doublepulsar.com Open in urlscan Pro
52.1.147.205 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilitie...
Effective URL:
https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilitie...
Submission: On August 27 via api (August 27th 2021, 2:50:16 pm UTC) from US

Summary HTTP 132 Redirects Links 72 Behaviour Indicators

Summary

This website contacted 12 IPs in 2 countries across 8 domains to perform 132 HTTP transactions. The main IP is 52.1.147.205, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is doublepulsar.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on January 21st 2021. Valid for: a year.

This is the only time doublepulsar.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 17	52.1.147.205 52.1.147.205	14618 (AMAZON-AES) (AMAZON-AES)
1 14	2606:4700:7::... 2606:4700:7::a29f:9904	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:6c0... 2a02:26f0:6c00:2a0::13b8	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
80	2606:4700:7::... 2606:4700:7::a29f:9804	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
1	13.224.96.77 13.224.96.77	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
1	2600:9000:210... 2600:9000:2104:c800:19:9934:6a80:93a1	16509 (AMAZON-02) (AMAZON-02)
10	2606:4700:303... 2606:4700:3036::ac43:b550	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2600:9000:210... 2600:9000:2104:1000:11:f728:3040:93a1	16509 (AMAZON-02) (AMAZON-02)
2	52.72.27.138 52.72.27.138	14618 (AMAZON-AES) (AMAZON-AES)
2	2600:1f18:24e... 2600:1f18:24e6:b902:7ab8:f7c0:e391:d374	14618 (AMAZON-AES) (AMAZON-AES)
132	12

17 52.1.147.205 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-1-147-205.compute-1.amazonaws.com

doublepulsar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2606:4700:7::a29f:9904 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
glyph.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
miro.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-client.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:2a0::13b8 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

cdn.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

80 2606:4700:7::a29f:9804 (United States)

ASN13335 (CLOUDFLARENET, US)

glyph.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
miro.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-client.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.96.77 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-96-77.zrh50.r.cloudfront.net

cdn.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2104:c800:19:9934:6a80:93a1 (United States)

ASN16509 (AMAZON-02, US)

app.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2606:4700:3036::ac43:b550 (United States)

ASN13335 (CLOUDFLARENET, US)

lightstep.medium.systems	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:2104:1000:11:f728:3040:93a1 (United States)

ASN16509 (AMAZON-02, US)

api2.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.72.27.138 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-72-27-138.compute-1.amazonaws.com

errors.client.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:24e6:b902:7ab8:f7c0:e391:d374 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

browser-http-intake.logs.datadoghq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
94	medium.com 1 redirects medium.com glyph.medium.com miro.medium.com cdn-client.medium.com	1 MB
17	doublepulsar.com 1 redirects doublepulsar.com	61 KB
10	medium.systems lightstep.medium.systems	3 KB
5	branch.io cdn.branch.io api2.branch.io	26 KB
3	optimizely.com cdn.optimizely.com errors.client.optimizely.com	97 KB
2	datadoghq.com browser-http-intake.logs.datadoghq.com	93 B
2	google-analytics.com www.google-analytics.com	19 KB
1	app.link app.link	567 B
132	8

	Domain	Requested by
43	cdn-client.medium.com	doublepulsar.com cdn-client.medium.com
38	miro.medium.com	doublepulsar.com
17	doublepulsar.com	1 redirects cdn-client.medium.com
12	glyph.medium.com	doublepulsar.com glyph.medium.com
10	lightstep.medium.systems	cdn-client.medium.com
4	api2.branch.io	cdn-client.medium.com
2	browser-http-intake.logs.datadoghq.com	cdn-client.medium.com
2	errors.client.optimizely.com	cdn-client.medium.com
2	www.google-analytics.com	doublepulsar.com cdn-client.medium.com
1	app.link	cdn.branch.io
1	cdn.branch.io	doublepulsar.com
1	cdn.optimizely.com	doublepulsar.com
1	medium.com	1 redirects
132	13

This site contains links to these domains. Also see Links.

Domain
medium.com
rsci.app.link
policy.medium.com
twitter.com
symantec-enterprise-blogs.security.com
www.zerodayinitiative.com
msrc.microsoft.com
www.bleepingcomputer.com
www.reddit.com
github.com
searchsecurity.techtarget.com
www.microsoft.com
us-cert.cisa.gov
gerritcomfix.medium.com
bromiley.medium.com
javascript.plainenglish.io
gotoflorian-pro.medium.com
shice1910.medium.com
vzmediaplatform.medium.com
help.medium.com
itunes.apple.com
play.google.com

Subject Issuer	Validity	Valid
doublepulsar.com Sectigo RSA Domain Validation Secure Server CA	`2021-01-21` - `2022-01-21`	a year	crt.sh
medium.com Cloudflare Inc ECC CA-3	`2021-07-04` - `2021-10-01`	3 months	crt.sh
cdn.optimizely.com DigiCert SHA2 Secure Server CA	`2021-02-17` - `2022-02-21`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
*.branch.io DigiCert TLS RSA SHA256 2020 CA1	`2020-11-25` - `2021-12-25`	a year	crt.sh
appipv4.link Amazon	`2021-06-24` - `2022-07-23`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-04` - `2022-07-03`	a year	crt.sh
errors.client.optimizely.com Amazon	`2021-08-04` - `2022-09-02`	a year	crt.sh
*.logs.datadoghq.com Sectigo RSA Domain Validation Secure Server CA	`2020-05-31` - `2022-05-31`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
Frame ID: 64346982F94C0836EB1E9B61C017775E
Requests: 125 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Multiple threat actors, including a ransomware gang, exploiting Exchange ProxyShell vulnerabilities | by Kevin Beaumont | Aug, 2021 | DoublePulsar

Page URL History Show full URLs

https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxy... HTTP 307
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fdoublepulsar.com%2Fmultiple-thre... HTTP 302
https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxy... Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

132
Requests

100 %
HTTPS

75 %
IPv6

8
Domains

13
Subdomains

12
IPs

2
Countries

1520 kB
Transfer

3854 kB
Size

9
Cookies

72 Outgoing links

These are links going to different origins than the main page.

URL: https://medium.com/?source=post_page-----c457b1655e9c--------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fdoublepulsar.com%2Fmultiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c&source=post_page-----c457b1655e9c---------------------nav_reg-----------
Title: Sign in

Search URL Search Domain Scan URL

URL: https://rsci.app.link/?%24canonical_url=https%3A%2F%2Fmedium.com%2Fp%2Fc457b1655e9c&~feature=LoOpenInAppButton&~channel=ShowPostUnderCollection&~stage=mobileNavBar&source=post_page-----c457b1655e9c--------------------------------
Title: Open in app

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fdoublepulsar.com%2Fmultiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c&source=post_page-----c457b1655e9c---------------------nav_reg-----------
Title: Get started

Search URL Search Domain Scan URL

URL: https://medium.com/doublepulsar/newsletters/doublepulsar-cybersecurity-threat-intelligence?source=post_page-----c457b1655e9c--------------------------------
Title: Newsletter

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-rules-30e5502c4eb4?source=responses-----c457b1655e9c--------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fdoublepulsar.com%2Fmultiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c&source=responses-----c457b1655e9c---------------------respond_sidebar-----------
Title: What are your thoughts?

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fdoublepulsar.com%2Fmultiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c&source=-----c457b1655e9c---------------------smart_meter-----------
Title: Sign up for Medium and get an extra one

Search URL Search Domain Scan URL

URL: https://medium.com/@networksecurity?source=post_page-----c457b1655e9c--------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fuser%2F7db6d2df42a6&operation=register&redirect=https%3A%2F%2Fdoublepulsar.com%2Fmultiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c&user=Kevin%20Beaumont&userId=7db6d2df42a6&source=post_page-7db6d2df42a6----c457b1655e9c---------------------follow_byline-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2Fc457b1655e9c&operation=register&redirect=https%3A%2F%2Fdoublepulsar.com%2Fmultiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c&source=post_actions_header--------------------------bookmark_preview-----------

Search URL Search Domain Scan URL

URL: https://twitter.com/orange_8361
Title: Orange Tsai

Search URL Search Domain Scan URL

URL: https://twitter.com/GossiTheDog/status/1426114648609337344
Title: <img alt="" class="t u v jb aj" src="https://miro.medium.com/max/1400/1*u9RwN0668pjS1BTgAenrNQ.png" width="700" height="463" srcSet="https://miro.medium.com/max/552/1*u9RwN0668pjS1BTgAenrNQ.png 276w, https://miro.medium.com/max/1104/1*u9RwN0668pjS1BTgAenrNQ.png 552w, https://miro.medium.com/max/1280/1*u9RwN0668pjS1BTgAenrNQ.png 640w, https://miro.medium.com/max/1400/1*u9RwN0668pjS1BTgAenrNQ.png 700w" sizes="700px" role="presentation"/>

Search URL Search Domain Scan URL

URL: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lockfile-ransomware-new-petitpotam-windows
Title: LockFile: Ransomware Uses PetitPotam Exploit to Compromise Windows Domain Controllers | Symantec Blogs (security.com)

Search URL Search Domain Scan URL

URL: https://twitter.com/GossiTheDog/status/1427225282713427968
Title: <img alt="" class="t u v jb aj" src="https://miro.medium.com/max/1400/1*62rghLij4Vr4jtvWcKmWow.png" width="700" height="697" srcSet="https://miro.medium.com/max/552/1*62rghLij4Vr4jtvWcKmWow.png 276w, https://miro.medium.com/max/1104/1*62rghLij4Vr4jtvWcKmWow.png 552w, https://miro.medium.com/max/1280/1*62rghLij4Vr4jtvWcKmWow.png 640w, https://miro.medium.com/max/1400/1*62rghLij4Vr4jtvWcKmWow.png 700w" sizes="700px" role="presentation"/>

Search URL Search Domain Scan URL

URL: https://twitter.com/buffaloverflow/status/1429050360212119555?s=20
Title: <img alt="" class="t u v jb aj" src="https://miro.medium.com/max/1400/1*sdwri3ewG0QVcwMgBM2ixw.png" width="700" height="644" srcSet="https://miro.medium.com/max/552/1*sdwri3ewG0QVcwMgBM2ixw.png 276w, https://miro.medium.com/max/1104/1*sdwri3ewG0QVcwMgBM2ixw.png 552w, https://miro.medium.com/max/1280/1*sdwri3ewG0QVcwMgBM2ixw.png 640w, https://miro.medium.com/max/1400/1*sdwri3ewG0QVcwMgBM2ixw.png 700w" sizes="700px" role="presentation"/>

Search URL Search Domain Scan URL

URL: https://www.zerodayinitiative.com/blog/2021/8/17/from-pwn2own-2021-a-new-attack-surface-on-microsoft-exchange-proxyshell
Title: Zero Day Initiative — From Pwn2Own 2021: A New Attack Surface on Microsoft Exchange — ProxyShell!

Search URL Search Domain Scan URL

URL: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34473
Title: CVE-2021–34473

Search URL Search Domain Scan URL

URL: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34523
Title: CVE-2021–34523

Search URL Search Domain Scan URL

URL: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31207
Title: CVE-2021–31207

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-servers-are-getting-hacked-via-proxyshell-exploits/
Title: Microsoft Exchange servers are getting hacked via ProxyShell exploits (bleepingcomputer.com)

Search URL Search Domain Scan URL

URL: https://www.reddit.com/r/msp/comments/p8ik84/polite_warning_please_patch_the_newest_exchange/h9qqq83/
Title: Polite Warning: Please Patch the Newest Exchange Vuln : msp (reddit.com)

Search URL Search Domain Scan URL

URL: https://github.com/GossiTheDog/scanning/blob/main/http-vuln-exchange-proxyshell.nse
Title: scanning/http-vuln-exchange-proxyshell.nse at main · GossiTheDog/scanningContribute to GossiTheDog/scanning development by creating an account on GitHub.github.com

Search URL Search Domain Scan URL

URL: https://twitter.com/GossiTheDog/status/1423974672383856642
Title: <img alt="" class="t u v jb aj" src="https://miro.medium.com/max/1400/1*IjYYNH-Hdk2OS1r2Bpli_Q.png" width="700" height="1121" srcSet="https://miro.medium.com/max/552/1*IjYYNH-Hdk2OS1r2Bpli_Q.png 276w, https://miro.medium.com/max/1104/1*IjYYNH-Hdk2OS1r2Bpli_Q.png 552w, https://miro.medium.com/max/1280/1*IjYYNH-Hdk2OS1r2Bpli_Q.png 640w, https://miro.medium.com/max/1400/1*IjYYNH-Hdk2OS1r2Bpli_Q.png 700w" sizes="700px" role="presentation"/>

Search URL Search Domain Scan URL

URL: https://searchsecurity.techtarget.com/news/252505450/Many-Exchange-servers-still-vulnerable-to-ProxyLogon-ProxyShell?utm_campaign=ssec_security&utm_content=1629300558&utm_medium=social&utm_source=twitter
Title: <img alt="" class="t u v jb aj" src="https://miro.medium.com/max/1400/1*RlD-7L_z5RnXAPaonz3LfA.png" width="700" height="715" srcSet="https://miro.medium.com/max/552/1*RlD-7L_z5RnXAPaonz3LfA.png 276w, https://miro.medium.com/max/1104/1*RlD-7L_z5RnXAPaonz3LfA.png 552w, https://miro.medium.com/max/1280/1*RlD-7L_z5RnXAPaonz3LfA.png 640w, https://miro.medium.com/max/1400/1*RlD-7L_z5RnXAPaonz3LfA.png 700w" sizes="700px" role="presentation"/>

Search URL Search Domain Scan URL

URL: https://twitter.com/GossiTheDog/status/1423609007063851015
Title: <img alt="" class="t u v jb aj" src="https://miro.medium.com/max/1400/1*fTD2aXnSkh1IjwhVvOhOwg.png" width="700" height="447" srcSet="https://miro.medium.com/max/552/1*fTD2aXnSkh1IjwhVvOhOwg.png 276w, https://miro.medium.com/max/1104/1*fTD2aXnSkh1IjwhVvOhOwg.png 552w, https://miro.medium.com/max/1280/1*fTD2aXnSkh1IjwhVvOhOwg.png 640w, https://miro.medium.com/max/1400/1*fTD2aXnSkh1IjwhVvOhOwg.png 700w" sizes="700px" role="presentation"/>

Search URL Search Domain Scan URL

URL: https://github.com/GossiTheDog/ThreatHunting/blob/master/AzureSentinel/Exchange-Powershell-via-SSRF
Title: ThreatHunting/Exchange-Powershell-via-SSRF at master · GossiTheDog/ThreatHunting (github.com)

Search URL Search Domain Scan URL

URL: https://github.com/GossiTheDog/ThreatHunting/blob/master/AzureSentinel/Exchange-ProxyShell-RBAC
Title: ThreatHunting/Exchange-ProxyShell-RBAC at master · GossiTheDog/ThreatHunting (github.com)

Search URL Search Domain Scan URL

URL: https://github.com/GossiTheDog/ThreatHunting/blob/master/AzureSentinel/Exchange-CVE-2021-34473-SSRF
Title: ThreatHunting/Exchange-CVE-2021–34473-SSRF at master · GossiTheDog/ThreatHunting (github.com)

Search URL Search Domain Scan URL

URL: https://github.com/GossiTheDog/ThreatHunting/blob/master/AzureSentinel/Exchange-ProxyShell-SSRF
Title: ThreatHunting/Exchange-ProxyShell-SSRF at master · GossiTheDog/ThreatHunting (github.com)

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/security/blog/2021/06/30/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise/
Title: example

Search URL Search Domain Scan URL

URL: https://us-cert.cisa.gov/ncas/current-activity/2021/08/21/urgent-protect-against-active-exploitation-proxyshell
Title: <img alt="" class="t u v jb aj" src="https://miro.medium.com/max/1400/1*rCHyIaUk8a7PX-olIw1NnA.png" width="700" height="253" srcSet="https://miro.medium.com/max/552/1*rCHyIaUk8a7PX-olIw1NnA.png 276w, https://miro.medium.com/max/1104/1*rCHyIaUk8a7PX-olIw1NnA.png 552w, https://miro.medium.com/max/1280/1*rCHyIaUk8a7PX-olIw1NnA.png 640w, https://miro.medium.com/max/1400/1*rCHyIaUk8a7PX-olIw1NnA.png 700w" sizes="700px" role="presentation"/>

Search URL Search Domain Scan URL

URL: https://twitter.com/NSACyber/status/1429073988957970441?s=20
Title: <img alt="" class="t u v jb aj" src="https://miro.medium.com/max/1400/1*CvDtyvsgtYHqr5hn0IDEVA.png" width="700" height="331" srcSet="https://miro.medium.com/max/552/1*CvDtyvsgtYHqr5hn0IDEVA.png 276w, https://miro.medium.com/max/1104/1*CvDtyvsgtYHqr5hn0IDEVA.png 552w, https://miro.medium.com/max/1280/1*CvDtyvsgtYHqr5hn0IDEVA.png 640w, https://miro.medium.com/max/1400/1*CvDtyvsgtYHqr5hn0IDEVA.png 700w" sizes="700px" role="presentation"/>

Search URL Search Domain Scan URL

URL: https://twitter.com/VirITeXplorer/status/1428750497872232459
Title: link

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fcollection%2Fdoublepulsar%2Fc457b1655e9c&operation=register&redirect=https%3A%2F%2Fdoublepulsar.com%2Fmultiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c&collection=DoublePulsar&collectionId=8343faddf0ec&source=post_sidebar--------------------------follow_sidebar-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fdoublepulsar%2Fc457b1655e9c&operation=register&redirect=https%3A%2F%2Fdoublepulsar.com%2Fmultiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c&user=Kevin%20Beaumont&userId=7db6d2df42a6&source=post_sidebar-----c457b1655e9c---------------------clap_sidebar-----------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2Fc457b1655e9c&operation=register&redirect=https%3A%2F%2Fdoublepulsar.com%2Fmultiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c&source=post_sidebar-----c457b1655e9c---------------------bookmark_sidebar-----------

Search URL Search Domain Scan URL

URL: https://medium.com/doublepulsar/newsletters/doublepulsar-cybersecurity-threat-intelligence?source=newsletter_v3_promo--------------------------newsletter_v3_promo-----------
Title: Take a look.

