labs.guard.io Open in urlscan Pro
162.159.152.4 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd...
Effective URL:
https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd...
Submission: On July 30 via manual (July 30th 2024, 3:39:41 pm UTC) from IT — Scanned from IT

Summary HTTP 77 Redirects Links 67 Behaviour Indicators

Summary

This website contacted 10 IPs in 3 countries across 9 domains to perform 77 HTTP transactions. The main IP is 162.159.152.4, located in and belongs to CLOUDFLARENET, US. The main domain is labs.guard.io.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on October 14th 2023. Valid for: a year.

This is the only time labs.guard.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 31	162.159.152.4 162.159.152.4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2606:4700:7::... 2606:4700:7::a29f:9804	13335 (CLOUDFLAR...) (CLOUDFLARENET)
36	2606:4700:7::... 2606:4700:7::a29f:9904	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:4f49	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:802::2008	15169 (GOOGLE) (GOOGLE)
2	172.217.18.4 172.217.18.4	15169 (GOOGLE) (GOOGLE)
1	52.84.174.30 52.84.174.30	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:81d::2003	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2600:9000:262... 2600:9000:262a:ac00:19:9934:6a80:93a1	16509 (AMAZON-02) (AMAZON-02)
3	2600:9000:239... 2600:9000:2394:ea00:11:f728:3040:93a1	16509 (AMAZON-02) (AMAZON-02)
77	10

31 162.159.152.4 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

labs.guard.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
glyph.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-client.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
miro.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:7::a29f:9804 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

36 2606:4700:7::a29f:9904 (United States)

ASN13335 (CLOUDFLARENET, US)

glyph.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-client.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
miro.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:4f49 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.18.4 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s28-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.84.174.30 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-84-174-30.cdg50.r.cloudfront.net

cdn.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:262a:ac00:19:9934:6a80:93a1 (United States)

ASN16509 (AMAZON-02, US)

app.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:2394:ea00:11:f728:3040:93a1 (United States)

ASN16509 (AMAZON-02, US)

api2.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
52	medium.com 1 redirects medium.com — Cisco Umbrella Rank: 14991 glyph.medium.com — Cisco Umbrella Rank: 36301 cdn-client.medium.com — Cisco Umbrella Rank: 39654 miro.medium.com — Cisco Umbrella Rank: 26890	1 MB
16	guard.io 1 redirects labs.guard.io	67 KB
4	branch.io cdn.branch.io — Cisco Umbrella Rank: 1086 api2.branch.io — Cisco Umbrella Rank: 1206	25 KB
2	google.com www.google.com — Cisco Umbrella Rank: 10	1 KB
1	app.link app.link — Cisco Umbrella Rank: 3609	636 B
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 3123	243 B
1	gstatic.com www.gstatic.com	212 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 112	93 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1223	7 KB
77	9

	Domain	Requested by
34	cdn-client.medium.com	labs.guard.io cdn-client.medium.com
16	labs.guard.io	1 redirects cdn-client.medium.com
11	glyph.medium.com	glyph.medium.com
6	miro.medium.com	labs.guard.io
3	api2.branch.io	cdn-client.medium.com
2	www.google.com	cdn-client.medium.com www.gstatic.com
1	app.link	cdn.branch.io
1	region1.google-analytics.com	cdn-client.medium.com
1	www.gstatic.com	www.google.com
1	cdn.branch.io	labs.guard.io
1	www.googletagmanager.com	cdn-client.medium.com
1	static.cloudflareinsights.com	labs.guard.io
1	medium.com	1 redirects
77	13

This site contains links to these domains. Also see Links.

Domain
rsci.app.link
medium.com
www.linkedin.com
www.guard.io
www.proofpoint.com
www.forbes.com
today.ucsd.edu
proofpoint.my.site.com
www.ovh.com
bird.com
guard.io
justincox.medium.com
marcin-wolak.medium.com
help.medium.com
medium.statuspage.io
blog.medium.com
policy.medium.com
speechify.com

Subject Issuer	Validity	Valid
labs.guard.io Cloudflare Inc ECC CA-3	`2023-10-14` - `2024-10-13`	a year	crt.sh
medium.com Cloudflare Inc ECC CA-3	`2024-02-16` - `2024-12-31`	a year	crt.sh
cloudflareinsights.com WE1	`2024-07-06` - `2024-10-04`	3 months	crt.sh
*.google-analytics.com WR2	`2024-07-01` - `2024-09-23`	3 months	crt.sh
*.google.com WR2	`2024-07-01` - `2024-09-23`	3 months	crt.sh
*.branch.io Amazon RSA 2048 M01	`2023-09-11` - `2024-10-09`	a year	crt.sh
*.gstatic.com WR2	`2024-07-01` - `2024-09-23`	3 months	crt.sh
appipv4.link Amazon RSA 2048 M03	`2024-03-25` - `2025-04-22`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70
Frame ID: 59C440B3EFCAE46A2AEB61691CA7A2B0
Requests: 76 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Le-uGgpAAAAAPprRaokM8AKthQ9KNGdoxaGUvVp&co=aHR0cHM6Ly9sYWJzLmd1YXJkLmlvOjQ0Mw..&hl=it&v=Xv-KF0LlBu_a0FJ9I5YSlX5m&size=invisible&cb=tw8setrzh83
Frame ID: 5F3C16B82460E0CB353220B22AE57628
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

“EchoSpoofing” — A Massive Phishing Campaign Exploiting Proofpoint’s Email Protection to Dispatch Millions of Perfectly Spoofed Emails | by Guardio | Jul, 2024 | Medium

Page URL History Show full URLs

https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protec... HTTP 307
https://medium.com/m/global-identity-2?redirectUrl=https%3A%2F%2Flabs.guard.io%2Fechospoofing-a... HTTP 307
https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protec... Page URL

Detected technologies

Medium (Blogs) Expand

Overall confidence: 100%
Detected patterns

medium\.com

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

77
Requests

100 %
HTTPS

73 %
IPv6

9
Domains

13
Subdomains

10
IPs

3
Countries

1562 kB
Transfer

4093 kB
Size

10
Cookies

67 Outgoing links

These are links going to different origins than the main page.

URL: https://rsci.app.link/?%24canonical_url=https%3A%2F%2Fmedium.com%2Fp%2F3dd6b5417db6&%7Efeature=LoOpenInAppButton&%7Echannel=ShowPostUnderUser&source=---two_column_layout_nav----------------------------------
Title: Open in app

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fechospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6&source=post_page---two_column_layout_nav-----------------------global_nav-----------
Title: Sign up

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Flabs.guard.io%2Fechospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6&source=post_page---two_column_layout_nav-----------------------global_nav-----------
Title: Sign in

Search URL Search Domain Scan URL

URL: https://medium.com/?source=---two_column_layout_nav----------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fnew-story&source=---two_column_layout_nav-----------------------new_post_topnav-----------
Title: Write

Search URL Search Domain Scan URL

URL: https://medium.com/search?source=---two_column_layout_nav----------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fuser%2F6a038e71ff0f&operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fechospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6&user=Guardio&userId=6a038e71ff0f&source=post_page-6a038e71ff0f----3dd6b5417db6---------------------post_header-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fp%2F3dd6b5417db6&operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fechospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6&user=Guardio&userId=6a038e71ff0f&source=-----3dd6b5417db6---------------------clap_footer-----------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F3dd6b5417db6&operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fechospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6&source=-----3dd6b5417db6---------------------bookmark_footer-----------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2Fplans%3Fdimension%3Dpost_audio_button%26postId%3D3dd6b5417db6&operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fechospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6&source=-----3dd6b5417db6---------------------post_audio_button-----------
Title: Listen

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/natital/
Title: Nati Tal

Search URL Search Domain Scan URL

URL: http://www.guard.io/
Title: Guardio Labs

Search URL Search Domain Scan URL

URL: https://www.proofpoint.com/
Title: Proofpoint

Search URL Search Domain Scan URL

URL: https://www.forbes.com/sites/daveywinder/2024/03/20/new-mass-gmail-rejections-will-start-in-14-days-google-says/
Title: new anti-spam rules

Search URL Search Domain Scan URL

URL: https://today.ucsd.edu/story/forwarding_based_spoofing
Title: heavily abused

Search URL Search Domain Scan URL

URL: https://proofpoint.my.site.com/community/s/article/How-to-enable-the-Antispoof-policy
Title: tutorial page

Search URL Search Domain Scan URL

URL: https://www.ovh.com/
Title: OVH

Search URL Search Domain Scan URL

URL: https://bird.com/email/power-mta
Title: Bird

Search URL Search Domain Scan URL

URL: https://www.guard.io/
Title: Guardio

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fechospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6&source=---post_footer_upsell--3dd6b5417db6---------------------lo_non_moc_upsell-----------
Title: Sign up for free

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fplans&source=---post_footer_upsell--3dd6b5417db6---------------------lo_non_moc_upsell-----------
Title: Try for 5 $ 4 $/month

Search URL Search Domain Scan URL

URL: https://medium.com/tag/phishing-email?source=post_page-----3dd6b5417db6---------------phishing_email-----------------
Title: Phishing Email

Search URL Search Domain Scan URL

URL: https://medium.com/tag/vulnerability?source=post_page-----3dd6b5417db6---------------vulnerability-----------------
Title: Vulnerability

Search URL Search Domain Scan URL

URL: https://medium.com/tag/spoofing?source=post_page-----3dd6b5417db6---------------spoofing-----------------
Title: Spoofing

Search URL Search Domain Scan URL

URL: https://medium.com/tag/cybersecurity?source=post_page-----3dd6b5417db6---------------cybersecurity-----------------
Title: Cybersecurity

Search URL Search Domain Scan URL

URL: https://medium.com/tag/proofpoint?source=post_page-----3dd6b5417db6---------------proofpoint-----------------
Title: Proofpoint

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=%2F_%2Fapi%2Fsubscriptions%2Fnewsletters%2Ff776b280f31b&operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fechospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6&newsletterV3=6a038e71ff0f&newsletterV3Id=f776b280f31b&user=Guardio&userId=6a038e71ff0f&source=-----3dd6b5417db6---------------------subscribe_user-----------

Search URL Search Domain Scan URL

URL: https://guard.io/
Title: https://guard.io

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F65ea78efad16&operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fetherhiding-hiding-web2-malicious-code-in-web3-smart-contracts-65ea78efad16&source=-----3dd6b5417db6----0-----------------bookmark_preview----8ba25993_9501_4dad_b06b_88e5449de823-------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2Fa2225e51898e&operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fscammers-paradise-exploring-telegrams-dark-markets-breeding-ground-for-modern-phishing-a2225e51898e&source=-----3dd6b5417db6----1-----------------bookmark_preview----8ba25993_9501_4dad_b06b_88e5449de823-------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2Fa5e5fb892935&operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fsubdomailing-thousands-of-hijacked-major-brand-subdomains-found-bombarding-users-with-millions-a5e5fb892935&source=-----3dd6b5417db6----2-----------------bookmark_preview----8ba25993_9501_4dad_b06b_88e5449de823-------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F3182cfb12f4d&operation=register&redirect=https%3A%2F%2Flabs.guard.io%2Fmrtonyscam-botnet-of-facebook-users-launch-high-intent-messenger-phishing-attack-on-business-3182cfb12f4d&source=-----3dd6b5417db6----3-----------------bookmark_preview----8ba25993_9501_4dad_b06b_88e5449de823-------

Search URL Search Domain Scan URL

URL: https://medium.com/@pixearth_60177?source=read_next_recirc-----3dd6b5417db6----0---------------------d978d72b_57d3_4b7d_802d_36ea684af2e1-------

Search URL Search Domain Scan URL

URL: https://medium.com/@pixearth_60177/top-3-dark-web-search-engines-8777393f1ca3?source=read_next_recirc-----3dd6b5417db6----0---------------------d978d72b_57d3_4b7d_802d_36ea684af2e1-------
Title: Top 3 Dark Web Search EnginesIn this article we will be going over the best dark web search engines. This is based on their appearance, how accurate the search results…

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F8777393f1ca3&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40pixearth_60177%2Ftop-3-dark-web-search-engines-8777393f1ca3&source=-----3dd6b5417db6----0-----------------bookmark_preview----d978d72b_57d3_4b7d_802d_36ea684af2e1-------

Search URL Search Domain Scan URL

URL: https://medium.com/@jonathanmondaut?source=read_next_recirc-----3dd6b5417db6----1---------------------d978d72b_57d3_4b7d_802d_36ea684af2e1-------

Search URL Search Domain Scan URL

URL: https://medium.com/@jonathanmondaut/how-chatgpt-turned-me-into-a-hacker-7469d5b43026?source=read_next_recirc-----3dd6b5417db6----1---------------------d978d72b_57d3_4b7d_802d_36ea684af2e1-------
Title: How ChatGPT Turned Me into a HackerDiscover how ChatGPT helped me become a hacker, from gathering resources to tackling CTF challenges, all with the power of AI.

