 39ms
39ms Other
image/png 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://miro.medium.com/v2/1*m-R_BkNf1Qjr1YbyOIJY2w.png

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22c615bd22b74f1ea5bc75e4f06ca7f877e3d76f15b98beb36af76909b7e25d7

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 06 Aug 2024 18:26:15 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 511573
x-envoy-upstream-service-time: 17
content-disposition: inline; filename="1*m-R_BkNf1Qjr1YbyOIJY2w.png"
alt-svc: h3=":443"; ma=86400
content-length: 737
x-request-id: 4ef53a67-638b-4f59-89a5-6f70b4f3f622
sepia-upstream: medium
server: cloudflare
etag: "yj0WO6sFU4GCciYUBWjzvvfqrBh869doeOC2Pp5EI1Y/RIjliZTQ3ZjA2NDM1ZmQ1MDhlYmQ1ODZmMjM4ODI1OGRiIg"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20240226-230532-797fb80223
accept-ranges: bytes
cf-ray: 8af11300fa7c36ac-YYZ
expires: Wed, 06 Aug 2025 18:26:15 GMT

POST
H3 200 batch Show response
labs.guard.io/_/ 17 B
276 B 100ms
98ms Fetch
application/json 162.159.153.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/batch

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.4d996939.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
x-xsrf-token: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type: application/json

Response headers

date: Tue, 06 Aug 2024 18:26:19 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json
medium-fulfilled-by: edgy/8.8.0, valencia/main-20240805-153438-68158efee2
x-envoy-upstream-service-time: 36
cf-ray: 8af11318de0ca1e0-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 17

Verdicts & Comments Add Verdict or Comment

25 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.labs.guard.io/	1969-12-31 23:59:59	Name: _cfuvid Value: 0sqPyoQHjUN1y4H8aj_0W.QcKLTEBbEld3t7.jywCiY-1722968772931-0.0.1.1-604800000
.medium.com/	1970-01-21 08:12:08	Name: uid Value: lo_11dab31e675c
.medium.com/	1970-01-21 08:12:08	Name: sid Value: 1:pViy8qVZMyCrnqJTbTtzdtDoZ2R/CSIt5y+7tN27L/sPBkZbCtw1cnwPtZT45UW+
labs.guard.io/	1970-01-21 08:12:08	Name: sid Value: 1:agY1aFGj+9mRMrzRFA+T/MpAOHDSbngDOSQdBOeXU4XaMrsciqUfghO5/wf+9WTr
labs.guard.io/	1970-01-21 08:12:08	Name: uid Value: lo_11dab31e675c
labs.guard.io/	1970-01-20 22:36:09	Name: _dd_s Value: rum=0&expire=1722969674661
.medium.com/	1969-12-31 23:59:59	Name: _cfuvid Value: G4sX.shBGSwDR1QFgCGjGG75ZskM4Lrangs4w4EQiNg-1722968774671-0.0.1.1-604800000
.guard.io/	1970-01-21 08:12:08	Name: _ga_7JY7T788PK Value: GS1.1.1722968775.1.0.1722968775.0.0.0
.guard.io/	1970-01-21 08:12:08	Name: _ga Value: GA1.1.1706914477.1722968775
.app.link/	1970-01-21 07:21:44	Name: _s Value: Idj22Fy9Fa5orN4qw3E5p4cU1BQAvB06JTtkIgHBbSTayjYGJ8NmVXlIeTIjCsuZ