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=%2F_%2Fapi%2Fsubscriptions%2Fnewsletters%2Fbf3adc545c1c&operation=register&redirect=https%3A%2F%2Fmedium.com%2Fdoublepulsar%2Fnewsletters%2Fdoublepulsar-cybersecurity-threat-intelligence&collection=DoublePulsar&collectionId=8343faddf0ec&newsletterV3=DoublePulsar%20Cybersecurity%20Threat%20Intelligence&newsletterV3Id=bf3adc545c1c&user=Kevin%20Beaumont&userId=7db6d2df42a6&source=newsletter_v3_promo--------------------------newsletter_v3_promo-----------
Title: Get this newsletter

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fdoublepulsar%2Fc457b1655e9c&operation=register&redirect=https%3A%2F%2Fdoublepulsar.com%2Fmultiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c&user=Kevin%20Beaumont&userId=7db6d2df42a6&source=post_actions_footer-----c457b1655e9c---------------------clap_footer-----------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2Fc457b1655e9c&operation=register&redirect=https%3A%2F%2Fdoublepulsar.com%2Fmultiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c&source=post_actions_footer--------------------------bookmark_footer-----------

Search URL Search Domain Scan URL

URL: https://medium.com/@networksecurity?source=follow_footer-----c457b1655e9c--------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fuser%2F7db6d2df42a6%2Fc457b1655e9c&operation=register&redirect=https%3A%2F%2Fdoublepulsar.com%2Fmultiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c&user=Kevin%20Beaumont&userId=7db6d2df42a6&source=follow_footer-7db6d2df42a6----c457b1655e9c---------------------follow_footer-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=%2F_%2Fapi%2Fsubscriptions%2Fnewsletters%2Fb4bad6c46577&operation=register&redirect=https%3A%2F%2Fdoublepulsar.com%2Fmultiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c&newsletterV3=7db6d2df42a6&newsletterV3Id=b4bad6c46577&user=Kevin%20Beaumont&userId=7db6d2df42a6&source=follow_footer-----c457b1655e9c---------------------subscribe_user-----------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fcollection%2Fdoublepulsar%2Fc457b1655e9c&operation=register&redirect=https%3A%2F%2Fdoublepulsar.com%2Fmultiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c&collection=DoublePulsar&collectionId=8343faddf0ec&source=follow_footer-----c457b1655e9c---------------------follow_footer-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/pragmatic-programmers/other-security-resources-c4539fff6d4b?source=post_internal_links---------0----------------------------
Title: Other Security Resources

Search URL Search Domain Scan URL

URL: https://medium.com/@pragprog?source=post_internal_links---------0----------------------------
Title: The Pragmatic Programmers

Search URL Search Domain Scan URL

URL: https://medium.com/pragmatic-programmers?source=post_internal_links---------0----------------------------
Title: The Pragmatic Programmers

Search URL Search Domain Scan URL

URL: https://medium.com/@MikeBacina/dick-smith-scam-advertising-garners-lawsuit-against-the-guardian-c45fab3460a?source=post_internal_links---------1----------------------------
Title: Dick Smith scam advertising garners lawsuit against The Guardian

Search URL Search Domain Scan URL

URL: https://medium.com/@MikeBacina?source=post_internal_links---------1----------------------------
Title: Michael Bacina

Search URL Search Domain Scan URL

URL: https://gerritcomfix.medium.com/useful-resources-for-evaluating-subgraphs-c45f322a2dcd?source=post_internal_links---------2----------------------------
Title: Useful resources for evaluating Subgraphs

Search URL Search Domain Scan URL

URL: https://gerritcomfix.medium.com/?source=post_internal_links---------2----------------------------
Title: Gerrit

Search URL Search Domain Scan URL

URL: https://bromiley.medium.com/full-packet-fridays-c4597cfcb18f?source=post_internal_links---------3----------------------------
Title: Full Packet Fridays: Malware Traffic Analysis

Search URL Search Domain Scan URL

URL: https://bromiley.medium.com/?source=post_internal_links---------3----------------------------
Title: Matt B

Search URL Search Domain Scan URL

URL: https://javascript.plainenglish.io/transport-layer-protection-cheat-sheet-for-javascript-developers-c45d5970bdf3?source=post_internal_links---------4----------------------------
Title: Transport Layer Protection Cheat Sheet For JavaScript Developers

Search URL Search Domain Scan URL

URL: https://gotoflorian-pro.medium.com/?source=post_internal_links---------4----------------------------
Title: Florian GOTO

Search URL Search Domain Scan URL

URL: https://javascript.plainenglish.io/?source=post_internal_links---------4----------------------------
Title: JavaScript in Plain English

Search URL Search Domain Scan URL

URL: https://shice1910.medium.com/update-eat-game-hack-free-resources-generator-c45ba4d03e75?source=post_internal_links---------5----------------------------
Title: {UPDATE} Eat Game Hack Free Resources Generator

Search URL Search Domain Scan URL

URL: https://shice1910.medium.com/?source=post_internal_links---------5----------------------------
Title: Jojo Artemas

Search URL Search Domain Scan URL

URL: https://vzmediaplatform.medium.com/dont-let-your-web-security-solution-affect-performance-e30b536b76fe?source=post_internal_links---------6----------------------------
Title: Don’t let your web security solution affect performance.

Search URL Search Domain Scan URL

URL: https://vzmediaplatform.medium.com/?source=post_internal_links---------6----------------------------
Title: Verizon Media Platform

Search URL Search Domain Scan URL

URL: https://medium.com/@julia.sommer/gdpr-demystified-2-17eeb3bce18?source=post_internal_links---------7----------------------------
Title: GDPR demystified #2

Search URL Search Domain Scan URL

URL: https://medium.com/@julia.sommer?source=post_internal_links---------7----------------------------
Title: Julia Sommer

Search URL Search Domain Scan URL

URL: https://medium.com/about?autoplay=1&source=post_page-----c457b1655e9c--------------------------------
Title: Learn more.

Search URL Search Domain Scan URL

URL: https://medium.com/topics?source=post_page-----c457b1655e9c--------------------------------
Title: Make Medium yours.

Search URL Search Domain Scan URL

URL: https://medium.com/creator-tools?source=post_page-----c457b1655e9c--------------------------------
Title: Write a story on Medium.

Search URL Search Domain Scan URL

URL: https://medium.com/new-story?source=post_page-----c457b1655e9c--------------------------------
Title: Write

Search URL Search Domain Scan URL

URL: https://help.medium.com/hc/en-us?source=post_page-----c457b1655e9c--------------------------------
Title: Help

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-terms-of-service-9db0094a1e0f?source=post_page-----c457b1655e9c--------------------------------
Title: Legal

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/app/medium-everyones-stories/id828256236?pt=698524&mt=8&ct=post_page&source=post_page-----c457b1655e9c--------------------------------

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.medium.reader&source=post_page-----c457b1655e9c--------------------------------

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-privacy-policy-f03bf92035c9
Title: Privacy Policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c HTTP 307
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fdoublepulsar.com%2Fmultiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c HTTP 302
https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

132 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c Show response
doublepulsar.com/
Redirect Chain

https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fdoublepulsar.com%2Fmultiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

227 KB
45 KB

1389ms
1389ms

Document
text/html

52.1.147.205
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.1.147.205 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-1-147-205.compute-1.amazonaws.com

Software

nginx /

Resource Hash

03008794c80d77d449b85bcf4744b5054994df6d348fb7b5ddbe419fec85dd10

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://medium.com

Request headers

:method: GET
:authority: doublepulsar.com
:scheme: https
:path: /multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

server: nginx
date: Fri, 27 Aug 2021 14:49:57 GMT
content-type: text/html; charset=utf-8
sepia-upstream: medium
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: frame-ancestors 'self' https://medium.com
etag: W/"38d33-JMCn7vyqL0WbDtDeZjUMuwTrWAA"
medium-fulfilled-by: valencia/main-20210826-123830-4cdf4f0dd3, lite/main-20210826-210656-6b979099c1, rito/main-20210826-204817-b854c4bb86, tutu/main-20210826-165940-b1c222eadb
medium-missing-time: 622
set-cookie: uid=lo_8b4d7579e945; Path=/; Expires=Sat, 27 Aug 2022 14:49:55 GMT; HttpOnly; Secure; SameSite=None sid=1:gUQoO0TcXZiJqtUZtO5lTs4gSPIXDmFDICrflcRGcEZp0Rh37CkH2fyBxBY12XCK; Path=/; Expires=Sat, 27 Aug 2022 14:49:55 GMT; HttpOnly; Secure; SameSite=None optimizelyEndUserId=lo_8b4d7579e945; Path=/; Expires=Sat, 27 Aug 2022 14:49:55 GMT; Secure; SameSite=None
vary: Accept-Encoding
x-envoy-upstream-service-time: 1285
x-request-received-at: 1630075795921

Redirect headers

date: Fri, 27 Aug 2021 14:49:55 GMT
content-type: text/plain;charset=UTF-8
content-length: 0
location: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
cf-ray: 68561bfa1b384e32-FRA
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Thu, 09 Sep 1999 09:09:09 GMT
link: <https://medium.com/humans.txt>; rel="humans"
set-cookie: uid=lo_8b4d7579e945; Path=/; Domain=medium.com; Expires=Sat, 27 Aug 2022 14:49:55 GMT; HttpOnly; Secure sid=1:oUk+TZqRXt75NrgyNtG1PRZiPnMa8R/x9l8s9DB2DnYguuKuekLWZHczeuFwsp92; Path=/; Domain=medium.com; Expires=Sat, 27 Aug 2022 14:49:55 GMT; HttpOnly; Secure; SameSite=None optimizelyEndUserId=lo_8b4d7579e945; Path=/; Domain=medium.com; Expires=Sat, 27 Aug 2022 14:49:55 GMT; Secure; SameSite=None __cfruid=72896bbad4ed60e7d256f7c34d7976d0ef5354f6-1630075795; path=/; domain=.medium.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: DYNAMIC
content-security-policy: default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://medium.com https://*.medium.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
medium-fulfilled-by: edgy/4, valencia/main-20210826-123830-4cdf4f0dd3
pragma: no-cache
x-content-type-options: nosniff
x-envoy-upstream-service-time: 106
x-frame-options: sameorigin
x-obvious-info: 20210827-0800-root,0742fb32
x-obvious-tid: 1630075795620:95caf68781b
x-opentracing: {"ot-tracer-spanid":"225ce4272c968ca4","ot-tracer-traceid":"294fcdb1de80f703","ot-tracer-sampled":"true"}
x-powered-by: Medium
x-ua-compatible: IE=edge, Chrome=1
x-xss-protection: 1; mode=block
vary: Accept-Encoding
server: cloudflare
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H2 200 unbound.css
glyph.medium.com/css/ 12 KB
1 KB 33ms
23ms Stylesheet
text/css 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/css/unbound.css

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

23d5d5917766394d6fb54189597fcc1ad7b0fe96870e594d940a89717d8338f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 923
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: text/css
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=7200
access-control-allow-credentials: true
cf-ray: 68561c04ae204e32-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Fri, 27 Aug 2021 16:49:57 GMT

GET
H2 200 16180790160.js Show response
cdn.optimizely.com/js/ 338 KB
97 KB 48ms
34ms Script
text/javascript 2a02:26f0:6c00:2a0::13b8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.optimizely.com/js/16180790160.js

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:2a0::13b8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

AmazonS3 /

Resource Hash

d3dd90bc7589e2dfce2ebb76fbbdeb3edb151dda0fc05cb3ce013b4058be34a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-meta-pci_enabled: False
x-amz-version-id: vwWN0kmfZ1m3qb2jpcTs5aMPzkV18.Op
content-encoding: gzip
etag: "267771ff0ce9ec0abb02d4e8ef49b2b6"
x-amz-request-id: C00XGR1A6ZPS8C6F
x-amz-server-side-encryption: AES256
x-amz-meta-revision: 7159
x-amz-replication-status: PENDING
access-control-allow-methods: GET, HEAD
server-timing: cdn;desc="AkamaiION";dur=0,rtt;desc="4";dur=0,cdnip;desc="2a02:26f0:6c00:2a0::13b8";dur=0,cdnmap;desc="a5048.dsca.akamaiedge.net";dur=0,proto;desc="h2";dur=0
vary: Accept-Encoding
content-length: 97961
x-amz-id-2: wwE5t5ZIbgrbsagy1yNMvxYkmM/coaeznQBejD2cAbiFA067GV4Yn0EnP1Kg/WuKp3K7Y9RMYwc=
last-modified: Fri, 27 Aug 2021 14:21:12 GMT
server: AmazonS3
date: Fri, 27 Aug 2021 14:49:57 GMT
access-control-max-age: 86400
strict-transport-security: max-age=15768000
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: x-amz-meta-revision
cache-control: max-age=120
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: *

GET
H2 200 1*bry5HIDtIpONm_IDzSVYWA.jpeg
miro.medium.com/max/164/ 6 KB
6 KB 119ms
117ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/164/1*bry5HIDtIpONm_IDzSVYWA.jpeg

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e544bd8d73fe98d8ba7a775515ae3f80b1dc3d63f6aaded903352e5bfd0dbf5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 53
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 5682
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210610-161437-d086756654
accept-ranges: bytes
cf-ray: 68561c049e114e32-FRA
expires: Sun, 26 Sep 2021 14:49:57 GMT

GET
H3-29 200 sohne-400-normal.woff
glyph.medium.com/font/b492c44/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 19 KB
19 KB 37ms
28ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/b492c44/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9a1bb21db6c50c8c9d7931a77cba791bc9d7ecd6eef2373a66cb4cde5e6e5d16

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://doublepulsar.com
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 4481125
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 68561c04ef842c01-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H2 200 1*TPJ3sVZRlcq-rj72g82bAg@2x.jpeg
miro.medium.com/fit/c/96/96/ 4 KB
4 KB 120ms
118ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/96/96/1*TPJ3sVZRlcq-rj72g82bAg@2x.jpeg

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

50b109a0afc4f7cf5f7684158734de0b1f4251d7e1ac64a83b9b520d8c7caf93

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 35
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 4168
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210625-142430-abd62260a9
accept-ranges: bytes
cf-ray: 68561c052f764e32-FRA
expires: Sun, 26 Sep 2021 14:49:57 GMT

GET
H2 200 1*u9RwN0668pjS1BTgAenrNQ.png
miro.medium.com/max/60/ 2 KB
2 KB 127ms
124ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*u9RwN0668pjS1BTgAenrNQ.png?q=20

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

51041a29d93ea155720fb49ddd960a39b1a081d7d43a3d051c08bb620a3cb2e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 118
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 2347
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210726-203004-84c4ac1529
accept-ranges: bytes
cf-ray: 68561c052f784e32-FRA
expires: Sun, 26 Sep 2021 14:49:57 GMT

GET
H2 200 0*eN7KaUa3262blFJP
miro.medium.com/max/60/ 685 B
769 B 118ms
116ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/0*eN7KaUa3262blFJP?q=20

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78370f1c60ca7a80d7bc4052eedbb87ad1425f418730b2cf7b3922719001d752

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 239
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 685
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210726-203004-84c4ac1529
accept-ranges: bytes
cf-ray: 68561c052f794e32-FRA
expires: Sun, 26 Sep 2021 14:49:57 GMT

GET
H2 200 1*dWXd46iLkzgxdHyPYehR3Q.png
miro.medium.com/max/60/ 1 KB
1 KB 114ms
112ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*dWXd46iLkzgxdHyPYehR3Q.png?q=20

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e798695365aaabfbd6209396d2f2e565e367bd2d29a805358798bde076c9a4be

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 168
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1229
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210726-203004-84c4ac1529
accept-ranges: bytes
cf-ray: 68561c052f7b4e32-FRA
expires: Sun, 26 Sep 2021 14:49:57 GMT

GET
H2 200 1*62rghLij4Vr4jtvWcKmWow.png
miro.medium.com/max/60/ 4 KB
4 KB 114ms
111ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*62rghLij4Vr4jtvWcKmWow.png?q=20

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

023e4896942ae770c88c045d89d253862d0bb4ecb47adfc19be2d2702412af42

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 160
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 3705
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210726-203004-84c4ac1529
accept-ranges: bytes
cf-ray: 68561c053f814e32-FRA
expires: Sun, 26 Sep 2021 14:49:57 GMT

GET
H3-29 200 1*V5nZgUu_PYCxtdhyiidLaw.png
miro.medium.com/max/60/ 2 KB
2 KB 158ms
125ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*V5nZgUu_PYCxtdhyiidLaw.png?q=20

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5f2abdf9e9752867b58046f22000379a3c4da9c0f4a0536635972bc124a7854d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 443
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1537
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210726-203004-84c4ac1529
accept-ranges: bytes
cf-ray: 68561c058af30601-FRA
expires: Sun, 26 Sep 2021 14:49:57 GMT

GET
H3-29 200 1*g285h2BnD--L0oJs_cdqcQ.png
miro.medium.com/max/60/ 2 KB
2 KB 154ms
121ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*g285h2BnD--L0oJs_cdqcQ.png?q=20

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c8816dc8228d4e702aac7c2832e7617ffbdf7aecc865587b696d063f3ea93b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 149
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 2002
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210726-203004-84c4ac1529
accept-ranges: bytes
cf-ray: 68561c058af50601-FRA
expires: Sun, 26 Sep 2021 14:49:57 GMT

GET
H3-29 200 0*dflPtZeZt2OPlrjE.jpg
miro.medium.com/max/60/ 798 B
1 KB 144ms
119ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/0*dflPtZeZt2OPlrjE.jpg?q=20

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

24ffbef1177aa861458bf509b1995d08c855a289b1dceb2928773815b1c7c27d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 159
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 798
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210726-203004-84c4ac1529
accept-ranges: bytes
cf-ray: 68561c058acf0601-FRA
expires: Sun, 26 Sep 2021 14:49:57 GMT

GET
H3-29 200 1*sdwri3ewG0QVcwMgBM2ixw.png
miro.medium.com/max/60/ 5 KB
5 KB 153ms
121ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*sdwri3ewG0QVcwMgBM2ixw.png?q=20

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b5c56db5c125272d6c1961aec103670e022d01534cfbd4baa7ff3b595f9825ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 112
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 4946
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210726-203004-84c4ac1529
accept-ranges: bytes
cf-ray: 68561c058af20601-FRA
expires: Sun, 26 Sep 2021 14:49:57 GMT

GET
H3-29 200 1*cTV8ShHGUNSZSjeXlobd6g.png
miro.medium.com/max/60/ 2 KB
3 KB 162ms
129ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*cTV8ShHGUNSZSjeXlobd6g.png?q=20

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1a903333a957f9311e1d51fb0064c219e1e0f578e36fa993d750a99d0f7fe697

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 48
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 2192
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210726-203004-84c4ac1529
accept-ranges: bytes
cf-ray: 68561c058af70601-FRA
expires: Sun, 26 Sep 2021 14:49:57 GMT

GET
H3-29 200 0*QEIvjO9EsGcZEAQs
miro.medium.com/max/60/ 645 B
1 KB 145ms
120ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/0*QEIvjO9EsGcZEAQs?q=20

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c8ea4c5606f00ece39073ca2c52012151e25038242447053b13ac4f2021f0c02

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 97
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 645
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210726-203004-84c4ac1529
accept-ranges: bytes
cf-ray: 68561c058ad00601-FRA
expires: Sun, 26 Sep 2021 14:49:57 GMT

GET
H3-29 200 0*C9MLlA3nfWeN5kOg
miro.medium.com/max/40/ 3 KB
3 KB 151ms
124ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/40/0*C9MLlA3nfWeN5kOg?q=20

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

02a209d50a545e4955d40866065477107a19b3ba0f74f449ce3e3f4fac6b08aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 113
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 2690
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210726-203004-84c4ac1529
accept-ranges: bytes
cf-ray: 68561c058ae60601-FRA
expires: Sun, 26 Sep 2021 14:49:57 GMT

GET
H3-29 200 1*IjYYNH-Hdk2OS1r2Bpli_Q.png
miro.medium.com/max/38/ 2 KB
3 KB 157ms
126ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/38/1*IjYYNH-Hdk2OS1r2Bpli_Q.png?q=20