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F7469d5b43026&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40jonathanmondaut%2Fhow-chatgpt-turned-me-into-a-hacker-7469d5b43026&source=-----3dd6b5417db6----1-----------------bookmark_preview----d978d72b_57d3_4b7d_802d_36ea684af2e1-------

Search URL Search Domain Scan URL

URL: https://medium.com/@wearedelicious/list/tech-tools-541154dfb3ae?source=read_next_recirc-----3dd6b5417db6--------------------------------
Title: Tech & Tools17 stories·275 saves

Search URL Search Domain Scan URL

URL: https://justincox.medium.com/list/best-of-the-writing-cooperative-9fe477bf6581?source=read_next_recirc-----3dd6b5417db6--------------------------------
Title: Best of The Writing Cooperative67 stories·354 saves

Search URL Search Domain Scan URL

URL: https://medium.com/@MediumStaff/list/mediums-huge-list-of-publications-accepting-submissions-7c0ec8037e61?source=read_next_recirc-----3dd6b5417db6--------------------------------
Title: Medium's Huge List of Publications Accepting Submissions334 stories·3181 saves

Search URL Search Domain Scan URL

URL: https://medium.com/@MediumStaff/list/staff-picks-c7bc6e1ee00f?source=read_next_recirc-----3dd6b5417db6--------------------------------
Title: Staff Picks700 stories·1181 saves

Search URL Search Domain Scan URL

URL: https://marcin-wolak.medium.com/?source=read_next_recirc-----3dd6b5417db6----0---------------------d978d72b_57d3_4b7d_802d_36ea684af2e1-------

Search URL Search Domain Scan URL

URL: https://marcin-wolak.medium.com/hiring-ethical-hackers-in-2024-3b4142c2767b?source=read_next_recirc-----3dd6b5417db6----0---------------------d978d72b_57d3_4b7d_802d_36ea684af2e1-------
Title: Hiring Ethical Hackers in 2024Finding highly skilled ethical hackers and penetrations testers has in the recent years become very challenging. Remote work & education…

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F3b4142c2767b&operation=register&redirect=https%3A%2F%2Fmarcin-wolak.medium.com%2Fhiring-ethical-hackers-in-2024-3b4142c2767b&source=-----3dd6b5417db6----0-----------------bookmark_preview----d978d72b_57d3_4b7d_802d_36ea684af2e1-------

Search URL Search Domain Scan URL

URL: https://medium.com/@hunterid?source=read_next_recirc-----3dd6b5417db6----1---------------------d978d72b_57d3_4b7d_802d_36ea684af2e1-------

Search URL Search Domain Scan URL

URL: https://medium.com/@hunterid/cve-2024-30078-the-log4j-level-vulnerability-in-windows-wifi-driver-632de0d00c7c?source=read_next_recirc-----3dd6b5417db6----1---------------------d978d72b_57d3_4b7d_802d_36ea684af2e1-------
Title: CVE-2024–30078: The Log4j-Level Vulnerability in Windows WiFi DriverJust a few days ago, Windows hit the headlines with yet another critical vulnerability!

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F632de0d00c7c&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40hunterid%2Fcve-2024-30078-the-log4j-level-vulnerability-in-windows-wifi-driver-632de0d00c7c&source=-----3dd6b5417db6----1-----------------bookmark_preview----d978d72b_57d3_4b7d_802d_36ea684af2e1-------

Search URL Search Domain Scan URL

URL: https://medium.com/@yogasatriautama?source=read_next_recirc-----3dd6b5417db6----2---------------------d978d72b_57d3_4b7d_802d_36ea684af2e1-------

Search URL Search Domain Scan URL

URL: https://medium.com/@yogasatriautama/install-opencti-0c4bd5094ea5?source=read_next_recirc-----3dd6b5417db6----2---------------------d978d72b_57d3_4b7d_802d_36ea684af2e1-------
Title: Install OpenCTIOpenCTI (Open Cyber Threat Intelligence) is an open-source platform designed to collect, store, and utilize cyber threat data. It helps…

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F0c4bd5094ea5&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40yogasatriautama%2Finstall-opencti-0c4bd5094ea5&source=-----3dd6b5417db6----2-----------------bookmark_preview----d978d72b_57d3_4b7d_802d_36ea684af2e1-------

Search URL Search Domain Scan URL

URL: https://medium.com/@Handoumeh?source=read_next_recirc-----3dd6b5417db6----3---------------------d978d72b_57d3_4b7d_802d_36ea684af2e1-------

Search URL Search Domain Scan URL

URL: https://medium.com/@Handoumeh/abusing-anonymous-login-on-firebase-91416ce2fd36?source=read_next_recirc-----3dd6b5417db6----3---------------------d978d72b_57d3_4b7d_802d_36ea684af2e1-------
Title: Abusing Anonymous Login on FirebaseThrough my path in cybersecurity and mobile penetration testing, Firebase is one of the things that is a must to check if it is configured…

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F91416ce2fd36&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40Handoumeh%2Fabusing-anonymous-login-on-firebase-91416ce2fd36&source=-----3dd6b5417db6----3-----------------bookmark_preview----d978d72b_57d3_4b7d_802d_36ea684af2e1-------

Search URL Search Domain Scan URL

URL: https://medium.com/?source=post_page-----3dd6b5417db6--------------------------------
Title: See more recommendations

Search URL Search Domain Scan URL

URL: https://help.medium.com/hc/en-us?source=post_page-----3dd6b5417db6--------------------------------
Title: Help

Search URL Search Domain Scan URL

URL: https://medium.statuspage.io/?source=post_page-----3dd6b5417db6--------------------------------
Title: Status

Search URL Search Domain Scan URL

URL: https://medium.com/about?autoplay=1&source=post_page-----3dd6b5417db6--------------------------------
Title: About

Search URL Search Domain Scan URL

URL: https://medium.com/jobs-at-medium/work-at-medium-959d1a85284e?source=post_page-----3dd6b5417db6--------------------------------
Title: Careers

Search URL Search Domain Scan URL

URL: https://blog.medium.com/?source=post_page-----3dd6b5417db6--------------------------------
Title: Blog

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-privacy-policy-f03bf92035c9?source=post_page-----3dd6b5417db6--------------------------------
Title: Privacy

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-terms-of-service-9db0094a1e0f?source=post_page-----3dd6b5417db6--------------------------------
Title: Terms

Search URL Search Domain Scan URL

URL: https://speechify.com/medium?source=post_page-----3dd6b5417db6--------------------------------
Title: Text to speech

Search URL Search Domain Scan URL

URL: https://medium.com/business?source=post_page-----3dd6b5417db6--------------------------------
Title: Teams

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-privacy-policy-f03bf92035c9
Title: Privacy Policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6 HTTP 307
https://medium.com/m/global-identity-2?redirectUrl=https%3A%2F%2Flabs.guard.io%2Fechospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6 HTTP 307
https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

77 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6 Show response
labs.guard.io/
Redirect Chain

https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
https://medium.com/m/global-identity-2?redirectUrl=https%3A%2F%2Flabs.guard.io%2Fechospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70

264 KB
56 KB

708ms
508ms

Document
text/html

162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

39b73436e38297e5b9d655a6264105f40ade886aa0b0e52e10b2b57c589e11ca

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://medium.com
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache, no-store, max-age=0, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8ab670ff7f353742-MXP
content-encoding: gzip
content-security-policy: frame-ancestors 'self' https://medium.com
content-type: text/html; charset=utf-8
date: Tue, 30 Jul 2024 15:39:26 GMT
link: <https://glyph.medium.com/css/unbound.css>; as="style"; rel="preload"
medium-fulfilled-by: edgy/8.7.1, valencia/main-20240730-125429-16d3d8b941, lite/main-20240730-071352-a88b240097, rito/main-20240730-125429-16d3d8b941, tutu/main-20240729-172237-79e7575970
medium-missing-time: 152
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 469
x-request-received-at: 1722353966090

Redirect headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8ab670fa4d8f0e27-MXP
content-length: 0
content-type: text/plain;charset=UTF-8
date: Tue, 30 Jul 2024 15:39:25 GMT
location: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70
medium-fulfilled-by: edgy/8.7.1, valencia/main-20240730-125429-16d3d8b941
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
worker-missing-cookies: 1
x-content-type-options: nosniff
x-envoy-upstream-service-time: 18

GET
H2 200 unbound.css
glyph.medium.com/css/ 19 KB
2 KB 107ms
76ms Stylesheet
text/css 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/css/unbound.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

45dbf060ec052a3b0ca5ae7211eaa27c950db65b019aa456e1e686a85f8a327e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:26 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 3184
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=7200
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 8ab67103acfe83b5-MXP
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 30 Jul 2024 17:39:26 GMT

GET
H2 200 manifest.0b74ce57.js Show response
cdn-client.medium.com/lite/static/js/ 13 KB
6 KB 167ms
98ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/manifest.0b74ce57.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2355c3c93710ccfd13355ec87edc1243b2341189f7c873f52378eb8a8159fe23

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
x-amz-version-id: K4LO3d1xqUJ3KX2yewoLyjQTb6B4MNXJ
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 20QF457CFNFSM2R8
age: 29690
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: HUQjj/WvhmPG9ztsJ7iYvDod03Iava42m4jIdh2lO/I1T06Z8P6Thu9+Mt7Vf4s8JxajSP0iozY=
last-modified: Tue, 30 Jul 2024 07:18:34 GMT
server: cloudflare
etag: W/"5f3185e0a1dc5af58950eb1b886d0f7d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8ab671076aa983b5-MXP
expires: Wed, 30 Jul 2025 15:39:27 GMT

GET
H2 200 4900.53bf9e04.js Show response
cdn-client.medium.com/lite/static/js/ 640 KB
200 KB 171ms
102ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4900.53bf9e04.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

