Submitted URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?utm_source=The+InQues...
Effective URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_c...
Submission: On May 01 via manual from US — Scanned from DE

Summary

This website contacted 9 IPs in 3 countries across 6 domains to perform 121 HTTP transactions. The main IP is 162.159.153.4, located in and belongs to CLOUDFLARENET, US. The main domain is blog.delivr.to.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on December 5th 2022. Valid for: a year.
This is the only time blog.delivr.to was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 20 162.159.153.4 13335 (CLOUDFLAR...)
1 80 2606:4700:7::... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
10 2606:4700:7::... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
1 65.9.95.129 16509 (AMAZON-02)
1 2600:9000:205... 16509 (AMAZON-02)
4 2600:9000:212... 16509 (AMAZON-02)
121 9
Apex Domain
Subdomains
Transfer
90 medium.com
medium.com — Cisco Umbrella Rank: 13000
glyph.medium.com — Cisco Umbrella Rank: 32913
miro.medium.com — Cisco Umbrella Rank: 24012
cdn-client.medium.com — Cisco Umbrella Rank: 34157
1 MB
20 delivr.to
blog.delivr.to
104 KB
5 branch.io
cdn.branch.io — Cisco Umbrella Rank: 783
api2.branch.io — Cisco Umbrella Rank: 514
24 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 91
21 KB
1 app.link
app.link — Cisco Umbrella Rank: 2772
634 B
1 cloudflareinsights.com
static.cloudflareinsights.com — Cisco Umbrella Rank: 1274
7 KB
121 6
Domain Requested by
53 cdn-client.medium.com blog.delivr.to
cdn-client.medium.com
25 miro.medium.com blog.delivr.to
cdn-client.medium.com
20 blog.delivr.to 1 redirects cdn-client.medium.com
11 glyph.medium.com blog.delivr.to
glyph.medium.com
4 api2.branch.io cdn-client.medium.com
2 www.google-analytics.com blog.delivr.to
cdn-client.medium.com
1 app.link cdn.branch.io
1 cdn.branch.io blog.delivr.to
1 static.cloudflareinsights.com blog.delivr.to
1 medium.com 1 redirects
121 10
Subject Issuer Validity Valid
blog.delivr.to
Cloudflare Inc ECC CA-3
2022-12-05 -
2023-12-04
a year crt.sh
medium.com
Cloudflare Inc ECC CA-3
2023-04-22 -
2023-07-21
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2023-04-10 -
2024-04-09
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2023-04-03 -
2023-06-26
3 months crt.sh
*.branch.io
Amazon RSA 2048 M01
2023-02-21 -
2023-11-09
9 months crt.sh
appipv4.link
Amazon RSA 2048 M02
2023-04-25 -
2024-05-23
a year crt.sh

This page contains 1 frames:

Primary Page: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Frame ID: 5833769D28F888CF244F94DA6D486CDF
Requests: 121 HTTP requests in this frame

Screenshot

Page Title

HTML Smuggling: Recent observations of threat actor techniques | by delivr.to | Medium

Page URL History Show full URLs

  1. https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?u... HTTP 307
    https://medium.com/m/global-identity-2?redirectUrl=https%3A%2F%2Fblog.delivr.to%2Fhtml-smugglin... HTTP 307
    https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?g... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • medium\.com

Overall confidence: 100%
Detected patterns
  • static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Page Statistics

121
Requests

97 %
HTTPS

75 %
IPv6

6
Domains

10
Subdomains

9
IPs

3
Countries

1232 kB
Transfer

3508 kB
Size

11
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?utm_source=The+InQuest+Insider&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D HTTP 307
    https://medium.com/m/global-identity-2?redirectUrl=https%3A%2F%2Fblog.delivr.to%2Fhtml-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06%3Futm_campaign%3Dc64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23%26utm_medium%3Demail%26utm_source%3DThe%2BInQuest%2BInsider%26utm_term%3D0_-c64cca00e7-%255BLIST_EMAIL_ID%255D HTTP 307
    https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