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7df3af12e866788eb580b7542e9e29e8bffe1c046eaccea8b019fb5c9d88097b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 166
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 2305
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210726-203004-84c4ac1529
accept-ranges: bytes
cf-ray: 68561c058aec0601-FRA
expires: Sun, 26 Sep 2021 14:49:57 GMT

GET
H3-29 200 1*61QJJfD0qkcuWbIAo7y0PA.png
miro.medium.com/max/60/ 4 KB
4 KB 157ms
130ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*61QJJfD0qkcuWbIAo7y0PA.png?q=20

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b3d5fdf94cc9bcce6d26f71f0d82b4e925e0ca901df59c1d24d7d911eddb0cbd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 138
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 3677
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210726-203004-84c4ac1529
accept-ranges: bytes
cf-ray: 68561c058adf0601-FRA
expires: Sun, 26 Sep 2021 14:49:57 GMT

GET
H3-29 200 1*RlD-7L_z5RnXAPaonz3LfA.png
miro.medium.com/max/58/ 5 KB
6 KB 136ms
111ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/58/1*RlD-7L_z5RnXAPaonz3LfA.png?q=20

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7d6d130d8f196bb2c14843b9bd09ca0f6eb9c826133a4451082927aba4f40f39

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 145
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 5548
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210726-203004-84c4ac1529
accept-ranges: bytes
cf-ray: 68561c058ad40601-FRA
expires: Sun, 26 Sep 2021 14:49:57 GMT

GET
H3-29 200 1*fTD2aXnSkh1IjwhVvOhOwg.png
miro.medium.com/max/60/ 2 KB
3 KB 137ms
111ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*fTD2aXnSkh1IjwhVvOhOwg.png?q=20

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9f9426d07320e3f576a16016df14965aa352eea15b901f44f72187ae8c4d597c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 89
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 2520
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210726-203004-84c4ac1529
accept-ranges: bytes
cf-ray: 68561c058ad90601-FRA
expires: Sun, 26 Sep 2021 14:49:57 GMT

GET
H3-29 200 1*ODRelg7s5_qtrHoHLkTSkg.png
miro.medium.com/max/60/ 3 KB
3 KB 152ms
122ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*ODRelg7s5_qtrHoHLkTSkg.png?q=20

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

042e4e303b7ad0b97a172aa37962c7f649c1afad771dd31f8e7161744d84cdff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 141
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 2939
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210726-203004-84c4ac1529
accept-ranges: bytes
cf-ray: 68561c058aea0601-FRA
expires: Sun, 26 Sep 2021 14:49:57 GMT

GET
H3-29 200 1*rCHyIaUk8a7PX-olIw1NnA.png
miro.medium.com/max/60/ 2 KB
2 KB 144ms
118ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*rCHyIaUk8a7PX-olIw1NnA.png?q=20

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

edac038fa41b6998706870940e3dcb6a50bf6ff175cfd7e274dc1f096f9e1c30

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 80
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1663
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210726-203004-84c4ac1529
accept-ranges: bytes
cf-ray: 68561c058ad80601-FRA
expires: Sun, 26 Sep 2021 14:49:57 GMT

GET
H3-29 200 1*CvDtyvsgtYHqr5hn0IDEVA.png
miro.medium.com/max/60/ 1 KB
2 KB 152ms
122ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*CvDtyvsgtYHqr5hn0IDEVA.png?q=20

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

afed961ddb57f36277dfd3c4746651600913c0bfff3b3a498971e1d40d027351

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 100
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1510
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210726-203004-84c4ac1529
accept-ranges: bytes
cf-ray: 68561c058ae90601-FRA
expires: Sun, 26 Sep 2021 14:49:57 GMT

GET
H3-29 200 1*B3TkZ12vbMbvy53nsfM0hQ.png
miro.medium.com/max/60/ 2 KB
2 KB 138ms
114ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*B3TkZ12vbMbvy53nsfM0hQ.png?q=20

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

525519582b1bd4a7a793e91b793c4c727c4cec22ce14884f6ba4d3aaf6ded90c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 130
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1565
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210726-203004-84c4ac1529
accept-ranges: bytes
cf-ray: 68561c058acd0601-FRA
expires: Sun, 26 Sep 2021 14:49:57 GMT

GET
H3-29 200 1*LBYvNwHoUyGoVxj4S_hgQA.png
miro.medium.com/max/24/ 2 KB
3 KB 146ms
120ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/24/1*LBYvNwHoUyGoVxj4S_hgQA.png?q=20

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

72fdaeca4c65e6655aeeb37b8b9787e1cef79a4e8b10cee34f64f6315cef91e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 108
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 2253
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210726-203004-84c4ac1529
accept-ranges: bytes
cf-ray: 68561c058ade0601-FRA
expires: Sun, 26 Sep 2021 14:49:57 GMT

GET
H3-29 200 1*TPJ3sVZRlcq-rj72g82bAg@2x.jpeg
miro.medium.com/fit/c/160/160/ 8 KB
8 KB 144ms
118ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/160/160/1*TPJ3sVZRlcq-rj72g82bAg@2x.jpeg

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d60f382ab7dcba7579cd2088e8f9ef61e63acbcf269626a9b081c54d9624cdaf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 49
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 8074
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210726-203004-84c4ac1529
accept-ranges: bytes
cf-ray: 68561c058ada0601-FRA
expires: Sun, 26 Sep 2021 14:49:57 GMT

GET
H3-29 200 1*euFkwA7zJWm-l7aDoNtJrw.jpeg
miro.medium.com/fit/c/160/160/ 10 KB
10 KB 151ms
122ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/160/160/1*euFkwA7zJWm-l7aDoNtJrw.jpeg

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

12ae1072afc293ec30101e3f8d4eee96b04952b8f21ac49df261e70ae69cafbf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 93
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 10240
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210610-161437-d086756654
accept-ranges: bytes
cf-ray: 68561c058ae70601-FRA
expires: Sun, 26 Sep 2021 14:49:57 GMT

GET
H3-29 200 1*TPJ3sVZRlcq-rj72g82bAg@2x.jpeg
miro.medium.com/fit/c/80/80/ 3 KB
4 KB 156ms
132ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/80/80/1*TPJ3sVZRlcq-rj72g82bAg@2x.jpeg

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae1c273ad638e70d8bf5fd973b10ca3396efd4296ed46d5f4f9fc0c89ce19a76

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 48
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 3143
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210610-161437-d086756654
accept-ranges: bytes
cf-ray: 68561c058ac90601-FRA
expires: Sun, 26 Sep 2021 14:49:57 GMT

GET
H3-29 200 1*euFkwA7zJWm-l7aDoNtJrw.jpeg
miro.medium.com/fit/c/80/80/ 3 KB
4 KB 138ms
113ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/80/80/1*euFkwA7zJWm-l7aDoNtJrw.jpeg

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d49f9d5f6cf0fe5e246dae163447d21a876c54cdf3da502fca7d95f2441a51a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 51
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 3499
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210709-175524-eebd6c4731
accept-ranges: bytes
cf-ray: 68561c058adb0601-FRA
expires: Sun, 26 Sep 2021 14:49:57 GMT

GET
H3-29 200 1*BUHZGPHsQM7JMD9O-_FomQ.jpeg
miro.medium.com/max/60/ 989 B
1 KB 152ms
122ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*BUHZGPHsQM7JMD9O-_FomQ.jpeg?q=20

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2f858ae42dc95fa7d296a95b414952a71bc640985593fc83a5ecdbbafb9a9525

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 38
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 989
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210726-203004-84c4ac1529
accept-ranges: bytes
cf-ray: 68561c058aee0601-FRA
expires: Sun, 26 Sep 2021 14:49:57 GMT

GET
H3-29 200 0*K_bitThKJP5I7YN9.png
miro.medium.com/max/60/ 5 KB
6 KB 223ms
197ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/0*K_bitThKJP5I7YN9.png?q=20

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

af4cd63175903f7de1128348f087273d1d0b50dec0d84b6d96d9595aacaab923

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 43
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 5238
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210726-203004-84c4ac1529
accept-ranges: bytes
cf-ray: 68561c058ae30601-FRA
expires: Sun, 26 Sep 2021 14:49:57 GMT

GET
H3-29 200 1*2ifo7XGB-34qx2bksib9Ow.png
miro.medium.com/max/60/ 2 KB
2 KB 170ms
144ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*2ifo7XGB-34qx2bksib9Ow.png?q=20

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c4a10cbffdbce76d8de099fabe5eaf5fe08c12fa86e846e34013f7597c716e88

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 57
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1978
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210726-203004-84c4ac1529
accept-ranges: bytes
cf-ray: 68561c058ae00601-FRA
expires: Sun, 26 Sep 2021 14:49:57 GMT

GET
H3-29 200 1*yd67v8LbzHZQCC6poSeLfw.png
miro.medium.com/max/60/ 6 KB
6 KB 145ms
119ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*yd67v8LbzHZQCC6poSeLfw.png?q=20

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5ced593854bb82c95cf35f22c421e3ada59d60b4c9292b58da914d4340139d17

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 26
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 6076
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210726-203004-84c4ac1529
accept-ranges: bytes
cf-ray: 68561c058ae40601-FRA
expires: Sun, 26 Sep 2021 14:49:57 GMT

GET
H3-29 200 0*dE2uuj6qT87bIaDp
miro.medium.com/max/60/ 741 B
1 KB 190ms
165ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/0*dE2uuj6qT87bIaDp?q=20

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

074120e0ce9c1b6b278f30fbc208a1312ad9c87639665a2abfb86bdacb6bdbbf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 59
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 741
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210726-203004-84c4ac1529
accept-ranges: bytes
cf-ray: 68561c058ad50601-FRA
expires: Sun, 26 Sep 2021 14:49:57 GMT

GET
H3-29 200 1*hn4v1tCaJy7cWMyb0bpNpQ.png
miro.medium.com/max/60/ 3 KB
3 KB 53ms
29ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*hn4v1tCaJy7cWMyb0bpNpQ.png?q=20

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

68078ec955d9fe1ecbba1656e1f4469e2585307cfc1b5b993df6e56e5de3d359

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 66
x-envoy-upstream-service-time: 26
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 3059
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210625-142430-abd62260a9
accept-ranges: bytes
cf-ray: 68561c058ad30601-FRA
expires: Sun, 26 Sep 2021 14:49:57 GMT

GET
H3-29 200 0*PXiUyDtNl1U932J7
miro.medium.com/max/60/ 6 KB
7 KB 195ms
165ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/0*PXiUyDtNl1U932J7?q=20

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

63ff695f5b36586ec7fb3acc54730f33d4167cc2b797897bdec8a1654ee7d87b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 80
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 6460
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210726-203004-84c4ac1529
accept-ranges: bytes
cf-ray: 68561c058af00601-FRA
expires: Sun, 26 Sep 2021 14:49:57 GMT

GET
H3-29 200 0*ThHM7bKiVVExIo71
miro.medium.com/max/320/ 15 KB
16 KB 152ms
121ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/320/0*ThHM7bKiVVExIo71

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8d3263919f036071371394d7d4bdfa9715658cebab2cb453ec39383e5c902958

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 196
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 15590
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210726-203004-84c4ac1529
accept-ranges: bytes
cf-ray: 68561c058af60601-FRA
expires: Sun, 26 Sep 2021 14:49:57 GMT

GET
H3-29 200 sohne-500-normal.woff
glyph.medium.com/font/df9ba7f/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 18 KB
19 KB 33ms
32ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/df9ba7f/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-500-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

37df73af877e88b767044bae0ec895370689d3f1986a7b84d5325ab9c7287c55

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://doublepulsar.com
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 11596703
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 68561c05487a2c01-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H3-29 200 fell-400-normal.woff
glyph.medium.com/font/78ce731/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 24 KB
25 KB 33ms
33ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/78ce731/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/fell-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e8fed51ae35ba9d9c900b99b774df79551240e4954aa5bdd2289cf32d64c1715

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://doublepulsar.com
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 11611081
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 68561c05487e2c01-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H3-29 200 sohne-400-normal.woff
glyph.medium.com/font/b492c44/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 28 KB
28 KB 24ms
24ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/b492c44/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/sohne-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a4234de612d23c49b753051754b4a09d58f6812aae0960fac0578cd2e8d9566d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://doublepulsar.com
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13627437
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 68561c0548812c01-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H3-29 200 charter-400-normal.woff
glyph.medium.com/font/be78681/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 15 KB
16 KB 41ms
40ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/be78681/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/charter-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff4c91bf9cb91b2fb2e0344577754e3f2ade240aa8d8d8db0171901c9115feb1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://doublepulsar.com
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13627436
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 68561c0548852c01-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H3-29 200 charter-700-normal.woff
glyph.medium.com/font/f50d520/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 15 KB
16 KB 42ms
41ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/f50d520/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/charter-700-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

582a04757d62c3d9ad1c9cc5d7e40787a900fd02b3aeace43d41008a7658d071

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://doublepulsar.com
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13627436
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 68561c0548862c01-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H3-29 200 charter-400-italic.woff
glyph.medium.com/font/81d2bf1/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 16 KB
17 KB 42ms
42ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/81d2bf1/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/charter-400-italic.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5653275fd2234822f5aab4c7fb5bc5325e4991570295998f1ab5a83287c7f285

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://doublepulsar.com
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 13627436
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 68561c0548872c01-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H3-29 200 charter-400-normal.woff
glyph.medium.com/font/be78681/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 31 KB
31 KB 25ms
25ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/be78681/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/charter-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6fefca2e39b0c80d4d1c9b40a41787df0f738a85ff142e5295f17b2e96711ad3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://doublepulsar.com
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 12041514
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 68561c062a032c01-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H3-29 200 fell-400-normal.woff
glyph.medium.com/font/78ce731/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 31 KB
32 KB 23ms
22ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/78ce731/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/fell-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c88a6fd9c0f927b6c6eb6a0333d8df738064c2f09458bb23064d319ae34f344f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://doublepulsar.com
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 10997408
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 68561c063a402c01-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H2 200 manifest.7ef8f5b3.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
5 KB 26ms
19ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/manifest.7ef8f5b3.js

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2d62c45fc2fb98a30f520480ed1060f0000ec78a37bfa80103e7d7ff3930b084

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 62242
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 57XMWGDHQ4K7G62N
x-amz-id-2: Pm2+/HAp0/3TEVFXrQqSdK0YvIvEaBwPZowt4IvnEJ1coZHN0mdL2at1s+7gI/eaxZAnU0Ejseo=
last-modified: Thu, 26 Aug 2021 21:21:11 GMT
server: cloudflare
etag: W/"4a6bc00549431fbb0b6b9980a0ea71e8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: LU4bwwcpkYPNbYJf2P9ph8Q5sFXwjYgs
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 68561c06ca294e32-FRA
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H2 200 9115.1a9358c4.js Show response
cdn-client.medium.com/lite/static/js/ 732 KB
228 KB 28ms
22ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

038262231160fee976d84fa8d1db80567769112008a892e0edeb76f6c1121165

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 62938
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 9WCQMJXXDY7V1E5T
x-amz-id-2: yenI6fCJLrENlkqO2VHecbdeXoIeqtf9kfQS8Gz8dMYywh2HBIP47vsCHroQtTsLhkdCQ/i4JKM=
last-modified: Thu, 15 Jul 2021 18:50:35 GMT
server: cloudflare
etag: W/"3b5c778737b6d559ce5f7a8c478f6203"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: QAH5KPPE7VyycTXphMPwmxvbaI8QEy7U
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 68561c06ca274e32-FRA
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H2 200 main.994b41d4.js Show response
cdn-client.medium.com/lite/static/js/ 826 KB
216 KB 28ms
21ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/main.994b41d4.js

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e9d67ee8bdede3d1235705cc312c9c039d5e1dc94e77ca56a3ba07a944657b06

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 62242
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 57XJQM3TKT2ZK5WW
x-amz-id-2: T4+pA3JCIifDCbLw4c5+Eu5uxKhtYZvbOKEMl2DqKgHWvdv76qvW3mm/iC3J/GAwYgMJtpRlEWY=
last-modified: Thu, 26 Aug 2021 20:49:50 GMT
server: cloudflare
etag: W/"719be975df51b62899dfb1005395f3fb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: Xb5L_YVIPDR4MJqO72QLWwBNcJmMxrqQ
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 68561c06ca2b4e32-FRA
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H2 200 5573.159bf40f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 62 KB
16 KB 38ms
31ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5573.159bf40f.chunk.js

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e94f5c9ab17624e0617356aa0ce9b87c16a4a62e48ff8ccaabe6963072b76ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 317205
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: W5EH3ZWGCATAJ0JK
x-amz-id-2: uquA+D1mKTUgmaodaYFoBDYRFjBCghvQCPgGBuwnPNqPSgEh4m7aoHPDNWRkrQ4qGn6JNGvqqTU=
last-modified: Mon, 24 May 2021 10:33:47 GMT
server: cloudflare
etag: W/"285e9d718f6e570e00b30e966996ec1c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: HmLCtdjGYWgk2SnFK4M0oX_6tJ50SNp9
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 68561c06ca284e32-FRA
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H2 200 instrumentation.79ae5839.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 5 KB
2 KB 24ms
18ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/instrumentation.79ae5839.chunk.js

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

92d2ff27d2b587da629e4ff4aaae0eb0541e5dc2412152dd075034da1fda8c25

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 247859
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: J2X50Q7HDNZ71F3F
x-amz-id-2: g3zCkktcJ9ReeI1AFMqOpK9rRXz8/VPyIjAoes+rfGLsktOCaQ4+5Ia5zaq4djtv+mFDgoNGdEU=
last-modified: Tue, 10 Aug 2021 17:28:37 GMT
server: cloudflare
etag: W/"931f39d524b255713d926cc2783fa3b7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: IhHmxYfBmiCWq8oF20hR2kM1bdZ6KcGr
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 68561c06ca254e32-FRA
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H2 200 reporting.6471519f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 1 KB
1 KB 23ms
17ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/reporting.6471519f.chunk.js

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8bbacda37b119c290c184c6975dc0f9e7892a22c56bb572d70457e437484864d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 932917
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: Q0F7MQAAJVH2M7V8
x-amz-id-2: UGXQIw7HsYZm/FvYo7E+nq3jKishQRAFtyQb69eEX/C8myd/Yv4QrwPT9xzsKJnaEtF0J6LNuB8=
last-modified: Wed, 16 Jun 2021 18:41:31 GMT
server: cloudflare
etag: W/"69e0bbdc0c37d2f46b6be19732366a3d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 8sxb2msbxkYmtYsAbhhIRpG6q5cNmD6C
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 68561c06ca244e32-FRA
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H3-29 200 8743.7d03a40a.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 5 KB
3 KB 23ms
17ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8743.7d03a40a.chunk.js

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

af53bb392cf949de35ca399079add6d28e09d25b1b2072624fc78c804dfd607e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1207508
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 4NZMDC7ZBPWAV190
x-amz-id-2: ZUBXr7aW3orcBv9ptMxd06/cdA70rnswZyRHz5tLoqeATx1Nzn0g6Z58R7d6IYzS28w8SrTe3Y8=
last-modified: Thu, 12 Aug 2021 22:48:49 GMT
server: cloudflare
etag: W/"936def59884aa62578af763d38ada48b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 8K2WGzSspFykD7aJolN8XskVj5wges.6
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 68561c06fe390601-FRA
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H3-29 200 192.bd4f3aac.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 52 KB
16 KB 35ms
29ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/192.bd4f3aac.chunk.js