176adc8a2e7c593e7de6246f98aaef4ede5615a84b199f4d43c4609d505b4972

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
x-amz-version-id: TrOjjNkm.NFbWpL8TIQX0jcl4OZwz3y9
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: AMEFVBQJ7MZYZ3QC
age: 456129
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: b4G+Ca/7mQEmAd7sD/GJNcN3+WlV03hJkHgWGZ+gl1PNYn22RjU6ilq0PRrzFY/Jrmveu3FawoV+SHJgr9QdCA==
last-modified: Tue, 16 Jul 2024 08:46:17 GMT
server: cloudflare
etag: W/"2399cdf4b2347a4ca706a390d40005d1"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8ab671076ab483b5-MXP
expires: Wed, 30 Jul 2025 15:39:27 GMT

GET
H2 200 main.3dc73b13.js Show response
cdn-client.medium.com/lite/static/js/ 790 KB
192 KB 166ms
98ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/main.3dc73b13.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

400b247961e9622212af34c456092985edc6b0843cb4dcef8b34a16977875373

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
x-amz-version-id: Wjg1Ww0FLRUXFMcVxMBWYtyIOmsMwEuS
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: SEX5HTWAVWRF2KF6
age: 58957
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: MBmRafrXhVulxT1jhKylTqXmNoWEGqhdK8g5+Lw/oH26uSIu36Qt3EPQbZDzcTEr+h9wiew3OgkAnmi2JfLF1ttKQsR1p8wti+2Q55Or9Us=
last-modified: Mon, 29 Jul 2024 22:33:40 GMT
server: cloudflare
etag: W/"92a673c18b007a046cf54201c3339a79"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8ab671076aaf83b5-MXP
expires: Wed, 30 Jul 2025 15:39:27 GMT

GET
H2 200 instrumentation.d9108df7.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 3 KB
2 KB 107ms
39ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/instrumentation.d9108df7.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3edb3930e433b6ee76c26ed156d44196652363b4fa881a3e140b3e0b43d2a3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
x-amz-version-id: .o.5Xe59BjAug.2i7CIo5xR8KvX9Uh6Q
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 6PS8G29Z5H1WM2X9
age: 82581
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: BybGD4PWIghsqmsdPy9UA3nQrUPfoYlS/R5yV+zzyyC1pW0v1aZhcP4RtoxZYOaksEgvYoVlHVA=
last-modified: Mon, 01 Jul 2024 15:12:51 GMT
server: cloudflare
etag: W/"4d3916cdf704b083082b21a733ef176c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8ab671076aac83b5-MXP
expires: Wed, 30 Jul 2025 15:39:27 GMT

GET
H2 200 reporting.ff22a7a5.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 1 KB
932 B 165ms
97ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/reporting.ff22a7a5.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eada6d1c06b5d675e0c143a2fbef8bf83e3060e9ba20ceeb37ec9415ce9bdbaa

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
x-amz-version-id: WdqYVC5hKfoxJxknk7bO0he3xYL6sW.H
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: K11CV5MR43B7K2CW
age: 111511
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: HJUreF5CjFASFzLta0aW0WSXjLCeHT0fXKS0KTrnN0ah8gPS/3Nm8TW2kqKptMOiQIOelNyxkW2pOP1zYdNPNPQP8aoOvd9+
last-modified: Mon, 27 May 2024 12:15:10 GMT
server: cloudflare
etag: W/"d5998f5c1de61a2837a52be8d7d89310"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8ab671076ab183b5-MXP
expires: Wed, 30 Jul 2025 15:39:27 GMT

GET
H2 200 5049.d1ead72d.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 28 KB
12 KB 169ms
101ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5049.d1ead72d.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b3985e3779ce6d21045b715324bc4837fc966d0c762a479e5da9764b438e41d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
x-amz-version-id: lXRfPpt5JdTbUioBJcZxfOnTjjaqCp3p
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 49MK7ENPR1P9XJKG
age: 689753
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: uPGcX8TltkFdfYTpcorOmNsgaXKPV59XipsXlRSvgwPo33zlgMSJ9bSN/vVZyin4bCDBEqFupew=
last-modified: Tue, 02 Jul 2024 17:39:38 GMT
server: cloudflare
etag: W/"c5c86c25fc0ad2a68f611bb580b457bd"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8ab671076ab283b5-MXP
expires: Wed, 30 Jul 2025 15:39:27 GMT

GET
H2 200 4810.988332a1.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 6 KB
3 KB 141ms
79ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4810.988332a1.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ba7072a7fc413971fa79ad1c5f4fc98fbaf7a5ac321885f5d3886a0b5c28680

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
x-amz-version-id: cZWaDRHA1DODGwy5T526WHpRG2LGqdAb
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 49MMD510QPG9Q0ER
age: 689753
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: T74PMgUKu4FxGFT1YWR6OtezOl9Tli93KfIw+yUmd/5YPDWeww6g0k2Q/kvaeXbWs/P3LyoUcyQ=
last-modified: Tue, 02 Jul 2024 17:39:38 GMT
server: cloudflare
etag: W/"9d339bd2a1cbea977ed88ff67f98786b"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8ab671080bd883b5-MXP
expires: Wed, 30 Jul 2025 15:39:27 GMT

GET
H2 200 6618.db187378.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 3 KB
2 KB 139ms
78ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6618.db187378.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

12c333a76ec82d35a4541956e0e8b4591b55d76f1d1ee4e47f3dd0ec33229e43

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
x-amz-version-id: ZwCMHuCQ5h9dAQvOvOTD_48maUvIlL_r
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: W9V2XWBBT3ES4TJ9
age: 456129
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: W98ctDW23HSDoxpjwhkx6vz3mmUwUFenhEjwGKQCm97Cuo15YrUMSCRUsOVYNVY32jvPQMsqKUc=
last-modified: Thu, 04 Jul 2024 13:33:59 GMT
server: cloudflare
etag: W/"7bbe09830788bb18d63591d1a7e255ce"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8ab671080be383b5-MXP
expires: Wed, 30 Jul 2025 15:39:27 GMT

GET
H2 200 382.a98f5384.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 8 KB
3 KB 139ms
78ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/382.a98f5384.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2f25b523ce114c6426fd0118833806fcf06a4e1accc255fea51f625d1f588f0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
x-amz-version-id: ILTRqKO07IKxmmbInSJ7RKuLcL.YVdIG
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: K111KRYFVX3WECT2
age: 111511
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 9xuIrcQ99SXAWuCvkIP4vDq4tbzKRegs6CMNGKB8lebRuQGzSPH90LsTaqUqnlpdaWIEJBs8iuc=
last-modified: Thu, 06 Jun 2024 12:33:02 GMT
server: cloudflare
etag: W/"ee6d937448943c6d2d8f1e3051840c21"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8ab671080be883b5-MXP
expires: Wed, 30 Jul 2025 15:39:27 GMT

GET
H2 200 9148.3242ff58.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
4 KB 163ms
102ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9148.3242ff58.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ab38f7ef7268334a66cbd03aec36a69fbf9639539f111afc28f1dc08c905333

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
x-amz-version-id: N0Zr0y2qec0DASGgrMQJx3GtHWxDMdVP
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: CAPG65SHH8HZ7985
age: 25172
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: EtYizer9atHoZq//oNnUqYpzfb+7W5SnybVpYMBU5Kt49C4me7699B63rpy8UMyYW7XJXamL3VglZI3zBNbBjzTYo5l0MYwfGkOdpQ4Nt28=
last-modified: Mon, 01 Jul 2024 09:16:49 GMT
server: cloudflare
etag: W/"82bbeb0fb22222319ebc0d730fc0d261"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8ab671080bed83b5-MXP
expires: Wed, 30 Jul 2025 15:39:27 GMT

GET
H2 200 9977.b539ef71.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 11 KB
4 KB 138ms
77ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9977.b539ef71.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b8ab750486ec34b8b26f0f0eda0cd16e4715c12a0c265bea080e9581711abd78

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
x-amz-version-id: YqtOjQES1nqopm1yBL_YYoj0ekwmKddz
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: NTVJ0AS3A6H58KBS
age: 348061
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: fd3ok6wJMK9/D79yQ8lmO/6NJIm707IXttjkg+MVASuJiwpcGU328nqU+i0+7twF3wUsE68LA4c=
last-modified: Wed, 10 Jul 2024 18:12:28 GMT
server: cloudflare
etag: W/"b146593b5e5d28001e96cfa6da4eda18"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8ab671080bee83b5-MXP
expires: Wed, 30 Jul 2025 15:39:27 GMT

GET
H2 200 5025.b8a5ab3b.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 11 KB
4 KB 139ms
78ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5025.b8a5ab3b.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2f1a06c090ad551714945f1dc0605c6171889c9c93768aaf962f57886c15281d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
x-amz-version-id: y1LwfCkverbbCf0iAdcKjmt01f1YR442
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: AMEAW3EBE4JJWMK3
age: 456129
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: GEHFYQ4AjpOMrr/RylnJSmyuMhXtVeE2SknQKBDolsj73OJH73z4iKbShZUQajYtO76VD/i0W6c=
last-modified: Tue, 16 Jul 2024 08:46:18 GMT
server: cloudflare
etag: W/"ed15732d4ad4f1b5ed53fc7f1624805a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8ab671080bf183b5-MXP
expires: Wed, 30 Jul 2025 15:39:27 GMT

GET
H2 200 5250.fc15c18c.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 33 KB
8 KB 132ms
71ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5250.fc15c18c.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f64e1663932ee61acc447f098d51cc369d7cee286df892fb2633826c6683cfe5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
x-amz-version-id: 77iX2gYbkSLBDQOY.ANuWFEbtuUBuxHE
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: W8VKM5W7QY91CPWT
age: 608120
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: +a1rm0siFRgtfHmgw5l1o8tV59ZtdBtvVVguT6qRdpPdLTYe0TYLN4QRg2w4lMB7g+56N8Ry7SCo8HaB1wQBzg==
last-modified: Tue, 23 Jul 2024 14:16:04 GMT
server: cloudflare
etag: W/"50668a99c3a198b3a31122b271e506ee"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8ab671080bf583b5-MXP
expires: Wed, 30 Jul 2025 15:39:27 GMT

GET
H2 200 6349.02c5ee3e.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 19 KB
6 KB 137ms
76ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6349.02c5ee3e.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d0adcabcf447a30994bf3c7516a1b2b2636123741cf06f9515f172d990dde572

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
x-amz-version-id: iNSzfmvFIGZtTUXqxiCSfHWrteJTAtNF
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: DAD0JNJRPCD4BVJK
age: 1142958
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: /t7Llj6gEOxbzn5ygpv9lPHe9pPmG9AzNQwN+V4snYPi24izzlhGGXwTbqoywMO8GP3o6mdb0t50DCbWFtYHknzxb1bxgzj1SN+8nRce440=
last-modified: Wed, 03 Jul 2024 10:04:05 GMT
server: cloudflare
etag: W/"8851c52df731bb291c8d061759250cc9"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8ab671081bf683b5-MXP
expires: Wed, 30 Jul 2025 15:39:27 GMT

GET
H2 200 3801.7d014b43.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 42 KB
13 KB 139ms
78ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3801.7d014b43.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

596a95a744f3a8ded44d27a9315474eda9763694d96798a4f178e3829aa10260

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
x-amz-version-id: YKLPYpCx8GlD0WiDgD.q9oEVTpstVGLK
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: K11806SBRHHDEBSM
age: 111511
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: wK+aE8SckBfkDFuEeSu3iN1dVtdpUhdXlG4Kj2qPhtm3OsFuBrjoGJjOViPq6dtiFpUsVunMaZsj5Z5qdAtdNA==
last-modified: Thu, 06 Jun 2024 12:33:02 GMT
server: cloudflare
etag: W/"312f235eaffcda58fa76bdeacdf89c68"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8ab671081bf783b5-MXP
expires: Wed, 30 Jul 2025 15:39:27 GMT

