blog.confiant.com Open in urlscan Pro
52.1.119.170 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998...
Effective URL:
https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998...
Submission: On February 17 via api (February 17th 2021, 1:35:58 pm UTC) from US

Summary HTTP 106 Redirects Links 41 Behaviour Indicators

Summary

This website contacted 12 IPs in 2 countries across 10 domains to perform 106 HTTP transactions. The main IP is 52.1.119.170, located in United States and belongs to AMAZON-AES, US. The main domain is blog.confiant.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on August 28th 2020. Valid for: a year.

This is the only time blog.confiant.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 8	52.1.119.170 52.1.119.170	14618 (AMAZON-AES) (AMAZON-AES)
1 75	2606:4700:7::... 2606:4700:7::a29f:9804	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:710... 2a02:26f0:7100:19b::13b8	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
1	65.9.91.185 65.9.91.185	16509 (AMAZON-02) (AMAZON-02)
1	65.9.20.112 65.9.20.112	16509 (AMAZON-02) (AMAZON-02)
1	52.4.159.209 52.4.159.209	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:9000:20d... 2600:9000:20d7:a200:19:9934:6a80:93a1	16509 (AMAZON-02) (AMAZON-02)
10	2606:4700:e2:... 2606:4700:e2::ac40:8a24	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2600:9000:20d... 2600:9000:20d7:1c00:11:f728:3040:93a1	16509 (AMAZON-02) (AMAZON-02)
2	52.45.159.209 52.45.159.209	14618 (AMAZON-AES) (AMAZON-AES)
2	2600:1f18:24e... 2600:1f18:24e6:b901:37ab:31ab:c1af:3426	14618 (AMAZON-AES) (AMAZON-AES)
106	12

8 52.1.119.170 (United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-1-119-170.compute-1.amazonaws.com

blog.confiant.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

75 2606:4700:7::a29f:9804 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
glyph.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
miro.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-client.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:7100:19b::13b8 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

cdn.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.91.185 (United States)

ASN16509 (AMAZON-02, US)

d1z2jf7jlzjs58.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.20.112 (Orlando, United States)

ASN16509 (AMAZON-02, US)

cdn.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.4.159.209 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-4-159-209.compute-1.amazonaws.com

srv-2021-02-17-13.pixel.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20d7:a200:19:9934:6a80:93a1 (United States)

ASN16509 (AMAZON-02, US)

app.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2606:4700:e2::ac40:8a24 (United States)

ASN13335 (CLOUDFLARENET, US)

lightstep.medium.systems	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:20d7:1c00:11:f728:3040:93a1 (United States)

ASN16509 (AMAZON-02, US)

api2.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.45.159.209 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-45-159-209.compute-1.amazonaws.com

errors.client.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:24e6:b901:37ab:31ab:c1af:3426 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

browser-http-intake.logs.datadoghq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
75	medium.com 1 redirects medium.com glyph.medium.com miro.medium.com cdn-client.medium.com	4 MB
10	medium.systems lightstep.medium.systems	2 KB
8	confiant.com 1 redirects blog.confiant.com	39 KB
5	branch.io cdn.branch.io api2.branch.io	25 KB
3	optimizely.com cdn.optimizely.com errors.client.optimizely.com	94 KB
2	datadoghq.com browser-http-intake.logs.datadoghq.com	93 B
2	google-analytics.com www.google-analytics.com	19 KB
1	app.link app.link	741 B
1	parsely.com srv-2021-02-17-13.pixel.parsely.com	229 B
1	cloudfront.net d1z2jf7jlzjs58.cloudfront.net	19 KB
106	10

	Domain	Requested by
35	cdn-client.medium.com	blog.confiant.com cdn-client.medium.com
31	miro.medium.com	blog.confiant.com
10	lightstep.medium.systems	cdn-client.medium.com
8	glyph.medium.com	blog.confiant.com glyph.medium.com
8	blog.confiant.com	1 redirects cdn-client.medium.com
4	api2.branch.io	cdn.branch.io
2	browser-http-intake.logs.datadoghq.com	cdn-client.medium.com
2	errors.client.optimizely.com	cdn.optimizely.com
2	www.google-analytics.com	blog.confiant.com www.google-analytics.com
1	app.link	cdn.branch.io
1	srv-2021-02-17-13.pixel.parsely.com	blog.confiant.com
1	cdn.branch.io	blog.confiant.com
1	d1z2jf7jlzjs58.cloudfront.net	cdn-client.medium.com
1	cdn.optimizely.com	blog.confiant.com
1	medium.com	1 redirects
106	15

This site contains links to these domains. Also see Links.

Domain
medium.com
rsci.app.link
policy.medium.com
origin2.me
trac.webkit.org
support.apple.com
github.com
danielfonsecayarochewsky.medium.com
about.medium.com
help.medium.com
itunes.apple.com
play.google.com

Subject Issuer	Validity	Valid
blog.confiant.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-28` - `2021-08-28`	a year	crt.sh
medium.com Cloudflare Inc ECC CA-3	`2021-01-08` - `2021-04-07`	3 months	crt.sh
cdn.optimizely.com DigiCert SHA2 Secure Server CA	`2020-01-20` - `2021-03-20`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2020-05-26` - `2021-04-21`	a year	crt.sh
*.branch.io DigiCert TLS RSA SHA256 2020 CA1	`2020-11-25` - `2021-12-25`	a year	crt.sh
*.pixel.parsely.com R3	`2021-01-26` - `2021-04-26`	3 months	crt.sh
appipv4.link Amazon	`2020-07-22` - `2021-08-22`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-04` - `2021-08-04`	a year	crt.sh
errors.client.optimizely.com Amazon	`2020-09-02` - `2021-10-02`	a year	crt.sh
*.logs.datadoghq.com Sectigo RSA Domain Validation Secure Server CA	`2020-05-31` - `2022-05-31`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
Frame ID: 77B7259F13EEE7352D21A15DE598B553
Requests: 99 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans... HTTP 307
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fblog.confiant.com%2Fmalvertiser-... HTTP 302
https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans... Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Optimizely (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /optimizely\.com.*\.js/i

Page Statistics

106
Requests

100 %
HTTPS

58 %
IPv6

10
Domains

15
Subdomains

12
IPs

2
Countries

4155 kB
Transfer

6104 kB
Size

10
Cookies

41 Outgoing links

These are links going to different origins than the main page.

URL: https://medium.com/?source=post_page-----1c998378bfba--------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fblog.confiant.com%2Fmalvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba&source=post_page-----1c998378bfba---------------------nav_reg-----------
Title: Sign in

Search URL Search Domain Scan URL

URL: https://rsci.app.link/?%24canonical_url=https%3A%2F%2Fmedium.com%2Fp%2F1c998378bfba&~feature=LoOpenInAppButton&~channel=ShowPostUnderCollection&~stage=mobileNavBar&source=post_page-----1c998378bfba--------------------------------
Title: Open in app

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fblog.confiant.com%2Fmalvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba&source=post_page-----1c998378bfba---------------------nav_reg-----------
Title: Get started

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-rules-30e5502c4eb4?source=responses-----1c998378bfba--------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fblog.confiant.com%2Fmalvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba&source=responses-----1c998378bfba---------------------respond_sidebar-----------
Title: What are your thoughts?

Search URL Search Domain Scan URL

URL: https://medium.com/@eliyastein?source=post_page-----1c998378bfba--------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=%2F_%2Fsubscribe%2Fuser%2F2c3f3d52c6be&operation=register&redirect=https%3A%2F%2Fblog.confiant.com%2Fmalvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba&source=post_page-2c3f3d52c6be----1c998378bfba---------------------follow_byline-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=%2F_%2Fbookmark%2Fp%2F1c998378bfba&operation=register&redirect=https%3A%2F%2Fblog.confiant.com%2Fmalvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba&source=post_actions_header--------------------------bookmark_preview-----------

Search URL Search Domain Scan URL

URL: http://origin2.me/payload.html
Title: http://origin2.me/payload.html

Search URL Search Domain Scan URL

URL: https://trac.webkit.org/changeset/270373/webkit
Title: https://trac.webkit.org/changeset/270373/webkit

Search URL Search Domain Scan URL

URL: https://support.apple.com/en-us/HT212147
Title: https://support.apple.com/en-us/HT212147

Search URL Search Domain Scan URL

URL: https://github.com/WeAreConfiant/security/blob/master/stix-feeds/scamclub.stix.json
Title: https://github.com/WeAreConfiant/security/blob/master/stix-feeds/scamclub.stix.json

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=%2F_%2Fsubscribe%2Fcollection%2Fconfiant-blog%2F1c998378bfba&operation=register&redirect=https%3A%2F%2Fblog.confiant.com%2Fmalvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba&source=post_sidebar--------------------------follow_sidebar-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=%2F_%2Fvote%2Fconfiant-blog%2F1c998378bfba&operation=register&redirect=https%3A%2F%2Fblog.confiant.com%2Fmalvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba&source=post_sidebar-----1c998378bfba---------------------clap_sidebar-----------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=%2F_%2Fbookmark%2Fp%2F1c998378bfba&operation=register&redirect=https%3A%2F%2Fblog.confiant.com%2Fmalvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba&source=post_sidebar-----1c998378bfba---------------------bookmark_sidebar-----------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=%2F_%2Fvote%2Fconfiant-blog%2F1c998378bfba&operation=register&redirect=https%3A%2F%2Fblog.confiant.com%2Fmalvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba&source=post_actions_footer-----1c998378bfba---------------------clap_footer-----------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=%2F_%2Fbookmark%2Fp%2F1c998378bfba&operation=register&redirect=https%3A%2F%2Fblog.confiant.com%2Fmalvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba&source=post_actions_footer--------------------------bookmark_footer-----------

Search URL Search Domain Scan URL

URL: https://medium.com/@eliyastein?source=follow_footer-------------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=%2F_%2Fsubscribe%2Fuser%2F2c3f3d52c6be%2F1c998378bfba&operation=register&redirect=https%3A%2F%2Fblog.confiant.com%2Fmalvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba&source=follow_footer-2c3f3d52c6be-------------------------follow_footer-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=%2F_%2Fsubscribe%2Fcollection%2Fconfiant-blog%2F1c998378bfba&operation=register&redirect=https%3A%2F%2Fblog.confiant.com%2Fmalvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba&source=follow_footer--------------------------follow_footer-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/@eliyastein?source=post_internal_links---------0----------------------------
Title: Eliya Stein

Search URL Search Domain Scan URL

URL: https://medium.com/@eliyastein?source=post_internal_links---------1----------------------------
Title: Eliya Stein

Search URL Search Domain Scan URL

URL: https://medium.com/@synku?source=post_internal_links---------2----------------------------
Title: Jerome Dangu

Search URL Search Domain Scan URL

URL: https://danielfonsecayarochewsky.medium.com/?source=post_internal_links---------3----------------------------
Title: Daniel Fonseca Yarochewsky

Search URL Search Domain Scan URL

URL: https://medium.com/@eliyastein?source=post_internal_links---------4----------------------------
Title: Eliya Stein

Search URL Search Domain Scan URL

URL: https://medium.com/@eliyastein?source=post_internal_links---------5----------------------------
Title: Eliya Stein

Search URL Search Domain Scan URL

URL: https://medium.com/notonlycss/how-to-trigger-a-scroll-event-in-vue-js-with-the-intersectionobserver-b0a057b76bea?source=post_internal_links---------6----------------------------
Title: How To Trigger a Scroll Event in Vue.js With the IntersectionObserver

Search URL Search Domain Scan URL

URL: https://medium.com/@93lucasp?source=post_internal_links---------6----------------------------
Title: Luca Spezzano

Search URL Search Domain Scan URL

URL: https://medium.com/notonlycss?source=post_internal_links---------6----------------------------
Title: NotOnlyCSS

Search URL Search Domain Scan URL

URL: https://medium.com/javascript-in-plain-english/3-hooks-every-react-developer-should-know-a8e1bd218acc?source=post_internal_links---------7----------------------------
Title: 3 Hooks Every React Developer Should Know

Search URL Search Domain Scan URL

URL: https://medium.com/@anuragkanoria?source=post_internal_links---------7----------------------------
Title: Anurag Kanoria

Search URL Search Domain Scan URL

URL: https://medium.com/javascript-in-plain-english?source=post_internal_links---------7----------------------------
Title: JavaScript in Plain English

Search URL Search Domain Scan URL

URL: https://medium.com/about?autoplay=1&source=post_page-----1c998378bfba--------------------------------
Title: Learn more.

Search URL Search Domain Scan URL

URL: https://medium.com/topics?source=post_page-----1c998378bfba--------------------------------
Title: Make Medium yours.

Search URL Search Domain Scan URL

URL: https://about.medium.com/creators/?source=post_page-----1c998378bfba--------------------------------
Title: Share your thinking.