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8ef36cd81a32a63c14214d2d7c45e0809be147e68869ea1a5c34feab6d207fa2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 256776
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: HE2JX0D3N0HFJWPV
x-amz-id-2: xT6Vc2y/IKRw13Y6mFty3zhTAW3P2KJtPdONsE2ViVDmlog8s5HQS1BU04REgDOv57Zc2bimVW4=
last-modified: Tue, 24 Aug 2021 09:09:56 GMT
server: cloudflare
etag: W/"4f1fc9f3b20e7abf2d4dbc3787d5b3e9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: jX6yBDaCpbGvooQJEN_NBjoQ6c8IUs.m
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 68561c06fe3b0601-FRA
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H3-29 200 2018.cda2d533.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
1 KB 35ms
29ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2018.cda2d533.chunk.js

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e80822fa48ad371fcf8ee70251a00651a367ba539273ff7e5b2ca639dd33bcfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 771446
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: TWMY5CZYZ83GGSGS
x-amz-id-2: lYozncTulc/BHm66dCpvSwEQnzNedrRJe34fIsfr+cC90MpkHdlsy3Gu3qZxT21rakq6XDUn1GQ=
last-modified: Tue, 17 Aug 2021 22:56:28 GMT
server: cloudflare
etag: W/"3621e750a188b1d8d3551f5e4f14ca5c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 9Qg5w2LycnY2p2.IpNlQkjayiNAiJLCG
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 68561c06fe3c0601-FRA
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H3-29 200 1645.857c77e3.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
4 KB 26ms
20ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1645.857c77e3.chunk.js

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b3207bd24557fefc2773c0bb9d388545f3666a14bf86abe03f10f95272ca24b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 306962
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: X6J2114PBMSE058Z
x-amz-id-2: g93jYna38ZY4eXNioFYqZ9NwWZhAGAVg3srn0B6l+39WUry39VYgNWVrKhZ0hl33hq7JygrL7rg=
last-modified: Fri, 30 Jul 2021 08:59:41 GMT
server: cloudflare
etag: W/"f2fa2a66ec7e88ed7e1a395be45b7761"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: hfMcSOG0aubeZCLFwQh.77Bn_Z1X1dNo
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 68561c06fe400601-FRA
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H3-29 200 5526.c36a87ee.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 18 KB
7 KB 29ms
23ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5526.c36a87ee.chunk.js

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6550693dadb570fdd94da3996a0887c68d4d291c0818f1528d1a7bc930d8b869

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 322361
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 81XH278PW6N0PAFP
x-amz-id-2: 3lDO9y4UvL8/tRjZu2spqcmLlLmUToiFH24AoAV1vNJIZieNqiqGCBbL49a7P0as77vwa4uqcBg=
last-modified: Mon, 23 Aug 2021 20:31:41 GMT
server: cloudflare
etag: W/"761eda416058e1944cd688fb8a540df1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: PW9bD0uYWuHd8da6Vje7AfFWyX6jId0x
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 68561c06fe430601-FRA
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H3-29 200 3930.c5902e0c.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 23 KB
8 KB 42ms
36ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3930.c5902e0c.chunk.js

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0fcdf1b9c29d79fa8679eeefa1573c239bc5bea4dd2eed064fc6e2a0d1c97f4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 306974
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: B1CNWTWTNN7QJ84F
x-amz-id-2: JSd+QrBUwpEmhcSYy4DvM1h7ZQW7sCMrt74GmEqXXZ+c3mx49RTBMAiTPylkbzBtnlRhNAwa0EA=
last-modified: Tue, 27 Jul 2021 23:29:34 GMT
server: cloudflare
etag: W/"523e01f518bae7c704faab27ee48575b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: g1rcqxHIKxADWbGA9ykroZlFG2mBSbal
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 68561c06fe440601-FRA
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H3-29 200 1034.cb1bb58c.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
4 KB 35ms
29ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1034.cb1bb58c.chunk.js

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0393d1706ef05b8c2ae9f12bd4d71aba8affbebee2dfa6fccba81b86e2e725ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 574725
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 16ZWNDS0ZKECC6WH
x-amz-id-2: gL30UYJPvbHtWtva58jlsO8AcPNHFFgOFgc3dYAF16aPdrOEJCQjy/B+wNXjKG7Svgclz3aPdXE=
last-modified: Fri, 20 Aug 2021 22:09:42 GMT
server: cloudflare
etag: W/"a7bb87785e9280af04400a0e4409f139"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: Zbokbg3pt9AMIsmxs9O5YuopwjfoIeNh
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 68561c06fe460601-FRA
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H3-29 200 9088.6b836eb8.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
1 KB 35ms
29ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9088.6b836eb8.chunk.js

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

05a1af335c12488ca849dbabfc6192f0710ff328f926f54859c4793b581c649d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 772689
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: TWMQP6NY1SHV3H46
x-amz-id-2: P6Glpy6KRMo0jPg/5Uo6AHlIXNoiUl8McJmmF2B6Ufu0JUPID/ZYdV2VnK5NZApz4twljuxMB9E=
last-modified: Tue, 17 Aug 2021 22:56:34 GMT
server: cloudflare
etag: W/"2d7e927dc8d9968ea009006e3c4a2993"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 1Y1mE1VEkn6tHmek0cTp8N4rqJYM57uz
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 68561c06fe470601-FRA
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H3-29 200 4822.2cff56f2.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
4 KB 28ms
22ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4822.2cff56f2.chunk.js

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bac7c08c637f489dd02b2d3a6ff4aca3c7e038a920e39a685f07f81228c419a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 62242
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 57XGFSKYC5S40R8M
x-amz-id-2: OugIBGwL14zWp/fJfeBV2X+FbtWTUvlKzHeS2DDoDtMXToNvmZD8tToNvgkU2qKwZeAZ8ELUTA0=
last-modified: Thu, 26 Aug 2021 19:50:20 GMT
server: cloudflare
etag: W/"42119393de9a3fbcec2f40d20813d412"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: PDl9j6B.v0J0qnnnUbA1qIYrx0RB8HuO
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 68561c06fe490601-FRA
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H3-29 200 1661.8bde4f1f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 17 KB
6 KB 31ms
25ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1661.8bde4f1f.chunk.js

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ad2c52d005eafc6341d3d19a7a8a05ed649686c6881ab62155ae95d4618adf35

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 62242
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 57XH0YX9ZQMX1900
x-amz-id-2: m4hqI7pcnVQC+f/M1CpVEdlgbpazOHscr46K+k8TigTmVSwWhLxmy66zyQFZwNJce8WM8ql8A6c=
last-modified: Thu, 26 Aug 2021 20:49:21 GMT
server: cloudflare
etag: W/"b1c0813455329a225ee442b32731cb6b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: MYC7eSjw3Gv0b9pmI.sZjrOlPHWqvQFf
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 68561c06fe4d0601-FRA
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H3-29 200 1801.5518e725.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 14 KB
5 KB 35ms
30ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1801.5518e725.chunk.js

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

499d277272839c165137bbaf1609abf7d5347654872481e6577ba16b992e2bd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 62242
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 57XHN9ZCDHX0D6AZ
x-amz-id-2: /7gX2YCX9mjnVIQltelx5/0JUd29HWAEtOdWmbxavEZWmLO8V9FaZPo7YeBec/x2Mn35J1qHD+w=
last-modified: Thu, 26 Aug 2021 19:50:16 GMT
server: cloudflare
etag: W/"a7e7645ce354df36d07de97a9db0b4fa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: dkwVyJzhMR2V1Q4uXlf9b.kU9ffa8Mny
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 68561c06fe4f0601-FRA
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H3-29 200 233.3f1bf597.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
5 KB 35ms
30ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/233.3f1bf597.chunk.js

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c5748a354a1c79fdb238f56dde081004de39bb61a52bd74676e036f3786db9e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 85191
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: M1D460CJNMXJFR3W
x-amz-id-2: WvD2dY5ACVaoaPwLHGxxsdImiqDEfua4ZYyzRfXl0EVXo7qo+Jfo4ER0XaYKm2/tvIrieHPsTZA=
last-modified: Thu, 26 Aug 2021 14:04:48 GMT
server: cloudflare
etag: W/"45a93362ee195c63f33996b087f1f70e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 0DB7e2k6wso6Y30mPNz3kNDMiOdlVA_v
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 68561c06fe530601-FRA
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H3-29 200 2547.e8742600.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 17 KB
6 KB 35ms
30ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2547.e8742600.chunk.js

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e83c6b0ea99b4caf907cc41097879e6edc6ffd49cfe6266275abd3bcf771737c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 328207
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: WGH530ZCK53MDGAB
x-amz-id-2: g8Z3KW7EeaIUsMOMKKvQvw7/3LFx6oQixwhB8+NggASw1QHDkR2j+A1knOaWkjHVcXuP0KTqFOg=
last-modified: Mon, 23 Aug 2021 17:29:14 GMT
server: cloudflare
etag: W/"634669d902b0fa87308e25ba23f201c6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: XOnHyyNYFwPkhDM11CZDDyCIAUVzEzQ.
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 68561c06fe560601-FRA
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H3-29 200 7766.5a9d116e.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 42 KB
11 KB 28ms
22ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7766.5a9d116e.chunk.js

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8a6f7776d9114c66723e5c20fb977343f5a94c7186be3cd5a9e921522e73522c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 229365
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: H3RYSSR6MXR8Q0N8
x-amz-id-2: BulkmCCZ5hGxesdLeP0aKM4GI+gcb5mCGKSgOxYwIA9jHSOgc/ztP4olIfch8mDz/LxTJ/X4rfY=
last-modified: Tue, 24 Aug 2021 22:06:19 GMT
server: cloudflare
etag: W/"6c9097540f2871e59d12f2f8330e5d59"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: .7d7QLFsuuFWQpCSYU6SbU2vLpi_GMRp
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 68561c06fe580601-FRA
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H3-29 200 8548.c16341cf.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 11 KB
5 KB 27ms
21ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8548.c16341cf.chunk.js

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

83b609bf586cb8e62af2f3267bbaa50c9f11d7d6e86e1c84e2eecfbc2be949ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 328207
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: WGH8SC4QBKFDV4Z9
x-amz-id-2: Z6n1/1kDon8f2iWzV15aEGo7KBEyi36N7uM7ftinlLYKQVbVCtzjXVHTtoOAvJOd2UsAXM3m1bs=
last-modified: Mon, 23 Aug 2021 17:29:19 GMT
server: cloudflare
etag: W/"0440a28543c8a321858e2a5d2f4ab748"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: jTPqm0K2BoBJEteItKLWNsyzZVO0K5DQ
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 68561c06fe5a0601-FRA
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H3-29 200 2382.6222239d.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 27 KB
9 KB 27ms
21ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2382.6222239d.chunk.js

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f6df94cc15c64e450354bf62f7de16c8dc4b0de88d2ff220c2eebe5ef953b1ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 256776
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: HE2HX943YR1RFSQQ
x-amz-id-2: 6meXpX37gcP/PygHl6AB8A/uNOsFTssXnExbLQnpFNiHTFx9Mc0lWSR1So6gAZ5kSF9aqCb7Jj0=
last-modified: Tue, 24 Aug 2021 15:18:17 GMT
server: cloudflare
etag: W/"15152b42d192dcb833b8610e94a0d3f1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: AUcuwIVJo8.8r4vBikFfDnNfmr4ORyVj
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 68561c06fe5c0601-FRA
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H3-29 200 3521.7b571f2d.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
1 KB 35ms
29ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3521.7b571f2d.chunk.js

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

389d660ad6302843f61ead3441874022a81cc38678b5d0bf041897e376db4d43

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 256776
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: HE2PX4VX1WDDT8QM
x-amz-id-2: ewnAElXYPP51IcBzx+7bBEzl9J4F3B2gzMGDGIBXn+peP8lLg1HvvH8btesGfiei95ALxa1pNVw=
last-modified: Tue, 24 Aug 2021 15:18:18 GMT
server: cloudflare
etag: W/"2be26c5818226d5e9617fae95d890b12"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: .D30YcAtl19XKpnTL7rR.HvN7ZrbaT3B
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 68561c06fe5d0601-FRA
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H3-29 200 284.5c0cbf65.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 60 KB
19 KB 28ms
22ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/284.5c0cbf65.chunk.js

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99a551671d29fb4718e5697b374fc9d0ab5f362651fb03863a6fe57a8a29ae9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 232891
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 4VRQFD003NAPXJN7
x-amz-id-2: UWQDIQDWBXGM6hy9SCjaOQLPWrRfp7tZPQlL6wiGK5uN/0OaRCPNx7aj+3nx3q/fR9k/4KOFYno=
last-modified: Tue, 24 Aug 2021 21:56:46 GMT
server: cloudflare
etag: W/"c6ce4175be51298732674857bb320789"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: traw8MMWidmC5lZzhC74sf0gtEaca743
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 68561c06fe5f0601-FRA
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H3-29 200 3673.914f729b.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
5 KB 43ms
37ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3673.914f729b.chunk.js

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

29c4fa2b831a9d8a8d76c356c37f51a8c564fde548e73088dcd3627363d98d75

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 772689
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: TWMMVYJ9MJ571280
x-amz-id-2: u6o5miR+kpyj/CDFsuqGaPsJzP6Ms06iG1IgA6dL4PnxsBk16voAMZZhqmjXr3L+tTwj0GTgIP0=
last-modified: Tue, 17 Aug 2021 22:55:21 GMT
server: cloudflare
etag: W/"e35219bec27324510fb4186a944b5077"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: z8cs.fo5ah.ZtAE8riudhOdBKa.jRZDe
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 68561c06fe600601-FRA
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H3-29 200 7883.e324030d.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 17 KB
6 KB 37ms
31ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7883.e324030d.chunk.js

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3903354e40a89bc08ffd179ce96dc3dfe7f3603bfaa1f52982045573b32c40bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 285482
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: G4JJTH8CGZV4Y7Q9
x-amz-id-2: Dfg28nO4QGLmEwFJD0l24pqrirtw05AVstWMGoTfAYzBD/CauFTCcoifQbpDzibFX8/UB4rIMmg=
last-modified: Mon, 23 Aug 2021 15:58:51 GMT
server: cloudflare
etag: W/"4de031117e444a226f3f000fd57e0c02"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 63NAyQdWbi0sN0Rap1TcfEcjRfuXxOw4
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 68561c06fe610601-FRA
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H3-29 200 8886.cfbe554f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
4 KB 37ms
31ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8886.cfbe554f.chunk.js

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb8d5b9f74625e511e3c8d63848e7a54c98016daed84f8df3bc166368586afa5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 574724
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 16ZSD6WQ4QS93P8V
x-amz-id-2: zb9NWrod2w6iFs4ffdtaU+mgbDShWCkw07xJkPUzUdF5bq3nhqmmcNxyXVXDHf6LqYd8j9wVL6s=
last-modified: Fri, 20 Aug 2021 22:09:48 GMT
server: cloudflare
etag: W/"bad81cae8a761510d8b321ec18487aaa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: jC2fjNgjas4N8HxT6dJJMlTQRnKnnwJ0
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 68561c06fe650601-FRA
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H3-29 200 1334.9f48b6f9.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
5 KB 37ms
31ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1334.9f48b6f9.chunk.js

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c5388efddd16e46845ff6bc0b750d6273ee98feae2dce22044c0019336019c1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 256776
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: ZYY2T22JMBVA1BKS
x-amz-id-2: t+JWQ1G6imO5VW/n/qgd37gGMyaEzjHxxSEye8YW6fyF3KnDjgY+L6WdheZFztrB/sb+wuFwCHk=
last-modified: Mon, 23 Aug 2021 22:24:56 GMT
server: cloudflare
etag: W/"061f34b24a9823dad6ce4c20c2a5371a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: HL_msvZD7dBka0Fb5tYDffxkzTQZK2A6
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 68561c06fe660601-FRA
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H3-29 200 2796.096c850a.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 18 KB
2 KB 38ms
32ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2796.096c850a.chunk.js

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

830f40ef2a3e1b3f6fa8391cc6c93d8ed19dcc454398596ec98aa2c6ebef48bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 229365
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: WMCZHFNQ8YYJBJV0
x-amz-id-2: OK0V/Vo9w3XD5N39zQvBiIv5zSIp4rWbsRC/sidoEOcFa/BujBdJY2xFTIcqs2OUw6ej3Q+4hoY=
last-modified: Tue, 24 Aug 2021 22:06:15 GMT
server: cloudflare
etag: W/"b0bb01ac70b4fd8a0d891526f29379eb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: ARdra2oSJdJHZZnZoXCfUdf_CCf3LTW.
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 68561c06fe690601-FRA
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H3-29 200 4824.6b3e6b44.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
4 KB 38ms
32ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4824.6b3e6b44.chunk.js

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9d8aa4689a04989a7698e498bc9d2b842b15742cd7f6710017620cd5c0ad22ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 104221
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: WSTG98916TWKZ2JM
x-amz-id-2: ujqppIdHXzTj/dT0+jYMLju6steAU3tFqReU7PysVbb/JLTW3zKCpLSkJ+gpdML/hOadOlCZuxA=
last-modified: Wed, 25 Aug 2021 13:53:05 GMT
server: cloudflare
etag: W/"278ba5b435ac605d83f57fd2eaa62ee9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: YRQFA5Djzmyv4JskZIjtJVVOVb3QAlCM
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 68561c06fe6b0601-FRA
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H3-29 200 9972.26470b0a.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 11 KB
4 KB 39ms
34ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9972.26470b0a.chunk.js

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ce16af99f8a960767cf02eb3e2a0c55b201717d5eb340ca5e278a46cb67661

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1029155
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 0GK623R94MWXM07C
x-amz-id-2: 5iVZc/XLUE312vye3HxLqNlSPwlWIDG7UkPPihZ/IoUQfvsz1MHAQldLH5lC/ZQivWMjPliNTY0=
last-modified: Tue, 10 Aug 2021 19:21:00 GMT
server: cloudflare
etag: W/"15d31b767f97e3e3bb1a8dfd0487c404"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: _IvxDCIDoxpQwW3V1ICnh0pCORcUIH0_
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 68561c06fe6d0601-FRA
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H3-29 200 1743.f8cf1ba4.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 48 KB
16 KB 43ms
38ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1743.f8cf1ba4.chunk.js

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f724cafa4496101c379bed8a55779f79605e2c99fa027fa7d3217177abc00193

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 229365
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: WMCH4TXWME47N586
x-amz-id-2: BSH7wo9GloNY7j38vpwozoaBpt0vk1+b51cvBxqkMhq+eZ4V8UlhOXgax597a8NapqLfQNzqgC0=
last-modified: Tue, 24 Aug 2021 22:06:14 GMT
server: cloudflare
etag: W/"8cf2b8a01c3976ec8e8ef9e83878fcbb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: Htz.OdRDO.b0dz_.UHNOm7aYrFrwfCWW
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 68561c06fe6e0601-FRA
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H3-29 200 3179.ca7a9e77.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 14 KB
6 KB 39ms
34ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3179.ca7a9e77.chunk.js