GET
H2 200 2648.716eed4d.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 17 KB
4 KB 139ms
79ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2648.716eed4d.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fc5a16559d51e56d29084f481d3f6915a545e0ed5da3a3f5144c0003b183d115

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
x-amz-version-id: yMQwnzsa1BCT_x.mCPlGoOVElreR_nWi
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: W8VV17SZH3AKXK6K
age: 608120
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: qUwCWpUCYOyrZuzB8wj+ag9NImjZUMknhnPsDKpyOgVnfkHumtrA2ayyRzcAszbqDKL5yfovR41e0GVE/Z43g9IKBCtH8R6W
last-modified: Mon, 22 Jul 2024 17:39:11 GMT
server: cloudflare
etag: W/"88697fb9bb0e491debe75b7638a1bf7b"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8ab671081bf883b5-MXP
expires: Wed, 30 Jul 2025 15:39:27 GMT

GET
H2 200 8594.9eac1902.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 22 KB
6 KB 139ms
79ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8594.9eac1902.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8413035088a7197e2e5bb05703e80217d96b13523fc76e89a877dbd1781c730a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
x-amz-version-id: b0xkD0ay2TeJ0QDqPeHj4IGrPvr_a2TK
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: DADCP0TG8G12RXT4
age: 1142957
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: BEMKuoQyc1W7hfx0dOh00GfE2jMj1tcZ89Zn6DMU1OUgpf0dWmkqjSDDh+sfzlLYRUpL5H5VGeLFXHjKBlH0lg==
last-modified: Wed, 03 Jul 2024 10:04:07 GMT
server: cloudflare
etag: W/"b917f649844129672b6e241852a37241"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8ab671081bfb83b5-MXP
expires: Wed, 30 Jul 2025 15:39:27 GMT

GET
H2 200 6003.d14e9f7d.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 17 KB
4 KB 238ms
178ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6003.d14e9f7d.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

56c44c0cd51381d7a23524a3b866b70683879be4fdaccd39bc803c19af2e0862

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
x-amz-version-id: m64XaWOtOJ2DJyYzBJFovLzpyVFPCGaL
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: ZYBE4D60NFG9TJ5E
age: 341996
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: lk3B85xB8oB1S5wSSxKD2RGPn0x6Cw6+HriJf+OqaDlkc7SbmNCoWlFI7Z5gUdAZyL8Y71CbxLQ=
last-modified: Fri, 12 Jul 2024 16:10:59 GMT
server: cloudflare
etag: W/"2394abe0d6e68e3a365f111955b65290"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8ab671081bfe83b5-MXP
expires: Wed, 30 Jul 2025 15:39:27 GMT

GET
H2 200 6636.82e49556.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 73 KB
19 KB 197ms
137ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6636.82e49556.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5179226028b386f2a73b03188f75d23732b62532dab304a1cd5fe2d9dd6ceaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
x-amz-version-id: Jsf2xVjXZ_sBiqTYfqflll7mmB_OpPC2
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: DGZJRJH6EWEJ3PGQ
age: 610398
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: QHAOVD9hv5BtOsfza1dERIfeEsQny6JDyN6aHq+qriHrBzqZ33Xd+1aW/7lK6B+EkPQZNPU2BGfzS8P9JZj6aQ==
last-modified: Mon, 22 Jul 2024 15:49:02 GMT
server: cloudflare
etag: W/"92cb08d24bb16b6fe4d9b8a96d69da40"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8ab671083c2583b5-MXP
expires: Wed, 30 Jul 2025 15:39:27 GMT

GET
H2 200 3735.3535ed24.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 23 KB
7 KB 211ms
151ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3735.3535ed24.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ec4f1652b214c16687a626534f271c6f28764abcb69fa8a6fafa7b0be9f74138

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
x-amz-version-id: CECCUxlCmEQeQ2AuhLX2vu0MO8SNTtl5
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 94H7CV6118WVZE6P
age: 111511
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: ipSw4lfqlovPc51GtEPm+WhsGV6hyJ80Dh6jQOMcVIkwAB+/AM3BDhAOh8Ve3DSwAtR3maHsm8XCvVV9eCI1lnUUu88XsvzQ
last-modified: Thu, 06 Jun 2024 12:33:02 GMT
server: cloudflare
etag: W/"1ab94e8dfc5bfa13607caf4d0f49ca11"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8ab671083c2a83b5-MXP
expires: Wed, 30 Jul 2025 15:39:27 GMT

GET
H2 200 4300.dc9e14c6.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 33 KB
9 KB 197ms
137ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4300.dc9e14c6.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6abc1181893e8d3b3f1fa7e2541e70ca6980faec88b38729207f61580907d93b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
x-amz-version-id: MVLqp6UnGKDzqrxgcJhdB86TcMaH5o5o
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: ZYB7TK32RHJ1A3PP
age: 341998
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 56qAu4uPD2bi3shuqWAj+oM8XxjnIiCrsHakJfQW7WTUlM2WEoffaQ8mBKUZGz60eLNU+tcf3mYiLNFI+/NWYg==
last-modified: Fri, 12 Jul 2024 16:10:57 GMT
server: cloudflare
etag: W/"56740bd20ae76de28671ec0d33121a0a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8ab671083c2e83b5-MXP
expires: Wed, 30 Jul 2025 15:39:27 GMT

GET
H2 200 6546.0f97e7cb.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 134 KB
36 KB 196ms
136ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6546.0f97e7cb.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c1846ba30141060fb2a1325977174bc50bc5b530328f04b85a5a65ca79894d00

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
x-amz-version-id: rXDQ63cHsqa_cWs2Yn8XVK7Jx2r29p.Y
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: W9VDBKMJS6J89904
age: 456128
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: F9m5vYGLhRmY8+uvfwK0VXlzjcUoaqoTY1Z85/9FnO2YeshXtfugz1yzyr0HkUEpjyOzYdfZrAc=
last-modified: Tue, 16 Jul 2024 08:46:19 GMT
server: cloudflare
etag: W/"9bc1af09b2d45969f9f1747c1d451746"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8ab671083c2f83b5-MXP
expires: Wed, 30 Jul 2025 15:39:27 GMT

GET
H2 200 6834.f2d3924e.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 20 KB
7 KB 151ms
91ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6834.f2d3924e.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b54187c08d16f6492780c02344ddc87057e150494196f0f8860dfb7f7b769bc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
x-amz-version-id: o1es8sE.cZmyaYqu.4nKiCbux9A2sGad
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: DADE8Y5V055Q9Y1R
age: 1142957
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: cl+jwexHSxgmOnI8o4RnKGRLVBO++9k7B8BNEQsa4dwaYdu8MT69cfJwd9B4heq+7TbnXWq0/2U=
last-modified: Wed, 03 Jul 2024 10:04:06 GMT
server: cloudflare
etag: W/"047a986937c5d63a5762092c09992f7c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8ab671083c3183b5-MXP
expires: Wed, 30 Jul 2025 15:39:27 GMT

GET
H2 200 6858.454b4e14.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
2 KB 152ms
92ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6858.454b4e14.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

444f8f60b2b2487e604807744d79ee8c858d4cd9ab81dd742bd58929e5798812

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
x-amz-version-id: 5BJNEvTk9D4uPpvTrWsIdvnTw50JtARq
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: K117N2D3BTGMDE3B
age: 111511
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 1kqdaEmZ/szDpObdUHvkI3neyv+AgOPdi8PzV6GKg5MmDHMNdac0nXVFQCCHO5Z5ifPdK57j2OY=
last-modified: Mon, 24 Jun 2024 07:25:53 GMT
server: cloudflare
etag: W/"909c9e2a5edbec4acae0e3f20d909ad6"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8ab671083c3383b5-MXP
expires: Wed, 30 Jul 2025 15:39:27 GMT

GET
H2 200 2420.0330d157.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 24 KB
4 KB 162ms
102ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2420.0330d157.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

171cece4ac2237f1003b18b0fe31873be2d2dfcd6b835525fef7734dd3885b72

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
x-amz-version-id: _5P0lSJaufDrl5cajeATE6F_8uI.XcAy
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: ZYBDYYSEDJ8ED4AW
age: 341998
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: u6AxHRrQoMuMvihevNS2W0fhwzvBLJnQoaYSaPxTqTenbrFWdry2EEyJ/QKqu39cnqgj46hfQhde5Z5+n+5uaw==
last-modified: Mon, 08 Jul 2024 15:08:52 GMT
server: cloudflare
etag: W/"ab60dc899e489dc43eb7fb5e1321ec32"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8ab671083c3583b5-MXP
expires: Wed, 30 Jul 2025 15:39:27 GMT

GET
H2 200 5832.97239afc.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 46 KB
16 KB 162ms
103ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5832.97239afc.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3639be8e4ba5601ced1bf12900df1a7bf14deef91263bdff6633a58ec9da15ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
x-amz-version-id: rh1Xn3s537R71Im0ESwQYXlyGrvHGKnw
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: ZYB2XSKTSYDJWEWX
age: 341998
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: takydoMgPZJfHgpSHq2EKXAG/QSLtscwUuVuJK81HqZyrWhqJdowRQtsEPSv6JugDhyg4elDHmrWasAhAkLWZA==
last-modified: Fri, 12 Jul 2024 16:10:59 GMT
server: cloudflare
etag: W/"c224a61335a130d43f60a4fc22f2a14f"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8ab671083c3783b5-MXP
expires: Wed, 30 Jul 2025 15:39:27 GMT

GET
H2 200 8980.6c8ff2c1.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 8 KB
3 KB 161ms
102ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8980.6c8ff2c1.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e4ed9e8bae07a5ed2755cc1818fd89700e2f486de9a6098a36b2ee907ba63a6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
x-amz-version-id: IfyKn7WObYjbnRwMR4k3tTbhbjMS0wO5
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: ZYB5SHW92E709YY1
age: 341998
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: N8rlGTqPn2T5PLVW6UwnAGj+Ev7eHkJRDb5yTwO5yXIa+9VWt6av0ZTSRG6k59Kr6LgH0YWEMFo=
last-modified: Mon, 08 Jul 2024 15:08:59 GMT
server: cloudflare
etag: W/"48fd5717f1b9f31c8c469689d1f637af"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8ab671083c3883b5-MXP
expires: Wed, 30 Jul 2025 15:39:27 GMT

GET
H2 200 2859.a9a624d0.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 22 KB
6 KB 153ms
135ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2859.a9a624d0.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

291126096921ec3de9ea4131c85fb22ace9fd8229beffe905a41ddb79cad8250

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
x-amz-version-id: atxhcO76xeWxL3s6SyozaEdd6yMRjeCW
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: ZYB00P6QQNJMDXTM
age: 341998
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 0Kg9XlFaMIMl5ck+2t2BJi0ajExrplPzRnRyCgs3u/6GSglqypNfGViA4FbWE3RowrDKI7ZElRk=
last-modified: Mon, 08 Jul 2024 15:08:53 GMT
server: cloudflare
etag: W/"29ce347ebc6eb6e6baf8d6f8a92a9858"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8ab671083c3983b5-MXP
expires: Wed, 30 Jul 2025 15:39:27 GMT