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e6730c19ec9e(Line 41) Message: document.domain mutation is ignored because the surrounding agent cluster is origin-keyed.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' https://medium.com
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api2.branch.io
app.link
cdn-client.medium.com
cdn.branch.io
glyph.medium.com
labs.guard.io
medium.com
miro.medium.com
static.cloudflareinsights.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.gstatic.com
108.138.106.9
142.251.174.105
142.251.174.106
162.159.152.4
162.159.153.4
2600:9000:21da:4c00:19:9934:6a80:93a1
2600:9000:2512:ce00:11:f728:3040:93a1
2606:4700:7::a29f:9804
2606:4700:7::a29f:9904
2606:4700::6810:4f49
2607:f8b0:4004:c1d::61
2607:f8b0:400d:c00::5e
2607:f8b0:400d:c1d::66
000a678322b18de6649abef6ad26479df03f66c6000d31a159f2a913c081ecd1
07e3ee7afcbc3462ebf2164763c7f050fc4195d5efa4b039646ae0192c49e2fb
090bc42941d1aa8c149649433dbfc58083dc8b5024d865a3eeb6b6cf962bb9fd
0d63477fd28c0476d71f7d94269d37ebc13ee81002807b40bdcee28351da2019
0da8ee03bdba69b1c0e3ea1bf1d2e0486eae8c3216f4e9bebc8bc1e99b059e82
12c333a76ec82d35a4541956e0e8b4591b55d76f1d1ee4e47f3dd0ec33229e43
14630d61ff002f2fc564d00a080ba2cef7e0811be983a192549c43335b1d706e
171cece4ac2237f1003b18b0fe31873be2d2dfcd6b835525fef7734dd3885b72
1ba7072a7fc413971fa79ad1c5f4fc98fbaf7a5ac321885f5d3886a0b5c28680
202a8c194cdbd74e42b1fc8c8e48b741204e6c7b368af1147740855268887dbe
22c615bd22b74f1ea5bc75e4f06ca7f877e3d76f15b98beb36af76909b7e25d7
26ff9b8f504c301368c15975fe82c899b4d773044dc8ebfeb2e8b824b84deae6
2965c84559c6551a0e441cbec208a5f3e834968f15b20af2dc821af2cf83b2d4
3177c0013737d38f7a9fc5f06b3e7ba3d6d7ea0d02406d8c5beb176d26b701ab
337f27d79005e22074511c664c90544bfb2e55284bd5516753751e179d4f334f
3f4802b980b851baa044b8629c38620e440e34f813f194ff59f3e0b07841e9e0
3fdc1368a84ba642429f9759d8fd53473f415c8454a726187d1ba4c21eae3d60
45bd34ce2bf3511cc126b1b12bc1597486e925141c10b05627857cb79810140c
45dbf060ec052a3b0ca5ae7211eaa27c950db65b019aa456e1e686a85f8a327e
46edf17ab150f3a1f10bc48289bf08cd1ce2dbda0a6f45d8457fa8a795ae14ca
51c2d15085e1bea1acc8c289aaf02248b99a2d7af841a490af98b075ce1bd335
5cf408525ca7329fbc7f7aa733f70933f96db1493cd046c1227c0e9ea293f015
631fa83890e3eca0286f2031373cd81e15b26bef6ac66510eb20c293d485f7d1
642e68e2920d83ca866b88006ef18212354e0d5acd026ccdc0b21cdafe72746f
67c2e60e6e47776cd0394b8dca668b89acaadee5198bbf9172a61ecc33dec97a
6a839d8b35bf8434f24f1f80677762baa5f6b99855fef78fd1adf3ad4566e0c1
706e568e0c4a22004a1c177674ae9489b5a3ca9f5a97e4addb3c626c03016548
73025c8fa379f82a80720172888702ff49593ebce422e1668f5d873b83f75aa6
7725f2e70b6a54d4e4f93c2ea20bdc4ac549a289a806828e73dfcd3a2969b870
79eb6859c9a6c235e1d70b932415c90a5315a3e327a4d6c4e086d61f40d6999c
7cb0607a963a4d571ab612d010e4c124c2bb4cc0fd27048efa5f92eedab98ebe
80fd2f7d274e84dfcc6789e0b7151e52c0658d703fc6cee0a2408232cbbb0f99