Search URL Search Domain Scan URL

URL: https://help.medium.com/hc/en-us?source=post_page-----1c998378bfba--------------------------------
Title: Help

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-terms-of-service-9db0094a1e0f?source=post_page-----1c998378bfba--------------------------------
Title: Legal

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/app/medium-everyones-stories/id828256236?pt=698524&mt=8&ct=post_page&source=post_page-----1c998378bfba--------------------------------

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.medium.reader&source=post_page-----1c998378bfba--------------------------------

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-privacy-policy-f03bf92035c9
Title: Privacy Policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba HTTP 307
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fblog.confiant.com%2Fmalvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba HTTP 302
https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

106 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba Show response
blog.confiant.com/
Redirect Chain

https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fblog.confiant.com%2Fmalvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

167 KB
38 KB

904ms
904ms

Document
text/html

52.1.119.170
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.1.119.170 , United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-1-119-170.compute-1.amazonaws.com

Software

nginx /

Resource Hash

246ccaab292a7a6fdbe323d7b4eace17908b22dc9ad644ad3acec17391e1b1ee

Security Headers

Name	Value
X-Frame-Options	allow-from medium.com

Request headers

:method: GET
:authority: blog.confiant.com
:scheme: https
:path: /malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

server: nginx
date: Wed, 17 Feb 2021 13:35:37 GMT
content-type: text/html; charset=utf-8
sepia-upstream: medium
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
etag: W/"29ae6-Dyu6kQXsG9MqS6RrjGzoem4EEto"
medium-fulfilled-by: valencia/main-20210216-182048-20b3821289, lite/main-20210216-205845-4f62e5873e, rito/main-20210217-003948-5fc4c00f7d, tutu/main-20210217-060439-0937e4f153
set-cookie: uid=lo_f443bc29b151; Path=/; Expires=Thu, 17 Feb 2022 13:35:37 GMT; HttpOnly; Secure; SameSite=None sid=1:wKF3MD+GBoMdcNTGLI0ByypjNo67/pVyu0e5uqvbP61DqhG7W5lq4FZcLQoJqrXB; Path=/; Expires=Thu, 17 Feb 2022 13:35:37 GMT; HttpOnly; Secure; SameSite=None optimizelyEndUserId=lo_f443bc29b151; Path=/; Expires=Thu, 17 Feb 2022 13:35:37 GMT; Secure; SameSite=None
vary: Accept-Encoding
x-envoy-upstream-service-time: 791
x-frame-options: allow-from medium.com

Redirect headers

date: Wed, 17 Feb 2021 13:35:36 GMT
content-type: text/html
content-length: 0
set-cookie: __cfduid=d5c6e1c3563149af2cc4956160f7307e51613568936; expires=Fri, 19-Mar-21 13:35:36 GMT; path=/; domain=.medium.com; HttpOnly; SameSite=Lax uid=lo_f443bc29b151; Path=/; Domain=medium.com; Expires=Thu, 17 Feb 2022 13:35:36 GMT; HttpOnly; Secure sid=1:xiJsbBy5LRi8S6HroCc1gYKi6ipAjBMVZ2IzGpqw+fGdKyuFXUl1wv8kURqlIepO; Path=/; Domain=medium.com; Expires=Thu, 17 Feb 2022 13:35:36 GMT; HttpOnly; Secure; SameSite=None optimizelyEndUserId=lo_f443bc29b151; Path=/; Domain=medium.com; Expires=Thu, 17 Feb 2022 13:35:36 GMT; Secure; SameSite=None __cfruid=a37fecb323a8b90806a42417565055f922d8c1fd-1613568936; path=/; domain=.medium.com; HttpOnly; Secure; SameSite=None
location: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
cf-ray: 622fe47ebb9dc2b3-FRA
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Thu, 09 Sep 1999 09:09:09 GMT
link: <https://medium.com/humans.txt>; rel="humans"
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: DYNAMIC
cf-request-id: 0851cd23360000c2b352881000000001
content-security-policy: default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://medium.com https://*.medium.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
medium-fulfilled-by: valencia/main-20210216-182048-20b3821289
pragma: no-cache
x-content-type-options: nosniff
x-envoy-upstream-service-time: 114
x-frame-options: sameorigin
x-obvious-info: 20210217-0829-root,6890a2e4
x-obvious-tid: 1613568936881:32c18648bc49
x-opentracing: {"ot-tracer-spanid":"79cbd7b51fe71b68","ot-tracer-traceid":"1dfcac3e44913ac4","ot-tracer-sampled":"true"}
x-powered-by: Medium
x-ua-compatible: IE=edge, Chrome=1
x-xss-protection: 1; mode=block
vary: Accept-Encoding
server: cloudflare
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 unbound.css
glyph.medium.com/css/ 10 KB
1 KB 50ms
32ms Stylesheet
text/css 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/css/unbound.css

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

521fc7ed31a9b3bf4aaf51ad52ca16362a8535c90d242fcbc425848dd6054019

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1484
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0851cd27c50000c2b366b55000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: text/css
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=14400
access-control-allow-credentials: true
cf-ray: 622fe4860a05c2b3-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Wed, 17 Feb 2021 17:35:37 GMT

GET
H2 200 16180790160.js Show response
cdn.optimizely.com/js/ 323 KB
94 KB 22ms
7ms Script
text/javascript 2a02:26f0:7100:19b::13b8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.optimizely.com/js/16180790160.js

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100:19b::13b8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

AmazonS3 /

Resource Hash

2b756b71eac47a1927041c6bbf7c0fcbd04477373df29788591331a5e406ee9e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-meta-pci_enabled: False
x-amz-version-id: PtWBZeo4IOn3qLBBblQZuaycCoVGfblX
content-encoding: gzip
etag: "0e9eda3a5f6f7daaabeb66cf2c376306"
x-amz-request-id: 16351EB8C976A85B
x-amz-server-side-encryption: AES256
x-amz-meta-revision: 5799
x-amz-replication-status: PENDING
access-control-allow-methods: GET, HEAD
server-timing: cdn;desc="AkamaiION";dur=0,rtt;desc="5";dur=0,cdnip;desc="2a02:26f0:7100:19b::13b8";dur=0,cdnmap;desc="a5048.dsca.akamaiedge.net";dur=0,proto;desc="h2";dur=0
vary: Accept-Encoding
content-length: 95024
x-amz-id-2: ve96m2D3LQDvxAuO+NJoDwEfD8qo5hiH6FWkF/D7UHAcEg+QwOyp8dKkRFrZm7dn8gv8uJn/tXk=
last-modified: Tue, 16 Feb 2021 21:02:19 GMT
server: AmazonS3
date: Wed, 17 Feb 2021 13:35:37 GMT
access-control-max-age: 86400
strict-transport-security: max-age=15768000
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: x-amz-meta-revision
cache-control: max-age=120
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: *

GET
H2 200 1*lwwdz5iU5bY2ZzaF5qP-Hw.png
miro.medium.com/max/174/ 8 KB
8 KB 31ms
30ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/174/1*lwwdz5iU5bY2ZzaF5qP-Hw.png

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7b291bac4cab78306a75e1a45638905656722c05eea8ddf56f41048bbd7588a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:37 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 63102
x-envoy-upstream-service-time: 42
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 7844
cf-request-id: 0851cd27dc0000c2b32803f000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20201103-004404-ec640a6618
accept-ranges: bytes
cf-ray: 622fe4862a2cc2b3-FRA
expires: Fri, 19 Mar 2021 13:35:37 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 05 Feb 2021 21:33:27 GMT
server: Golfe2
age: 2901
date: Wed, 17 Feb 2021 12:47:16 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18980
expires: Wed, 17 Feb 2021 14:47:16 GMT

GET
H2 200 1*6g6sWeOzruzLd-7jotXC9A.png
miro.medium.com/fit/c/96/96/ 17 KB
18 KB 25ms
24ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/96/96/1*6g6sWeOzruzLd-7jotXC9A.png

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d0802dae7dcd24caf6e0b7476de116171c46c668553fd8306dad94d14c9de092

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 63103
x-envoy-upstream-service-time: 193
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 17899
cf-request-id: 0851cd280d0000c2b35f2e2000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20201103-004404-ec640a6618
accept-ranges: bytes
cf-ray: 622fe4867a5bc2b3-FRA
expires: Fri, 19 Mar 2021 13:35:38 GMT

GET
H2 200 1*-Tu1Wo8r_NRYYD4WrEBXZw.jpeg
miro.medium.com/max/60/ 879 B
1 KB 42ms
40ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*-Tu1Wo8r_NRYYD4WrEBXZw.jpeg?q=20

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

484781cc010cec660da69dc9dbfb22cf5908de06130fdc6ecf7e555702104cb1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26378
x-envoy-upstream-service-time: 56
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 879
cf-request-id: 0851cd280d0000c2b31d86d000000001
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210215-211444-39f031e4e8
accept-ranges: bytes
cf-ray: 622fe4867a5dc2b3-FRA
expires: Fri, 19 Mar 2021 13:35:38 GMT

GET
H2 200 1*UywtNJnE4XVUh37bU2_3aA.png
miro.medium.com/max/28/ 2 KB
2 KB 21ms
19ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/28/1*UywtNJnE4XVUh37bU2_3aA.png?q=20

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3be1830d320eb562425d992cb220305a2b1526c3434a6c7f517d3cd38a249f61

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 14409
x-envoy-upstream-service-time: 32
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2212
cf-request-id: 0851cd280e0000c2b366b57000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210215-211444-39f031e4e8
accept-ranges: bytes
cf-ray: 622fe4867a60c2b3-FRA
expires: Fri, 19 Mar 2021 13:35:38 GMT

GET
H2 200 1*nCG6ZjbfU6TaRxys29kWeA.jpeg
miro.medium.com/max/28/ 795 B
942 B 27ms
26ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/28/1*nCG6ZjbfU6TaRxys29kWeA.jpeg?q=20

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5d9c8ca07d24910b8d4fe114d6f378f8c4e6c1aa3fa0c2a65df022a321c2d9ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 15091
x-envoy-upstream-service-time: 38
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 795
cf-request-id: 0851cd280e0000c2b343885000000001
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210215-211444-39f031e4e8
accept-ranges: bytes
cf-ray: 622fe4867a61c2b3-FRA
expires: Fri, 19 Mar 2021 13:35:38 GMT

GET
H2 200 1*Wy58GiNKHio9Lw5FPovQkg.png
miro.medium.com/max/28/ 2 KB
2 KB 27ms
26ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/28/1*Wy58GiNKHio9Lw5FPovQkg.png?q=20

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ea72bfc6c97678ab729477b178536f4af5132997327388397642c5e283f70ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 15091
x-envoy-upstream-service-time: 52
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2354
cf-request-id: 0851cd280f0000c2b37d92e000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210215-211444-39f031e4e8
accept-ranges: bytes
cf-ray: 622fe4867a62c2b3-FRA
expires: Fri, 19 Mar 2021 13:35:38 GMT

GET
H2 200 1*w0p-HPS7UmOSJyWgwB0V3g.png
miro.medium.com/max/60/ 1 KB
1 KB 62ms
62ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*w0p-HPS7UmOSJyWgwB0V3g.png?q=20

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22fc17fb60d280353af8659152a672f0ba1d28f1d91ab7bf2d81e6b3f682fb6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 14409
x-envoy-upstream-service-time: 47
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1161
cf-request-id: 0851cd280f0000c2b323398000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210215-211444-39f031e4e8
accept-ranges: bytes
cf-ray: 622fe4867a63c2b3-FRA
expires: Fri, 19 Mar 2021 13:35:38 GMT

GET
H2 200 1*Vxc5aVPE4b5FDynYSdUD8w.png
miro.medium.com/max/60/ 3 KB
3 KB 48ms
47ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*Vxc5aVPE4b5FDynYSdUD8w.png?q=20

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eca3e21c19e0b31b57f69d62e9ab8da043ffff1f8d274b65c041df013d22c47a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 15091
x-envoy-upstream-service-time: 41
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2804
cf-request-id: 0851cd28210000c2b37b383000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210215-211444-39f031e4e8
accept-ranges: bytes
cf-ray: 622fe4869a7ec2b3-FRA
expires: Fri, 19 Mar 2021 13:35:38 GMT

GET
H2 200 0*ZNWU4GOqd_10mFwi
miro.medium.com/max/320/ 16 KB
16 KB 135ms
134ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/320/0*ZNWU4GOqd_10mFwi

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eec8f12d2bbda06cae1aa15e05145e43e90d28c2fd41f3d75c5c85fe9eebb077

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-envoy-upstream-service-time: 16
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 15918
cf-request-id: 0851cd28290000c2b35f2e3000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
cache-control: public, must-revalidate, max-age=2592000
medium-fulfilled-by: miro/main-20210216-183901-a3338db6be
accept-ranges: bytes
cf-ray: 622fe486aa86c2b3-FRA
expires: Fri, 19 Mar 2021 13:35:38 UTC

GET
H2 200 sohne-400-normal.woff
glyph.medium.com/font/b492c44/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 12 KB
13 KB 39ms
20ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/b492c44/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

387b4e6c558481b50671dfc3fc34b5eba703960fd2e5327776783ea4874358e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://blog.confiant.com
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 15091
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0851cd282800004ec729130000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 622fe486ae064ec7-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Thu, 17 Feb 2022 13:35:38 GMT

GET
H2 200 sohne-500-normal.woff
glyph.medium.com/font/df9ba7f/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 12 KB
12 KB 44ms
25ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/df9ba7f/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-500-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c91611bbeba53d744d5533e444174ec2cc59f1955bbd9480374073fd92842737

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://blog.confiant.com
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 15091
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0851cd282800004ec7cd33b000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 622fe486ae084ec7-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Thu, 17 Feb 2022 13:35:38 GMT

GET
H2 200 fell-400-normal.woff
glyph.medium.com/font/78ce731/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 14 KB
14 KB 45ms
26ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/78ce731/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/fell-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f57137897a4e676f0d2199b79def1a95b253a1a938dff9d8ba10519f3beb2b08

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://blog.confiant.com
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 15091
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0851cd282800004ec71c399000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 622fe486ae0a4ec7-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Thu, 17 Feb 2022 13:35:38 GMT

GET
H2 200 sohne-400-normal.woff
glyph.medium.com/font/b492c44/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 18 KB
18 KB 65ms
46ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/b492c44/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/sohne-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3f967640b084b03c8f25fc52173114d976c173fc273d31c128cf2c553e15b89c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://blog.confiant.com
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 15091
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0851cd282a00004ec7c9a51000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 622fe486ae0b4ec7-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Thu, 17 Feb 2022 13:35:38 GMT

GET
H2 200 charter-400-normal.woff
glyph.medium.com/font/be78681/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 10 KB
10 KB 45ms
26ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/be78681/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/charter-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3d669b687929b3aa777fdd2c400c2b8c6b794978536a64d7e1f71edcf8037e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://blog.confiant.com
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 15090
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0851cd282800004ec7e1879000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 622fe486ae0c4ec7-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Thu, 17 Feb 2022 13:35:38 GMT

GET
H2 200 charter-400-italic.woff
glyph.medium.com/font/81d2bf1/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 10 KB
11 KB 38ms
20ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/81d2bf1/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/charter-400-italic.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f0b9a9e4ea994c106a4fc595828ca1332b2cd0435d5d159d26d1773344d97367

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://blog.confiant.com
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 15091
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0851cd282800004ec7ca8ac000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 622fe486ae0d4ec7-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Thu, 17 Feb 2022 13:35:38 GMT

GET
H2 200 fell-400-normal.woff
glyph.medium.com/font/78ce731/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 19 KB
19 KB 32ms
21ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/78ce731/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/fell-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