GET
H2 200 6040.6ceb7f43.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 39 KB
6 KB 110ms
103ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6040.6ceb7f43.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6a839d8b35bf8434f24f1f80677762baa5f6b99855fef78fd1adf3ad4566e0c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
x-amz-version-id: U8YjgT4vGYNjdzQyRhBEV8U4zckVjhAJ
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: ZYBE5ZZMB8EV5PQV
age: 341998
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: ZMlX930vbIcGTOJCbNKUszZ6xZSKTeplIpvhobWn7+Q19wtpd9ULexV7dJq5fLPz05XWZ4eg8F0=
last-modified: Fri, 12 Jul 2024 16:10:59 GMT
server: cloudflare
etag: W/"b99a824dd4e9656c1c0e034c85d116ce"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8ab671083c3b83b5-MXP
expires: Wed, 30 Jul 2025 15:39:27 GMT

GET
H2 200 4391.3e417aeb.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 24 KB
7 KB 99ms
92ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4391.3e417aeb.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc8368078dd9744e4f4332aa3cc3864c656efb269889e273bdf7ec0ec05ae764

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
x-amz-version-id: .878.TNn.VbjSoYR7aafua6z9z3nN0il
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: ZYBE6WCNGNP29KHG
age: 341998
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: jtmwINjVVM0asnKRpHt9oys6NHFRmSZicSJOxwk2i4jW9CSLUUc0+KLeevdt9hnaVdB+GKieqt4=
last-modified: Fri, 12 Jul 2024 16:10:57 GMT
server: cloudflare
etag: W/"4c03d49a14c2d9cbaacd98dd39c48c1c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8ab671083c3c83b5-MXP
expires: Wed, 30 Jul 2025 15:39:27 GMT

GET
H2 200 PostPage.MainContent.190e2c44.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 195 KB
43 KB 178ms
171ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/PostPage.MainContent.190e2c44.chunk.js

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2750eff80d7b7007e89ead29081bb8dd542380a559ba60e2b21d29a024aec6eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
x-amz-version-id: ZmL5kyIr3yh1cz4rse3pYKIa3FLxM0XP
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: N3KP1ZGQNY3QRWB4
age: 439815
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: vDigYRO5Ta3OBqbqGM5aF75fM4Xx5aI2ytuVB4cQGwoHQ6hLuDMbUyiJlDbHl2urcnl7i4+oo2UlpEatzlRU9MtO/WWLfyeb
last-modified: Thu, 25 Jul 2024 13:20:48 GMT
server: cloudflare
etag: W/"a20572635cdd1551d2b69dbda4ae0167"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8ab671083c3f83b5-MXP
expires: Wed, 30 Jul 2025 15:39:27 GMT

GET
H2 200 vcd15cbe7772f49c399c6a5babf22c1241717689176015 Show response
static.cloudflareinsights.com/beacon.min.js/ 19 KB
7 KB 170ms
79ms Script
text/javascript 2606:4700::6810:4f49
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
Requested by: Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:4f49 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70
Origin: https://labs.guard.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
content-encoding: gzip
last-modified: Thu, 06 Jun 2024 15:52:56 GMT
server: cloudflare
etag: W/"2024.6.1"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 8ab671079e405261-MXP

GET
H3 200 sohne-400-normal.woff
glyph.medium.com/font/b492c44/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 12 KB
13 KB 260ms
163ms Font
application/font-woff 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/b492c44/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8f6e7bfd316a160cd611c23c79c3d0cf8fcbfe22e16592f4afffd03eedf45756

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://labs.guard.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 95174
x-envoy-upstream-service-time: 21
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 8ab67109fdc10e0e-MXP
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Wed, 30 Jul 2025 15:39:27 GMT

GET
H3 200 sohne-700-normal.woff
glyph.medium.com/font/cf896f3/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 13 KB
13 KB 237ms
140ms Font
application/font-woff 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/cf896f3/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-700-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0d63477fd28c0476d71f7d94269d37ebc13ee81002807b40bdcee28351da2019

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://labs.guard.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 95174
x-envoy-upstream-service-time: 17
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 8ab67109fdbf0e0e-MXP
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Wed, 30 Jul 2025 15:39:27 GMT

GET
H3 200 source-serif-pro-400-normal.woff
glyph.medium.com/font/8e059b2/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 12 KB
12 KB 228ms
133ms Font
application/font-woff 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/8e059b2/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/source-serif-pro-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7cb0607a963a4d571ab612d010e4c124c2bb4cc0fd27048efa5f92eedab98ebe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://labs.guard.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 95174
x-envoy-upstream-service-time: 14
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 8ab67109fdb70e0e-MXP
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Wed, 30 Jul 2025 15:39:27 GMT

GET
H3 200 source-serif-pro-700-normal.woff
glyph.medium.com/font/b156742/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 12 KB
13 KB 152ms
57ms Font
application/font-woff 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/b156742/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/source-serif-pro-700-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b579cb06b725609666aeb9fec66152efd7e687c9ba13096c2ce7c1db44c82558

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://labs.guard.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 95174
x-envoy-upstream-service-time: 16
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 8ab67109fdbc0e0e-MXP
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Wed, 30 Jul 2025 15:39:27 GMT

GET
H3 200 source-serif-pro-400-italic.woff
glyph.medium.com/font/76c214a/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 12 KB
13 KB 231ms
136ms Font
application/font-woff 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/76c214a/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/source-serif-pro-400-italic.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7725f2e70b6a54d4e4f93c2ea20bdc4ac549a289a806828e73dfcd3a2969b870

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://labs.guard.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 95174
x-envoy-upstream-service-time: 15
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 8ab67109fdbb0e0e-MXP
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Wed, 30 Jul 2025 15:39:27 GMT

GET
H3 200 source-code-pro-400-normal.woff
glyph.medium.com/font/3bd49b7/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 7 KB
7 KB 227ms
133ms Font
application/font-woff 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/3bd49b7/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/source-code-pro-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

07e3ee7afcbc3462ebf2164763c7f050fc4195d5efa4b039646ae0192c49e2fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://labs.guard.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 95174
x-envoy-upstream-service-time: 25
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 8ab67109fdb40e0e-MXP
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Wed, 30 Jul 2025 15:39:27 GMT

GET
H3 200 source-code-pro-700-normal.woff
glyph.medium.com/font/a9cd261/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 7 KB
7 KB 228ms
134ms Font
application/font-woff 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/a9cd261/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/source-code-pro-700-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8ed9ffd0607f63bb2030024abc5225df6b2fa2a081774e13744d04b12a9be6ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://labs.guard.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 95174
x-envoy-upstream-service-time: 18
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 8ab67109fdb10e0e-MXP
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Wed, 30 Jul 2025 15:39:27 GMT

GET
H3 200 sohne-500-normal.woff
glyph.medium.com/font/df9ba7f/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 12 KB
13 KB 196ms
102ms Font
application/font-woff 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/df9ba7f/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-500-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

45bd34ce2bf3511cc126b1b12bc1597486e925141c10b05627857cb79810140c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://labs.guard.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 95174
x-envoy-upstream-service-time: 47
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 8ab67109fdb00e0e-MXP
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Wed, 30 Jul 2025 15:39:27 GMT

GET
H3 200 source-serif-pro-400-normal.woff
glyph.medium.com/font/8e059b2/3k-4f_4h-52_54-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 57 KB
57 KB 150ms
58ms Font
application/font-woff 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/8e059b2/3k-4f_4h-52_54-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/source-serif-pro-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

202a8c194cdbd74e42b1fc8c8e48b741204e6c7b368af1147740855268887dbe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://labs.guard.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 95174
x-envoy-upstream-service-time: 23
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 8ab67109fdae0e0e-MXP
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Wed, 30 Jul 2025 15:39:27 GMT

GET
H2 200 1*dmbNkD5D-u45r44go_cf0g.png
miro.medium.com/v2/resize:fill:64:64/ 1 KB
2 KB 89ms
56ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fill:64:64/1*dmbNkD5D-u45r44go_cf0g.png

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f90d19259478cca4381bea7e760845de9bcf2155ee96cd8b06049add894022d3

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 69904
x-envoy-upstream-service-time: 32
content-disposition: inline; filename="1*dmbNkD5D-u45r44go_cf0g.png"
alt-svc: h3=":443"; ma=86400
content-length: 1310
x-request-id: 53143c59-f94d-400d-a9a3-b12ef770d14d
sepia-upstream: medium
server: cloudflare
etag: "qUlGJkYhB4LINmyi_TVOvM25Dy409gGbmK5EqrHhPd0/RImNiNjU3ZGRlN2RhNjI0NjU3YTVmNmQ0ZDdhNzEyMDM3Ig"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20240226-230532-797fb80223
accept-ranges: bytes
cf-ray: 8ab671097e1f83b5-MXP
expires: Wed, 30 Jul 2025 15:39:27 GMT

GET
H2 200 1*s7SJaF9dODo7rWqa2rFQ6Q.png
miro.medium.com/v2/resize:fill:88:88/ 6 KB
6 KB 89ms
57ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fill:88:88/1*s7SJaF9dODo7rWqa2rFQ6Q.png

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3177c0013737d38f7a9fc5f06b3e7ba3d6d7ea0d02406d8c5beb176d26b701ab

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 95173
x-envoy-upstream-service-time: 175
content-disposition: inline; filename="1*s7SJaF9dODo7rWqa2rFQ6Q.png"
alt-svc: h3=":443"; ma=86400
content-length: 5653
x-request-id: 3cbddb97-adf9-477f-b377-b280594fb64f
server: cloudflare
etag: "9ivaNyhTKaKecaYmZr68Fn9V98S0df7YQu7TMR33mwc/RImIzYjQ4OTY4NWY1ZDM4M2EzYmFkNmE5YWRhYjE1MGU5Ig"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20240724-071343-5e5ed7a543
accept-ranges: bytes
cf-ray: 8ab671097e1d83b5-MXP
expires: Wed, 30 Jul 2025 15:39:27 GMT

GET
H2 200 1*olxDjak5YFCRW7-Ji0VMXg.png
miro.medium.com/v2/resize:fit:720/format:webp/ 34 KB
34 KB 89ms
57ms Image
image/webp 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fit:720/format:webp/1*olxDjak5YFCRW7-Ji0VMXg.png

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

000a678322b18de6649abef6ad26479df03f66c6000d31a159f2a913c081ecd1

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 93766
x-envoy-upstream-service-time: 338
content-disposition: inline; filename="1*olxDjak5YFCRW7-Ji0VMXg.webp"
alt-svc: h3=":443"; ma=86400
content-length: 34934
x-request-id: 5e9f522c-90ca-49b3-8f16-80d9f754d03a
server: cloudflare
etag: "YXzh1miX4qndlYVobhq_bxorivcuaUlJ2JfvURNm1xU/RImEyNWM0MzhkYTkzOTYwNTA5MTViYmY4OThiNDU0YzVlIg"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20240724-071343-5e5ed7a543
accept-ranges: bytes
cf-ray: 8ab671097e1b83b5-MXP
expires: Wed, 30 Jul 2025 15:39:27 GMT

POST
H3 200 /
labs.guard.io/_/clientele/reports/performance/ 0
0 193ms
192ms Fetch
text/plain 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/clientele/reports/performance/