81bfeec9940d043f1fdaed024c6ded30001e8ca9b4a275fd126c95981d5aebf4
821f305a1e867384acc6d5ffe26bfd6073dcd263fee17e4ea26f311c0de6752d
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f
8ed9ffd0607f63bb2030024abc5225df6b2fa2a081774e13744d04b12a9be6ba
8f6e7bfd316a160cd611c23c79c3d0cf8fcbfe22e16592f4afffd03eedf45756
965c7dd278e5240c95c0cd28c781f10f37ec7cd707575a96a45e94d19c2f0138
97bcccc88ca7586da014b033d245ef6b6a3d809980c235253a0175013d269279
993bfcfdb1e6a8363b8149607ae266bef7e6ec40769d08ab17a217e6e3872351
9ef4af1b67eb6f8f8c3c533a53beec35f341eca89965b94622e96db335173353
a3edb3930e433b6ee76c26ed156d44196652363b4fa881a3e140b3e0b43d2a3d
a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb
a9886a8966c8e381fe7360f39d6638fb28c91ff91e9507db8bea3e738dedb4e1
b54187c08d16f6492780c02344ddc87057e150494196f0f8860dfb7f7b769bc8
b579cb06b725609666aeb9fec66152efd7e687c9ba13096c2ce7c1db44c82558
bc8368078dd9744e4f4332aa3cc3864c656efb269889e273bdf7ec0ec05ae764
c1846ba30141060fb2a1325977174bc50bc5b530328f04b85a5a65ca79894d00
c7d7d9270eceea5c971942507e9453e43761c75a3dc152a1c5307f95d9a125f4
ce1089c6c643c96cc75c9ee1c07b2d526910aa1b1216c1bfa46887422c4ceecf
d8c436394846ea20127a8db032f848015d4d239789429b7e0202609089b5525a
d9c54972a7c3ad4cdb7324471d33f0fb959ea449e610cc83121738c14c001b36
dae884ca218724d7aa7ad0a9b88fc11ffe37edb3e2f1738dcb3a73b92e5979ee
dd7d8887325c56a8110185a2dfccb5be2827e391c8d67f6e486c2d3fb4f47e05
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6857cc540eb7db2a09a89dab618614f9b6a9bba7e42ca20996a7d9b0eb015af
e69fb4a6fafd9dd151f7f445763bbb862d7a6257a3910048f27d82bda0165443
e96a5e1e04ee3d7ffd8118f853ec2c0bcbf73b571cfa1c710238557baf5dd896
eada6d1c06b5d675e0c143a2fbef8bf83e3060e9ba20ceeb37ec9415ce9bdbaa
ecbdd06d681360e5cdd0484a09c4c1643c607d6925ca5ccbd236ea5c7d1e59de
f0451a587442fca6a380afc042f676122b442146e9aa1feae9e49b0e1151a4d1
f0e14d1076345c8a099f4cef10b1c344ceb64b8ad276b1274aebf35dcff4791a
f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
f64e1663932ee61acc447f098d51cc369d7cee286df892fb2633826c6683cfe5
f6adb47c34f420ef114d5ecdb9b7daab2948c5e9c6d7e3441fee907e5a8fef3f
f90d19259478cca4381bea7e760845de9bcf2155ee96cd8b06049add894022d3
fd5956ca54d3cf7d36f1140e40933efb601b4a8d206e6427dec061ba1f3b520b

labs.guard.io Open in urlscan Pro 162.159.153.4 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

73 Requests

100 %HTTPS

62 %IPv6

9 Domains

13 Subdomains

12 IPs

2 Countries

1550 kBTransfer

4085 kBSize

10 Cookies

71 Outgoing links

Page URL History

Redirected requests

73 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

labs.guard.io Open in urlscan Pro
162.159.153.4 Public Scan

Screenshot
Live screenshot

Full Image

73
Requests

100 %
HTTPS

62 %
IPv6

9
Domains

13
Subdomains

12
IPs

2
Countries

1550 kB
Transfer

4085 kB
Size

10
Cookies

73 HTTP transactions
0 data transactions