087316f29690e0a35f6642721fb9bf8d05bb9cbac3bbb30c822ba878ff7965d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://blog.confiant.com
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 15091
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0851cd282a00004ec71c39b000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 622fe486ae104ec7-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Thu, 17 Feb 2022 13:35:38 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
67 B 13ms
13ms XHR
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j88&a=2062469936&t=pageview&_s=1&dl=https%3A%2F%2Fblog.confiant.com%2Fmalvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba%3Fgi%3Ddf5ec26d3d09&ul=en-us&de=UTF-8&dt=Malvertiser%20%E2%80%9CScamClub%E2%80%9D%20Bypasses%20Iframe%20Sandboxing%20With%20postMessage()%20Shenanigans%20%5BCVE-2021%E2%80%931801%5D%20%7C%20by%20Eliya%20Stein%20%7C%20Feb%2C%202021%20%7C%20Confiant&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=995428187&gjid=847863014&cid=75800161.1613568938&tid=UA-24232453-2&_gid=1713727075.1613568938&_r=1&_slc=1&z=837518010

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 13:35:38 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.confiant.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 1*6g6sWeOzruzLd-7jotXC9A.png
miro.medium.com/fit/c/160/160/ 40 KB
41 KB 22ms
19ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/160/160/1*6g6sWeOzruzLd-7jotXC9A.png

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c2095b78ac8bde0c5108f90dfb38de9132f193bbf29ae55eff39e07a5514c31c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 63103
x-envoy-upstream-service-time: 45
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 41314
cf-request-id: 0851cd28930000c2b366b5d000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20201103-004404-ec640a6618
accept-ranges: bytes
cf-ray: 622fe4875b26c2b3-FRA
expires: Fri, 19 Mar 2021 13:35:38 GMT

GET
H2 200 1*Gzx_yxzR1l1GX0h8J75gfQ.png
miro.medium.com/fit/c/160/160/ 9 KB
9 KB 27ms
24ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/160/160/1*Gzx_yxzR1l1GX0h8J75gfQ.png

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f25e38427a40e8d86aee0f6077a7dc2e8d2178a3e93d18b9e11abe025f2809cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 63103
x-envoy-upstream-service-time: 47
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 8946
cf-request-id: 0851cd28930000c2b319171000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20201103-004404-ec640a6618
accept-ranges: bytes
cf-ray: 622fe4875b27c2b3-FRA
expires: Fri, 19 Mar 2021 13:35:38 GMT

GET
H2 200 1*6g6sWeOzruzLd-7jotXC9A.png
miro.medium.com/fit/c/80/80/ 13 KB
13 KB 56ms
54ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/80/80/1*6g6sWeOzruzLd-7jotXC9A.png

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c184d9155e9fa62111bdee27d27bb0b316f24b966089342d0e49b5134166432

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 63103
x-envoy-upstream-service-time: 72
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 12849
cf-request-id: 0851cd28940000c2b370a6e000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20201103-004404-ec640a6618
accept-ranges: bytes
cf-ray: 622fe4875b28c2b3-FRA
expires: Fri, 19 Mar 2021 13:35:38 GMT

GET
H2 200 1*Gzx_yxzR1l1GX0h8J75gfQ.png
miro.medium.com/fit/c/80/80/ 4 KB
4 KB 26ms
24ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/80/80/1*Gzx_yxzR1l1GX0h8J75gfQ.png

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7de86495b2cc2bb8cb0114b62861ee7775a0ce3aa22177bf11adf33135933fde

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 63103
x-envoy-upstream-service-time: 65
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3769
cf-request-id: 0851cd28940000c2b319af3000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20201209-194421-2f3bd69bbf
accept-ranges: bytes
cf-ray: 622fe4875b29c2b3-FRA
expires: Fri, 19 Mar 2021 13:35:38 GMT

GET
H2 200 1*DimzYIT6p9LkmCFDLkF5og.png
miro.medium.com/max/60/ 2 KB
2 KB 19ms
17ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*DimzYIT6p9LkmCFDLkF5og.png?q=20

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

39218eb69121074a8f03387564b81dfd3da1a38149bcf53ea1a28994ae672d82

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 14409
x-envoy-upstream-service-time: 41
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1771
cf-request-id: 0851cd28940000c2b369ae1000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20201103-004404-ec640a6618
accept-ranges: bytes
cf-ray: 622fe4875b2bc2b3-FRA
expires: Fri, 19 Mar 2021 13:35:38 GMT

GET
H2 200 1*Bi2nJHXUjWTxrWzsxLi32Q.jpeg
miro.medium.com/max/60/ 1 KB
1 KB 93ms
92ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*Bi2nJHXUjWTxrWzsxLi32Q.jpeg?q=20

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3db4c40e4a4fbb84b04a8b160a7fa6324ff9ecc0a020779fa604b00ac23d125f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 14409
x-envoy-upstream-service-time: 44
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1245
cf-request-id: 0851cd28ae0000c2b31a040000000001
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20201209-194421-2f3bd69bbf
accept-ranges: bytes
cf-ray: 622fe4877b5ac2b3-FRA
expires: Fri, 19 Mar 2021 13:35:38 GMT

GET
H2 200 1*t-SjZKm04M8jK8KQJXs24Q.png
miro.medium.com/max/60/ 4 KB
4 KB 95ms
95ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*t-SjZKm04M8jK8KQJXs24Q.png?q=20

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f751fcb5111d800a447a87c74957e3b8fc9392ea0623adcfaf45149e160f1e31

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 14409
x-envoy-upstream-service-time: 39
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3824
cf-request-id: 0851cd28f60000c2b31a041000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20201209-194421-2f3bd69bbf
accept-ranges: bytes
cf-ray: 622fe4877b5bc2b3-FRA
expires: Fri, 19 Mar 2021 13:35:38 GMT

GET
H2 200 1*w-WBTT0ElhAxjk_mDV8LSQ.jpeg
miro.medium.com/max/60/ 857 B
1 KB 28ms
27ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*w-WBTT0ElhAxjk_mDV8LSQ.jpeg?q=20

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c9bc8189ed488a53793891d9e4f61c3c5533b4b56ff130378fb7b8d8c9c6c3a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 14409
x-envoy-upstream-service-time: 21
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 857
cf-request-id: 0851cd28b30000c2b3618b1000000001
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20201209-194421-2f3bd69bbf
accept-ranges: bytes
cf-ray: 622fe4878b65c2b3-FRA
expires: Fri, 19 Mar 2021 13:35:38 GMT

GET
H2 200 1*gBgjzR2JqrjU4MQJB60Jiw.jpeg
miro.medium.com/max/60/ 858 B
968 B 22ms
20ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*gBgjzR2JqrjU4MQJB60Jiw.jpeg?q=20

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

454a0d05667cf49483dfa7353adf276632fb89eeec09b0a46f9dd34079e2451a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 14409
x-envoy-upstream-service-time: 28
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 858
cf-request-id: 0851cd28c70000c2b37b389000000001
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20201209-194421-2f3bd69bbf
accept-ranges: bytes
cf-ray: 622fe487ab91c2b3-FRA
expires: Fri, 19 Mar 2021 13:35:38 GMT

GET
H2 200 1*yO_tElsM_loVj4v9FX8XKA.jpeg
miro.medium.com/max/60/ 922 B
1 KB 26ms
25ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*yO_tElsM_loVj4v9FX8XKA.jpeg?q=20

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fa098f56942093c301bba82094c6b8c392a1c2a2f6485b7700f35c205ce0109d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 14409
x-envoy-upstream-service-time: 14
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 922
cf-request-id: 0851cd28cf0000c2b3392e4000000001
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20201103-004404-ec640a6618
accept-ranges: bytes
cf-ray: 622fe487bba4c2b3-FRA
expires: Fri, 19 Mar 2021 13:35:38 GMT

GET
H2 200 1*dfke0aEMeIHuHh9y892CJw.jpeg
miro.medium.com/max/60/ 905 B
1 KB 32ms
31ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*dfke0aEMeIHuHh9y892CJw.jpeg?q=20

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6af37f7c99c415e6ae052347522a648d0b59dd72a071a1fb1b40534126435aa6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 74190
x-envoy-upstream-service-time: 57
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 905
cf-request-id: 0851cd28d00000c2b38c1ae000000001
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20201022-235030-74926b7bfe
accept-ranges: bytes
cf-ray: 622fe487bba5c2b3-FRA
expires: Fri, 19 Mar 2021 13:35:38 GMT

GET
H2 200 1*dmAC1y8l3N3CgHaKjKjMdg.png
miro.medium.com/max/60/ 2 KB
2 KB 19ms
17ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*dmAC1y8l3N3CgHaKjKjMdg.png?q=20

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f95cc1cba7c7358fab944a8e2b60a108096a7c19c6a731723122c42eae4d8c38

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 89409
x-envoy-upstream-service-time: 16
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2029
cf-request-id: 0851cd28e00000c2b3618b4000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210215-211444-39f031e4e8
accept-ranges: bytes
cf-ray: 622fe487cbbec2b3-FRA
expires: Fri, 19 Mar 2021 13:35:38 GMT

GET
H2 200 1*Crl55Tm6yDNMoucPo1tvDg.png
miro.medium.com/max/270/ 10 KB
10 KB 18ms
17ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/270/1*Crl55Tm6yDNMoucPo1tvDg.png

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3642d3805e9ba66fb550403766a10734052136d07789afe554763dc5658d41f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2021883
x-envoy-upstream-service-time: 42
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 9821
cf-request-id: 0851cd28f30000c2b35f2ec000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20201103-004404-ec640a6618
accept-ranges: bytes
cf-ray: 622fe487ebe7c2b3-FRA
expires: Fri, 19 Mar 2021 13:35:38 GMT

GET
H2 200 1*W_RAPQ62h0em559zluJLdQ.png
miro.medium.com/max/270/ 7 KB
7 KB 19ms
17ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/270/1*W_RAPQ62h0em559zluJLdQ.png

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8b0c060701a878582fead05b30ef2d4786ef2dd4f61d58b56f1edd52fe91781b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2021883
x-envoy-upstream-service-time: 46
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6839
cf-request-id: 0851cd28f30000c2b37b38a000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20201103-004404-ec640a6618
accept-ranges: bytes
cf-ray: 622fe487ebe8c2b3-FRA
expires: Fri, 19 Mar 2021 13:35:38 GMT

GET
H2 200 manifest.66214212.js Show response
cdn-client.medium.com/lite/static/js/ 7 KB
4 KB 40ms
30ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/manifest.66214212.js

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed4c8a9798688fffe27a1d9665e9eba2c1fd8577cd86af887c4420d9d16486de

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 58494
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 7162ECC069367374
x-amz-id-2: 54irYLzmkEoFec9uYSvt73tumZcyQQs3L1LP8UfTp/fZVpo3Qp9OmN46ZEhpg2OqfpQPcE0tqvQ=
last-modified: Tue, 16 Feb 2021 21:09:07 GMT
server: cloudflare
etag: W/"ae4ffda8324184def2e9b1c6115763b5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: dAInAYuuU47w8TCXT_.r_14d7150JQ5d
cache-control: public, max-age=31536000
cf-request-id: 0851cd28a90000c2b364284000000001
cf-ray: 622fe4877b51c2b3-FRA
expires: Thu, 17 Feb 2022 13:35:38 GMT

GET
H2 200 8247.8b14dd5f.js Show response
cdn-client.medium.com/lite/static/js/ 638 KB
190 KB 30ms
20ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8247.8b14dd5f.js

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

630ca5ade39e8684f33f4b408a089a1895dd4f782284c8dcaf225def1f46655f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 592507
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: D8427F73FBAECE81
x-amz-id-2: nm330a+eiq11l9pA5tM+A3T+LTF83UlubLjP29G3P0iqQXlww8CE+93zQS4YuXka7UHuyeb3UIU=
last-modified: Wed, 10 Feb 2021 16:57:02 GMT
server: cloudflare
etag: W/"7d9f72a3b54312a0f424c471b640157f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: cxl_FzYugg4.VJhhCxBQOqSw0JOvqhhn
cache-control: public, max-age=31536000
cf-request-id: 0851cd28a90000c2b366b5e000000001
cf-ray: 622fe4877b52c2b3-FRA
expires: Thu, 17 Feb 2022 13:35:38 GMT

GET
H2 200 main.f82521a2.js Show response
cdn-client.medium.com/lite/static/js/ 563 KB
145 KB 33ms
23ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/main.f82521a2.js

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9b00073510230c77c12bf96fb45fd2dc19e249748b45538b1db21bc990872e62

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 58494
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 5R4H4YEY2P7N9T2T
x-amz-id-2: bMg190xb0pA0KyY8eLiedu8AN6wnpn//aLKDTA4L5UWdsujxMBGt14VTQf9uBqrFD+cq70qN8Qk=
last-modified: Tue, 16 Feb 2021 21:09:05 GMT
server: cloudflare
etag: W/"ab0391e7466d1dcbea5c7d931b60dbe6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: EkCLZPsqwvhrnrj913cB.Lh44j8sjFVu
cache-control: public, max-age=31536000
cf-request-id: 0851cd28a90000c2b319172000000001
cf-ray: 622fe4877b53c2b3-FRA
expires: Thu, 17 Feb 2022 13:35:38 GMT

GET
H2 200 5573.159bf40f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 62 KB
16 KB 35ms
26ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5573.159bf40f.chunk.js

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e94f5c9ab17624e0617356aa0ce9b87c16a4a62e48ff8ccaabe6963072b76ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 106046
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 9D584856367C9D21
x-amz-id-2: dCLxGReOzYie8cze7jTmxuhKT0Q4uVVp17EfYoN2lJgIGgeST5SVH5JBEhuTArEU3ydfzFjFxtM=
last-modified: Thu, 03 Dec 2020 23:15:32 GMT
server: cloudflare
etag: W/"285e9d718f6e570e00b30e966996ec1c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: ITKw14eLTdBpXYYcizy12uJ1fvpJcpCb
cache-control: public, max-age=31536000
cf-request-id: 0851cd28a90000c2b35a1bb000000001
cf-ray: 622fe4877b4fc2b3-FRA
expires: Thu, 17 Feb 2022 13:35:38 GMT

GET
H2 200 instrumentation.42411c75.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 5 KB
2 KB 19ms
16ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/instrumentation.42411c75.chunk.js

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2fc286495ca65ade266162e49b9a03caea0aac377c2510d3065a61d6abe8e7da