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

103c8f4bcf8bffd0fea54ecad915230d6025023083349a94e5e32ff50c0b96f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 241540
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: M1NCG9YXY4YCEG11
x-amz-id-2: 2HPAoX+pzZg1gqw1wFHz1v5TWQoTmd/rZfABarurHrgrMDUMJdtv2SLFpz7Ig2Urcd/1f+1ozIs=
last-modified: Tue, 24 Aug 2021 17:38:51 GMT
server: cloudflare
etag: W/"eb1211b8f96bfff7eb555a987d2f398f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: Ew7B8.WqI4JfP9cjtD.9Y1fUb57m3tTg
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 68561c06fe6f0601-FRA
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H3-29 200 5285.4e75ee33.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 11 KB
5 KB 39ms
34ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5285.4e75ee33.chunk.js

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

143be9b55563d57d3e4601b0281c8c5a6c698e8336841433f7f5f959605e2e34

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 546377
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: B32DNYKS86E601NP
x-amz-id-2: AKV1pPOzYEVYi4DUNjlnOm2kZ44Al2wQfqfXV9Ur3WDER7W+y9C+9sZqnyixRPgKgS9nsoybqi8=
last-modified: Fri, 06 Aug 2021 23:56:45 GMT
server: cloudflare
etag: W/"04c5ee41730f353b1d05069bcd871516"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: pUrFPUFmPXHrX9Bl27jtechGfL6tmoiJ
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 68561c06fe720601-FRA
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H3-29 200 176.d220b053.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 44 KB
13 KB 39ms
34ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/176.d220b053.chunk.js

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b891f3fd101f913d6c2d42b7dccce4d53d33e49d733b8f4774a6559bb534be6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 229365
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: WMCS88J4X7T996E4
x-amz-id-2: vGT55wXw8CkjlZrU2ETG8zQ0cPDVMqDYpWiqLTWJma9RBfWYfYermgvxc0g+JWxBZrVtO8ZkFcw=
last-modified: Tue, 24 Aug 2021 22:06:14 GMT
server: cloudflare
etag: W/"24d642e038bd318427fd27f526d90575"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: a7PcCP_gZr9PQ8ON7BLwAgQDxzOGl8zf
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 68561c06fe740601-FRA
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H3-29 200 5231.717f8f99.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 81 KB
25 KB 41ms
36ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5231.717f8f99.chunk.js

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cd520777ff12430259aea76eedc236888374a44fe25dc771b5abc1616794186c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 232885
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 4VRS3M19VN7W150F
x-amz-id-2: mKAWQV+lF4C+F+jJK6WfNuEFEdCXykoKMlGQSoF6ZM98qEmqODyInNfkwTjEbwaH0L92dpXf+BU=
last-modified: Tue, 24 Aug 2021 19:47:54 GMT
server: cloudflare
etag: W/"57722078cd70cdf6b02eb3cda1d11496"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: kPD6XlU3Vd1qTv95x4zWqIeZ9zytUZzC
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 68561c06fe760601-FRA
expires: Sat, 27 Aug 2022 14:49:57 GMT

GET
H3-29 200 Post.26d06aa9.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 13 KB
5 KB 42ms
36ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/Post.26d06aa9.chunk.js

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

111cac9ce607d1b598d07b88659f6145cdc1015153fc3ae036c98f37eb9d5a59

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 240752
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 6ZZNRZB5B7KPA7GG
x-amz-id-2: 7sskV5YLD896/1+fPPl2UrYVWsAt0xighHmIZx6HLb70YJR+SlhSaszAylJNH5D+e/pa5wvGt00=
last-modified: Tue, 24 Aug 2021 19:13:32 GMT
server: cloudflare
etag: W/"3ca948800e027dc5381ab50cc28a4b83"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: NQY70N9TASbAoON8LSbeLRg7S9QWRRht
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 68561c06fe780601-FRA
expires: Sat, 27 Aug 2022 14:49:57 GMT

POST
H2 200 graphql Show response
doublepulsar.com/_/ 141 B
455 B 240ms
240ms Fetch
application/json 52.1.147.205
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://doublepulsar.com/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.1.147.205 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-1-147-205.compute-1.amazonaws.com

Software

nginx /

Resource Hash

a002d5c303a1e78e728a31dab11b1a4a3b5e64c9950d8df787f4e37ddad1f572

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

sec-fetch-mode: cors
medium-frontend-route: post
origin: https://doublepulsar.com
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
ot-tracer-spanid: 4f5337cb58d2dc6f
cookie: uid=lo_8b4d7579e945; sid=1:gUQoO0TcXZiJqtUZtO5lTs4gSPIXDmFDICrflcRGcEZp0Rh37CkH2fyBxBY12XCK; optimizelyEndUserId=lo_8b4d7579e945
sec-fetch-dest: empty
medium-frontend-app: lite/main-20210826-210656-6b979099c1
content-length: 195
:path: /_/graphql
pragma: no-cache
sec-fetch-site: same-origin
ot-tracer-sampled: true
ot-tracer-traceid: 39c619e9022b93b
medium-frontend-path: /multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
graphql-operation: VisitorQuery
content-type: application/json
accept: */*
cache-control: no-cache
:authority: doublepulsar.com
referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
:scheme: https
apollographql-client-version: main-20210826-210656-6b979099c1
apollographql-client-name: lite
:method: POST
apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
ot-tracer-traceid: 39c619e9022b93b
Medium-Frontend-Path: /multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
Graphql-Operation: VisitorQuery
content-type: application/json
accept: */*
Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
Medium-Frontend-App: lite/main-20210826-210656-6b979099c1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
apollographql-client-version: main-20210826-210656-6b979099c1
ot-tracer-spanid: 4f5337cb58d2dc6f

Response headers

date: Fri, 27 Aug 2021 14:49:58 GMT
sepia-upstream: medium
server: nginx
etag: W/"8d-DENXYC2raJvInGe8jgJjuCn39ws"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20210826-123830-4cdf4f0dd3, rito/main-20210826-204817-b854c4bb86
x-envoy-upstream-service-time: 123
medium-missing-time: 0
content-length: 141
x-xss-protection: 0
x-request-received-at: 1630075798062

POST
H2 200 graphql Show response
doublepulsar.com/_/ 46 KB
9 KB 340ms
340ms Fetch
application/json 52.1.147.205
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://doublepulsar.com/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.1.147.205 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-1-147-205.compute-1.amazonaws.com

Software

nginx /

Resource Hash

b11f3adb23b920714bc85fe65893522666e20499d8519ce3629091e84b8788ba

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

sec-fetch-mode: cors
medium-frontend-route: post
origin: https://doublepulsar.com
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
ot-tracer-spanid: 4f5337cb58d2dc6f
cookie: uid=lo_8b4d7579e945; sid=1:gUQoO0TcXZiJqtUZtO5lTs4gSPIXDmFDICrflcRGcEZp0Rh37CkH2fyBxBY12XCK; optimizelyEndUserId=lo_8b4d7579e945
sec-fetch-dest: empty
medium-frontend-app: lite/main-20210826-210656-6b979099c1
content-length: 5242
:path: /_/graphql
pragma: no-cache
sec-fetch-site: same-origin
ot-tracer-sampled: true
ot-tracer-traceid: 39c619e9022b93b
medium-frontend-path: /multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
graphql-operation: PostViewerEdgeContent
content-type: application/json
accept: */*
cache-control: no-cache
:authority: doublepulsar.com
referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
:scheme: https
apollographql-client-version: main-20210826-210656-6b979099c1
apollographql-client-name: lite
:method: POST
apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
ot-tracer-traceid: 39c619e9022b93b
Medium-Frontend-Path: /multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
Graphql-Operation: PostViewerEdgeContent
content-type: application/json
accept: */*
Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
Medium-Frontend-App: lite/main-20210826-210656-6b979099c1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
apollographql-client-version: main-20210826-210656-6b979099c1
ot-tracer-spanid: 4f5337cb58d2dc6f

Response headers

date: Fri, 27 Aug 2021 14:49:58 GMT
content-encoding: gzip
sepia-upstream: medium
server: nginx
etag: W/"b716-mfJoeFzg++0GjT3/Q8NypVP9GFo"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20210826-123830-4cdf4f0dd3, rito/main-20210826-204817-b854c4bb86, tutu/main-20210826-165940-b1c222eadb
x-envoy-upstream-service-time: 224
medium-missing-time: 49
x-xss-protection: 0
x-request-received-at: 1630075798185

POST
H2 200 graphql Show response
doublepulsar.com/_/ 443 B
784 B 228ms
227ms Fetch
application/json 52.1.147.205
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://doublepulsar.com/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.1.147.205 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-1-147-205.compute-1.amazonaws.com

Software

nginx /

Resource Hash

837eb4c54c1b93d3ab1c08a67dc65e9ee8616e15e6862f68efb9dfb036543328

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

sec-fetch-mode: cors
medium-frontend-route: post
origin: https://doublepulsar.com
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
ot-tracer-spanid: 4f5337cb58d2dc6f
cookie: uid=lo_8b4d7579e945; sid=1:gUQoO0TcXZiJqtUZtO5lTs4gSPIXDmFDICrflcRGcEZp0Rh37CkH2fyBxBY12XCK; optimizelyEndUserId=lo_8b4d7579e945
sec-fetch-dest: empty
medium-frontend-app: lite/main-20210826-210656-6b979099c1
content-length: 603
:path: /_/graphql
pragma: no-cache
sec-fetch-site: same-origin
ot-tracer-sampled: true
ot-tracer-traceid: 39c619e9022b93b
medium-frontend-path: /multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
graphql-operation: UserViewerEdge
content-type: application/json
accept: */*
cache-control: no-cache
:authority: doublepulsar.com
referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
:scheme: https
apollographql-client-version: main-20210826-210656-6b979099c1
apollographql-client-name: lite
:method: POST
apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
ot-tracer-traceid: 39c619e9022b93b
Medium-Frontend-Path: /multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
Graphql-Operation: UserViewerEdge
content-type: application/json
accept: */*
Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
Medium-Frontend-App: lite/main-20210826-210656-6b979099c1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
apollographql-client-version: main-20210826-210656-6b979099c1
ot-tracer-spanid: 4f5337cb58d2dc6f

Response headers

date: Fri, 27 Aug 2021 14:49:58 GMT
sepia-upstream: medium
server: nginx
etag: W/"1bb-4O4aRPgN3/jIhuwHh8ot31GgoZY"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20210826-123830-4cdf4f0dd3, rito/main-20210826-204817-b854c4bb86, tutu/main-20210826-165940-b1c222eadb
x-envoy-upstream-service-time: 119
medium-missing-time: 0
content-length: 443
x-xss-protection: 0
x-request-received-at: 1630075798181

POST
H2 200 graphql Show response
doublepulsar.com/_/ 395 B
736 B 221ms
220ms Fetch
application/json 52.1.147.205
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://doublepulsar.com/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.1.147.205 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-1-147-205.compute-1.amazonaws.com

Software

nginx /

Resource Hash

a630b5703ae5f694152a0c5457d8b071873eefda22a5cd62e549c19b74435b2c

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

sec-fetch-mode: cors
medium-frontend-route: post
origin: https://doublepulsar.com
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
ot-tracer-spanid: 4f5337cb58d2dc6f
cookie: uid=lo_8b4d7579e945; sid=1:gUQoO0TcXZiJqtUZtO5lTs4gSPIXDmFDICrflcRGcEZp0Rh37CkH2fyBxBY12XCK; optimizelyEndUserId=lo_8b4d7579e945
sec-fetch-dest: empty
medium-frontend-app: lite/main-20210826-210656-6b979099c1
content-length: 599
:path: /_/graphql
pragma: no-cache
sec-fetch-site: same-origin
ot-tracer-sampled: true
ot-tracer-traceid: 39c619e9022b93b
medium-frontend-path: /multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
graphql-operation: CollectionViewerEdge
content-type: application/json
accept: */*
cache-control: no-cache
:authority: doublepulsar.com
referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
:scheme: https
apollographql-client-version: main-20210826-210656-6b979099c1
apollographql-client-name: lite
:method: POST
apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
ot-tracer-traceid: 39c619e9022b93b
Medium-Frontend-Path: /multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
Graphql-Operation: CollectionViewerEdge
content-type: application/json
accept: */*
Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
Medium-Frontend-App: lite/main-20210826-210656-6b979099c1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
apollographql-client-version: main-20210826-210656-6b979099c1
ot-tracer-spanid: 4f5337cb58d2dc6f

Response headers

date: Fri, 27 Aug 2021 14:49:58 GMT
sepia-upstream: medium
server: nginx
etag: W/"18b-KXVeIzAJbLnAt9oEhKSWCtS6aQ0"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20210826-123830-4cdf4f0dd3, rito/main-20210826-204817-b854c4bb86, tutu/main-20210827-075923-0742fb32e1
x-envoy-upstream-service-time: 117
medium-missing-time: 0
content-length: 395
x-xss-protection: 0
x-request-received-at: 1630075798181

POST
H2 200 graphql Show response
doublepulsar.com/_/ 181 B
521 B 200ms
200ms Fetch
application/json 52.1.147.205
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://doublepulsar.com/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.1.147.205 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-1-147-205.compute-1.amazonaws.com

Software

nginx /

Resource Hash

535d6684459c69c725bf1404848254a02ae9db891388c9d97e30de434cbb0e5e

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

sec-fetch-mode: cors
medium-frontend-route: post
origin: https://doublepulsar.com
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
ot-tracer-spanid: 4f5337cb58d2dc6f
cookie: uid=lo_8b4d7579e945; sid=1:gUQoO0TcXZiJqtUZtO5lTs4gSPIXDmFDICrflcRGcEZp0Rh37CkH2fyBxBY12XCK; optimizelyEndUserId=lo_8b4d7579e945
sec-fetch-dest: empty
medium-frontend-app: lite/main-20210826-210656-6b979099c1
content-length: 311
:path: /_/graphql
pragma: no-cache
sec-fetch-site: same-origin
ot-tracer-sampled: true
ot-tracer-traceid: 39c619e9022b93b
medium-frontend-path: /multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
graphql-operation: TopicViewerEdge
content-type: application/json
accept: */*
cache-control: no-cache
:authority: doublepulsar.com
referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
:scheme: https
apollographql-client-version: main-20210826-210656-6b979099c1
apollographql-client-name: lite
:method: POST
apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
ot-tracer-traceid: 39c619e9022b93b
Medium-Frontend-Path: /multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
Graphql-Operation: TopicViewerEdge
content-type: application/json
accept: */*
Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
Medium-Frontend-App: lite/main-20210826-210656-6b979099c1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
apollographql-client-version: main-20210826-210656-6b979099c1
ot-tracer-spanid: 4f5337cb58d2dc6f

Response headers

date: Fri, 27 Aug 2021 14:49:58 GMT
sepia-upstream: medium
server: nginx
etag: W/"b5-Gybfd5FOA8OGai5fWcUk3c3FgTQ"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20210826-123830-4cdf4f0dd3, rito/main-20210826-204817-b854c4bb86, tutu/main-20210827-075923-0742fb32e1
x-envoy-upstream-service-time: 87
medium-missing-time: 0
content-length: 181
x-xss-protection: 0
x-request-received-at: 1630075798191

POST
H2 200 graphql Show response
doublepulsar.com/_/ 281 B
622 B 236ms
236ms Fetch
application/json 52.1.147.205
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://doublepulsar.com/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.1.147.205 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-1-147-205.compute-1.amazonaws.com

Software

nginx /

Resource Hash

3f1c2ed76e79cc8e4721fc7dc5899f534e497dabdd86e7734a069ed1f5b3eb4e

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

sec-fetch-mode: cors
medium-frontend-route: post
origin: https://doublepulsar.com
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
ot-tracer-spanid: 4f5337cb58d2dc6f
cookie: uid=lo_8b4d7579e945; sid=1:gUQoO0TcXZiJqtUZtO5lTs4gSPIXDmFDICrflcRGcEZp0Rh37CkH2fyBxBY12XCK; optimizelyEndUserId=lo_8b4d7579e945
sec-fetch-dest: empty
medium-frontend-app: lite/main-20210826-210656-6b979099c1
content-length: 451
:path: /_/graphql
pragma: no-cache
sec-fetch-site: same-origin
ot-tracer-sampled: true
ot-tracer-traceid: 39c619e9022b93b
medium-frontend-path: /multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
graphql-operation: PostViewerEdge
content-type: application/json
accept: */*
cache-control: no-cache
:authority: doublepulsar.com
referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
:scheme: https
apollographql-client-version: main-20210826-210656-6b979099c1
apollographql-client-name: lite
:method: POST
apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
ot-tracer-traceid: 39c619e9022b93b
Medium-Frontend-Path: /multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
Graphql-Operation: PostViewerEdge
content-type: application/json
accept: */*
Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
Medium-Frontend-App: lite/main-20210826-210656-6b979099c1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
apollographql-client-version: main-20210826-210656-6b979099c1
ot-tracer-spanid: 4f5337cb58d2dc6f

Response headers

date: Fri, 27 Aug 2021 14:49:58 GMT
sepia-upstream: medium
server: nginx
etag: W/"119-z1fYBBtKyP+flHwX6xfCeKn1Q60"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20210826-123830-4cdf4f0dd3, rito/main-20210826-204817-b854c4bb86, tutu/main-20210826-165940-b1c222eadb
x-envoy-upstream-service-time: 130
medium-missing-time: 9
content-length: 281
x-xss-protection: 0
x-request-received-at: 1630075798224

POST
H2 200 graphql Show response
doublepulsar.com/_/ 208 B
550 B 235ms
235ms Fetch
application/json 52.1.147.205
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://doublepulsar.com/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.1.147.205 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-1-147-205.compute-1.amazonaws.com

Software

nginx /

Resource Hash

c230cbcde9551b684071c2f05c656417da0691b4c4d0b5667eb7071d7ba53c85

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

sec-fetch-mode: cors
medium-frontend-route: post
origin: https://doublepulsar.com
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
ot-tracer-spanid: 4f5337cb58d2dc6f
cookie: uid=lo_8b4d7579e945; sid=1:gUQoO0TcXZiJqtUZtO5lTs4gSPIXDmFDICrflcRGcEZp0Rh37CkH2fyBxBY12XCK; optimizelyEndUserId=lo_8b4d7579e945
sec-fetch-dest: empty
medium-frontend-app: lite/main-20210826-210656-6b979099c1
content-length: 547
:path: /_/graphql
pragma: no-cache
sec-fetch-site: same-origin
ot-tracer-sampled: true
ot-tracer-traceid: 39c619e9022b93b
medium-frontend-path: /multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
graphql-operation: NewsletterV3ViewerEdge
content-type: application/json
accept: */*
cache-control: no-cache
:authority: doublepulsar.com
referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
:scheme: https
apollographql-client-version: main-20210826-210656-6b979099c1
apollographql-client-name: lite
:method: POST
apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
ot-tracer-traceid: 39c619e9022b93b
Medium-Frontend-Path: /multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
Graphql-Operation: NewsletterV3ViewerEdge
content-type: application/json
accept: */*
Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
Medium-Frontend-App: lite/main-20210826-210656-6b979099c1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
apollographql-client-version: main-20210826-210656-6b979099c1
ot-tracer-spanid: 4f5337cb58d2dc6f