121 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
blog.delivr.to/
Redirect Chain
  • https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?utm_source=The+InQuest+Insider&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=e...
  • https://medium.com/m/global-identity-2?redirectUrl=https%3A%2F%2Fblog.delivr.to%2Fhtml-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06%3Futm_campaign%3Dc64cca00e7-EMAIL_CAMPAI...
  • https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source...
325 KB
69 KB
Document
General
Full URL
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1ac9025d007012b749a6753a31ba78e911b92a360195e13eb770064797008340
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://medium.com
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-cache, no-store, max-age=0, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
7c05842e0cd29a0b-FRA
content-encoding
gzip
content-security-policy
frame-ancestors 'self' https://medium.com
content-type
text/html; charset=utf-8
date
Mon, 01 May 2023 05:10:08 GMT
medium-fulfilled-by
edgy/8.3.0, valencia/main-20230428-203318-aaad2de49e, lite/main-20230428-203318-aaad2de49e, rito/main-20230428-225134-947047c49c, tutu/main-20230428-171126-272d4798c4
medium-missing-time
250
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-envoy-upstream-service-time
517
x-request-received-at
1682917808425

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7c05842d1a863a94-FRA
content-length
0
content-type
text/plain;charset=UTF-8
date
Mon, 01 May 2023 05:10:08 GMT
location
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
medium-fulfilled-by
edgy/8.3.0, valencia/main-20230428-203318-aaad2de49e
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains; preload
vary
Accept-Encoding
worker-missing-cookies
1
x-content-type-options
nosniff
x-envoy-upstream-service-time
11
unbound.css
glyph.medium.com/css/
18 KB
1 KB
Stylesheet
General
Full URL
https://glyph.medium.com/css/unbound.css
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ca2b6c294049540bb3cf90a4425ee46c65a114fba4d1a91b0c76b644b95e4d2f
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
age
1527
x-envoy-upstream-service-time
2404
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
server
cloudflare
access-control-max-age
86400
access-control-allow-methods
GET, POST, PUT, DELETE
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=7200
access-control-allow-credentials
true
vary
Accept-Encoding
cf-ray
7c0584326f753a94-FRA
access-control-allow-headers
Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires
Mon, 01 May 2023 07:10:09 GMT
1*C-oov1hPATgpC9aJkKpm_w.png
miro.medium.com/v2/resize:fit:720/format:webp/
7 KB
8 KB
Image
General
Full URL
https://miro.medium.com/v2/resize:fit:720/format:webp/1*C-oov1hPATgpC9aJkKpm_w.png
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ca419d293aea6be37299c6d398b7bbff362c7108fd94042dea0f0f3b24fbcf79
Security Headers
Name Value
Content-Security-Policy script-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
content-security-policy
script-src 'none'
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=15552000; includeSubDomains; preload
age
288935
x-envoy-upstream-service-time
456
content-disposition
inline; filename="1*C-oov1hPATgpC9aJkKpm_w.webp"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
7582
x-request-id
32b8ae2d-ad5d-4238-b82b-18378de7918c
sepia-upstream
medium
server
cloudflare
etag
"YXzh1miX4qndlYVobhq_bxorivcuaUlJ2JfvURNm1xU/RIjBiZWEyOGJmNTg0ZjAxMzgyOTBiZDY4OTkwYWE2NmZmIg"
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
medium-fulfilled-by
miro-v2/main-20230425-162607-a984df2d9b
accept-ranges
bytes
cf-ray
7c0584326f823a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
manifest.8d489425.js
cdn-client.medium.com/lite/static/js/
12 KB
6 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/manifest.8d489425.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