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 579467
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: B01B4FF321F6D785
x-amz-id-2: XzWl8kSPUnJXVJzfzMSsXQAgKk9kZFRQsqO1y8WEIf0x7fAYyRXJWO4nWRKE/ahZIn4T5dCFT74=
last-modified: Wed, 10 Feb 2021 20:29:53 GMT
server: cloudflare
etag: W/"edd40eb04ef012ea0b2b1d19dfa43198"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: 7gDzzxVw0NTYtqeYLRmmRncFCjHtynsh
cache-control: public, max-age=31536000
cf-request-id: 0851cd28aa0000c2b319af4000000001
cf-ray: 622fe4877b54c2b3-FRA
expires: Thu, 17 Feb 2022 13:35:38 GMT

GET
H2 200 reporting.54526183.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 1 KB
1009 B 27ms
26ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/reporting.54526183.chunk.js

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

573212a21fd7654c3d10be95f2329cdefa5393f1e784fda8eb0b2bae1f6cf9ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1102096
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 4623E4F01875823E
x-amz-id-2: 88lf9sEL3zggf+WTq21GW2nUDG4ZIqXnKiPM3CGYRcowd//tImVuc9YL2tZaKfF02u1DjM7y8f0=
last-modified: Thu, 04 Feb 2021 19:19:39 GMT
server: cloudflare
etag: W/"1b61d21ac3e58346112e558c6dbc7972"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: l.vVhZOsAhS0zE5l15Ksgb1RGbSxUKxk
cache-control: public, max-age=31536000
cf-request-id: 0851cd28aa0000c2b369ae2000000001
cf-ray: 622fe4877b55c2b3-FRA
expires: Thu, 17 Feb 2022 13:35:38 GMT

GET
H2 200 1752.a348f767.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 23 KB
11 KB 22ms
22ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1752.a348f767.chunk.js

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

961f2b3e92eba06b032c090511ab8fb8b65ff7f0b471c7bd22817061288f8368

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1015126
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 8Y2WEP9N0N8VFWFT
x-amz-id-2: 0/GxCg7Ln5ASqHyvgHWAxKG5xivYWADb0ZDpF1E3e5inlxtaBsF+btvJIOYz/EGcs5YPoIE0z4M=
last-modified: Fri, 22 Jan 2021 19:27:24 GMT
server: cloudflare
etag: W/"7741f0aa651938c2144d2a015cea95e3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: 8YdXfnazankgmdOkWsGUSLquO9LBLhY8
cache-control: public, max-age=31536000
cf-request-id: 0851cd28ba0000c2b3392e2000000001
cf-ray: 622fe4878b73c2b3-FRA
expires: Thu, 17 Feb 2022 13:35:38 GMT

GET
H2 200 4464.c01c0ad8.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
4 KB 22ms
19ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4464.c01c0ad8.chunk.js

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7c641f892f22057d280574902211a972b66f21887b9605d6373420616c2998b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 985063
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 05A6FF98BD07242E
x-amz-id-2: wOx4GfF2VOlUrCDB/1k8a9MPM0Nj6l7AYB3Vgof8UgB+qYxPd7T6AOl/YNIwQY4Nyv8Dg1j2/WA=
last-modified: Wed, 02 Dec 2020 02:33:01 GMT
server: cloudflare
etag: W/"be8b2bc1f024eb0a68f616793b7f8507"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: NkqEyknZNpQQsnJ_0Ysu16usgj0oaHmU
cache-control: public, max-age=31536000
cf-request-id: 0851cd28c60000c2b3208a2000000001
cf-ray: 622fe487ab8ec2b3-FRA
expires: Thu, 17 Feb 2022 13:35:38 GMT

GET
H2 200 8342.6aa0b45e.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 120 KB
34 KB 23ms
21ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8342.6aa0b45e.chunk.js

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0e86fe8c1606e924a4e97954c26536fa5e607a8e80245236f29fc2dd94451107

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 985053
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 774A3BAC62216CA5
x-amz-id-2: 1lgy8xHDqskYRzC4HqpJV59M2FHYLLmGwWXIbjyyTJZqtz5EldZM3d7oE7xsdHkZ21g+q48pXn4=
last-modified: Fri, 04 Dec 2020 01:36:09 GMT
server: cloudflare
etag: W/"5daacb41c4e6b401be87ada016250ea8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: qonxwwJqyV0gWQau_ewBCZXsv6ZIxVW0
cache-control: public, max-age=31536000
cf-request-id: 0851cd28c90000c2b35f2ea000000001
cf-ray: 622fe487ab90c2b3-FRA
expires: Thu, 17 Feb 2022 13:35:38 GMT

GET
H2 200 5699.e60bcdf6.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 5 KB
2 KB 17ms
16ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5699.e60bcdf6.chunk.js

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3bb17ddfe5497a0645f9f62adc99bba605f073e92f958495127a91aa8950e7cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 105866
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: FM1PFTBGFS7X8P1G
x-amz-id-2: dH88tLQ7Mj+PjisFU0tK5e7Zj4V8zUztIxFmSNFJkC5HCjI7zFBmrGMo6x9x8IlHs53Qpu784H0=
last-modified: Fri, 22 Jan 2021 19:27:25 GMT
server: cloudflare
etag: W/"c7c15654015cd5857d50515bbf9c86ed"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: Sw1lWfoeX6f.h.uYDVEdOz6ljqyQNQnW
cache-control: public, max-age=31536000
cf-request-id: 0851cd28ca0000c2b3528ba000000001
cf-ray: 622fe487ab97c2b3-FRA
expires: Thu, 17 Feb 2022 13:35:38 GMT

GET
H2 200 9692.ff42eea4.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 87 KB
24 KB 21ms
21ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9692.ff42eea4.chunk.js

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6294dafd402fcfcb1964fd091f573c7790d7fbdb654bb21e9f9cf24f51c2834a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 58494
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: E21DEDCC2616C444
x-amz-id-2: PZ2zq4/ChrTXYcQp/KwSMzh4QTTRNBOgp6Em60zBVruxHyNcUfclbEddy0PKpP/K/0zvKz2EOEk=
last-modified: Tue, 16 Feb 2021 21:08:45 GMT
server: cloudflare
etag: W/"0333eaea3e91b2a44e39be96efafe014"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: UrXZMSq3SB8xvqA92vAg8MQ25OV7Phu8
cache-control: public, max-age=31536000
cf-request-id: 0851cd28d10000c2b3468e2000000001
cf-ray: 622fe487bba7c2b3-FRA
expires: Thu, 17 Feb 2022 13:35:38 GMT

GET
H2 200 5064.4f9a6295.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 23 KB
8 KB 19ms
19ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5064.4f9a6295.chunk.js

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa5ddb540c927f5e3a968acdc2b9ceb4ba305f54b310df008a96ee3e85a66713

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 62990
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 996235392C5C80FF
x-amz-id-2: Fethc4TCPTwQrwlMWUVpPMjfCQNRcNfwO11jhpMtkol1+OfGZ/KO5dd9yYHFPXS7qgbX9KdOVyw=
last-modified: Tue, 16 Feb 2021 19:57:28 GMT
server: cloudflare
etag: W/"d530534dbc529e2a58ec375173141eed"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: alOlMlyAwonvbu1DSIyZE4gdp.WDsXMF
cache-control: public, max-age=31536000
cf-request-id: 0851cd28d10000c2b325a24000000001
cf-ray: 622fe487bba8c2b3-FRA
expires: Thu, 17 Feb 2022 13:35:38 GMT

GET
H2 200 9274.5526dd29.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 18 KB
6 KB 18ms
16ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9274.5526dd29.chunk.js

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae7a5d73cd4c61d43ca4a85ce7eb40ca5dfb6ae42310df084a23f2cf16bd88ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 414724
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 1A2497E61D552AB9
x-amz-id-2: m+Fz6jxCEwRNveHEbdEiCoVBsu7akCRfZtU/InVzQSqCA0+8qIMPsR5Bw624G/VlUrREbcVdSME=
last-modified: Fri, 12 Feb 2021 18:11:15 GMT
server: cloudflare
etag: W/"9e1d6a7e19f736349c841c68cbac8bfa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: yCzkS1.dWb4A033VheKbfLhx_xJyeUvl
cache-control: public, max-age=31536000
cf-request-id: 0851cd28de0000c2b357a26000000001
cf-ray: 622fe487cbbac2b3-FRA
expires: Thu, 17 Feb 2022 13:35:38 GMT

GET
H2 200 2846.56b0e274.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 17 KB
6 KB 20ms
18ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2846.56b0e274.chunk.js

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5b06b589b00aa9446a188742e331798f4c354285134da29f8d8c2ef549d51105

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 62971
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: C345C099E9366DC3
x-amz-id-2: NWWp17xk1f9MM7I2a+kResyJQ0WTY/ZHYTwQ/YikGSCUNc689+khP5DMwWBme8IxUtdGIM9DWXw=
last-modified: Tue, 16 Feb 2021 19:57:27 GMT
server: cloudflare
etag: W/"c2aff7a02dac617e4b992e9f8a7bc0cd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: jixtVZ8jw9VjnPKKSBkUA61uODG9m6je
cache-control: public, max-age=31536000
cf-request-id: 0851cd28df0000c2b34b207000000001
cf-ray: 622fe487cbbbc2b3-FRA
expires: Thu, 17 Feb 2022 13:35:38 GMT

GET
H2 200 7012.5f00b75e.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 59 KB
16 KB 18ms
17ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7012.5f00b75e.chunk.js

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

68e525515c7bd9c141f21d9aa7a240b49e5bc6928febe837ce7e19b40a25b257

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 414724
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: C96D652F501E6ED4
x-amz-id-2: R38h80jqewY0fcYNLXyIxVDhzcbRZQAw2vzPNfBMmUwzbmMUpG7J0JpXMGtMV+EebmH4GstUUA0=
last-modified: Fri, 12 Feb 2021 18:11:14 GMT
server: cloudflare
etag: W/"05ddf0f736f2c9242eeeeb3d45a28853"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: SWJBTwaQPENiar8O54qF9cbjGaaaGbxN
cache-control: public, max-age=31536000
cf-request-id: 0851cd28df0000c2b35f2eb000000001
cf-ray: 622fe487cbbcc2b3-FRA
expires: Thu, 17 Feb 2022 13:35:38 GMT

GET
H2 200 7993.113d64ba.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 24 KB
8 KB 19ms
18ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7993.113d64ba.chunk.js

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a4fadfe689b0e24b09ed940cc5f12318ae20a25f43ec9171f2eee2b84a57ee0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1102096
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: FD755C71A126685D
x-amz-id-2: hyYqPY22Pd7u5ewkrjaRRAc1z5B6FN49Jfo6MBrQQm0d6N1rsbNqi+oaQFjCE1GHIoh41Gj5C6M=
last-modified: Thu, 04 Feb 2021 19:26:51 GMT
server: cloudflare
etag: W/"6fce7c58465e85ee132edbad7bd72d50"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: GFXcHZvxgiW1a9rUexLkWQ1dhzSo5nBP
cache-control: public, max-age=31536000
cf-request-id: 0851cd28e40000c2b34388c000000001
cf-ray: 622fe487dbc2c2b3-FRA
expires: Thu, 17 Feb 2022 13:35:38 GMT

GET
H2 200 9972.a29dd8d1.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 11 KB
4 KB 20ms
20ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9972.a29dd8d1.chunk.js

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c78db37e1195da9fbd1fa07a47a20728ee78b8ac1b9ff12f55e7a5a1213a19f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 761617
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 0855BEF462D46A02
x-amz-id-2: fLl8WQMUnq4fWSa4WYq45NpR0XmCrwfF6KAj4qhzjPNnGKhChKHxDfgJ4aGvN4gIhTWMN0BMEDg=
last-modified: Mon, 08 Feb 2021 17:52:54 GMT
server: cloudflare
etag: W/"a9e7b276f30e57edfafd51ff79a539fc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: 1I1aJXxrcjPumqR3N4q4nZXFd3zZ17_M
cache-control: public, max-age=31536000
cf-request-id: 0851cd28e60000c2b3829f4000000001
cf-ray: 622fe487dbc6c2b3-FRA
expires: Thu, 17 Feb 2022 13:35:38 GMT

GET
H2 200 5127.810d9eac.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
4 KB 18ms
18ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5127.810d9eac.chunk.js

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ac3e1c56f4f3486241f03a4f0ea323821d26e99e9c40062034d52cea1931215c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 106046
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 92BEDC824A3F0D7B
x-amz-id-2: jkpGHrJkRfRYZzhmJJY8uYn4kIFe1cANAQvD/evChxWAUxvpivFxXNTXjo9h0m+BHyks5+pfE40=
last-modified: Fri, 12 Feb 2021 18:11:13 GMT
server: cloudflare
etag: W/"d92e8af6033a5fc9b36d46fb9d011e61"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: kfnGytVsyiThOER9PxwrG.JVu46OMkIT
cache-control: public, max-age=31536000
cf-request-id: 0851cd28ea0000c2b32804a000000001
cf-ray: 622fe487dbcfc2b3-FRA
expires: Thu, 17 Feb 2022 13:35:38 GMT

GET
H2 200 9106.d3f8ce1c.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 31 KB
10 KB 22ms
21ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9106.d3f8ce1c.chunk.js

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

da4abf1c7a9b312990ecaf06b559c20a13b92dc6593076388f9b9b451b3cff6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 414724
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 4B7EDB43CDEF2AA4
x-amz-id-2: tsoJRJh8Vb2pRWE+IxRj8bLI8jTVbVdA3K9ILwx7mt5DNiF8MkGvIxzw+1Ak2hBGwYdsYbFsdzo=
last-modified: Fri, 12 Feb 2021 18:11:15 GMT
server: cloudflare
etag: W/"669158c607958f8d4eb50394612e41dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: s4IDCrLlChe4STS5dLhOtZl.ifbaSW.D
cache-control: public, max-age=31536000
cf-request-id: 0851cd28f20000c2b3763bd000000001
cf-ray: 622fe487ebe2c2b3-FRA
expires: Thu, 17 Feb 2022 13:35:38 GMT

GET
H2 200 8751.8157df04.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 14 KB
5 KB 24ms
23ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8751.8157df04.chunk.js