Response headers

date: Fri, 27 Aug 2021 14:49:58 GMT
sepia-upstream: medium
server: nginx
etag: W/"d0-YLwMXjlBpJ6ROFxI/qB5WwZsYvI"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20210826-123830-4cdf4f0dd3, rito/main-20210826-204817-b854c4bb86, tutu/main-20210827-075923-0742fb32e1
x-envoy-upstream-service-time: 128
medium-missing-time: 2
content-length: 208
x-xss-protection: 0
x-request-received-at: 1630075798343

POST
H2 200 graphql Show response
doublepulsar.com/_/ 208 B
549 B 324ms
324ms Fetch
application/json 52.1.147.205
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://doublepulsar.com/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.1.147.205 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-1-147-205.compute-1.amazonaws.com

Software

nginx /

Resource Hash

b30d85f796d4b582e03209576cfb59e340bbf0e6c0eae117fae22d6552da9022

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

sec-fetch-mode: cors
medium-frontend-route: post
origin: https://doublepulsar.com
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
ot-tracer-spanid: 4f5337cb58d2dc6f
cookie: uid=lo_8b4d7579e945; sid=1:gUQoO0TcXZiJqtUZtO5lTs4gSPIXDmFDICrflcRGcEZp0Rh37CkH2fyBxBY12XCK; optimizelyEndUserId=lo_8b4d7579e945
sec-fetch-dest: empty
medium-frontend-app: lite/main-20210826-210656-6b979099c1
content-length: 510
:path: /_/graphql
pragma: no-cache
sec-fetch-site: same-origin
ot-tracer-sampled: true
ot-tracer-traceid: 39c619e9022b93b
medium-frontend-path: /multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
graphql-operation: NewsletterV3ViewerEdge
content-type: application/json
accept: */*
cache-control: no-cache
:authority: doublepulsar.com
referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
:scheme: https
apollographql-client-version: main-20210826-210656-6b979099c1
apollographql-client-name: lite
:method: POST
apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
ot-tracer-traceid: 39c619e9022b93b
Medium-Frontend-Path: /multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
Graphql-Operation: NewsletterV3ViewerEdge
content-type: application/json
accept: */*
Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
Medium-Frontend-App: lite/main-20210826-210656-6b979099c1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
apollographql-client-version: main-20210826-210656-6b979099c1
ot-tracer-spanid: 4f5337cb58d2dc6f

Response headers

date: Fri, 27 Aug 2021 14:49:58 GMT
sepia-upstream: medium
server: nginx
etag: W/"d0-SUrxaxLDMC55zs1N9rxsbBNnOY0"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20210826-123830-4cdf4f0dd3, rito/main-20210826-204817-b854c4bb86, tutu/main-20210827-075923-0742fb32e1
x-envoy-upstream-service-time: 215
medium-missing-time: 22
content-length: 208
x-xss-protection: 0
x-request-received-at: 1630075798346

GET
H3-29 200 8342.6aa0b45e.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 120 KB
34 KB 27ms
26ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8342.6aa0b45e.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.7ef8f5b3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0e86fe8c1606e924a4e97954c26536fa5e607a8e80245236f29fc2dd94451107

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 310804
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: XZ1MCW81DYX4XYRA
x-amz-id-2: JBq2v1mt0X2gMH7anuTD0L29hBl6YEbcNFuFx4UcXyhBHZAwmrTku09UuVijG7UrHr9mRGJu58E=
last-modified: Fri, 14 May 2021 07:49:57 GMT
server: cloudflare
etag: W/"5daacb41c4e6b401be87ada016250ea8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: QtuMS.aBLj19jleyzZwgHGYQHQ8_ziQc
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 68561c0bbf6f0601-FRA
expires: Sat, 27 Aug 2022 14:49:58 GMT

GET
H3-29 200 5402.a7b8fceb.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 28 KB
10 KB 17ms
16ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5402.a7b8fceb.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.7ef8f5b3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe20d15189023af0455c9c6ac8f7e03ec7c42a2b8c794c141919951ea7ebd335

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 62241
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 57XR0QVABB9H7QKN
x-amz-id-2: ui3sDlfBKjMUHjYygfTfD8Wq/zshrYIg8WVzOA1Udn00MznU0ju9eg6I/GOCy6Iy91VjK/dHvoQ=
last-modified: Thu, 26 Aug 2021 19:50:20 GMT
server: cloudflare
etag: W/"d3eb9f530ff9cd082432ab1c8f94ab55"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: jA49vMNQvVfbDZJtP6J2_3t5Tcy_XRsm
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 68561c0bbf730601-FRA
expires: Sat, 27 Aug 2022 14:49:58 GMT

GET
H3-29 200 9590.e1dc898a.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 50 KB
15 KB 23ms
22ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9590.e1dc898a.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.7ef8f5b3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

96be4a55208ca0e90dd710cc6eb9f4b612fe08c1a9d08a4a2c81ba1253488b2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 285433
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 1386RQ6QVA9NM4FZ
x-amz-id-2: BNiopad20V2t8oC3Y/AGpV5L2W1dOGg1/4YMwjmergyO/TBb70z34bAccHyfZMlQfBS0IiACfh0=
last-modified: Mon, 23 Aug 2021 16:37:37 GMT
server: cloudflare
etag: W/"4797460f196378b05736df91276418bd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: ZLRuWfyfXz_JRiyLROmjSHK47Tscx61k
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 68561c0bbf750601-FRA
expires: Sat, 27 Aug 2022 14:49:58 GMT

GET
H3-29 200 3913.ce667336.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 60 KB
19 KB 20ms
20ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3913.ce667336.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.7ef8f5b3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a94e6849b61a757cf02abe1a5b7b55f869d14cd3dcfa91da02141fc849df0b95

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 285433
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 1388V1V67J8PQEGQ
x-amz-id-2: VStgJxACkHptfgEpT4QWK2ndvoC6GUt2wRZO0QmGh+M3P9ikkaAvtLkAzEHsuGjFEbWr0/r0PGw=
last-modified: Mon, 23 Aug 2021 16:37:34 GMT
server: cloudflare
etag: W/"770008cbfaab302d911ea7f49dd60982"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: hLIX6ks3p3.eNjd7lXI_C2Vs2dZnNZGd
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 68561c0bbf760601-FRA
expires: Sat, 27 Aug 2022 14:49:58 GMT

GET
H3-29 200 ThreadedResponsesSidebar.b4b24dc4.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 20 KB
8 KB 24ms
24ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/ThreadedResponsesSidebar.b4b24dc4.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.7ef8f5b3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

904397f76a8b5003581d647a59b7f0c48820e72692bae32f62faa78d9d08ece0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 370135
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: PAYY82KBF9445XTF
x-amz-id-2: NBotOpydCg3BY7t3KyMN0XVJnQ/WhoyTsejT2bJA9oHtlZOVZ9U9rjeFnPnMaWBTThS/pwPkCyk=
last-modified: Fri, 20 Aug 2021 16:01:38 GMT
server: cloudflare
etag: W/"3deb3f7ac0f5b502877a149f3f580bed"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: n1elk1RMi_Uy7j2PA3HQMs3IWHzbnXEk
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 68561c0bbf780601-FRA
expires: Sat, 27 Aug 2022 14:49:58 GMT

GET
H3-29 200 sohne-700-normal.woff
glyph.medium.com/font/cf896f3/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 19 KB
19 KB 29ms
29ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/cf896f3/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-700-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

685ebea4a8c71de75cf3b4f8c51d8ca871eb2edfbe2b5ae36c2becd2b22c4629

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://doublepulsar.com
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 306898
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 68561c0cde462c01-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sat, 27 Aug 2022 14:49:58 GMT

POST
H2 200 graphql Show response
doublepulsar.com/_/ 94 B
434 B 266ms
266ms Fetch
application/json 52.1.147.205
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://doublepulsar.com/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.1.147.205 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-1-147-205.compute-1.amazonaws.com

Software

nginx /

Resource Hash

0edebda7c824603f9d5502a48e012b991c04985cdf27360b157dc3ef2214e2ac

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

sec-fetch-mode: cors
medium-frontend-route: post
origin: https://doublepulsar.com
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
ot-tracer-spanid: 4f5337cb58d2dc6f
cookie: uid=lo_8b4d7579e945; sid=1:gUQoO0TcXZiJqtUZtO5lTs4gSPIXDmFDICrflcRGcEZp0Rh37CkH2fyBxBY12XCK; optimizelyEndUserId=lo_8b4d7579e945; dd_cookie_test_e1c0c347-9bbf-4b8b-afe2-608a38d07abf=test; _dd_s=rum=0&expire=1630076698401; dd_cookie_test_29c95911-ac3c-4140-a285-38c09abed5de=test; dd_cookie_test_9c2a8700-a71c-4655-b83d-68c350a37a02=test
sec-fetch-dest: empty
medium-frontend-app: lite/main-20210826-210656-6b979099c1
content-length: 5605
:path: /_/graphql
pragma: no-cache
sec-fetch-site: same-origin
ot-tracer-sampled: true
ot-tracer-traceid: 39c619e9022b93b
medium-frontend-path: /multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
graphql-operation: InteractivePostBodyQuery
content-type: application/json
accept: */*
cache-control: no-cache
:authority: doublepulsar.com
referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
:scheme: https
apollographql-client-version: main-20210826-210656-6b979099c1
apollographql-client-name: lite
:method: POST
apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
ot-tracer-traceid: 39c619e9022b93b
Medium-Frontend-Path: /multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
Graphql-Operation: InteractivePostBodyQuery
content-type: application/json
accept: */*
Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
Medium-Frontend-App: lite/main-20210826-210656-6b979099c1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
apollographql-client-version: main-20210826-210656-6b979099c1
ot-tracer-spanid: 4f5337cb58d2dc6f

Response headers

date: Fri, 27 Aug 2021 14:49:58 GMT
sepia-upstream: medium
server: nginx
etag: W/"5e-UW74HFK6f2lqS7izUUVo2HGVz/M"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20210826-123830-4cdf4f0dd3, rito/main-20210826-204817-b854c4bb86, tutu/main-20210826-165940-b1c222eadb
x-envoy-upstream-service-time: 155
medium-missing-time: 6
content-length: 94
x-xss-protection: 0
x-request-received-at: 1630075798668

GET
H3-29 200 1*u9RwN0668pjS1BTgAenrNQ.png
miro.medium.com/max/700/ 115 KB
116 KB 130ms
129ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/700/1*u9RwN0668pjS1BTgAenrNQ.png

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf1d0212a4714b3f473779b2c0bc89ecc064414c86ae363d83b0033c9d1f74f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:58 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 45
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 118125
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210726-203004-84c4ac1529
accept-ranges: bytes
cf-ray: 68561c0dab4a0601-FRA
expires: Sun, 26 Sep 2021 14:49:58 GMT

GET
H3-29 200 0*eN7KaUa3262blFJP
miro.medium.com/max/700/ 39 KB
40 KB 341ms
341ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/700/0*eN7KaUa3262blFJP

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e8942b90f53f2c2ab0836230b85c3055701e5ab9b3439b0fa4c7bc0366d400e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:59 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 357
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 40443
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210726-203004-84c4ac1529
accept-ranges: bytes
cf-ray: 68561c0dab4b0601-FRA
expires: Sun, 26 Sep 2021 14:49:58 GMT

POST
H2 200 /
doublepulsar.com/_/clientele/reports/performance/ 0
0 114ms
113ms Fetch
application/octet-stream 52.1.147.205
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://doublepulsar.com/_/clientele/reports/performance/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.994b41d4.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.1.147.205 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-1-147-205.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

sec-fetch-mode: cors
origin: https://doublepulsar.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: uid=lo_8b4d7579e945; sid=1:gUQoO0TcXZiJqtUZtO5lTs4gSPIXDmFDICrflcRGcEZp0Rh37CkH2fyBxBY12XCK; optimizelyEndUserId=lo_8b4d7579e945; dd_cookie_test_e1c0c347-9bbf-4b8b-afe2-608a38d07abf=test; _dd_s=rum=0&expire=1630076698401; dd_cookie_test_29c95911-ac3c-4140-a285-38c09abed5de=test; dd_cookie_test_9c2a8700-a71c-4655-b83d-68c350a37a02=test; dd_cookie_test_f60f7221-f6b7-43db-84cd-55585817fcb9=test; lightstep_guid/lite-web=0359ae4d2d7cde8d; lightstep_session_id=52b4c4fa282258af; dd_cookie_test_0eed29c9-8ca9-4714-acc7-57c138a792e1=test
content-length: 194
:path: /_/clientele/reports/performance/
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type: application/json
accept: */*
cache-control: no-cache
:authority: doublepulsar.com
referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 27 Aug 2021 14:49:58 GMT
medium-fulfilled-by: valencia/main-20210826-123830-4cdf4f0dd3, clientele/main-20210818-220841-79e497bc6b
x-envoy-upstream-service-time: 8
sepia-upstream: medium
server: nginx
content-length: 0
content-type: application/octet-stream

POST
H2 200 /
doublepulsar.com/_/clientele/reports/performance/ 0
0 113ms
113ms Fetch
application/octet-stream 52.1.147.205
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://doublepulsar.com/_/clientele/reports/performance/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.994b41d4.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.1.147.205 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-1-147-205.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

sec-fetch-mode: cors
origin: https://doublepulsar.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: uid=lo_8b4d7579e945; sid=1:gUQoO0TcXZiJqtUZtO5lTs4gSPIXDmFDICrflcRGcEZp0Rh37CkH2fyBxBY12XCK; optimizelyEndUserId=lo_8b4d7579e945; dd_cookie_test_e1c0c347-9bbf-4b8b-afe2-608a38d07abf=test; _dd_s=rum=0&expire=1630076698401; dd_cookie_test_29c95911-ac3c-4140-a285-38c09abed5de=test; dd_cookie_test_9c2a8700-a71c-4655-b83d-68c350a37a02=test; dd_cookie_test_f60f7221-f6b7-43db-84cd-55585817fcb9=test; lightstep_guid/lite-web=0359ae4d2d7cde8d; lightstep_session_id=52b4c4fa282258af; dd_cookie_test_0eed29c9-8ca9-4714-acc7-57c138a792e1=test; dd_cookie_test_863ea880-4d95-404c-bb64-278d7436dc00=test
content-length: 220
:path: /_/clientele/reports/performance/
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type: application/json
accept: */*
cache-control: no-cache
:authority: doublepulsar.com
referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 27 Aug 2021 14:49:58 GMT
medium-fulfilled-by: valencia/main-20210826-123830-4cdf4f0dd3, clientele/main-20210818-220841-79e497bc6b
x-envoy-upstream-service-time: 5
sepia-upstream: medium
server: nginx
content-length: 0
content-type: application/octet-stream

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 11 Aug 2021 00:32:57 GMT
server: Golfe2
age: 7074
date: Fri, 27 Aug 2021 12:52:04 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19747
expires: Fri, 27 Aug 2021 14:52:04 GMT

GET
H2 200 branch-latest.min.js Show response
cdn.branch.io/ 79 KB
24 KB 97ms
38ms Script
text/javascript 13.224.96.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.branch.io/branch-latest.min.js
Requested by: Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c?gi=9707481f2e26
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.96.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-96-77.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b1f23d8732d8e2a4f2e983d5bf52c680226ec20d3b3453a7d8de4ef4e28aa7a5

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-version-id: JY0psBu036ThLrIRNRIc72jv8LxR45nr
content-encoding: gzip
last-modified: Thu, 19 Aug 2021 21:28:14 GMT
server: AmazonS3
age: 86
etag: "494b4c270c41c5456742136e682b1007"
x-cache: Hit from cloudfront
content-type: text/javascript
via: 1.1 5e318b3ea3fa81a8c20898c2f8c40e7c.cloudfront.net (CloudFront)
cache-control: max-age=300
date: Fri, 27 Aug 2021 14:48:34 GMT
x-amz-cf-pop: ZRH50-C1
content-length: 23861
x-amz-cf-id: jSP1NvJ_cP8sZm8TecLHIq7Gzu2wgWJvwXmi_vo1iabq8KOsslqWVg==

GET
H3-29 200 1*Crl55Tm6yDNMoucPo1tvDg.png
miro.medium.com/max/135/ 4 KB
4 KB 22ms
22ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/135/1*Crl55Tm6yDNMoucPo1tvDg.png

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

971c28b0d1f472873001dc7dc6a2cccb67ae422fd00cd6a12e753fbc1ff1e2ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:59 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 46
x-envoy-upstream-service-time: 104
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 4048
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210708-194908-a2c5797557
accept-ranges: bytes
cf-ray: 68561c10fa370601-FRA
expires: Sun, 26 Sep 2021 14:49:59 GMT

GET
H3-29 200 1*W_RAPQ62h0em559zluJLdQ.png
miro.medium.com/max/135/ 4 KB
5 KB 19ms
19ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/135/1*W_RAPQ62h0em559zluJLdQ.png

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8a16399be3dd5a77dab492b09571656ea17bcab138b1422484312c761aecbf2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:59 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 288
x-envoy-upstream-service-time: 29
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 4354
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210708-194908-a2c5797557
accept-ranges: bytes
cf-ray: 68561c10fa390601-FRA
expires: Sun, 26 Sep 2021 14:49:59 GMT

POST
H2 200 graphql Show response
doublepulsar.com/_/ 208 B
550 B 255ms
255ms Fetch
application/json 52.1.147.205
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://doublepulsar.com/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.1.147.205 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-1-147-205.compute-1.amazonaws.com

Software

nginx /

Resource Hash

c230cbcde9551b684071c2f05c656417da0691b4c4d0b5667eb7071d7ba53c85

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

sec-fetch-mode: cors
medium-frontend-route: post
origin: https://doublepulsar.com
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
ot-tracer-spanid: 4f5337cb58d2dc6f
cookie: uid=lo_8b4d7579e945; sid=1:gUQoO0TcXZiJqtUZtO5lTs4gSPIXDmFDICrflcRGcEZp0Rh37CkH2fyBxBY12XCK; optimizelyEndUserId=lo_8b4d7579e945; _dd_s=rum=0&expire=1630076698401; lightstep_guid/lite-web=0359ae4d2d7cde8d; lightstep_session_id=52b4c4fa282258af
sec-fetch-dest: empty
medium-frontend-app: lite/main-20210826-210656-6b979099c1
content-length: 576
:path: /_/graphql
pragma: no-cache
sec-fetch-site: same-origin
ot-tracer-sampled: true
ot-tracer-traceid: 39c619e9022b93b
medium-frontend-path: /multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
graphql-operation: NewsletterV3ViewerEdge
content-type: application/json
accept: */*
cache-control: no-cache
:authority: doublepulsar.com
referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
:scheme: https
apollographql-client-version: main-20210826-210656-6b979099c1
apollographql-client-name: lite
:method: POST
apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
ot-tracer-traceid: 39c619e9022b93b
Medium-Frontend-Path: /multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
Graphql-Operation: NewsletterV3ViewerEdge
content-type: application/json
accept: */*
Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
Medium-Frontend-App: lite/main-20210826-210656-6b979099c1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
apollographql-client-version: main-20210826-210656-6b979099c1
ot-tracer-spanid: 4f5337cb58d2dc6f