18368d07cd53cd2a938e89d068ebb70ab2fac476f7bb58e8586d7d6cbf12cd55
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
mVAPnDyvR43Fih8EiFFIeDfyQX0ZhBLQ
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
B99HCYJCTJ6YMTB2
age
225051
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
oE4DUS1ZqRQc8aLtmQOsMnlyabFI+mfKIsk787wBy5Wfxs9H7V/KAIpLSn9iTygPUWsMYE8iybX5OBVXemazi8tXtHeAkjTXpnmgh2spK2o=
last-modified
Fri, 28 Apr 2023 12:39:32 GMT
server
cloudflare
etag
W/"9765fe76fc18bf608b33d74318269695"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c0584328fac3a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
8493.12cd6497.js
cdn-client.medium.com/lite/static/js/
699 KB
215 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/8493.12cd6497.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3b7f1614e5eedf77fce5ff9d7bc8773033173d49af61ec3a624063bc8a304a88
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
rJVrE76uQ_PjgOqvkJU09xpRgRqsRm3m
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
0PJ233NTYTMEJGMS
age
567723
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
+RMu5HcSaWqbkdLXpX8erzkIMYRCR2sGfma7Y9fymXevFKiWh6tIUOLhQdLjX8l4PXNTcC4/RTw=
last-modified
Mon, 24 Apr 2023 14:19:07 GMT
server
cloudflare
etag
W/"45dc22e63c94a914ddbbe5e4773608fb"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c0584328fab3a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
main.e44d912a.js
cdn-client.medium.com/lite/static/js/
769 KB
188 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/main.e44d912a.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a054981357a01eda3130a3303e830c3a1c131ad5e1ef9b7ae26cd5528f4c298a
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
O8Wkbs4vqwkBCnqNKBhYSsR22tgloZE8
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
SQT9YZMDD9YFC64Y
age
225051
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
BQV15QJ3kW/wAsSsuZz9RJUGRjcJWfhyJvTNR9hnpuSLIaYyF10zIub/WuZvMQh2trzE9OnfsY44QU5pEZga+eLYTVf80DZWHpkgIPkhyT4=
last-modified
Fri, 28 Apr 2023 07:02:31 GMT
server
cloudflare
etag
W/"53c4c68fddc590ecd70da17386c22b1f"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c0584328fa83a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
instrumentation.c71f0248.chunk.js
cdn-client.medium.com/lite/static/js/
3 KB
2 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/instrumentation.c71f0248.chunk.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
be18a208d4e5e0c3f3343588333535ac1efad32afa983e2ce0d6c42a80fff5d3
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
5yZx.RXNRFD2wk5kW8slm2OPTbsuZqQM
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
835SQSN2WCD6BDVB
age
437210
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
CIbKMR+t1FwOgWV5FFaSjLXobXH66piRTPGhGH8z/BWltP4A8xUkL0PtGWirKXHw6vOBEepMsnQ=
last-modified
Wed, 07 Sep 2022 22:21:02 GMT
server
cloudflare
etag
W/"1c4019035217766e8fa41b4d396c90c0"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c0584328faf3a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
reporting.bbdcaa9d.chunk.js
cdn-client.medium.com/lite/static/js/
1 KB
966 B
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/reporting.bbdcaa9d.chunk.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4a96cae42b1009fa744e6e9d4149f69da1ad14892d80a57ca04f6b0e3f1d9e46
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
hDbV.8OiTMB.Vn8rqDBCJ.dxBb4bMoaR
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
2R4YTKBCDDS6HF3J
age
437210
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
hpLJFwZLVe3kLMmVyN1xu6SbW8NO3o//weOaZ5BXpjjUY6yHS7cvPj69YBWyN1dhbN/YbQe1UB4=
last-modified
Fri, 01 Jul 2022 00:11:40 GMT
server
cloudflare
etag
W/"72bc359fe3377069bd162b3be6ed3d05"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c0584328fa73a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
5642.36172d8f.chunk.js
cdn-client.medium.com/lite/static/js/
9 KB