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7147f23b4281603fecf02a0673a31adfe3e53352f8e7dcf0d70c0a353b343faf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 58494
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: DK6W9K8G5R2K2G3Y
x-amz-id-2: rMVINTpC1Fu3oxvixkaUK5gJ+ZwAbj9+QodyyGso86an6UFlDk8XZelaEoyPIouEj5175SJZaLI=
last-modified: Tue, 16 Feb 2021 21:08:44 GMT
server: cloudflare
etag: W/"e97eb8acda188eaf0abcd944c620ab35"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: Fbyzs7.Vfr7bmfK.1tG41P7uLjMfof7j
cache-control: public, max-age=31536000
cf-request-id: 0851cd28f30000c2b31b260000000001
cf-ray: 622fe487ebe4c2b3-FRA
expires: Thu, 17 Feb 2022 13:35:38 GMT

GET
H2 200 9458.f28348f4.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 32 KB
11 KB 17ms
17ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9458.f28348f4.chunk.js

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

00abc22d9d07773cdd5bf358a1f3432a35dba8681e0dddf41eb1d2a99c140d0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 414724
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 3EB5C35438345BD5
x-amz-id-2: GTNcyJMYlplfl6gK9MRqTN+Xk9J/nzNdSLvJUTkNp9pHcB3HlDnQtpJ9P+e9c3t/jebgqKbrcSI=
last-modified: Fri, 12 Feb 2021 18:11:15 GMT
server: cloudflare
etag: W/"ae885b271ec339070029d6bdc6395cf5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: _PTFuajRmXtk_C3DI6Fr7hw29PQOh194
cache-control: public, max-age=31536000
cf-request-id: 0851cd28f20000c2b357a27000000001
cf-ray: 622fe487ebe5c2b3-FRA
expires: Thu, 17 Feb 2022 13:35:38 GMT

GET
H2 200 7131.5a03a881.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 19 KB
6 KB 16ms
16ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7131.5a03a881.chunk.js

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1c7c9775e61e81487582dce08904a699a32ec9a6d94512ab155a3efffdd2d38e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 58494
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 40347089212EBECC
x-amz-id-2: IhpS3AbwJJHh6RDJWRwaXdqhqZCTXK3s+9TBW8I+SVpSclburEwYCxNAbmG8PXcuY4cFfqcfsRY=
last-modified: Tue, 16 Feb 2021 21:08:44 GMT
server: cloudflare
etag: W/"4b818e7bc9e919a77d625479ad85cf64"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: LLlGWxv44MWhb4e9e5.sMAfn0keLCDEc
cache-control: public, max-age=31536000
cf-request-id: 0851cd28f80000c2b34388d000000001
cf-ray: 622fe487fbedc2b3-FRA
expires: Thu, 17 Feb 2022 13:35:38 GMT

GET
H2 200 8127.6aa442d7.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 11 KB
5 KB 16ms
15ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8127.6aa442d7.chunk.js

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c5e049da8694e8e8e63cd658ed14b63fd413810c662bdabc92aecb9136345dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 58494
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 49E0E869045FD7C6
x-amz-id-2: JNlxjt8Pmy0maGSlcu26QPRMvQvO9a2jwCWcdcCPCLneQp4r0qmAZOEMmIy0Pcqq2c7yKTkUWHI=
last-modified: Tue, 16 Feb 2021 21:08:44 GMT
server: cloudflare
etag: W/"142d318c59de8518593901a3a22c1ea1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: ON2CiAZLy2w1eeYXPiH7pCUeZUTa0CtY
cache-control: public, max-age=31536000
cf-request-id: 0851cd28fb0000c2b31d877000000001
cf-ray: 622fe487fbf0c2b3-FRA
expires: Thu, 17 Feb 2022 13:35:38 GMT

GET
H2 200 463.b114d59d.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 13 KB
5 KB 37ms
37ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/463.b114d59d.chunk.js

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

437b8236d1bd8a75a3bd87d4529650b68376ef6a3f673442624f8e00a92c08ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 766534
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: E2CFFE54E801767F
x-amz-id-2: 7bThKUpMlK03A1jMywW1pegzFXICN54YwcDWwgiXJg41sxe3megAW+W2xQ+PBH8tBa++FwftQvA=
last-modified: Mon, 08 Feb 2021 16:34:54 GMT
server: cloudflare
etag: W/"a73889596a0e0c8bbb98f4dea8cbf5aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: 42jm4P_e6Evq762xrVEsYZg5A5pLfUiA
cache-control: public, max-age=31536000
cf-request-id: 0851cd28fc0000c2b373b2e000000001
cf-ray: 622fe487fbf1c2b3-FRA
expires: Thu, 17 Feb 2022 13:35:38 GMT

GET
H2 200 1373.f33f1a0b.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
4 KB 50ms
49ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1373.f33f1a0b.chunk.js

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf963d03112580640524933d3aefadb9ba71716969637ee74455043217b8569

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 58494
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 8FF2CFAE00CEC794
x-amz-id-2: e5Ws81A4Jwc9cM6C3PDSiPt6WAPi8as0rX7dJ7wLyV6mptP4e/OZMrTcl4//j0k75c8nAK1ckV8=
last-modified: Tue, 16 Feb 2021 21:08:41 GMT
server: cloudflare
etag: W/"17271da2cd9504aeeb0d844a07bc9408"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: Ghq4sqTWMXSQ3ECbfBwQdh9muCwIxVKQ
cache-control: public, max-age=31536000
cf-request-id: 0851cd29040000c2b31e149000000001
cf-ray: 622fe4880c04c2b3-FRA
expires: Thu, 17 Feb 2022 13:35:38 GMT

GET
H2 200 587.357e46e5.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 69 KB
20 KB 17ms
16ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/587.357e46e5.chunk.js

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8f92f3f681b1b327bb9ff0cbbd11cecd0e6f15e038a49dea0707eafee0132f2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 414724
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: C2730CFB3872F6F1
x-amz-id-2: 1Y/Q39KESVfWRg62Xml7NJ5avdhNDoJHCju2hoJOGO8tCmZuE+oaS8+T43jaSIsZNERe+W+wIZ0=
last-modified: Fri, 12 Feb 2021 18:11:14 GMT
server: cloudflare
etag: W/"5f592e2325ead6403ab4a533c3627a6d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: mGvtGaPxeWhyIzdZ9aXp1EXPBsVamYMi
cache-control: public, max-age=31536000
cf-request-id: 0851cd29080000c2b3763be000000001
cf-ray: 622fe4880c0bc2b3-FRA
expires: Thu, 17 Feb 2022 13:35:38 GMT

GET
H2 200 2514.597d2c66.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 18 KB
7 KB 19ms
19ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2514.597d2c66.chunk.js

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

46dcdb0cec75318a4d4dad2ceaf58b77bf41feef07f017f7a7602409d33b1761

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 106007
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 2851AD3F9D96C56C
x-amz-id-2: irA7thQD7IR1PLpSq2vYriun3fUzyEATSFw/MsLUEGwy1TVyLjuOyCUG11O36Xk7ZHCpqmarv0s=
last-modified: Fri, 22 Jan 2021 19:27:24 GMT
server: cloudflare
etag: W/"b7f949e6820ba3e3752fccc63379ed47"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: 2E06N8_G6DliCfmezrO.QewfK5iMpbV6
cache-control: public, max-age=31536000
cf-request-id: 0851cd29090000c2b32804c000000001
cf-ray: 622fe4880c0cc2b3-FRA
expires: Thu, 17 Feb 2022 13:35:38 GMT

GET
H2 200 3874.b21154a3.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 14 KB
5 KB 34ms
32ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3874.b21154a3.chunk.js

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ddc01f4ad56c508a67100aa4ec3a5cda9af0ee5ba09a9f7709fb4597c236092

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 58494
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 0B7860D792781DDE
x-amz-id-2: CJderA1iqTzcnizpYL0jiuUXcPuHIaSLNKVHP7Gj0bX3kpDCieBfG8/LPMQr7tN5/wlySj4EmwM=
last-modified: Tue, 16 Feb 2021 21:08:42 GMT
server: cloudflare
etag: W/"3a6dc3e9bdcd4d175a2222462f660d25"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: z9PgBaW.Nmh_4BYIRxiUXIxkRfldrxde
cache-control: public, max-age=31536000
cf-request-id: 0851cd290b0000c2b36c045000000001
cf-ray: 622fe4881c14c2b3-FRA
expires: Thu, 17 Feb 2022 13:35:38 GMT

GET
H2 200 857.474a2698.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
4 KB 15ms
15ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/857.474a2698.chunk.js

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2daea5064cf86c5ff8c43b97599d01727870f593b89bf5114c3f206000321b53

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 106007
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 77FC30673158A461
x-amz-id-2: KZKEmVS6BJnrGQhknx6q5lQQNEzwOBo794aMlUFFLqRiQgGchqMjymyt4rqzfsVjwyalIhHULJE=
last-modified: Mon, 08 Feb 2021 16:32:19 GMT
server: cloudflare
etag: W/"49b9f8516599e9ea49c1daf0f80b5047"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: 0Z6oZhGMRskgWIXucZC6ScgJpNZ53lOD
cache-control: public, max-age=31536000
cf-request-id: 0851cd290b0000c2b364288000000001
cf-ray: 622fe4881c15c2b3-FRA
expires: Thu, 17 Feb 2022 13:35:38 GMT

GET
H2 200 8286.08280ee0.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
4 KB 18ms
18ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8286.08280ee0.chunk.js

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae1606b6f60a768561b549aac72da45bf01183e7e7bd9b55054ad8013903d8c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 480176
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 4S5P7XAP3R2M9N7W
x-amz-id-2: ldYivd+NetIMOyt5Z8c0q9iWQmSaFVSLzMWj5fC8Grb0KX38QlMd4q8aaoM0P0cyfT0OmzWo9U8=
last-modified: Fri, 29 Jan 2021 00:01:37 GMT
server: cloudflare
etag: W/"285095a58969d8ca0fcd567dd8fec2c5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: QZUBfxOF0bHHUJUjC9m4r0MTEsl2zsDl
cache-control: public, max-age=31536000
cf-request-id: 0851cd29190000c2b369ae6000000001
cf-ray: 622fe4882c2fc2b3-FRA
expires: Thu, 17 Feb 2022 13:35:38 GMT

GET
H2 200 5429.770ff2e0.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 134 KB
35 KB 22ms
21ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5429.770ff2e0.chunk.js

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

43d42fed375532b8d7a4f71238114c27de9eb978c98ebbf97d237edf139548c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 58494
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 3FC2BEB475E0CA3D
x-amz-id-2: IRi5kV8Yl/xXksu9eY0HZKSO6G6Fxi/6NtJXY5acspZLhoxXpcvJkaJbIi9e/VyNWWPR37x4btI=
last-modified: Tue, 16 Feb 2021 21:08:43 GMT
server: cloudflare
etag: W/"a4b6aed5405b2d5236f655441f1c762a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: ERReV6bYotsVKJKaZ8.F8k7pjaQSibB9
cache-control: public, max-age=31536000
cf-request-id: 0851cd291c0000c2b3618b7000000001
cf-ray: 622fe4882c3dc2b3-FRA
expires: Thu, 17 Feb 2022 13:35:38 GMT

GET
H2 200 8831.2f4dede3.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 18 KB
8 KB 19ms
19ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8831.2f4dede3.chunk.js

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

00b5f1e0318ab5c9fd09d6546612e27d0ba7a100069bcaa583e8647f00859c5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 106006
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 75AA7AE5D05C0EDE
x-amz-id-2: Zt1ClN9ao5/uy6Q1ygMJAg4GBdv3R9pIevwzTpgHce+CpzXIq5cPuLlxyb+7DKREWereyDQNlLY=
last-modified: Thu, 11 Feb 2021 00:38:23 GMT
server: cloudflare
etag: W/"8b00178fd643c128daacb2a1d616a441"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: FqiXbWfRwXP_x.ZnFpz7efMkHxDR6M1_
cache-control: public, max-age=31536000
cf-request-id: 0851cd291e0000c2b319179000000001
cf-ray: 622fe4882c41c2b3-FRA
expires: Thu, 17 Feb 2022 13:35:38 GMT

GET
H2 200 2450.88cac39f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
4 KB 32ms
31ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2450.88cac39f.chunk.js

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ab8cf5b95cc0d8c09f2b40e430d70256a0acece01a10a13ef328ea757e3bed5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 60128
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: A0E6C610A04763CE
x-amz-id-2: 6lwv7DddjDI7nOCRUvByo7d6Adnzz3kYu26ZCSFIpFxjJa3i/f01iTUXDW4sY/ktUrsNI+kapEk=
last-modified: Fri, 12 Feb 2021 22:33:59 GMT
server: cloudflare
etag: W/"6b78bb0f0f0db9b08dd487184dba2070"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: gpcr7CEajLe.xZ0aryr9P_4FODzOXQbN
cache-control: public, max-age=31536000
cf-request-id: 0851cd29220000c2b380b0c000000001
cf-ray: 622fe4883c55c2b3-FRA
expires: Thu, 17 Feb 2022 13:35:38 GMT

GET
H2 200 Post.9074c401.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 5 KB
2 KB 15ms
15ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/Post.9074c401.chunk.js

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b2e354acabd5ab9ebe5c9edb677c2d5d2b66067d59f7b1fd5024a90892187044

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 96177
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: F1E5248C02F155DA
x-amz-id-2: /Y4oSv6WT17N34q8tiOl86kB6kbUD5LHLP5EEawKzJoxwGi+vl7Ukj1kKo3ou6kk04XxEwdAvVQ=
last-modified: Wed, 10 Feb 2021 15:54:04 GMT
server: cloudflare
etag: W/"1572f4c578c85833a928542648146825"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: 9icSow7Sz6OOQ_r.gt4kdORNuTwxIUF.
cache-control: public, max-age=31536000
cf-request-id: 0851cd292d0000c2b31b264000000001
cf-ray: 622fe4884c68c2b3-FRA
expires: Thu, 17 Feb 2022 13:35:38 GMT

POST
H2 200 graphql Show response
blog.confiant.com/_/ 94 B
398 B 228ms
227ms Fetch
application/json 52.1.119.170
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.confiant.com/_/graphql
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/8247.8b14dd5f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.1.119.170 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-1-119-170.compute-1.amazonaws.com
Software: nginx /
Resource Hash: c9a48087df22c321aaad606aebad8d559d6d877dd2f9552a6a6d637ae2266a90

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
ot-tracer-traceid: 52667149af227bc3
Medium-Frontend-Path: /malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
Graphql-Operation: InteractivePostBodyQuery
content-type: application/json
accept: */*
Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
Medium-Frontend-App: lite/main-20210216-205845-4f62e5873e
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
apollographql-client-version: main-20210216-205845-4f62e5873e
ot-tracer-spanid: 3c8849a472a680d5