Response headers

date: Fri, 27 Aug 2021 14:49:59 GMT
sepia-upstream: medium
server: nginx
etag: W/"d0-YLwMXjlBpJ6ROFxI/qB5WwZsYvI"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20210826-123830-4cdf4f0dd3, rito/main-20210826-204817-b854c4bb86, tutu/main-20210827-075923-0742fb32e1
x-envoy-upstream-service-time: 152
medium-missing-time: 2
content-length: 208
x-xss-protection: 0
x-request-received-at: 1630075799462

GET
H3-29 200 responses.editor.1db6aecd.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
4 KB 20ms
20ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/responses.editor.1db6aecd.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.7ef8f5b3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0d9552c1a8a70745378143287ac280762bb3a0bb1f338157d4d1c2b96383b563

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 306790
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: PAYG2E7JEN12TKBP
x-amz-id-2: j4H31BdSgNacdzt2rZi1AiRb2Bn75YDg83Vln4NPrNzF7rJKdMzdqIwIzhQioMKXS3fICp1NIow=
last-modified: Fri, 20 Aug 2021 14:33:44 GMT
server: cloudflare
etag: W/"ffc07db1aa2d1688216d374167949218"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: Dz5YOwqhcOGy3u_s2XH6oBKfek607CgG
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 68561c12fd910601-FRA
expires: Sat, 27 Aug 2022 14:49:59 GMT

POST
H2 200 graphql Show response
doublepulsar.com/_/ 3 KB
1 KB 534ms
534ms Fetch
application/json 52.1.147.205
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://doublepulsar.com/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.1.147.205 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-1-147-205.compute-1.amazonaws.com

Software

nginx /

Resource Hash

e24d4105f8d0e7a12cf574bcde3419ff7f9bbf3e983951d0c12a0a140c57eda0

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

sec-fetch-mode: cors
medium-frontend-route: post
origin: https://doublepulsar.com
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
ot-tracer-spanid: 4f5337cb58d2dc6f
cookie: uid=lo_8b4d7579e945; sid=1:gUQoO0TcXZiJqtUZtO5lTs4gSPIXDmFDICrflcRGcEZp0Rh37CkH2fyBxBY12XCK; optimizelyEndUserId=lo_8b4d7579e945; _dd_s=rum=0&expire=1630076698401; lightstep_guid/lite-web=0359ae4d2d7cde8d; lightstep_session_id=52b4c4fa282258af
sec-fetch-dest: empty
medium-frontend-app: lite/main-20210826-210656-6b979099c1
content-length: 7136
:path: /_/graphql
pragma: no-cache
sec-fetch-site: same-origin
ot-tracer-sampled: true
ot-tracer-traceid: 39c619e9022b93b
medium-frontend-path: /multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
graphql-operation: PagedThreadedPostResponsesQuery
content-type: application/json
accept: */*
cache-control: no-cache
:authority: doublepulsar.com
referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
:scheme: https
apollographql-client-version: main-20210826-210656-6b979099c1
apollographql-client-name: lite
:method: POST
apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
ot-tracer-traceid: 39c619e9022b93b
Medium-Frontend-Path: /multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
Graphql-Operation: PagedThreadedPostResponsesQuery
content-type: application/json
accept: */*
Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
Medium-Frontend-App: lite/main-20210826-210656-6b979099c1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
apollographql-client-version: main-20210826-210656-6b979099c1
ot-tracer-spanid: 4f5337cb58d2dc6f

Response headers

date: Fri, 27 Aug 2021 14:50:00 GMT
content-encoding: gzip
sepia-upstream: medium
server: nginx
etag: W/"b04-x17QtWuifMAM5Y6u4cn6t+U/HcA"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20210826-123830-4cdf4f0dd3, rito/main-20210826-204817-b854c4bb86, tutu/main-20210826-165940-b1c222eadb
x-envoy-upstream-service-time: 409
medium-missing-time: 28
x-xss-protection: 0
x-request-received-at: 1630075799597

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 13ms
13ms XHR
text/plain 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=1851616491&t=pageview&_s=1&dl=https%3A%2F%2Fdoublepulsar.com%2Fmultiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c&ul=en-us&de=UTF-8&dt=Multiple%20threat%20actors%2C%20including%20a%20ransomware%20gang%2C%20exploiting%20Exchange%20ProxyShell%20vulnerabilities%20%7C%20by%20Kevin%20Beaumont%20%7C%20Aug%2C%202021%20%7C%20DoublePulsar&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=785550032&gjid=1893143136&cid=947973462.1630075800&tid=UA-24232453-2&_gid=550526867.1630075800&_r=1&_slc=1&z=1593454776

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 27 Aug 2021 14:49:59 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://doublepulsar.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 _r Show response
app.link/ 90 B
567 B 230ms
192ms Script
text/javascript 2600:9000:2104:c800:19:9934:6a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.link/_r?sdk=web2.58.3&branch_key=key_live_ofxXr2qTrrU9NqURK8ZwEhknBxiI6KBm&callback=branch_callback__0

Requested by

Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2104:c800:19:9934:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

openresty / Express

Resource Hash

34595c937806703f1fb0cd971542966397f9b261257dc1d06169f6557df48087

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:49:59 GMT
via: 1.1 3ffec0ecfde687fb371812ad42f5cfc2.cloudfront.net (CloudFront)
x-content-type-options: nosniff
server: openresty
x-amz-cf-pop: AMS1-C1
x-powered-by: Express
x-cache: Miss from cloudfront
content-type: text/javascript; charset=utf-8
content-length: 90
etag: W/"5a-pZ1Yg1OqlSZgcM8xUuSJW0xGmOo"
x-amz-cf-id: k3JRhTEb3fYff5oiWzJr-dH2yS1olrl4aJKf7qrdJlaZOzBQzgL3bA==

POST
H3-29 200 reports Show response
lightstep.medium.systems/api/v0/ 96 B
714 B 129ms
114ms XHR
application/json 2606:4700:3036::ac43:b550
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:b550 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 51bec5663d6db4370fbc839d7f0128be580a575d4a5e76b3d4b0ac315904eed1

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 27 Aug 2021 14:50:00 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gtJdW9fkp3jSe%2BNxIutQ1j2c73jberv%2F6oJz4JQWU5%2BeTXqYXScfeMWYU7GLI9MHYHOAEKry%2F50SGgFiNEjxc8OZW2rUeB%2F%2FfzmPuuleUM9JTRJ33rM4G8MkRe1Anjh82n5QkRFtzK8XjlCsEjhBfU8lC%2BqOxN0%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
x-envoy-upstream-service-time: 2
cf-ray: 68561c15ae6f4aa3-FRA
access-control-allow-headers: LightStep-Access-Token, Content-Type
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

OPTIONS
H2 200 reports
lightstep.medium.systems/api/v0/ 0
0 159ms
128ms Preflight 2606:4700:3036::ac43:b550
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Protocol: H2
Server: 2606:4700:3036::ac43:b550 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,lightstep-access-token
Origin: https://doublepulsar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Fri, 27 Aug 2021 14:49:59 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
x-envoy-upstream-service-time: 1
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oEP7KfDQoImHPyPB6pBp0ePxjORPMc7HjM591wgArYFq%2BKGwmk%2BDTtGur98ubIX5cFYmCVbYkXeddfBxKdDbTmaIaSNH2lBKWCqt2GZZQauy%2FyAh9YIGjZz4qvHL9B76v%2Fr2eZHHg2Xd6meEJxJcPljYAdGMFBs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 68561c14c85264c7-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

POST
H2 200 open Show response
api2.branch.io/v1/ 312 B
625 B 340ms
309ms XHR
application/json 2600:9000:2104:1000:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/open
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2104:1000:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 6f50caba7761623e465bad78e19c11db3bfb3f890d1840531aaa70682ca84159

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Fri, 27 Aug 2021 14:50:00 GMT
via: 1.1 f5046bb9ebd1a8f25b2025d7d9a283f3.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-C1
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache
x-branch-request-id: 3e39a0cff4e14b5c8f59372adf9191ea-2021082714
content-length: 312
x-amz-cf-id: lzWdl6zYHe-5kqj2f2JHHVTbdprveysJI3W4u6jaSVRmfOFIlU8mPg==

OPTIONS
H/1.1 200
OK log
errors.client.optimizely.com/ 0
0 436ms
103ms Preflight
text/plain 52.72.27.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://errors.client.optimizely.com/log
Protocol: HTTP/1.1
Server: 52.72.27.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-27-138.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://doublepulsar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Accept,Origin
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: https://doublepulsar.com
Access-Control-Max-Age: 1800
Allow: POST,OPTIONS
Content-Type: text/plain
Date: Fri, 27 Aug 2021 14:50:00 GMT
Content-Length: 13
Connection: keep-alive

POST
H/1.1 204
No Content log Show response
errors.client.optimizely.com/ 0
242 B 103ms
102ms XHR
text/plain 52.72.27.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://errors.client.optimizely.com/log
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.72.27.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-27-138.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/json

Response headers

Access-Control-Allow-Origin: https://doublepulsar.com
Access-Control-Expose-Headers
Access-Control-Allow-Credentials: true
Connection: keep-alive
Date: Fri, 27 Aug 2021 14:50:00 GMT
Content-Type: text/plain

POST
H2 200 /
doublepulsar.com/_/clientele/reports/performance/ 0
0 113ms
112ms Fetch
application/octet-stream 52.1.147.205
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://doublepulsar.com/_/clientele/reports/performance/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.994b41d4.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.1.147.205 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-1-147-205.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

sec-fetch-mode: cors
origin: https://doublepulsar.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: uid=lo_8b4d7579e945; sid=1:gUQoO0TcXZiJqtUZtO5lTs4gSPIXDmFDICrflcRGcEZp0Rh37CkH2fyBxBY12XCK; optimizelyEndUserId=lo_8b4d7579e945; _dd_s=rum=0&expire=1630076698401; lightstep_guid/lite-web=0359ae4d2d7cde8d; lightstep_session_id=52b4c4fa282258af; _ga=GA1.2.947973462.1630075800; _gid=GA1.2.550526867.1630075800; _gat=1
content-length: 1438
:path: /_/clientele/reports/performance/
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type: application/json
accept: */*
cache-control: no-cache
:authority: doublepulsar.com
referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 27 Aug 2021 14:49:59 GMT
medium-fulfilled-by: valencia/main-20210826-123830-4cdf4f0dd3, clientele/main-20210818-220841-79e497bc6b
x-envoy-upstream-service-time: 7
sepia-upstream: medium
server: nginx
content-length: 0
content-type: application/octet-stream

GET
H2 200 sohne-400-italic.woff
glyph.medium.com/font/3887986/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 19 KB
20 KB 39ms
22ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/3887986/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-400-italic.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78f3247a4ee16f29508798e228c2f1cfe7d0406cee82a94cf2c34a25cb0a41ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://doublepulsar.com
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 27 Aug 2021 14:50:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 10920977
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 68561c169d165c38-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sat, 27 Aug 2022 14:50:00 GMT

POST
H2 200 profile Show response
api2.branch.io/v1/ 180 B
561 B 359ms
359ms XHR
application/json 2600:9000:2104:1000:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/profile

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2104:1000:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ Express

Resource Hash

4a697cff2a3ddc5c6e9eda01528634796ada8d4804a46a368333bff32d89535b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Fri, 27 Aug 2021 14:50:00 GMT
via: 1.1 f5046bb9ebd1a8f25b2025d7d9a283f3.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: AMS1-C1
x-powered-by: Express
etag: W/"b4-z6Hni7jczqobC70r73R6C1eQOlg"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: 7522daf42e5b49a99bda2c91ffd1bc92-2021082714
content-length: 180
x-amz-cf-id: RAh63sbPjO7oFXc5VApjiHw4escSM2in3AAJYwgw0ZoeXlyldSvlog==

POST
H2 200 pub853ea8d17ad6821d9f8f11861d23dfed Show response
browser-http-intake.logs.datadoghq.com/v1/input/ 2 B
93 B 165ms
165ms Fetch
application/json 2600:1f18:24e6:b902:7ab8:f7c0:e391:d374
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://browser-http-intake.logs.datadoghq.com/v1/input/pub853ea8d17ad6821d9f8f11861d23dfed
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.994b41d4.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:24e6:b902:7ab8:f7c0:e391:d374 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Fri, 27 Aug 2021 14:50:00 GMT
content-length: 2
content-type: application/json

OPTIONS
H2 200 pub853ea8d17ad6821d9f8f11861d23dfed
browser-http-intake.logs.datadoghq.com/v1/input/ 0
0 289ms
94ms Preflight 2600:1f18:24e6:b902:7ab8:f7c0:e391:d374
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://browser-http-intake.logs.datadoghq.com/v1/input/pub853ea8d17ad6821d9f8f11861d23dfed
Protocol: H2
Server: 2600:1f18:24e6:b902:7ab8:f7c0:e391:d374 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://doublepulsar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Fri, 27 Aug 2021 14:50:00 GMT
content-length: 0
access-control-allow-origin: *
access-control-allow-methods: POST
access-control-allow-headers: x-logmatic-add-useragent,x-logmatic-add-ip,content-type
access-control-max-age: 0

POST
H3-29 200 reports Show response
lightstep.medium.systems/api/v0/ 96 B
680 B 118ms
118ms XHR
application/json 2606:4700:3036::ac43:b550
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:b550 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 06b4f889ab70d0c9fd4d1907c905c0c46af9d32fd0d5bb314c545f2084bc1e0f

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 27 Aug 2021 14:50:00 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A6lI47Y2%2F%2FXPHusqScbXx4QORAtSvp%2BuZVdC5RwUH0%2BVOK1cq57yQ45KQXyc899BTZB6XKgP74CRMrIP98lS%2FRY345O9%2FdqB0IohBvtnGKJy7EQycjL%2FMFXothFqgyIXbBL0vxBSNnFF4NZBJtPJAOkcPlVIiWg%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
x-envoy-upstream-service-time: 10
cf-ray: 68561c194c8d4aa3-FRA
access-control-allow-headers: LightStep-Access-Token, Content-Type
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

OPTIONS
H3-29 200 reports
lightstep.medium.systems/api/v0/ 0
0 138ms
138ms Preflight 2606:4700:3036::ac43:b550
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Protocol: H3-29
Server: 2606:4700:3036::ac43:b550 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,lightstep-access-token
Origin: https://doublepulsar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Fri, 27 Aug 2021 14:50:00 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
x-envoy-upstream-service-time: 33
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3H%2FxbgaXaIXHqy83ywqzPcCOFbyKX%2F6MkeoJp4I625Uem79zi1TlboSsh8wWSJSKeV6CzJQ%2BfszEduRY2igz5pxM0e4z1fqFctz5Au1MTehTG5pP5gcI6oQwtYISK%2B1W0VItK%2FjUg%2F2XbTCqZ7kLO7ijUosTeiQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 68561c186b0e4aa3-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
388 B 183ms
182ms XHR
application/json 2600:9000:2104:1000:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/pageview
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2104:1000:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: / Express
Resource Hash: a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Fri, 27 Aug 2021 14:50:00 GMT
via: 1.1 f5046bb9ebd1a8f25b2025d7d9a283f3.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-C1
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: 1bb84774457541bdbeafc3592f700049-2021082714
content-length: 28
x-amz-cf-id: xJPeP5Wu0DEFX5J974oVmBGoC0p4CoHRV8dYCqGi9um7Z61O7qQg4A==

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
388 B 178ms
178ms XHR
application/json 2600:9000:2104:1000:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/pageview
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2104:1000:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: / Express
Resource Hash: a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Fri, 27 Aug 2021 14:50:00 GMT
via: 1.1 f5046bb9ebd1a8f25b2025d7d9a283f3.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-C1
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: 867c35d9b98c431f962f9e5f08572f44-2021082714
content-length: 28
x-amz-cf-id: uthkgKteZvdriFbM4gRWnJirwqJg1oOBPygq8C7iibYUEUrzrbvqEA==

POST
H3-29 200 reports Show response
lightstep.medium.systems/api/v0/ 96 B
670 B 116ms
115ms XHR
application/json 2606:4700:3036::ac43:b550
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:b550 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a04428b158b70a70bdbe173704473d2113a09a9a86def68736342b31a55fe642

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 27 Aug 2021 14:50:01 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1oVqf6QXZk6IjSvmofgaormtFeMCoAecKDANV2pognblfjB%2FqCZ68blZ6RtWFw9Pj%2FwCPLVhlbg3ohbTSy%2B2P20qJgA3KzwljAFtIkhq0rb8PdzrlQefR5LlAuqssHDfCgQeo952M7H8vpFIppjUnlt9z4DYCWI%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
x-envoy-upstream-service-time: 6
cf-ray: 68561c1c8b344aa3-FRA
access-control-allow-headers: LightStep-Access-Token, Content-Type
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

OPTIONS
H3-29 200 reports
lightstep.medium.systems/api/v0/ 0
0 105ms
105ms Preflight 2606:4700:3036::ac43:b550
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Protocol: H3-29
Server: 2606:4700:3036::ac43:b550 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,lightstep-access-token
Origin: https://doublepulsar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Fri, 27 Aug 2021 14:50:01 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
x-envoy-upstream-service-time: 1
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GpGqj4EjfoQtSlXypInnWM36b9c98EKV7cCwBGdTya4RBfCD%2FYFqJL7glQZaabsjgFP%2FGKPX0NT0L4lOe9isAhjOLLhHwdpOgQaNCW4Mzuz8tb8dqXs%2BZMdk8NLepQwGv2HwF2nQSosaspsc3GRc6k9xUv0H0qQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 68561c1bda0a4aa3-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

POST
H3-29 200 reports Show response
lightstep.medium.systems/api/v0/ 96 B
671 B 108ms
108ms XHR
application/json 2606:4700:3036::ac43:b550
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:b550 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 36e480898febae5519352f2de7c070f5e51948b2d2f3360347fbf66baa545f50

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 27 Aug 2021 14:50:01 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xWpmAvSO5CARdyzMJKgrsBlCkX5QVqjG330kDAx397yFx2AzBT%2BiPuUOFnjVOO6bk1RuEVRxIOBtBEc4T2y9bFgaL6TdSdwkS9AiTDSyHkyEhaEn71jq8ucJOvZyXUv15dhSnvkKBsLLyQ8ZN54BKOMmHnK0MQc%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
x-envoy-upstream-service-time: 6
cf-ray: 68561c1f88364aa3-FRA
access-control-allow-headers: LightStep-Access-Token, Content-Type
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