3 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/5642.36172d8f.chunk.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
32579933fa7409a851f4fed587cb4a19111bf097eb787ba275666500c1dc1596
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
N5zfrX_fPDUkHADIaE9IDKP_E9o4ZXJV
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
YR1ZGVFT1MNTYCTH
age
317206
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
jMGCKZpGzM44arO02in2I0BYsPyPlVIFsc5ZXNzHfQBw3KY8qagbEVElI6vDQVHafDsuyPG4Eyg=
last-modified
Wed, 08 Mar 2023 20:47:45 GMT
server
cloudflare
etag
W/"96030f693a075a8ed90e715174adf06f"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c0584328fa63a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
799.361fd2fb.chunk.js
cdn-client.medium.com/lite/static/js/
30 KB
13 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/799.361fd2fb.chunk.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
03339318237f203c39972793a5232b2c94f3ea7a2c814641ae62660d8dd6e02b
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
QMhsOw..2z7t_WH9w.ZD6x4nreWG.vQr
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
QG33HRZ7DN7FBY2W
age
1161369
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
JKaC1fn4iEDQS+SX7HMP5xGUVhmcDNQ9Cn4YrY0Sl/YORAv8Dp0FrFoMP3GMpoaYgZuLl5TdcGQ=
last-modified
Fri, 03 Mar 2023 20:16:01 GMT
server
cloudflare
etag
W/"3064a40f043f886dcc4f589b5706495b"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c058432bfdc3a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
1860.abea291f.chunk.js
cdn-client.medium.com/lite/static/js/
6 KB
3 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/1860.abea291f.chunk.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6173a1b363b6bffdf4ec8d533f260644b17cc6f8a747f2d4f529795a3cdf0c04
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
uS1tfjVEi120fx7YYvwb1tmcC69xBC_N
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
CKH6YE43QJ55AQA6
age
1159665
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
Q2BPbM1yg27+tTLenM0rnN6OFZaeLeGLVxQ+u+6Q13qKVuysDCpWVYYfoGtG4AKACwHCX1oWUp0=
last-modified
Fri, 06 Jan 2023 21:37:55 GMT
server
cloudflare
etag
W/"85d86a66b898bcf1f697adede4c175db"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c058432bff23a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
3838.7ae103cd.chunk.js
cdn-client.medium.com/lite/static/js/
7 KB
3 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/3838.7ae103cd.chunk.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0573eb7e1b3f0dbaad578ead6eb03bfbd6280ae5d9a2827ad95b260717410939
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
2W.hiqflZMS1Uu78pZoO3HKgXmMTqecm
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
CKH3FJ3BAV5QG9A3
age
1159665
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
ZaIhFcLEkMb+8UMOJN8mZZ39MZMo1pkb+NEaDWNgT/xigPBH6WegPId2pY/Uacn7Qn7xh8faisc=
last-modified
Mon, 06 Mar 2023 18:50:07 GMT
server
cloudflare
etag
W/"7be8dacf1eb69da190ae2840037680db"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c058432bff33a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
2905.914a6a4c.chunk.js
cdn-client.medium.com/lite/static/js/
12 KB
5 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/2905.914a6a4c.chunk.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2334df49a3450802cab73e955c936a122a29bc92ffee9cd6196bb7902a47c713
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
uSXeeWXh5yPNiLrPeA3_u6DdUYOG6zmg
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
X75WMZEY01VF1BPA
age
289195
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
Nt+IUqTqq7BR5HB9tyKKEOKt1v/bbbDpe/hV76p7RgnpTVw19OMiXugNllQaOXpScZI3zps7VuI=
last-modified
Thu, 27 Apr 2023 20:25:50 GMT
server
cloudflare
etag
W/"bac067749b82a9589a1b9ac546aa87a5"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c058432bff43a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
8007.e7e42be3.chunk.js
cdn-client.medium.com/lite/static/js/
10 KB