Response headers

date: Wed, 17 Feb 2021 13:35:39 GMT
sepia-upstream: medium
server: nginx
etag: W/"5e-EbUYq76uRfYc3uo0xPnwfPXm1wI"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20210216-182048-20b3821289, rito/main-20210217-003948-5fc4c00f7d, tutu/main-20210216-203020-7d84ec7a4e
x-envoy-upstream-service-time: 111
content-length: 94
x-request-received-at: 1613568938993

GET
H/1.1 200
OK p.js Show response
d1z2jf7jlzjs58.cloudfront.net/keys/medium.com/ 48 KB
19 KB 169ms
69ms Script
application/x-javascript 65.9.91.185
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1z2jf7jlzjs58.cloudfront.net/keys/medium.com/p.js
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.f82521a2.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.91.185 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: f69fb1f1bdac04c805e171640feeb26af4c57592cf81f5bbfb4421403e4c9c62

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 01:03:10 GMT
Content-Encoding: gzip
Age: 45106
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Pragma: public
Last-Modified: Thu, 02 Apr 2020 00:28:20 GMT
Server: nginx
ETag: W/"5e8531a4-c079"
Content-Type: application/x-javascript
Via: 1.1 d9c696d6d0c92f63870873ced2895baa.cloudfront.net (CloudFront)
Cache-Control: max-age=86400, public
X-Amz-Cf-Pop: PRG50-C1
X-Amz-Cf-Id: i7F5fy2wuZLFHSL4FXUdjJW2Ie-9-FgBk_XXYmeyEpxlA9vG1m6qvA==
Expires: Thu, 18 Feb 2021 01:03:10 GMT

POST
H2 200 /
blog.confiant.com/_/clientele/reports/performance/ 0
0 136ms
135ms Fetch
application/octet-stream 52.1.119.170
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.confiant.com/_/clientele/reports/performance/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.f82521a2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.1.119.170 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-1-119-170.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 17 Feb 2021 13:35:39 GMT
medium-fulfilled-by: valencia/main-20210216-182048-20b3821289, clientele/main-20210216-183901-a3338db6be
x-envoy-upstream-service-time: 5
sepia-upstream: medium
server: nginx
content-length: 0
content-type: application/octet-stream

GET
H/1.1 200
OK branch-latest.min.js Show response
cdn.branch.io/ 78 KB
24 KB 172ms
67ms Script
text/javascript 65.9.20.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.branch.io/branch-latest.min.js
Requested by: Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba?gi=df5ec26d3d09
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.20.112 Orlando, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3ff0169292598bec1751fce80d0024e2c9e55c406b7456ef3aefae30bf3a4efb

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: c7Vvzbb8uKgHcC4eD_pqp123QB.GvKI.
Content-Encoding: gzip
Connection: keep-alive
Last-Modified: Thu, 19 Nov 2020 17:43:28 GMT
Server: AmazonS3
Age: 126
ETag: "d4ba055ba82c0baa510053e92eb83211"
X-Cache: Hit from cloudfront
Content-Type: text/javascript
Via: 1.1 c49bda74c25f4f26cc20173eec28da1f.cloudfront.net (CloudFront)
Cache-Control: max-age=300
Date: Wed, 17 Feb 2021 13:33:34 GMT
X-Amz-Cf-Pop: ZAG50-C1
Content-Length: 23541
X-Amz-Cf-Id: jm2bFRhgj4i2WPDGXjT4QJTx0X4U6ydjaAqLlheliQu2AYJox55w6w==

POST
H2 200 /
blog.confiant.com/_/clientele/reports/performance/ 0
0 116ms
116ms Fetch
application/octet-stream 52.1.119.170
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.confiant.com/_/clientele/reports/performance/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.f82521a2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.1.119.170 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-1-119-170.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 17 Feb 2021 13:35:39 GMT
medium-fulfilled-by: valencia/main-20210216-182048-20b3821289, clientele/main-20210216-183901-a3338db6be
x-envoy-upstream-service-time: 4
sepia-upstream: medium
server: nginx
content-length: 0
content-type: application/octet-stream

GET
H2 200 1*Wy58GiNKHio9Lw5FPovQkg.png
miro.medium.com/max/1284/ 629 KB
630 KB 35ms
35ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/1284/1*Wy58GiNKHio9Lw5FPovQkg.png

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1744ce106b3ef791879612fc3df2ea20a054d38c0af9633672fe3fd36f56993e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:39 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26367
x-envoy-upstream-service-time: 108
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 644483
cf-request-id: 0851cd2f1f0000c2b35f325000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210215-211444-39f031e4e8
accept-ranges: bytes
cf-ray: 622fe491cc69c2b3-FRA
expires: Fri, 19 Mar 2021 13:35:39 GMT

GET
H2 200 1*-Tu1Wo8r_NRYYD4WrEBXZw.jpeg
miro.medium.com/max/6024/ 1 MB
1 MB 45ms
45ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/6024/1*-Tu1Wo8r_NRYYD4WrEBXZw.jpeg

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

74db9f2cde33f4e8e56e0973f4bae933e28cd4ee4e4df3cb4445fca111887f4e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:39 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26367
x-envoy-upstream-service-time: 77
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1540192
cf-request-id: 0851cd2f1f0000c2b31b29a000000001
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210215-211444-39f031e4e8
accept-ranges: bytes
cf-ray: 622fe491cc6bc2b3-FRA
expires: Fri, 19 Mar 2021 13:35:39 GMT

GET
H2 200 1*UywtNJnE4XVUh37bU2_3aA.png
miro.medium.com/max/1284/ 552 KB
552 KB 71ms
71ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/1284/1*UywtNJnE4XVUh37bU2_3aA.png

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55791f87ff18ba6ef925aff0f3630cee093333e3f1acf325a448b6ffaa830c9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:39 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26367
x-envoy-upstream-service-time: 87
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 564769
cf-request-id: 0851cd2f200000c2b3791a2000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210215-211444-39f031e4e8
accept-ranges: bytes
cf-ray: 622fe491cc6dc2b3-FRA
expires: Fri, 19 Mar 2021 13:35:39 GMT

GET
H2 200 1*nCG6ZjbfU6TaRxys29kWeA.jpeg
miro.medium.com/max/640/ 90 KB
90 KB 59ms
58ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/640/1*nCG6ZjbfU6TaRxys29kWeA.jpeg

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c1faacacf8992fa1f6268c6ee62a8dd83df123ffb83f0a872f25ce1e64b43a45

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:39 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26367
x-envoy-upstream-service-time: 54
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 92366
cf-request-id: 0851cd2f210000c2b31a07a000000001
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210215-211444-39f031e4e8
accept-ranges: bytes
cf-ray: 622fe491cc6ec2b3-FRA
expires: Fri, 19 Mar 2021 13:35:39 GMT

GET
H/1.1 200
OK /
srv-2021-02-17-13.pixel.parsely.com/plogger/ 43 B
229 B 428ms
107ms Image
image/gif 52.4.159.209
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://srv-2021-02-17-13.pixel.parsely.com/plogger/?rand=1613568940298&plid=31105339&idsite=medium.com&url=https%3A%2F%2Fblog.confiant.com%2Fmalvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%22viewerStatus%22%3A%22visitor%22%7D&sid=1&surl=https%3A%2F%2Fblog.confiant.com%2Fmalvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba&sref=&sts=1613568940292&slts=0&title=Malvertiser+%E2%80%9CScamClub%E2%80%9D+Bypasses+Iframe+Sandboxing+With+postMessage()+Shenanigans+%5BCVE-2021%E2%80%931801%5D+%7C+by+Eliya+Stein+%7C+Feb%2C+2021+%7C+Confiant&date=Wed+Feb+17+2021+14%3A35%3A40+GMT%2B0100+(Central+European+Standard+Time)&action=pageview&js=1&pvid=32016067&u=pid%3D6ebb7520b59728ff5d6c943df2b40e8f
Requested by: Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.4.159.209 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-4-159-209.compute-1.amazonaws.com
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 13:35:40 GMT
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H/1.1 200
OK _r Show response
app.link/ 90 B
741 B 248ms
196ms Script
text/javascript 2600:9000:20d7:a200:19:9934:6a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.link/_r?sdk=web2.57.1&branch_key=key_live_ofxXr2qTrrU9NqURK8ZwEhknBxiI6KBm&callback=branch_callback__0

Requested by

Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20d7:a200:19:9934:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

openresty / Express

Resource Hash

6d1a70eee4a89e8ad46034a1f34dbe1ad140e9dee00fe9401e3a6c0de11f4a1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 13:35:40 GMT
Via: 1.1 e25359babcc045566ea407b8f6ab0b65.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
Server: openresty
X-Amz-Cf-Pop: ZAG50-C1
X-Powered-By: Express
X-Cache: Miss from cloudfront
Content-Type: text/javascript; charset=utf-8
Connection: keep-alive
Content-Length: 90
ETag: W/"5a-qkyP2WVybiyFqxGhp2quhMb9Nac"
X-Amz-Cf-Id: XTEuXuk37b5klpDLlnDsl-039N6mzoXPzc7VyFAhYGy0ywlZ0QbnJw==

GET
H2 200 1*nCG6ZjbfU6TaRxys29kWeA.jpeg
miro.medium.com/max/334/ 42 KB
42 KB 23ms
23ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/334/1*nCG6ZjbfU6TaRxys29kWeA.jpeg

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fc98606c4df22821f938771d2150cf56e830f046ae37c74ca649cba7cb161c57

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:40 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26366
x-envoy-upstream-service-time: 35
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43156
cf-request-id: 0851cd31150000c2b357a7a000000001
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210215-211444-39f031e4e8
accept-ranges: bytes
cf-ray: 622fe494ef08c2b3-FRA
expires: Fri, 19 Mar 2021 13:35:40 GMT

GET
H2 200 1*UywtNJnE4XVUh37bU2_3aA.png
miro.medium.com/max/334/ 92 KB
92 KB 21ms
21ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/334/1*UywtNJnE4XVUh37bU2_3aA.png

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cd168544aa8e12846d7ed1fd7b8fef34e5f4db5056da5e22d95d3da829c70508

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:40 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26366
x-envoy-upstream-service-time: 147
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 93980
cf-request-id: 0851cd31620000c2b3208f3000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210215-211444-39f031e4e8
accept-ranges: bytes
cf-ray: 622fe4956f5dc2b3-FRA
expires: Fri, 19 Mar 2021 13:35:40 GMT

GET
H2 200 1*Wy58GiNKHio9Lw5FPovQkg.png
miro.medium.com/max/334/ 107 KB
107 KB 22ms
17ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/334/1*Wy58GiNKHio9Lw5FPovQkg.png

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bf976c71e528597c5a7e0ab4c8b41c4a65bbdd649dddba673586988355d2353a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:40 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26366
x-envoy-upstream-service-time: 86
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 109199
cf-request-id: 0851cd31780000c2b3860ff000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210215-211444-39f031e4e8
accept-ranges: bytes
cf-ray: 622fe4958f7ac2b3-FRA
expires: Fri, 19 Mar 2021 13:35:40 GMT

GET
H2 200 1*-Tu1Wo8r_NRYYD4WrEBXZw.jpeg
miro.medium.com/max/700/ 63 KB
63 KB 32ms
32ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/700/1*-Tu1Wo8r_NRYYD4WrEBXZw.jpeg

Requested by

Host: blog.confiant.com
URL: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8a064169fcf0de82a164bc3cb3f9eff78579d27b94e74ee9eab542f222d2278b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:40 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26366
x-envoy-upstream-service-time: 46
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 64446
cf-request-id: 0851cd31b50000c2b380b55000000001
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210215-211444-39f031e4e8
accept-ranges: bytes
cf-ray: 622fe495efb8c2b3-FRA
expires: Fri, 19 Mar 2021 13:35:40 GMT

POST
H2 200 reports Show response
lightstep.medium.systems/api/v0/ 96 B
387 B 105ms
105ms XHR
application/json 2606:4700:e2::ac40:8a24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/5573.159bf40f.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8a24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 28036be404c179df1d2cd44a06045118e4815b667397896bcabdc7a1e40c01f4

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 17 Feb 2021 13:35:40 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: *
report-to: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=VBHAlB2OKtAaKbaGjNbb9Oje2xqCGi9h2A0tv2vVkXhADu3hkuCi4DrBlYtAUMTV1WG2C%2F1WQy4OzBZf%2BTElAa0fFGDSj2STzAITv9DhAzqx2nfQUnGbdB4T74%2BnWzGvbKng%2BDY%3D"}]}
access-control-allow-credentials: true
x-envoy-upstream-service-time: 0
cf-ray: 622fe49749cd0629-FRA
access-control-allow-headers: LightStep-Access-Token, Content-Type
cf-request-id: 0851cd328a00000629c581d000000001

OPTIONS
H2 200 reports
lightstep.medium.systems/api/v0/ 0
0 130ms
114ms Other 2606:4700:e2::ac40:8a24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Protocol: H2
Server: 2606:4700:e2::ac40:8a24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,lightstep-access-token
Origin: https://blog.confiant.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 17 Feb 2021 13:35:40 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
x-envoy-upstream-service-time: 1
cf-cache-status: DYNAMIC
cf-request-id: 0851cd3217000006292717a000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=S%2FCvuAaHeyUS%2FffPYVsBBwUPUEI3g6D6i1Zje%2Fa582Lf6Lb4m64LaplLntJ2MeHIfe9hSdOxnPOzVRgWi8dHcxiC9BCKmyfCMYjcyMaxg37m5PbnYGt%2BfmXJ83v3HezsUUpOI6A%3D"}]}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 622fe49688ce0629-FRA

POST
H2 200 open Show response
api2.branch.io/v1/ 312 B
626 B 249ms
199ms XHR
application/json 2600:9000:20d7:1c00:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/open
Requested by: Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20d7:1c00:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 970b2a2b7ac5c55bf6a1af9d27cfa11cc3a3d96876d0c73165a35f7d5551c158

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 17 Feb 2021 13:35:40 GMT
via: 1.1 a0b6e5bd6cf5596d4f38f0df8fa929e1.cloudfront.net (CloudFront)
x-amz-cf-pop: ZAG50-C1
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache
x-branch-request-id: b116efec804846d2830e3e4a2ec2cfe3-2021021713
content-length: 312
x-amz-cf-id: UokOtfQuXlfccT8AkItg21GwkZCeT5QOj9l42FnlsLQVAeqlOcKHXQ==