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.3dc73b13.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
Medium-Clientele-Client: lite
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 30 Jul 2024 15:39:30 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
medium-fulfilled-by: edgy/8.7.1, valencia/main-20240730-125429-16d3d8b941, clientele/main-20240716-093809-ef651b9ed5
x-envoy-upstream-service-time: 16
cf-ray: 8ab6711b2bd44be7-MXP
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 200 11.51005c90.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 20 KB
8 KB 53ms
53ms Script
application/javascript 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/11.51005c90.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.0b74ce57.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f0451a587442fca6a380afc042f676122b442146e9aa1feae9e49b0e1151a4d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:30 GMT
x-amz-version-id: 36cCO0pOnWiejNqRlW7IWOfErAeUvPZN
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 5KFJSQ8VXX3TC6FB
age: 111513
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: xnhq1tMgHtQHO1+bozFMR8eD/aACOp2PbA4CvoT34PDUs4XrXdDAdsAZfMIO6yDt4AVYtl0GRpQ=
last-modified: Mon, 27 May 2024 12:14:27 GMT
server: cloudflare
etag: W/"05baeb0cc66e723dd05d50bed964c411"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8ab6711b3c230dc5-MXP
expires: Wed, 30 Jul 2025 15:39:30 GMT

POST
H3 200 /
labs.guard.io/_/clientele/reports/performance/ 0
0 184ms
171ms Fetch
text/plain 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/clientele/reports/performance/

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.3dc73b13.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
Medium-Clientele-Client: lite
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 30 Jul 2024 15:39:30 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
medium-fulfilled-by: edgy/8.7.1, valencia/main-20240730-125429-16d3d8b941, clientele/main-20240716-093809-ef651b9ed5
x-envoy-upstream-service-time: 11
cf-ray: 8ab6711b7c5a4be7-MXP
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 200 GiveTipButton.4c9e5077.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 5 KB
3 KB 45ms
44ms Script
application/javascript 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/GiveTipButton.4c9e5077.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.0b74ce57.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

993bfcfdb1e6a8363b8149607ae266bef7e6ec40769d08ab17a217e6e3872351

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:30 GMT
x-amz-version-id: MrWUz7CPQDO92U2W.8YPYXDbInaVvcpu
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 37SGA2BTS4THF4BS
age: 535930
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: E3F1c3vqRJqQfyNr9M3rjjwwdpfuNICLKIYtEc+NDM+Fh0u0t/s2V9JiyakNc17zYQr50gZrOp4=
last-modified: Wed, 10 Jul 2024 09:06:47 GMT
server: cloudflare
etag: W/"69fb2ec4893f24097742510245144d3a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8ab6711e498a0dc5-MXP
expires: Wed, 30 Jul 2025 15:39:30 GMT

GET
H2 200 1*olxDjak5YFCRW7-Ji0VMXg.png
miro.medium.com/v2/resize:fit:720/format:webp/ 34 KB
0 0ms
0ms Image
image/webp 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fit:720/format:webp/1*olxDjak5YFCRW7-Ji0VMXg.png

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

000a678322b18de6649abef6ad26479df03f66c6000d31a159f2a913c081ecd1

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:27 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
age: 93766
x-envoy-upstream-service-time: 338
content-disposition: inline; filename="1*olxDjak5YFCRW7-Ji0VMXg.webp"
alt-svc: h3=":443"; ma=86400
content-length: 34934
x-request-id: 5e9f522c-90ca-49b3-8f16-80d9f754d03a
server: cloudflare
etag: "YXzh1miX4qndlYVobhq_bxorivcuaUlJ2JfvURNm1xU/RImEyNWM0MzhkYTkzOTYwNTA5MTViYmY4OThiNDU0YzVlIg"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20240724-071343-5e5ed7a543
accept-ranges: bytes
cf-ray: 8ab671097e1b83b5-MXP
expires: Wed, 30 Jul 2025 15:39:27 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 267 KB
93 KB 242ms
49ms Script
application/javascript 2a00:1450:4001:802::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-7JY7T788PK

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/4900.53bf9e04.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c2704f3a5dd709b5921414276285f033c5b60a666cb1a2658f055b5659fe5c8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:31 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 94931
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 30 Jul 2024 15:39:31 GMT

GET
H3 200 enterprise.js Show response
www.google.com/recaptcha/ 2 KB
1 KB 230ms
44ms Script
text/javascript 172.217.18.4
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise.js?render=6Le-uGgpAAAAAPprRaokM8AKthQ9KNGdoxaGUvVp

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/4900.53bf9e04.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.4 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f4.1e100.net

Software

GSE /

Resource Hash

cd1da311533168ae598c346281e063207190bdfc20eefaae33833be925d8ecc2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Tue, 30 Jul 2024 15:39:31 GMT

GET
H2 200 branch-latest.min.js Show response
cdn.branch.io/ 75 KB
23 KB 1206ms
47ms Script
text/javascript 52.84.174.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.branch.io/branch-latest.min.js
Requested by: Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.84.174.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-84-174-30.cdg50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d8c436394846ea20127a8db032f848015d4d239789429b7e0202609089b5525a

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id: JdSJSDd4bnNFPjlwdZ2RC7ixUU_rrhPQ
content-encoding: gzip
via: 1.1 5321ce1f67b98139d1f43997aea9b44a.cloudfront.net (CloudFront)
date: Tue, 30 Jul 2024 15:38:53 GMT
last-modified: Wed, 10 Apr 2024 21:44:10 GMT
server: AmazonS3
x-amz-cf-pop: CDG50-P1
age: 40
etag: "f4ec9657a3dc111d088e2eca7b9796a4"
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: max-age=300
content-length: 23431
x-amz-cf-id: z21DtGkDohdTzeC9sAf34SsY6rNt7QSa7Vm6DIRhXrFwgCc2Y86MAw==

GET
H3 200 5c50caa54067fd622d2f0fac18392213bf92f6e2fae89b691e62bceb40885e74
miro.medium.com/v2/da:true/resize:fit:0/ 300 KB
300 KB 177ms
177ms Image
image/png 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/da:true/resize:fit:0/5c50caa54067fd622d2f0fac18392213bf92f6e2fae89b691e62bceb40885e74

Requested by

Host: labs.guard.io
URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

67c2e60e6e47776cd0394b8dca668b89acaadee5198bbf9172a61ecc33dec97a

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:31 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 499133
x-envoy-upstream-service-time: 182
content-disposition: inline; filename="5c50caa54067fd622d2f0fac18392213bf92f6e2fae89b691e62bceb40885e74.png"
alt-svc: h3=":443"; ma=86400
content-length: 306868
x-request-id: ef4e86f0-ba42-4eaf-93d8-d5f68c67e461
sepia-upstream: medium
server: cloudflare
etag: "_89iZTbMWFrDAXoszgLV1LA1pq4J7sBwEDXleeW4l1U/RIjIwZDEwN2Y4NjUyZGRjYWYzMDBkNGYxNjllNjMwODQ5Ig"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20240507-223507-a45e18f1bb
accept-ranges: bytes
cf-ray: 8ab6711eba570dc5-MXP
expires: Wed, 30 Jul 2025 15:39:31 GMT

POST
H3 200 graphql Show response
labs.guard.io/_/ 129 B
497 B 207ms
206ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/4900.53bf9e04.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ebf1a377cfaf53c7ac999a40b42af815d6adf1e8109e6c0b89c48c3a9055bbf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
medium-frontend-path: /echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
graphql-operation: VisitorQuery
content-type: application/json
accept: */*
Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
medium-frontend-app: lite/main-20240730-071352-a88b240097
apollographql-client-version: main-20240730-071352-a88b240097

Response headers

date: Tue, 30 Jul 2024 15:39:31 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 44
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"81-tyLYoYo2sKbLY65iGFHsfWSsjYc"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.7.1, valencia/main-20240730-125429-16d3d8b941, rito/main-20240730-125429-16d3d8b941
cf-ray: 8ab67120ddef4be7-MXP
x-request-received-at: 1722353971437

POST
H3 200 graphql Show response
labs.guard.io/_/ 80 B
476 B 198ms
196ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/4900.53bf9e04.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f6adb47c34f420ef114d5ecdb9b7daab2948c5e9c6d7e3441fee907e5a8fef3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
medium-frontend-path: /echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
graphql-operation: AvatarMenuQuery
content-type: application/json
accept: */*
Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
medium-frontend-app: lite/main-20240730-071352-a88b240097
apollographql-client-version: main-20240730-071352-a88b240097

Response headers

date: Tue, 30 Jul 2024 15:39:31 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 26
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"50-uwdNQiS1cauYvMsRotgPVGuGSSE"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.7.1, valencia/main-20240730-125429-16d3d8b941, rito/main-20240730-125429-16d3d8b941
cf-ray: 8ab67120ddf24be7-MXP
x-request-received-at: 1722353971435

POST
H3 200 graphql Show response
labs.guard.io/_/ 807 B
798 B 223ms
221ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/4900.53bf9e04.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1cd7e70a5a236fd75e26cdedaf4876932f4da0ca23f0e1a3411c7304e84027fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
medium-frontend-path: /echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
graphql-operation: ClapCountQuery
content-type: application/json
accept: */*
Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
medium-frontend-app: lite/main-20240730-071352-a88b240097
apollographql-client-version: main-20240730-071352-a88b240097

Response headers

date: Tue, 30 Jul 2024 15:39:31 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 62
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"327-8GRrHhnGtobpTnfekJ+VPVDWnpA"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.7.1, valencia/main-20240730-125429-16d3d8b941, rito/main-20240730-125429-16d3d8b941, tutu/main-20240729-172237-79e7575970
cf-ray: 8ab67120ddf34be7-MXP
x-request-received-at: 1722353971439

POST
H3 200 graphql Show response
labs.guard.io/_/ 210 B
562 B 244ms
242ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/4900.53bf9e04.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

befa52645fc3db9e0a650fb18b29f9e0dab7c33a6382f8a1578271f5ae9fd102

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
medium-frontend-path: /echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
graphql-operation: NewsletterV3ViewerEdge
content-type: application/json
accept: */*
Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
medium-frontend-app: lite/main-20240730-071352-a88b240097
apollographql-client-version: main-20240730-071352-a88b240097

Response headers

date: Tue, 30 Jul 2024 15:39:31 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 55
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"d2-MD+lDkd97xT1fL2qcyubvkspCuA"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.7.1, valencia/main-20240730-125429-16d3d8b941, rito/main-20240730-125429-16d3d8b941, tutu/main-20240729-172237-79e7575970
cf-ray: 8ab67120ddf84be7-MXP
x-request-received-at: 1722353971449

POST
H3 200 graphql Show response
labs.guard.io/_/ 23 KB
5 KB 381ms
357ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/4900.53bf9e04.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d974ac7688d0bf682f9f5fc591051f0f1dd9ca6e21b3bccbed2458615a927c7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
medium-frontend-path: /echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
graphql-operation: MoreFromMediumRecircQuery
content-type: application/json
accept: */*
Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
medium-frontend-app: lite/main-20240730-071352-a88b240097
apollographql-client-version: main-20240730-071352-a88b240097

Response headers

date: Tue, 30 Jul 2024 15:39:31 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 161
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"5dbd-EWzsLd2pnkdBEoO34GjfsnM6yRo"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.7.1, valencia/main-20240730-125429-16d3d8b941, rito/main-20240730-151040-c61cf159e3, tutu/main-20240729-172237-79e7575970
cf-ray: 8ab671211e634be7-MXP
x-request-received-at: 1722353971472

POST
H3 200 graphql Show response
labs.guard.io/_/ 27 B
400 B 188ms
185ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/4900.53bf9e04.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

706e568e0c4a22004a1c177674ae9489b5a3ca9f5a97e4addb3c626c03016548

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
medium-frontend-path: /echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
graphql-operation: ViewerQuery
content-type: application/json
accept: */*
Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
medium-frontend-app: lite/main-20240730-071352-a88b240097
apollographql-client-version: main-20240730-071352-a88b240097