1 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/8007.e7e42be3.chunk.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ae4a152dbc443cb2190ebe669b3604fa97bae75f8012b0364ffb2ff2d4def713
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
GCST7lvuIH0KJ0ZTnx.wLhYNBstOq8pl
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
QG36YP10HMAVEYNT
age
1161369
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
tF5q+jafuBhzt+0SKoPKSaq6cCgnwGVA4BcgHoYQA16tBd96pb0AZZKir5g/qPdcj909ZK37kkA=
last-modified
Fri, 03 Mar 2023 20:16:01 GMT
server
cloudflare
etag
W/"70cde53a50943875dc8cdadc6cc02d19"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c058432b80a3a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
8695.ac0f83b3.chunk.js
cdn-client.medium.com/lite/static/js/
9 KB
3 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/8695.ac0f83b3.chunk.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
50a979f6e8a062abeacd9791b81cbedbe908659d6bc12d73f1102167bfc41937
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
QHLtf7kDTyQGy0BXV0UCGe3J0J3T3OiS
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
QG31NKHVD77TXP3A
age
1161369
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
FqYubMp9+/5UC9f6/cfezA9WW3lwATrYE6pbEFHLrK++2E+q+nJaEbWJTsqOteFXOGM5O35IW2o=
last-modified
Fri, 03 Mar 2023 20:16:02 GMT
server
cloudflare
etag
W/"de93ef1b6b3aae9065a3d952e34db489"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c058432b80c3a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
8.5980bcd4.chunk.js
cdn-client.medium.com/lite/static/js/
26 KB
7 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/8.5980bcd4.chunk.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
17b661a486215879018ecdf2463102d385f2c4fb74558fd15582e9f4844523d3
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
pJvmeAlpCD1R.goLN3jYFb7dMtAGD1zw
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
CSJ5NY1QV5J2JWQP
age
299279
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
rFAMOZJmj+HO0YhJ4cJXyBRSKJbo7tCfv1y49srFaSbQakg/7BJ77llXjtWzlAVP84vXnp873Yw=
last-modified
Thu, 16 Mar 2023 13:52:09 GMT
server
cloudflare
etag
W/"90db6c8a443715167c389219177065f2"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c058432b80d3a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
9683.1c418a4d.chunk.js
cdn-client.medium.com/lite/static/js/
38 KB
9 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/9683.1c418a4d.chunk.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0017449cfda81bb089bf3cdcd944fc19f450c9e6d3bbcc0f752c7c9a44b5c88e
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
o73a3y0m9k5mMwOEoTAey.E3arKRWOBX
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
K5286B2SKHNFRVEX
age
314418
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
zbhppjpREoCvomhjDg//ouAc8lZFKrgvbBA+Jq6XYyDvygxbU9XaDjONF3IarJz5tF73KEcoOwk=
last-modified
Wed, 26 Apr 2023 20:43:59 GMT
server
cloudflare
etag
W/"53f26193240542678947856ff22eedc3"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c058432b80e3a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
7702.c5a5a368.chunk.js
cdn-client.medium.com/lite/static/js/
12 KB
4 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/7702.c5a5a368.chunk.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c1c223b155a0b1cc4ab40250ddeeec6031a768c2417f0144392a8680b99d7282
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
8umP.hczxtJxocgIVknlhG_09oMzTtvl
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
MAG6YPVFV242P5D2
age
463182
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
toufDF6n6mGHhhgoudJujJuj1+n0oFYxa8tKId01+p93ep96xCrMhCtwYevq07WkdLkWOyWpVzM=
last-modified
Tue, 11 Apr 2023 19:43:06 GMT
server
cloudflare
etag
W/"50c13097a4d521f40633401ca2e79140"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c058432b8103a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
5203.23a22ad8.chunk.js
cdn-client.medium.com/lite/static/js/
15 KB