OPTIONS
H/1.1 200
OK log
errors.client.optimizely.com/ 0
0 451ms
112ms Other
text/plain 52.45.159.209
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://errors.client.optimizely.com/log
Protocol: HTTP/1.1
Server: 52.45.159.209 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-45-159-209.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://blog.confiant.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Accept,Origin
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: https://blog.confiant.com
Access-Control-Max-Age: 1800
Allow: POST,OPTIONS
Content-Type: text/plain
Date: Wed, 17 Feb 2021 13:35:41 GMT
Content-Length: 13
Connection: keep-alive

POST
H/1.1 204
No Content log Show response
errors.client.optimizely.com/ 0
243 B 113ms
112ms XHR
text/plain 52.45.159.209
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://errors.client.optimizely.com/log
Requested by: Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/16180790160.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.45.159.209 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-45-159-209.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

Access-Control-Allow-Origin: https://blog.confiant.com
Access-Control-Expose-Headers
Access-Control-Allow-Credentials: true
Connection: keep-alive
Date: Wed, 17 Feb 2021 13:35:41 GMT
Content-Type: text/plain

POST
H2 200 /
blog.confiant.com/_/clientele/reports/performance/ 0
0 117ms
116ms Fetch
application/octet-stream 52.1.119.170
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.confiant.com/_/clientele/reports/performance/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.f82521a2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.1.119.170 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-1-119-170.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 17 Feb 2021 13:35:40 GMT
medium-fulfilled-by: valencia/main-20210216-182048-20b3821289, clientele/main-20210216-183901-a3338db6be
x-envoy-upstream-service-time: 5
sepia-upstream: medium
server: nginx
content-length: 0
content-type: application/octet-stream

POST
H2 200 profile Show response
api2.branch.io/v1/ 180 B
564 B 531ms
531ms XHR
application/json 2600:9000:20d7:1c00:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/profile

Requested by

Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20d7:1c00:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ Express

Resource Hash

e863476ca137baf487fa2226d714b3c8c8044372f9b15f216d8ec36a7a7e746f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 17 Feb 2021 13:35:41 GMT
via: 1.1 a0b6e5bd6cf5596d4f38f0df8fa929e1.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: ZAG50-C1
x-powered-by: Express
etag: W/"b4-KVHIJFaGJxAF3qvrVhSSeZQ9zzs"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: 45479d06ca7c4e2fbd8ab9218cd914eb-2021021713
content-length: 180
x-amz-cf-id: rO9xWOmfHfSqgBxDNbsPM_msqo6f0vP1zvNhsntJcKyMVLTwnG6P7g==

OPTIONS
H2 200 pub853ea8d17ad6821d9f8f11861d23dfed
browser-http-intake.logs.datadoghq.com/v1/input/ 0
0 271ms
88ms Other 2600:1f18:24e6:b901:37ab:31ab:c1af:3426
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://browser-http-intake.logs.datadoghq.com/v1/input/pub853ea8d17ad6821d9f8f11861d23dfed
Protocol: H2
Server: 2600:1f18:24e6:b901:37ab:31ab:c1af:3426 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://blog.confiant.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 17 Feb 2021 13:35:41 GMT
content-length: 0
access-control-allow-origin: *
access-control-allow-methods: POST
access-control-allow-headers: x-logmatic-add-useragent,x-logmatic-add-ip,content-type
access-control-max-age: 0

POST
H2 200 pub853ea8d17ad6821d9f8f11861d23dfed Show response
browser-http-intake.logs.datadoghq.com/v1/input/ 2 B
93 B 186ms
186ms Fetch
application/json 2600:1f18:24e6:b901:37ab:31ab:c1af:3426
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://browser-http-intake.logs.datadoghq.com/v1/input/pub853ea8d17ad6821d9f8f11861d23dfed
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.f82521a2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:24e6:b901:37ab:31ab:c1af:3426 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Wed, 17 Feb 2021 13:35:41 GMT
content-length: 2
content-type: application/json

POST
H2 200 reports Show response
lightstep.medium.systems/api/v0/ 96 B
370 B 106ms
105ms XHR
application/json 2606:4700:e2::ac40:8a24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/5573.159bf40f.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8a24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e44cfe308572c7a03d42b5f07c3f46e273a788c98f5f1d10b7c14910db7c9f5c

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 17 Feb 2021 13:35:41 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: *
report-to: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=mRECp6YTfKkCOoHq9d1gIgw1ZSZZZFkuo8dyLSTeMYIX%2FeSfBX0iSLavKsL5kAldHCmi3WlcLfxNxqcQ0guyGepmMvYkyx3kNirKlBTf9i5Uo8S6x4wVVsikvhFZOu%2Ff2x%2B5IVo%3D"}]}
access-control-allow-credentials: true
x-envoy-upstream-service-time: 0
cf-ray: 622fe49b3fe10629-FRA
access-control-allow-headers: LightStep-Access-Token, Content-Type
cf-request-id: 0851cd350700000629f501a000000001

OPTIONS
H2 200 reports
lightstep.medium.systems/api/v0/ 0
0 101ms
100ms Other 2606:4700:e2::ac40:8a24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Protocol: H2
Server: 2606:4700:e2::ac40:8a24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,lightstep-access-token
Origin: https://blog.confiant.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 17 Feb 2021 13:35:41 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
x-envoy-upstream-service-time: 0
cf-cache-status: DYNAMIC
cf-request-id: 0851cd34a100000629003de000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=mJrvPVnwH2Olnwe5s16RMOn48BQL56o8f5jSQD7E1OLwB8pNn5yqyJcfk6ucXcF1njink0ta072%2FPZJsOjOIaJ23tzTWBfDugsXoOQvtY%2BmEfUjasE1U7y9yLCajmvCyPEq6Jdk%3D"}]}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 622fe49a9ef70629-FRA

GET
H2 200 responses.editor.9832d7f7.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 13 KB
5 KB 20ms
20ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/responses.editor.9832d7f7.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.66214212.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3d492eb9126963fcc8ed7e9118840e36e1ecf5624accee7c72ceeea95cba388

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 13:35:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 58492
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: F465D25BAC3188D1
x-amz-id-2: 6EDArgb/NfhSamx+3qMdkLMcX6028Uk0JeuSs65VIk5ppeB6zZZz3Q+fxeAvYX27f99N4vtwXyM=
last-modified: Tue, 16 Feb 2021 21:09:11 GMT
server: cloudflare
etag: W/"86d6d11b673500d94e7af7b35bed5f85"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: tWtLkkG1MK9xuBHPKQd8j6Ra.cE8vyY6
cache-control: public, max-age=31536000
cf-request-id: 0851cd34b60000c2b3728b6000000001
cf-ray: 622fe49abc78c2b3-FRA
expires: Thu, 17 Feb 2022 13:35:41 GMT

POST
H2 200 graphql Show response
blog.confiant.com/_/ 301 B
606 B 228ms
227ms Fetch
application/json 52.1.119.170
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.confiant.com/_/graphql
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/8247.8b14dd5f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.1.119.170 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-1-119-170.compute-1.amazonaws.com
Software: nginx /
Resource Hash: c7f3836feef3b269bf53ecae1641f2933b8ed994fa442d30022a6fc88fc48812

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
ot-tracer-traceid: 52667149af227bc3
Medium-Frontend-Path: /malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
Graphql-Operation: PagedThreadedPostResponsesQuery
content-type: application/json
accept: */*
Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
Medium-Frontend-App: lite/main-20210216-205845-4f62e5873e
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
apollographql-client-version: main-20210216-205845-4f62e5873e
ot-tracer-spanid: 3c8849a472a680d5

Response headers

date: Wed, 17 Feb 2021 13:35:41 GMT
sepia-upstream: medium
server: nginx
etag: W/"12d-N3/I0S4sE6kD7AS/2m5NJpe6Ux8"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20210216-182048-20b3821289, rito/main-20210217-003948-5fc4c00f7d, tutu/main-20210216-203020-7d84ec7a4e
x-envoy-upstream-service-time: 108
content-length: 301
x-request-received-at: 1613568941389

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
389 B 578ms
578ms XHR
application/json 2600:9000:20d7:1c00:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/pageview
Requested by: Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20d7:1c00:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: / Express
Resource Hash: a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 17 Feb 2021 13:35:41 GMT
via: 1.1 a0b6e5bd6cf5596d4f38f0df8fa929e1.cloudfront.net (CloudFront)
x-amz-cf-pop: ZAG50-C1
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: c46cea0c8d9e4103934d55adc3ddffcc-2021021713
content-length: 28
x-amz-cf-id: r_MGAj1MOPfGHZbJVp1Jb5zUV5NEqo0gAyK_l7N93ofTPDRX-1ZzOQ==

POST
H2 200 reports Show response
lightstep.medium.systems/api/v0/ 96 B
363 B 108ms
108ms XHR
application/json 2606:4700:e2::ac40:8a24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/5573.159bf40f.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8a24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 161dd580b0685360530bb3c6ec66a44ef5996b014bd0a120db0455d1eb7d206e

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 17 Feb 2021 13:35:41 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: *
report-to: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=DiNcM2HBGmrF3ZvgCq97ZJUa59j4VnySb42oQd6EfgBcWKaceBFacTeHBlIygsp5fD1OhXk6EiDUmy0ag9SWFSAP42ZnWd6QjIytsaXjkUxEuNWohvBm4uL7XZUKZzCClsqgncw%3D"}]}
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1
cf-ray: 622fe49ebce50629-FRA
access-control-allow-headers: LightStep-Access-Token, Content-Type
cf-request-id: 0851cd37310000062901102000000001

OPTIONS
H2 200 reports
lightstep.medium.systems/api/v0/ 0
0 104ms
103ms Other 2606:4700:e2::ac40:8a24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Protocol: H2
Server: 2606:4700:e2::ac40:8a24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,lightstep-access-token
Origin: https://blog.confiant.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 17 Feb 2021 13:35:41 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
x-envoy-upstream-service-time: 0
cf-cache-status: DYNAMIC
cf-request-id: 0851cd36c50000062912113000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=udh%2FVL5QTZHPYqgRounyv%2BM9rddD%2B3aHOQST8ZWr4lY2%2F%2FLzGw2Khuyr0OECVzzPMwXam1hrtfmxIO1%2FOAvge0c4glKrUi8%2BOR0Or3W1I%2BFF7HWE5rkUKsPtGvpOpPqjR%2FF1GQc%3D"}]}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 622fe49e0c020629-FRA

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
387 B 223ms
222ms XHR
application/json 2600:9000:20d7:1c00:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/pageview
Requested by: Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20d7:1c00:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: / Express
Resource Hash: a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 17 Feb 2021 13:35:42 GMT
via: 1.1 a0b6e5bd6cf5596d4f38f0df8fa929e1.cloudfront.net (CloudFront)
x-amz-cf-pop: ZAG50-C1
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: ab9f78c0f2c44569af3c594cf26b87d0-2021021713
content-length: 28
x-amz-cf-id: NHTCiho3j51-y9xoigAzHFbdJlanBJTb1cL_yQovPGcQCG9ou8LaTg==

POST
H2 200 reports Show response
lightstep.medium.systems/api/v0/ 96 B
613 B 119ms
119ms XHR
application/json 2606:4700:e2::ac40:8a24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/5573.159bf40f.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8a24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff53a28c9d6bb29963a4c205e1672af5eae8fc48e5dd928c1b3fd0636a605514

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 17 Feb 2021 13:35:42 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: *
report-to: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=bNRfrHT%2F%2BZfbCZKZrUZHVQwbZbn1pogwaLGTPJa0mmS5AxwiUHX8xeIZ0WhYqZHuq8rPYZZiQex0DqVnp6k%2BqPBnxvVf5cRHOFnWU2mDUWEd0O9ZW9W0ugd2KssQsM4H%2Fo3BBv0%3D"}]}
access-control-allow-credentials: true
x-envoy-upstream-service-time: 0
cf-ray: 622fe4a1e95f0629-FRA
access-control-allow-headers: LightStep-Access-Token, Content-Type
cf-request-id: 0851cd393500000629f037a000000001

OPTIONS
H2 200 reports
lightstep.medium.systems/api/v0/ 0
0 104ms
104ms Other 2606:4700:e2::ac40:8a24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Protocol: H2
Server: 2606:4700:e2::ac40:8a24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,lightstep-access-token
Origin: https://blog.confiant.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 17 Feb 2021 13:35:42 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
x-envoy-upstream-service-time: 0
cf-cache-status: DYNAMIC
cf-request-id: 0851cd38cd00000629d6a21000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ci86lASgYqB79WU39KB1GxG%2FqCIdCHuRlrREPWtvch1jDbAq902a2LuNWVap%2FZHxXlOGyUuX7d7PG%2BE4iN4omPU31Ls64Nmm6SYAfmS6zbtdRe2nbnkS13ZXkHyZDRReh1VrpcQ%3D"}]}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 622fe4a1485d0629-FRA

POST
H2 200 batch Show response
blog.confiant.com/_/ 17 B
247 B 268ms
267ms Fetch
application/json 52.1.119.170
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.confiant.com/_/batch
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.f82521a2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.1.119.170 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-1-119-170.compute-1.amazonaws.com
Software: nginx /
Resource Hash: f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
x-xsrf-token: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
content-type: application/json

Response headers

date: Wed, 17 Feb 2021 13:35:44 GMT
medium-fulfilled-by: valencia/main-20210216-182048-20b3821289
x-envoy-upstream-service-time: 133
sepia-upstream: medium
server: nginx
content-length: 17
content-type: application/json

OPTIONS
H2 200 reports
lightstep.medium.systems/api/v0/ 0
0 104ms
104ms Other 2606:4700:e2::ac40:8a24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Protocol: H2
Server: 2606:4700:e2::ac40:8a24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,lightstep-access-token
Origin: https://blog.confiant.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 17 Feb 2021 13:35:45 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
x-envoy-upstream-service-time: 3
cf-cache-status: DYNAMIC
cf-request-id: 0851cd442800000629d21d5000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=nR2GcqkIJec61y8Pk8i%2Bkk9cUTQRJoq5Cq4eTNlz%2FtWUO7cirjvJa8XwdS%2BQzmwhwAG4qOLf3RISl4mHzhxSM5INcOf25YLiufiiewcCAlrOk9sBxPabkw1M%2F%2Bqh25clwlA852c%3D"}]}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 622fe4b37a660629-FRA