Response headers

date: Tue, 30 Jul 2024 15:39:31 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-envoy-upstream-service-time: 28
alt-svc: h3=":443"; ma=86400
content-length: 27
x-xss-protection: 0
server: cloudflare
etag: W/"1b-zcE2qsOE110W+7rHoTa9C+cwT68"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.7.1, valencia/main-20240730-125429-16d3d8b941, rito/main-20240730-151040-c61cf159e3
cf-ray: 8ab671211e674be7-MXP
x-request-received-at: 1722353971469

POST
H3 200 graphql Show response
labs.guard.io/_/ 96 B
513 B 236ms
213ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/4900.53bf9e04.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

337f27d79005e22074511c664c90544bfb2e55284bd5516753751e179d4f334f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
medium-frontend-path: /echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
graphql-operation: InteractivePostBodyQuery
content-type: application/json
accept: */*
Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
medium-frontend-app: lite/main-20240730-071352-a88b240097
apollographql-client-version: main-20240730-071352-a88b240097

Response headers

date: Tue, 30 Jul 2024 15:39:31 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 63
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"60-va5mJ2PZf2PqP9C65Jg8OScc+Kc"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.7.1, valencia/main-20240730-125429-16d3d8b941, rito/main-20240730-125429-16d3d8b941, tutu/main-20240729-172237-79e7575970
cf-ray: 8ab671211e6a4be7-MXP
x-request-received-at: 1722353971478

GET
H2 200 recaptcha__it.js Show response
www.gstatic.com/recaptcha/releases/Xv-KF0LlBu_a0FJ9I5YSlX5m/ 532 KB
212 KB 750ms
48ms Script
text/javascript 2a00:1450:4001:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/Xv-KF0LlBu_a0FJ9I5YSlX5m/recaptcha__it.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js?render=6Le-uGgpAAAAAPprRaokM8AKthQ9KNGdoxaGUvVp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f3fdff9e8d853a2addbd44d40426a53db9ba8626ad73be12d651aed8201bdd5b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
Origin: https://labs.guard.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 13:50:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6549
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 216073
x-xss-protection: 0
last-modified: Mon, 22 Jul 2024 21:52:36 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 30 Jul 2025 13:50:23 GMT

GET
H3 200 3265.63e510f8.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 2 KB
1 KB 57ms
56ms Script
application/javascript 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3265.63e510f8.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.0b74ce57.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e69fb4a6fafd9dd151f7f445763bbb862d7a6257a3910048f27d82bda0165443

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:31 GMT
x-amz-version-id: IRG.9t8YiKDNfOjf9m9lBNTC1lzYIBpH
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: YERTSNHHA8P5F88T
age: 110131
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: HHFkF5r9SdbEMMucs9oFW3i34S0ALGbaPClZ70f1vMM41So0h9aKk64G0CcXmQ5L0NW3RbanY1o=
last-modified: Mon, 27 May 2024 12:14:30 GMT
server: cloudflare
etag: W/"f4080e499842240df25257ede40aa84e"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8ab6712218bc0dc5-MXP
expires: Wed, 30 Jul 2025 15:39:31 GMT

POST
H2 204 collect Show response
region1.google-analytics.com/g/ 0
243 B 677ms
48ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-7JY7T788PK&gtm=45je47t0v9123887712za200&_p=1722353970976&gcd=13l3lPl2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=95250753&cid=746008728.1722353972&ul=it-it&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1722353971&sct=1&seg=0&dl=https%3A%2F%2Flabs.guard.io%2Fechospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6&dt=%E2%80%9CEchoSpoofing%E2%80%9D%20%E2%80%94%20A%20Massive%20Phishing%20Campaign%20Exploiting%20Proofpoint%E2%80%99s%20Email%20Protection%20to%20Dispatch%20Millions%20of%20Perfectly%20Spoofed%20Emails%20%7C%20by%20Guardio%20%7C%20Jul%2C%202024%20%7C%20Medium&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=7125
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/4900.53bf9e04.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Jul 2024 15:39:32 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://labs.guard.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 graphql Show response
labs.guard.io/_/ 81 B
477 B 201ms
200ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/4900.53bf9e04.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14630d61ff002f2fc564d00a080ba2cef7e0811be983a192549c43335b1d706e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
medium-frontend-path: /echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
graphql-operation: PostGiveTipOnExternalPlatformQuery
content-type: application/json
accept: */*
Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
medium-frontend-app: lite/main-20240730-071352-a88b240097
apollographql-client-version: main-20240730-071352-a88b240097

Response headers

date: Tue, 30 Jul 2024 15:39:31 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 50
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"51-hbfNDSGVO0/XLJV9LgsKsOBLP4E"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.7.1, valencia/main-20240730-125429-16d3d8b941, rito/main-20240730-125429-16d3d8b941
cf-ray: 8ab6712268a14be7-MXP
x-request-received-at: 1722353971684

GET
H2 200 _r Show response
app.link/ 91 B
636 B 339ms
221ms Script
text/javascript 2600:9000:262a:ac00:19:9934:6a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.link/_r?sdk=web2.85.0&branch_key=key_live_ofxXr2qTrrU9NqURK8ZwEhknBxiI6KBm&callback=branch_callback__0

Requested by

Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:262a:ac00:19:9934:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

openresty /

Resource Hash

63fd55e2049538346e0230a15d93be3baa0d9b852c96a25d0b825e513b58ef91

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
via: 1.1 e3a22956d967223c0e78cf3ccbf67b6c.cloudfront.net (CloudFront)
server: openresty
accept-ch: Sec-CH-UA-Platform-Version,Sec-CH-UA-Model
x-amz-cf-pop: CDG52-P6
etag: W/"5b-F+EqNZ6CheFX7PBAh6lmNl87x1w"
x-cache: Miss from cloudfront
content-type: text/javascript; charset=utf-8
content-length: 91
x-amz-cf-id: xOg7iW1IIpPYWgK1CfE_D_FJrNX3op3pHd1Lz84tvASKV9gOBoi0eg==

GET
H3 200 sohne-700-normal.woff
glyph.medium.com/font/cf896f3/3k-4f_4h-52_54-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 18 KB
18 KB 65ms
64ms Font
application/font-woff 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/cf896f3/3k-4f_4h-52_54-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/sohne-700-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4e2f5dae6e68d982ce0401cd8c80e19fc939b0554bf0bc615249ed7bf192643a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://labs.guard.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:33 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 94344
x-envoy-upstream-service-time: 28
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 8ab6712f9e4b0e0e-MXP
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Wed, 30 Jul 2025 15:39:33 GMT

GET
H3 200 anchor
www.google.com/recaptcha/enterprise/ Frame 5F3C 0
0 185ms
65ms Document
text/html 172.217.18.4
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Le-uGgpAAAAAPprRaokM8AKthQ9KNGdoxaGUvVp&co=aHR0cHM6Ly9sYWJzLmd1YXJkLmlvOjQ0Mw..&hl=it&v=Xv-KF0LlBu_a0FJ9I5YSlX5m&size=invisible&cb=tw8setrzh83

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Xv-KF0LlBu_a0FJ9I5YSlX5m/recaptcha__it.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.4 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f4.1e100.net

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-TMYqc5OK5q-sgu3ImOZPAg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-TMYqc5OK5q-sgu3ImOZPAg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 30 Jul 2024 15:39:34 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

POST
H3 200 graphql Show response
labs.guard.io/_/ 816 B
608 B 189ms
187ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/4900.53bf9e04.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0710daff434109151b64fd61da69be9722bbd4533f4688420ce6e6e7fd8320e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
medium-frontend-path: /echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
graphql-operation: ClapCountQuery
content-type: application/json
accept: */*
Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
medium-frontend-app: lite/main-20240730-071352-a88b240097
apollographql-client-version: main-20240730-071352-a88b240097

Response headers

date: Tue, 30 Jul 2024 15:39:34 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
x-envoy-upstream-service-time: 41
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
server: cloudflare
etag: W/"330-wEflS/3i6IiF8nQqwSFqp0qSBXw"
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: edgy/8.7.1, valencia/main-20240730-125429-16d3d8b941, rito/main-20240730-125429-16d3d8b941
cf-ray: 8ab671339c684be7-MXP
x-request-received-at: 1722353974427

POST
H2 200 open Show response
api2.branch.io/v1/ 316 B
709 B 747ms
195ms XHR
application/json 2600:9000:2394:ea00:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/open

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/4900.53bf9e04.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2394:ea00:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ Branch

Resource Hash

95e21c6cc7ad619b0d1560da250930751289d7856e07a0f39adc542b1d0ab194

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 30 Jul 2024 15:39:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ac059d7185137233d6f58dd3345e3798.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P2
x-powered-by: Branch
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache
x-branch-request-id: 4ca9238d-56bf-4ce8-8d11-a9fba703a037-2024073015
content-length: 316
x-amz-cf-id: Ekvjw5T9mEM7mXH55eWHmpvKVFFkSf9jYHDo_5-jiWUH62uNQrVLOQ==

POST
H3 200 /
labs.guard.io/_/clientele/reports/performance/ 0
0 177ms
175ms Fetch
text/plain 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/clientele/reports/performance/

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.3dc73b13.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
Medium-Clientele-Client: lite
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 30 Jul 2024 15:39:35 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: text/plain;charset=UTF-8
medium-fulfilled-by: edgy/8.7.1, valencia/main-20240730-125429-16d3d8b941, clientele/main-20240716-093809-ef651b9ed5
x-envoy-upstream-service-time: 13
cf-ray: 8ab67137bb774be7-MXP
alt-svc: h3=":443"; ma=86400
content-length: 0

POST
H3 204 rum Show response
labs.guard.io/cdn-cgi/ 0
141 B 34ms
32ms XHR
text/plain 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/cdn-cgi/rum?

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/4900.53bf9e04.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type: application/json

Response headers

date: Tue, 30 Jul 2024 15:39:35 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://labs.guard.io
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 8ab67137bb794be7-MXP

GET
H3 200 1*m-R_BkNf1Qjr1YbyOIJY2w.png
miro.medium.com/v2/ 737 B
1 KB 50ms
50ms Other
image/png 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://miro.medium.com/v2/1*m-R_BkNf1Qjr1YbyOIJY2w.png

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22c615bd22b74f1ea5bc75e4f06ca7f877e3d76f15b98beb36af76909b7e25d7

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 15:39:35 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 65711
x-envoy-upstream-service-time: 17
content-disposition: inline; filename="1*m-R_BkNf1Qjr1YbyOIJY2w.png"
alt-svc: h3=":443"; ma=86400
content-length: 737
x-request-id: 4ef53a67-638b-4f59-89a5-6f70b4f3f622
sepia-upstream: medium
server: cloudflare
etag: "yj0WO6sFU4GCciYUBWjzvvfqrBh869doeOC2Pp5EI1Y/RIjliZTQ3ZjA2NDM1ZmQ1MDhlYmQ1ODZmMjM4ODI1OGRiIg"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20240226-230532-797fb80223
accept-ranges: bytes
cf-ray: 8ab67137baae0dc5-MXP
expires: Wed, 30 Jul 2025 15:39:35 GMT

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
350 B 206ms
203ms XHR
application/json 2600:9000:2394:ea00:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/pageview

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/4900.53bf9e04.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2394:ea00:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ Branch

Resource Hash

a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 30 Jul 2024 15:39:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ac059d7185137233d6f58dd3345e3798.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P2
x-powered-by: Branch
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
content-length: 28
x-amz-cf-id: PKtsMiHOPVD2AxgTXNdIe5Aig9hLRGGk19Tx8DIKpFXoiiPNr_lCUg==