4 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/5203.23a22ad8.chunk.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0d19349e1a7fc17631e75d4434c94ded800f5bcb8cf8e019abe59369b9e574e0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
uD1TB8JyXvDbJEXNxavvZswpYfa1t9.8
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
GSFGAJCPCBSTEX37
age
1178869
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
KSOdEcL9rQFokNvNoFX4ZsWX2macqyPYpdFQa87GxIXH5h+v22v6M4Y/vfhgw8+HVRbRocAun0g=
last-modified
Fri, 17 Mar 2023 21:03:22 GMT
server
cloudflare
etag
W/"9fefde6e96381be6edeb30aa4a60c1b1"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c058432b8113a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
8708.546db97b.chunk.js
cdn-client.medium.com/lite/static/js/
6 KB
1 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/8708.546db97b.chunk.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6d0f1f91751d635fce38f3af610e536f348ef6e22a9a9fc34d5c6d375169b3c0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
ShoXATpSnyxNrxbWU6kTvwZIjAQProNM
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
3H5JRKDTHZH184D1
age
317205
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
GfwrWEVxgWccwYm0zBK2Fs8auFXIsssnPkZobHnngjoox2Tz4/R9513/prbuHGtWo50EgWhDSQU=
last-modified
Wed, 05 Apr 2023 16:29:16 GMT
server
cloudflare
etag
W/"60e21df57ea608b0d63cb407029b234a"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c058432b8123a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
1957.6c5d9d7a.chunk.js
cdn-client.medium.com/lite/static/js/
15 KB
5 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/1957.6c5d9d7a.chunk.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a2dccb0664aa6be074668f722bd5e206d0632b561ed15eb7f4975bfdfc126605
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
WamoeO4c4UGRv.JG907c.YH8.QClHifI
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
2HB1B5BHTZYD1HNT
age
482931
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
fxlphlNxfzqzuqjSS9AVm1aB86KNvEr4tYGCKhSjcD+WkFobIv5JVMer2ybGYXkslbaJsYUS4QQ=
last-modified
Mon, 10 Apr 2023 21:06:04 GMT
server
cloudflare
etag
W/"41104231374609f10e95b6c0e48b4576"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c058432bff53a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
9174.90036714.chunk.js
cdn-client.medium.com/lite/static/js/
99 KB
28 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/9174.90036714.chunk.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fd5bf01b4c556dfeba2a6382aab7a4520cc6574394567e97a3a5e09ec8cdddd
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
n1lnAZcrnGrofh7BNLq2v42q6PIp0sBL
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
ZSADVEBR1P0YZ4HB
age
391116
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
vlc6oMYr1si5XVesbwUpzfueOoU3EAUH2JiRmKJ5m/Kd2y6ZNY0Kwzsy3yuGGH3+LQRKFWw4J8w=
last-modified
Wed, 26 Apr 2023 16:20:56 GMT
server
cloudflare
etag
W/"63aec800e788e4c7e9f7c3d968880592"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c058432bff63a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
3635.c351368e.chunk.js
cdn-client.medium.com/lite/static/js/
23 KB
7 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/3635.c351368e.chunk.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a7d86022f2a24e2797798001ea8b3cbf6b4a6d9de3fa1d3ad1ab9e596e6c0a78
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
1q0F51Do48uHb0zXeJvcmG7dMPiVWnNP
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
MAG76EEGBS2Z01AC
age
314759
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
wkPNewSMZTTiLbBpiOtZ0oBqSFHlGbzRyRHhn1bmCk2mgbgumemLqzl9BIB52BYow5fb5oYLdTE=
last-modified
Tue, 11 Apr 2023 19:43:01 GMT
server
cloudflare
etag
W/"02cf73a2006c9014811cc907ede8a7aa"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c058432bff83a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
5472.a7dd22a2.chunk.js
cdn-client.medium.com/lite/static/js/
10 KB