POST
H2 200 reports Show response
lightstep.medium.systems/api/v0/ 96 B
390 B 120ms
120ms XHR
application/json 2606:4700:e2::ac40:8a24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/5573.159bf40f.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8a24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 57abd3497e0493ea1f2026cdf2a4c5747fb61f51bdbac7110ce6f5c309b04744

Request headers

Referer: https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 17 Feb 2021 13:35:45 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: *
report-to: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=JrYvQfeUcQd19h24%2B1jmnJ37YUKa7GSlr0I2ELmQsG4nH1%2Bex%2FS5pFV1ERqI4cSZmgA0efigC0SRfiyDelMXVXvtAJqNb%2Fe%2BqaFnmjnIpV5moBsQJv3lrNQ4UX6ikw%2BJfvOJD6Q%3D"}]}
access-control-allow-credentials: true
x-envoy-upstream-service-time: 0
cf-ray: 622fe4b41b4e0629-FRA
access-control-allow-headers: LightStep-Access-Token, Content-Type
cf-request-id: 0851cd449100000629312e8000000001

Verdicts & Comments Add Verdict or Comment

29 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.confiant.com/	1970-01-20 01:42:12	Name: _parsely_visitor Value: {%22id%22:%22pid=6ebb7520b59728ff5d6c943df2b40e8f%22%2C%22session_count%22:1%2C%22last_session_ts%22:1613568940292}
blog.confiant.com/	1970-01-19 16:22:53	Name: lightstep_session_id Value: 44cc1ead04f70cec
.confiant.com/	1970-01-19 16:12:48	Name: _gat Value: 1
.confiant.com/	1970-01-20 09:44:00	Name: _ga Value: GA1.2.75800161.1613568938
.confiant.com/	1970-01-19 16:12:50	Name: _parsely_session Value: {%22sid%22:1%2C%22surl%22:%22https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba%22%2C%22sref%22:%22%22%2C%22sts%22:1613568940292%2C%22slts%22:0}
blog.confiant.com/	1970-01-20 00:58:24	Name: optimizelyEndUserId Value: lo_f443bc29b151
blog.confiant.com/	1970-01-20 00:58:24	Name: sid Value: 1:wKF3MD+GBoMdcNTGLI0ByypjNo67/pVyu0e5uqvbP61DqhG7W5lq4FZcLQoJqrXB
.confiant.com/	1970-01-19 16:14:15	Name: _gid Value: GA1.2.1713727075.1613568938
blog.confiant.com/	1970-01-19 16:22:53	Name: lightstep_guid/lite-web Value: 241baed1351acea0
blog.confiant.com/	1970-01-20 00:58:24	Name: uid Value: lo_f443bc29b151

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://cdn-client.medium.com/lite/static/js/main.f82521a2.js(Line 1) Message: ... .,ok000Oxc. 'oxo, .' ,kWMMMMMMMMXo;. ;KMWMX: lK, ,0MMMMMMMMMMMWNd'xMMMMMO;xWl lWMMMMMMMMMMMMM0lOMMMMMKoOMo cNMMMMMMMMMMMMMk:OMMMMM0lkWl .dNMMMMMMMMMMKx; lWMMMWd.dN: ;kXWMMMMWKd' .oXWXx. ;o. .;ccc:,. .,.
console-api	log	URL: https://cdn-client.medium.com/lite/static/js/main.f82521a2.js(Line 1) Message: We're hiring! https://medium.com/jobs-at-medium/work-at-medium-959d1a85284e

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	allow-from medium.com

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api2.branch.io
app.link
blog.confiant.com
browser-http-intake.logs.datadoghq.com
cdn-client.medium.com
cdn.branch.io
cdn.optimizely.com
d1z2jf7jlzjs58.cloudfront.net
errors.client.optimizely.com
glyph.medium.com
lightstep.medium.systems
medium.com
miro.medium.com
srv-2021-02-17-13.pixel.parsely.com
www.google-analytics.com
2600:1f18:24e6:b901:37ab:31ab:c1af:3426
2600:9000:20d7:1c00:11:f728:3040:93a1
2600:9000:20d7:a200:19:9934:6a80:93a1
2606:4700:7::a29f:9804
2606:4700:e2::ac40:8a24
2a00:1450:4001:827::200e
2a02:26f0:7100:19b::13b8
52.1.119.170
52.4.159.209
52.45.159.209
65.9.20.112
65.9.91.185
00abc22d9d07773cdd5bf358a1f3432a35dba8681e0dddf41eb1d2a99c140d0b
00b5f1e0318ab5c9fd09d6546612e27d0ba7a100069bcaa583e8647f00859c5c
087316f29690e0a35f6642721fb9bf8d05bb9cbac3bbb30c822ba878ff7965d8
0a4fadfe689b0e24b09ed940cc5f12318ae20a25f43ec9171f2eee2b84a57ee0
0c5e049da8694e8e8e63cd658ed14b63fd413810c662bdabc92aecb9136345dc
0e86fe8c1606e924a4e97954c26536fa5e607a8e80245236f29fc2dd94451107
0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a
161dd580b0685360530bb3c6ec66a44ef5996b014bd0a120db0455d1eb7d206e
1744ce106b3ef791879612fc3df2ea20a054d38c0af9633672fe3fd36f56993e
1c7c9775e61e81487582dce08904a699a32ec9a6d94512ab155a3efffdd2d38e
22fc17fb60d280353af8659152a672f0ba1d28f1d91ab7bf2d81e6b3f682fb6e
246ccaab292a7a6fdbe323d7b4eace17908b22dc9ad644ad3acec17391e1b1ee
28036be404c179df1d2cd44a06045118e4815b667397896bcabdc7a1e40c01f4
2b756b71eac47a1927041c6bbf7c0fcbd04477373df29788591331a5e406ee9e
2daea5064cf86c5ff8c43b97599d01727870f593b89bf5114c3f206000321b53
2ddc01f4ad56c508a67100aa4ec3a5cda9af0ee5ba09a9f7709fb4597c236092
2ea72bfc6c97678ab729477b178536f4af5132997327388397642c5e283f70ee
2fc286495ca65ade266162e49b9a03caea0aac377c2510d3065a61d6abe8e7da
3642d3805e9ba66fb550403766a10734052136d07789afe554763dc5658d41f0
387b4e6c558481b50671dfc3fc34b5eba703960fd2e5327776783ea4874358e3
39218eb69121074a8f03387564b81dfd3da1a38149bcf53ea1a28994ae672d82
3bb17ddfe5497a0645f9f62adc99bba605f073e92f958495127a91aa8950e7cf
3be1830d320eb562425d992cb220305a2b1526c3434a6c7f517d3cd38a249f61
3db4c40e4a4fbb84b04a8b160a7fa6324ff9ecc0a020779fa604b00ac23d125f
3f967640b084b03c8f25fc52173114d976c173fc273d31c128cf2c553e15b89c
3ff0169292598bec1751fce80d0024e2c9e55c406b7456ef3aefae30bf3a4efb
437b8236d1bd8a75a3bd87d4529650b68376ef6a3f673442624f8e00a92c08ba
43d42fed375532b8d7a4f71238114c27de9eb978c98ebbf97d237edf139548c2
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
454a0d05667cf49483dfa7353adf276632fb89eeec09b0a46f9dd34079e2451a
46dcdb0cec75318a4d4dad2ceaf58b77bf41feef07f017f7a7602409d33b1761
484781cc010cec660da69dc9dbfb22cf5908de06130fdc6ecf7e555702104cb1
521fc7ed31a9b3bf4aaf51ad52ca16362a8535c90d242fcbc425848dd6054019
55791f87ff18ba6ef925aff0f3630cee093333e3f1acf325a448b6ffaa830c9c
573212a21fd7654c3d10be95f2329cdefa5393f1e784fda8eb0b2bae1f6cf9ed
57abd3497e0493ea1f2026cdf2a4c5747fb61f51bdbac7110ce6f5c309b04744
5b06b589b00aa9446a188742e331798f4c354285134da29f8d8c2ef549d51105
5c184d9155e9fa62111bdee27d27bb0b316f24b966089342d0e49b5134166432
5d9c8ca07d24910b8d4fe114d6f378f8c4e6c1aa3fa0c2a65df022a321c2d9ba
6294dafd402fcfcb1964fd091f573c7790d7fbdb654bb21e9f9cf24f51c2834a
630ca5ade39e8684f33f4b408a089a1895dd4f782284c8dcaf225def1f46655f
68e525515c7bd9c141f21d9aa7a240b49e5bc6928febe837ce7e19b40a25b257
6af37f7c99c415e6ae052347522a648d0b59dd72a071a1fb1b40534126435aa6
6d1a70eee4a89e8ad46034a1f34dbe1ad140e9dee00fe9401e3a6c0de11f4a1b
7147f23b4281603fecf02a0673a31adfe3e53352f8e7dcf0d70c0a353b343faf
74db9f2cde33f4e8e56e0973f4bae933e28cd4ee4e4df3cb4445fca111887f4e
7b291bac4cab78306a75e1a45638905656722c05eea8ddf56f41048bbd7588a9
7c641f892f22057d280574902211a972b66f21887b9605d6373420616c2998b3
7de86495b2cc2bb8cb0114b62861ee7775a0ce3aa22177bf11adf33135933fde
8a064169fcf0de82a164bc3cb3f9eff78579d27b94e74ee9eab542f222d2278b
8b0c060701a878582fead05b30ef2d4786ef2dd4f61d58b56f1edd52fe91781b
8f92f3f681b1b327bb9ff0cbbd11cecd0e6f15e038a49dea0707eafee0132f2e
961f2b3e92eba06b032c090511ab8fb8b65ff7f0b471c7bd22817061288f8368
970b2a2b7ac5c55bf6a1af9d27cfa11cc3a3d96876d0c73165a35f7d5551c158
9b00073510230c77c12bf96fb45fd2dc19e249748b45538b1db21bc990872e62
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a3d669b687929b3aa777fdd2c400c2b8c6b794978536a64d7e1f71edcf8037e8
a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb
aa5ddb540c927f5e3a968acdc2b9ceb4ba305f54b310df008a96ee3e85a66713
ab8cf5b95cc0d8c09f2b40e430d70256a0acece01a10a13ef328ea757e3bed5d
ac3e1c56f4f3486241f03a4f0ea323821d26e99e9c40062034d52cea1931215c
ae1606b6f60a768561b549aac72da45bf01183e7e7bd9b55054ad8013903d8c5
ae7a5d73cd4c61d43ca4a85ce7eb40ca5dfb6ae42310df084a23f2cf16bd88ff
b2e354acabd5ab9ebe5c9edb677c2d5d2b66067d59f7b1fd5024a90892187044
bf976c71e528597c5a7e0ab4c8b41c4a65bbdd649dddba673586988355d2353a
c1faacacf8992fa1f6268c6ee62a8dd83df123ffb83f0a872f25ce1e64b43a45
c2095b78ac8bde0c5108f90dfb38de9132f193bbf29ae55eff39e07a5514c31c
c78db37e1195da9fbd1fa07a47a20728ee78b8ac1b9ff12f55e7a5a1213a19f8
c7f3836feef3b269bf53ecae1641f2933b8ed994fa442d30022a6fc88fc48812
c91611bbeba53d744d5533e444174ec2cc59f1955bbd9480374073fd92842737
c9a48087df22c321aaad606aebad8d559d6d877dd2f9552a6a6d637ae2266a90
c9bc8189ed488a53793891d9e4f61c3c5533b4b56ff130378fb7b8d8c9c6c3a2
ccf963d03112580640524933d3aefadb9ba71716969637ee74455043217b8569
cd168544aa8e12846d7ed1fd7b8fef34e5f4db5056da5e22d95d3da829c70508
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0802dae7dcd24caf6e0b7476de116171c46c668553fd8306dad94d14c9de092
da4abf1c7a9b312990ecaf06b559c20a13b92dc6593076388f9b9b451b3cff6f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3d492eb9126963fcc8ed7e9118840e36e1ecf5624accee7c72ceeea95cba388
e44cfe308572c7a03d42b5f07c3f46e273a788c98f5f1d10b7c14910db7c9f5c
e863476ca137baf487fa2226d714b3c8c8044372f9b15f216d8ec36a7a7e746f
e94f5c9ab17624e0617356aa0ce9b87c16a4a62e48ff8ccaabe6963072b76ef8
eca3e21c19e0b31b57f69d62e9ab8da043ffff1f8d274b65c041df013d22c47a
ed4c8a9798688fffe27a1d9665e9eba2c1fd8577cd86af887c4420d9d16486de
eec8f12d2bbda06cae1aa15e05145e43e90d28c2fd41f3d75c5c85fe9eebb077
f0b9a9e4ea994c106a4fc595828ca1332b2cd0435d5d159d26d1773344d97367
f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
f25e38427a40e8d86aee0f6077a7dc2e8d2178a3e93d18b9e11abe025f2809cd
f57137897a4e676f0d2199b79def1a95b253a1a938dff9d8ba10519f3beb2b08
f69fb1f1bdac04c805e171640feeb26af4c57592cf81f5bbfb4421403e4c9c62
f751fcb5111d800a447a87c74957e3b8fc9392ea0623adcfaf45149e160f1e31
f95cc1cba7c7358fab944a8e2b60a108096a7c19c6a731723122c42eae4d8c38
fa098f56942093c301bba82094c6b8c392a1c2a2f6485b7700f35c205ce0109d
fc98606c4df22821f938771d2150cf56e830f046ae37c74ca649cba7cb161c57
ff53a28c9d6bb29963a4c205e1672af5eae8fc48e5dd928c1b3fd0636a605514

blog.confiant.com Open in urlscan Pro 52.1.119.170 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

106 Requests

100 %HTTPS

58 %IPv6

10 Domains

15 Subdomains

12 IPs

2 Countries

4155 kBTransfer

6104 kBSize

10 Cookies

41 Outgoing links

Page URL History

Redirected requests

106 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

blog.confiant.com Open in urlscan Pro
52.1.119.170 Public Scan

Screenshot
Live screenshot

Full Image

106
Requests

100 %
HTTPS

58 %
IPv6

10
Domains

15
Subdomains

12
IPs

2
Countries

4155 kB
Transfer

6104 kB
Size

10
Cookies

106 HTTP transactions
0 data transactions