OPTIONS
H3-29 200 reports
lightstep.medium.systems/api/v0/ 0
0 103ms
103ms Preflight 2606:4700:3036::ac43:b550
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Protocol: H3-29
Server: 2606:4700:3036::ac43:b550 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,lightstep-access-token
Origin: https://doublepulsar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Fri, 27 Aug 2021 14:50:01 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
x-envoy-upstream-service-time: 2
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GIxJGQkHz%2ByAOBx3NTq8gcdb8jhZaoT59EhltZUlHhhUMSg11t8QTdQjDpGbiR0MH7ZLV%2Fnv1nrS%2Fw87Ex%2FcBzMIysuyhvKjC9tnBPQCOxg7VvRUj7grUsaE5wYWmOv%2Bhpe4pORn9yevicOvAHuGXkLE85pak%2FE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 68561c1eef304aa3-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

POST
H2 400 batch Show response
doublepulsar.com/_/ 24 B
282 B 132ms
132ms Fetch
text/plain 52.1.147.205
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://doublepulsar.com/_/batch

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.994b41d4.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.1.147.205 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-1-147-205.compute-1.amazonaws.com

Software

nginx /

Resource Hash

a2d7229fed40e53774254adcf39d0cd21e4a7c7de4512c32b189b79ea88a2d5f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-fetch-mode: cors
origin: https://doublepulsar.com
x-xsrf-token: 1
accept-language: en-US
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
content-length: 8725
:path: /_/batch
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type: application/json
accept: */*
cache-control: no-cache
:authority: doublepulsar.com
referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
x-xsrf-token: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type: application/json

Response headers

date: Fri, 27 Aug 2021 14:50:03 GMT
x-content-type-options: nosniff
sepia-upstream: medium
server: nginx
content-type: text/plain; charset=utf-8
medium-fulfilled-by: valencia/main-20210826-123830-4cdf4f0dd3
x-envoy-upstream-service-time: 6
set-cookie: uid=lo_47b5ac0d721e; Path=/; Expires=Sat, 27 Aug 2022 14:50:03 GMT; HttpOnly; Secure
content-length: 24

POST
H3-29 200 reports Show response
lightstep.medium.systems/api/v0/ 96 B
679 B 111ms
110ms XHR
application/json 2606:4700:3036::ac43:b550
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:b550 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ebfb88fb0188bec480e0feeca2941a749edeb7c5adb15790169c7bdc4b2f42fd

Request headers

Referer: https://doublepulsar.com/multiple-threat-actors-including-a-ransomware-gang-exploiting-exchange-proxyshell-vulnerabilities-c457b1655e9c
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 27 Aug 2021 14:50:04 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZHjQRUEv1LE%2B1FJ8KbWvhSScBJfRcQr5Jd6zwD%2BLHR4FmDbolCQ6Klu65Ca15EpfwmrS%2B5eQNS0oSqs%2B4xAlsh%2ByFes3ZV9q5LvkhkeGDCrqeYu3PNozSAi%2BbxgT5IsuQoTnH6VPIGlGI6FsUYZ2qsn1iwPn3u8%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
x-envoy-upstream-service-time: 0
cf-ray: 68561c31297d4aa3-FRA
access-control-allow-headers: LightStep-Access-Token, Content-Type
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

OPTIONS
H2 200 reports
lightstep.medium.systems/api/v0/ 0
0 134ms
134ms Preflight 2606:4700:3036::ac43:b550
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Protocol: H2
Server: 2606:4700:3036::ac43:b550 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,lightstep-access-token
Origin: https://doublepulsar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Fri, 27 Aug 2021 14:50:04 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
x-envoy-upstream-service-time: 16
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3XNw%2F7OLnQQaiZPBY9o0fgYIDtpnTmQ22nWKec4YzaT5LZt768r365Z5auYAeQl7xSFvQaiNuJLFvP7Uox4TS%2FUe4UyskPouvGtjJajnuAhjJ3POsncslQ8Sv8o9imS5vxGpt%2FXBzGMCBiiR6xtQnhfO1WkZNys%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 68561c305f5a64c7-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

31 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doublepulsar.com/	1970-01-19 20:49:22	Name: _gid Value: GA1.2.550526867.1630075800
.doublepulsar.com/	1970-01-20 14:19:07	Name: _ga Value: GA1.2.947973462.1630075800
doublepulsar.com/	1970-01-19 20:58:00	Name: lightstep_guid/lite-web Value: 0359ae4d2d7cde8d
doublepulsar.com/	1970-01-20 05:33:31	Name: sid Value: 1:gUQoO0TcXZiJqtUZtO5lTs4gSPIXDmFDICrflcRGcEZp0Rh37CkH2fyBxBY12XCK
doublepulsar.com/	1970-01-20 05:33:31	Name: optimizelyEndUserId Value: lo_8b4d7579e945
.doublepulsar.com/	1970-01-19 20:47:55	Name: _gat Value: 1
doublepulsar.com/	1970-01-19 20:58:00	Name: lightstep_session_id Value: 52b4c4fa282258af
doublepulsar.com/	1970-01-19 20:47:56	Name: _dd_s Value: rum=0&expire=1630076698401
doublepulsar.com/	1970-01-20 05:33:31	Name: uid Value: lo_8b4d7579e945

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://cdn-client.medium.com/lite/static/js/main.994b41d4.js(Line 1) Message: ... .,ok000Oxc. 'oxo, .' ,kWMMMMMMMMXo;. ;KMWMX: lK, ,0MMMMMMMMMMMWNd'xMMMMMO;xWl lWMMMMMMMMMMMMM0lOMMMMMKoOMo cNMMMMMMMMMMMMMk:OMMMMM0lkWl .dNMMMMMMMMMMKx; lWMMMWd.dN: ;kXWMMMMWKd' .oXWXx. ;o. .;ccc:,. .,.
console-api	log	URL: https://cdn-client.medium.com/lite/static/js/main.994b41d4.js(Line 1) Message: We're hiring! https://medium.com/jobs-at-medium/work-at-medium-959d1a85284e

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' https://medium.com

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api2.branch.io
app.link
browser-http-intake.logs.datadoghq.com
cdn-client.medium.com
cdn.branch.io
cdn.optimizely.com
doublepulsar.com
errors.client.optimizely.com
glyph.medium.com
lightstep.medium.systems
medium.com
miro.medium.com
www.google-analytics.com
13.224.96.77
2600:1f18:24e6:b902:7ab8:f7c0:e391:d374
2600:9000:2104:1000:11:f728:3040:93a1
2600:9000:2104:c800:19:9934:6a80:93a1
2606:4700:3036::ac43:b550
2606:4700:7::a29f:9804
2606:4700:7::a29f:9904
2a00:1450:4001:808::200e
2a00:1450:4001:831::200e
2a02:26f0:6c00:2a0::13b8
52.1.147.205
52.72.27.138
023e4896942ae770c88c045d89d253862d0bb4ecb47adfc19be2d2702412af42
02a209d50a545e4955d40866065477107a19b3ba0f74f449ce3e3f4fac6b08aa
03008794c80d77d449b85bcf4744b5054994df6d348fb7b5ddbe419fec85dd10
038262231160fee976d84fa8d1db80567769112008a892e0edeb76f6c1121165
0393d1706ef05b8c2ae9f12bd4d71aba8affbebee2dfa6fccba81b86e2e725ae
042e4e303b7ad0b97a172aa37962c7f649c1afad771dd31f8e7161744d84cdff
05a1af335c12488ca849dbabfc6192f0710ff328f926f54859c4793b581c649d
06b4f889ab70d0c9fd4d1907c905c0c46af9d32fd0d5bb314c545f2084bc1e0f
074120e0ce9c1b6b278f30fbc208a1312ad9c87639665a2abfb86bdacb6bdbbf
0b891f3fd101f913d6c2d42b7dccce4d53d33e49d733b8f4774a6559bb534be6
0c8816dc8228d4e702aac7c2832e7617ffbdf7aecc865587b696d063f3ea93b3
0d9552c1a8a70745378143287ac280762bb3a0bb1f338157d4d1c2b96383b563
0e86fe8c1606e924a4e97954c26536fa5e607a8e80245236f29fc2dd94451107
0edebda7c824603f9d5502a48e012b991c04985cdf27360b157dc3ef2214e2ac
0fcdf1b9c29d79fa8679eeefa1573c239bc5bea4dd2eed064fc6e2a0d1c97f4b
103c8f4bcf8bffd0fea54ecad915230d6025023083349a94e5e32ff50c0b96f7
111cac9ce607d1b598d07b88659f6145cdc1015153fc3ae036c98f37eb9d5a59
12ae1072afc293ec30101e3f8d4eee96b04952b8f21ac49df261e70ae69cafbf
143be9b55563d57d3e4601b0281c8c5a6c698e8336841433f7f5f959605e2e34
1a903333a957f9311e1d51fb0064c219e1e0f578e36fa993d750a99d0f7fe697
23d5d5917766394d6fb54189597fcc1ad7b0fe96870e594d940a89717d8338f7
24ffbef1177aa861458bf509b1995d08c855a289b1dceb2928773815b1c7c27d
29c4fa2b831a9d8a8d76c356c37f51a8c564fde548e73088dcd3627363d98d75
2d62c45fc2fb98a30f520480ed1060f0000ec78a37bfa80103e7d7ff3930b084
2f858ae42dc95fa7d296a95b414952a71bc640985593fc83a5ecdbbafb9a9525
34595c937806703f1fb0cd971542966397f9b261257dc1d06169f6557df48087
36e480898febae5519352f2de7c070f5e51948b2d2f3360347fbf66baa545f50
37df73af877e88b767044bae0ec895370689d3f1986a7b84d5325ab9c7287c55
389d660ad6302843f61ead3441874022a81cc38678b5d0bf041897e376db4d43
3903354e40a89bc08ffd179ce96dc3dfe7f3603bfaa1f52982045573b32c40bc
3f1c2ed76e79cc8e4721fc7dc5899f534e497dabdd86e7734a069ed1f5b3eb4e
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
499d277272839c165137bbaf1609abf7d5347654872481e6577ba16b992e2bd6
4a697cff2a3ddc5c6e9eda01528634796ada8d4804a46a368333bff32d89535b
50b109a0afc4f7cf5f7684158734de0b1f4251d7e1ac64a83b9b520d8c7caf93
51041a29d93ea155720fb49ddd960a39b1a081d7d43a3d051c08bb620a3cb2e3
51bec5663d6db4370fbc839d7f0128be580a575d4a5e76b3d4b0ac315904eed1
525519582b1bd4a7a793e91b793c4c727c4cec22ce14884f6ba4d3aaf6ded90c
535d6684459c69c725bf1404848254a02ae9db891388c9d97e30de434cbb0e5e
5653275fd2234822f5aab4c7fb5bc5325e4991570295998f1ab5a83287c7f285
582a04757d62c3d9ad1c9cc5d7e40787a900fd02b3aeace43d41008a7658d071
5ced593854bb82c95cf35f22c421e3ada59d60b4c9292b58da914d4340139d17
5f2abdf9e9752867b58046f22000379a3c4da9c0f4a0536635972bc124a7854d
63ff695f5b36586ec7fb3acc54730f33d4167cc2b797897bdec8a1654ee7d87b
6550693dadb570fdd94da3996a0887c68d4d291c0818f1528d1a7bc930d8b869
68078ec955d9fe1ecbba1656e1f4469e2585307cfc1b5b993df6e56e5de3d359
685ebea4a8c71de75cf3b4f8c51d8ca871eb2edfbe2b5ae36c2becd2b22c4629
6f50caba7761623e465bad78e19c11db3bfb3f890d1840531aaa70682ca84159
6fefca2e39b0c80d4d1c9b40a41787df0f738a85ff142e5295f17b2e96711ad3
72fdaeca4c65e6655aeeb37b8b9787e1cef79a4e8b10cee34f64f6315cef91e3
78370f1c60ca7a80d7bc4052eedbb87ad1425f418730b2cf7b3922719001d752
78f3247a4ee16f29508798e228c2f1cfe7d0406cee82a94cf2c34a25cb0a41ee
7d6d130d8f196bb2c14843b9bd09ca0f6eb9c826133a4451082927aba4f40f39
7df3af12e866788eb580b7542e9e29e8bffe1c046eaccea8b019fb5c9d88097b
830f40ef2a3e1b3f6fa8391cc6c93d8ed19dcc454398596ec98aa2c6ebef48bd
837eb4c54c1b93d3ab1c08a67dc65e9ee8616e15e6862f68efb9dfb036543328
83b609bf586cb8e62af2f3267bbaa50c9f11d7d6e86e1c84e2eecfbc2be949ef
8a16399be3dd5a77dab492b09571656ea17bcab138b1422484312c761aecbf2d
8a6f7776d9114c66723e5c20fb977343f5a94c7186be3cd5a9e921522e73522c
8bbacda37b119c290c184c6975dc0f9e7892a22c56bb572d70457e437484864d
8d3263919f036071371394d7d4bdfa9715658cebab2cb453ec39383e5c902958
8ef36cd81a32a63c14214d2d7c45e0809be147e68869ea1a5c34feab6d207fa2
904397f76a8b5003581d647a59b7f0c48820e72692bae32f62faa78d9d08ece0
92d2ff27d2b587da629e4ff4aaae0eb0541e5dc2412152dd075034da1fda8c25
96be4a55208ca0e90dd710cc6eb9f4b612fe08c1a9d08a4a2c81ba1253488b2f
971c28b0d1f472873001dc7dc6a2cccb67ae422fd00cd6a12e753fbc1ff1e2ea
99a551671d29fb4718e5697b374fc9d0ab5f362651fb03863a6fe57a8a29ae9f
9a1bb21db6c50c8c9d7931a77cba791bc9d7ecd6eef2373a66cb4cde5e6e5d16
9d8aa4689a04989a7698e498bc9d2b842b15742cd7f6710017620cd5c0ad22ea
9f9426d07320e3f576a16016df14965aa352eea15b901f44f72187ae8c4d597c
a002d5c303a1e78e728a31dab11b1a4a3b5e64c9950d8df787f4e37ddad1f572
a04428b158b70a70bdbe173704473d2113a09a9a86def68736342b31a55fe642
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a2d7229fed40e53774254adcf39d0cd21e4a7c7de4512c32b189b79ea88a2d5f
a4234de612d23c49b753051754b4a09d58f6812aae0960fac0578cd2e8d9566d
a630b5703ae5f694152a0c5457d8b071873eefda22a5cd62e549c19b74435b2c
a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb
a94e6849b61a757cf02abe1a5b7b55f869d14cd3dcfa91da02141fc849df0b95
ad2c52d005eafc6341d3d19a7a8a05ed649686c6881ab62155ae95d4618adf35
ae1c273ad638e70d8bf5fd973b10ca3396efd4296ed46d5f4f9fc0c89ce19a76
af4cd63175903f7de1128348f087273d1d0b50dec0d84b6d96d9595aacaab923
af53bb392cf949de35ca399079add6d28e09d25b1b2072624fc78c804dfd607e
afed961ddb57f36277dfd3c4746651600913c0bfff3b3a498971e1d40d027351
b11f3adb23b920714bc85fe65893522666e20499d8519ce3629091e84b8788ba
b1f23d8732d8e2a4f2e983d5bf52c680226ec20d3b3453a7d8de4ef4e28aa7a5
b30d85f796d4b582e03209576cfb59e340bbf0e6c0eae117fae22d6552da9022
b3207bd24557fefc2773c0bb9d388545f3666a14bf86abe03f10f95272ca24b2
b3d5fdf94cc9bcce6d26f71f0d82b4e925e0ca901df59c1d24d7d911eddb0cbd
b5c56db5c125272d6c1961aec103670e022d01534cfbd4baa7ff3b595f9825ce
bac7c08c637f489dd02b2d3a6ff4aca3c7e038a920e39a685f07f81228c419a3
c230cbcde9551b684071c2f05c656417da0691b4c4d0b5667eb7071d7ba53c85
c4a10cbffdbce76d8de099fabe5eaf5fe08c12fa86e846e34013f7597c716e88
c5388efddd16e46845ff6bc0b750d6273ee98feae2dce22044c0019336019c1f
c5748a354a1c79fdb238f56dde081004de39bb61a52bd74676e036f3786db9e6
c88a6fd9c0f927b6c6eb6a0333d8df738064c2f09458bb23064d319ae34f344f
c8ea4c5606f00ece39073ca2c52012151e25038242447053b13ac4f2021f0c02
ccf1d0212a4714b3f473779b2c0bc89ecc064414c86ae363d83b0033c9d1f74f
cd520777ff12430259aea76eedc236888374a44fe25dc771b5abc1616794186c
d3dd90bc7589e2dfce2ebb76fbbdeb3edb151dda0fc05cb3ce013b4058be34a2
d49f9d5f6cf0fe5e246dae163447d21a876c54cdf3da502fca7d95f2441a51a6
d60f382ab7dcba7579cd2088e8f9ef61e63acbcf269626a9b081c54d9624cdaf
e0ce16af99f8a960767cf02eb3e2a0c55b201717d5eb340ca5e278a46cb67661
e24d4105f8d0e7a12cf574bcde3419ff7f9bbf3e983951d0c12a0a140c57eda0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e544bd8d73fe98d8ba7a775515ae3f80b1dc3d63f6aaded903352e5bfd0dbf5f
e798695365aaabfbd6209396d2f2e565e367bd2d29a805358798bde076c9a4be
e80822fa48ad371fcf8ee70251a00651a367ba539273ff7e5b2ca639dd33bcfd
e83c6b0ea99b4caf907cc41097879e6edc6ffd49cfe6266275abd3bcf771737c
e8942b90f53f2c2ab0836230b85c3055701e5ab9b3439b0fa4c7bc0366d400e5
e8fed51ae35ba9d9c900b99b774df79551240e4954aa5bdd2289cf32d64c1715
e94f5c9ab17624e0617356aa0ce9b87c16a4a62e48ff8ccaabe6963072b76ef8
e9d67ee8bdede3d1235705cc312c9c039d5e1dc94e77ca56a3ba07a944657b06
ebfb88fb0188bec480e0feeca2941a749edeb7c5adb15790169c7bdc4b2f42fd
edac038fa41b6998706870940e3dcb6a50bf6ff175cfd7e274dc1f096f9e1c30
f6df94cc15c64e450354bf62f7de16c8dc4b0de88d2ff220c2eebe5ef953b1ff
f724cafa4496101c379bed8a55779f79605e2c99fa027fa7d3217177abc00193
fb8d5b9f74625e511e3c8d63848e7a54c98016daed84f8df3bc166368586afa5
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
fe20d15189023af0455c9c6ac8f7e03ec7c42a2b8c794c141919951ea7ebd335
ff4c91bf9cb91b2fb2e0344577754e3f2ade240aa8d8d8db0171901c9115feb1

doublepulsar.com Open in urlscan Pro 52.1.147.205 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

132 Requests

100 %HTTPS

75 %IPv6

8 Domains

13 Subdomains

12 IPs

2 Countries

1520 kBTransfer

3854 kBSize

9 Cookies

72 Outgoing links

Page URL History

Redirected requests

132 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

doublepulsar.com Open in urlscan Pro
52.1.147.205 Public Scan

Screenshot
Live screenshot

Full Image

132
Requests

100 %
HTTPS

75 %
IPv6

8
Domains

13
Subdomains

12
IPs

2
Countries

1520 kB
Transfer

3854 kB
Size

9
Cookies

132 HTTP transactions
0 data transactions