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
351 B 350ms
348ms XHR
application/json 2600:9000:2394:ea00:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/pageview

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/4900.53bf9e04.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2394:ea00:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ Branch

Resource Hash

a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 30 Jul 2024 15:39:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 ac059d7185137233d6f58dd3345e3798.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P2
x-powered-by: Branch
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
content-length: 28
x-amz-cf-id: _UgEvbX6AGzN9cA1qUdqZq-AxcLwb5fFXJ25Khg2nYu95y-vSDpGFw==

POST
H3 200 batch Show response
labs.guard.io/_/ 17 B
278 B 207ms
204ms Fetch
application/json 162.159.152.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.guard.io/_/batch

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.3dc73b13.js

Protocol

Security

QUIC, , AES_128_GCM

Server

162.159.152.4 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
x-xsrf-token: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
content-type: application/json

Response headers

date: Tue, 30 Jul 2024 15:39:35 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
worker-missing-cookies: 0
vary: Accept-Encoding
content-type: application/json
medium-fulfilled-by: edgy/8.7.1, valencia/main-20240730-125429-16d3d8b941
x-envoy-upstream-service-time: 43
cf-ray: 8ab6713a6ffd4be7-MXP
alt-svc: h3=":443"; ma=86400
content-length: 17

Verdicts & Comments Add Verdict or Comment

25 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.labs.guard.io/	1969-12-31 23:59:59	Name: _cfuvid Value: d96whWvbYwiUzrihqJtjRJEtTZ1Hd4UaKAFFzryv0jU-1722353964876-0.0.1.1-604800000
.medium.com/	1970-01-21 08:01:53	Name: uid Value: lo_da1bb5949837
.medium.com/	1970-01-21 08:01:53	Name: sid Value: 1:sJ5fEJbcJ/oy5rVtME70L8SgD9sUY/ltDosX24b7B/DRgrEbbmR9kEkssmHmMGOF
labs.guard.io/	1970-01-21 08:01:53	Name: uid Value: lo_da1bb5949837
labs.guard.io/	1970-01-21 08:01:53	Name: sid Value: 1:tWVKfcsnnoUVRawOH4Vat52wzNsSdJv6jg9q6GL66jp1PhilBcrbV/N+juFOnbfr
labs.guard.io/	1970-01-20 22:25:54	Name: _dd_s Value: rum=0&expire=1722354870480
.medium.com/	1969-12-31 23:59:59	Name: _cfuvid Value: Xbs1.GgRb5frnkOxeGZruUxzFbdmFPqpyCHtfqBnPj4-1722353970460-0.0.1.1-604800000
.guard.io/	1970-01-21 08:01:53	Name: _ga_7JY7T788PK Value: GS1.1.1722353971.1.0.1722353971.0.0.0
.guard.io/	1970-01-21 08:01:53	Name: _ga Value: GA1.1.746008728.1722353972
.app.link/	1970-01-21 07:11:29	Name: _s Value: C7Elndr02iH34dCxUQmAYwRJMLO36s7e2qohT%2BEG%2Boji7mGY3dZARU%2FyAaPuFH4T

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=e022570d5c70(Line 41) Message: document.domain mutation is ignored because the surrounding agent cluster is origin-keyed.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' https://medium.com
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api2.branch.io
app.link
cdn-client.medium.com
cdn.branch.io
glyph.medium.com
labs.guard.io
medium.com
miro.medium.com
region1.google-analytics.com
static.cloudflareinsights.com
www.google.com
www.googletagmanager.com
www.gstatic.com
162.159.152.4
172.217.18.4
2001:4860:4802:34::36
2600:9000:2394:ea00:11:f728:3040:93a1
2600:9000:262a:ac00:19:9934:6a80:93a1
2606:4700:7::a29f:9804
2606:4700:7::a29f:9904
2606:4700::6810:4f49
2a00:1450:4001:802::2008
2a00:1450:4001:81d::2003
52.84.174.30
000a678322b18de6649abef6ad26479df03f66c6000d31a159f2a913c081ecd1
0710daff434109151b64fd61da69be9722bbd4533f4688420ce6e6e7fd8320e0
07e3ee7afcbc3462ebf2164763c7f050fc4195d5efa4b039646ae0192c49e2fb
0d63477fd28c0476d71f7d94269d37ebc13ee81002807b40bdcee28351da2019
12c333a76ec82d35a4541956e0e8b4591b55d76f1d1ee4e47f3dd0ec33229e43
14630d61ff002f2fc564d00a080ba2cef7e0811be983a192549c43335b1d706e
171cece4ac2237f1003b18b0fe31873be2d2dfcd6b835525fef7734dd3885b72
176adc8a2e7c593e7de6246f98aaef4ede5615a84b199f4d43c4609d505b4972
1ba7072a7fc413971fa79ad1c5f4fc98fbaf7a5ac321885f5d3886a0b5c28680
1cd7e70a5a236fd75e26cdedaf4876932f4da0ca23f0e1a3411c7304e84027fa
202a8c194cdbd74e42b1fc8c8e48b741204e6c7b368af1147740855268887dbe
22c615bd22b74f1ea5bc75e4f06ca7f877e3d76f15b98beb36af76909b7e25d7
2355c3c93710ccfd13355ec87edc1243b2341189f7c873f52378eb8a8159fe23
2750eff80d7b7007e89ead29081bb8dd542380a559ba60e2b21d29a024aec6eb
291126096921ec3de9ea4131c85fb22ace9fd8229beffe905a41ddb79cad8250
2f1a06c090ad551714945f1dc0605c6171889c9c93768aaf962f57886c15281d
2f25b523ce114c6426fd0118833806fcf06a4e1accc255fea51f625d1f588f0d
3177c0013737d38f7a9fc5f06b3e7ba3d6d7ea0d02406d8c5beb176d26b701ab
337f27d79005e22074511c664c90544bfb2e55284bd5516753751e179d4f334f
3639be8e4ba5601ced1bf12900df1a7bf14deef91263bdff6633a58ec9da15ff
39b73436e38297e5b9d655a6264105f40ade886aa0b0e52e10b2b57c589e11ca
400b247961e9622212af34c456092985edc6b0843cb4dcef8b34a16977875373
444f8f60b2b2487e604807744d79ee8c858d4cd9ab81dd742bd58929e5798812
45bd34ce2bf3511cc126b1b12bc1597486e925141c10b05627857cb79810140c
45dbf060ec052a3b0ca5ae7211eaa27c950db65b019aa456e1e686a85f8a327e
4e2f5dae6e68d982ce0401cd8c80e19fc939b0554bf0bc615249ed7bf192643a
5179226028b386f2a73b03188f75d23732b62532dab304a1cd5fe2d9dd6ceaed
56c44c0cd51381d7a23524a3b866b70683879be4fdaccd39bc803c19af2e0862
596a95a744f3a8ded44d27a9315474eda9763694d96798a4f178e3829aa10260
63fd55e2049538346e0230a15d93be3baa0d9b852c96a25d0b825e513b58ef91
67c2e60e6e47776cd0394b8dca668b89acaadee5198bbf9172a61ecc33dec97a
6a839d8b35bf8434f24f1f80677762baa5f6b99855fef78fd1adf3ad4566e0c1
6ab38f7ef7268334a66cbd03aec36a69fbf9639539f111afc28f1dc08c905333
6abc1181893e8d3b3f1fa7e2541e70ca6980faec88b38729207f61580907d93b
6ebf1a377cfaf53c7ac999a40b42af815d6adf1e8109e6c0b89c48c3a9055bbf
706e568e0c4a22004a1c177674ae9489b5a3ca9f5a97e4addb3c626c03016548
7725f2e70b6a54d4e4f93c2ea20bdc4ac549a289a806828e73dfcd3a2969b870
7cb0607a963a4d571ab612d010e4c124c2bb4cc0fd27048efa5f92eedab98ebe
8413035088a7197e2e5bb05703e80217d96b13523fc76e89a877dbd1781c730a
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f
8ed9ffd0607f63bb2030024abc5225df6b2fa2a081774e13744d04b12a9be6ba
8f6e7bfd316a160cd611c23c79c3d0cf8fcbfe22e16592f4afffd03eedf45756
95e21c6cc7ad619b0d1560da250930751289d7856e07a0f39adc542b1d0ab194
993bfcfdb1e6a8363b8149607ae266bef7e6ec40769d08ab17a217e6e3872351
a3edb3930e433b6ee76c26ed156d44196652363b4fa881a3e140b3e0b43d2a3d
a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb
b3985e3779ce6d21045b715324bc4837fc966d0c762a479e5da9764b438e41d4
b54187c08d16f6492780c02344ddc87057e150494196f0f8860dfb7f7b769bc8
b579cb06b725609666aeb9fec66152efd7e687c9ba13096c2ce7c1db44c82558
b8ab750486ec34b8b26f0f0eda0cd16e4715c12a0c265bea080e9581711abd78
bc8368078dd9744e4f4332aa3cc3864c656efb269889e273bdf7ec0ec05ae764
befa52645fc3db9e0a650fb18b29f9e0dab7c33a6382f8a1578271f5ae9fd102
c1846ba30141060fb2a1325977174bc50bc5b530328f04b85a5a65ca79894d00
c2704f3a5dd709b5921414276285f033c5b60a666cb1a2658f055b5659fe5c8f
cd1da311533168ae598c346281e063207190bdfc20eefaae33833be925d8ecc2
d0adcabcf447a30994bf3c7516a1b2b2636123741cf06f9515f172d990dde572
d8c436394846ea20127a8db032f848015d4d239789429b7e0202609089b5525a
d974ac7688d0bf682f9f5fc591051f0f1dd9ca6e21b3bccbed2458615a927c7c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4ed9e8bae07a5ed2755cc1818fd89700e2f486de9a6098a36b2ee907ba63a6a
e69fb4a6fafd9dd151f7f445763bbb862d7a6257a3910048f27d82bda0165443
eada6d1c06b5d675e0c143a2fbef8bf83e3060e9ba20ceeb37ec9415ce9bdbaa
ec4f1652b214c16687a626534f271c6f28764abcb69fa8a6fafa7b0be9f74138
f0451a587442fca6a380afc042f676122b442146e9aa1feae9e49b0e1151a4d1
f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
f3fdff9e8d853a2addbd44d40426a53db9ba8626ad73be12d651aed8201bdd5b
f64e1663932ee61acc447f098d51cc369d7cee286df892fb2633826c6683cfe5
f6adb47c34f420ef114d5ecdb9b7daab2948c5e9c6d7e3441fee907e5a8fef3f
f90d19259478cca4381bea7e760845de9bcf2155ee96cd8b06049add894022d3
fc5a16559d51e56d29084f481d3f6915a545e0ed5da3a3f5144c0003b183d115

labs.guard.io Open in urlscan Pro 162.159.152.4 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

77 Requests

100 %HTTPS

73 %IPv6

9 Domains

13 Subdomains

10 IPs

3 Countries

1562 kBTransfer

4093 kBSize

10 Cookies

67 Outgoing links

Page URL History

Redirected requests

77 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

labs.guard.io Open in urlscan Pro
162.159.152.4 Public Scan

Screenshot
Live screenshot

Full Image

77
Requests

100 %
HTTPS

73 %
IPv6

9
Domains

13
Subdomains

10
IPs

3
Countries

1562 kB
Transfer

4093 kB
Size

10
Cookies

77 HTTP transactions
0 data transactions