1 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/5472.a7dd22a2.chunk.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e53ebfbcc9c25748543c93340d2eb361c3fae51ae63261e01e54758703593afc
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
gSXxPhc0hcRrksmL2PGhPrVOkWw4VC83
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
TYK0PEA01R37Z2AF
age
437210
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
/HTy1mXHJwPGew/xYMqQ7tFbF5Jg3lNbiP2FCK1QESRXm8fU5OQ78/pj2bTQ3xJ5WF5PwhIz13s=
last-modified
Fri, 21 Oct 2022 21:04:08 GMT
server
cloudflare
etag
W/"bfe1dd364c3e6da6632a1d6c3b6fb9a0"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c058432bff93a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
4129.9a8d63eb.chunk.js
cdn-client.medium.com/lite/static/js/
18 KB
7 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/4129.9a8d63eb.chunk.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2911927df6c0a93829e78411112c7814bc7b90ecb78c3656c43d501ce89a0a65
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
WfRiIovzGKzIBXx4jbOQWkmNpcHVogDv
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
GK4751DSD4JH2506
age
314829
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
8TnspiZej79grd94InR+zjOaNmgcRTL5ZylBmkOcJfzk7LnfoVNYBTTtYSyrfXICT6Kwtu6QDgo=
last-modified
Fri, 17 Mar 2023 21:03:20 GMT
server
cloudflare
etag
W/"d6fa6c4407818897ed25daf584a5dd7c"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c058432bffa3a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
8580.1d3cbd2a.chunk.js
cdn-client.medium.com/lite/static/js/
19 KB
2 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/8580.1d3cbd2a.chunk.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
366bfb267958cf08b1d2dab865f82a1f9065bb019fe1db867815579503b0176d
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
9t7goFlXzXd.Z2YB3u_pt2EvH9na42q1
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
ZSA23NVGQVQBCWC0
age
314759
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
x+P7LhXVb/CSmh+GBEi1NN0PotvbaFtwMPBGWNIOBz82647eslcqUZWr46n3gGSXmcX+ehPncEU=
last-modified
Tue, 25 Apr 2023 19:43:37 GMT
server
cloudflare
etag
W/"d058f853abfd147d6129009ec60d93a0"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c058432bffb3a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
1802.0f7ac4a6.chunk.js
cdn-client.medium.com/lite/static/js/
22 KB
6 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/1802.0f7ac4a6.chunk.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3e479fe502330044c7e5957eaad0ecc55227da44e2f8d614e384d4e139e66dbc
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
D.5nVMueuViXvVSn.YFoPJcHVbJpZci6
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
RQK8M4DZVH434QW0
age
981003
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
CU2yVjxOvw1v6ah/2A/RYBSm/b1MCVCa4IkwjBsnex8k1eQOJGVk4aPpbSCT8AqgowomdP41z4E=
last-modified
Tue, 18 Apr 2023 15:09:51 GMT
server
cloudflare
etag
W/"ed235eec9522978936c7e8d0256e164c"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c058432bffc3a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
2371.6ba1ff25.chunk.js
cdn-client.medium.com/lite/static/js/
14 KB
3 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/2371.6ba1ff25.chunk.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6b400a4ec8b292df5747de9b0fca9f6528b1b1e027e1189db9ce24f15d5e1749
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
dIAdAOXpzVD1iJmsmvzsYqCUXYFeHtPn
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
VQVPTB1DTFNM02ZS
age
269300
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
Z0JbF4OWww5CeVFIYXWNQxPwSIFllxyR9x6Lv18DgBHTVkVwPMPm+2r1s0RfLAtHJO5xlaVUhJ6X3AlC1fdvjs3xN5ZjP2eG9l1bMJuRaZM=
last-modified
Wed, 12 Apr 2023 18:31:59 GMT
server
cloudflare
etag
W/"4db431b1ab8ca132084d1db94dec3cf8"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c058432bffe3a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
4078.182beff5.chunk.js
cdn-client.medium.com/lite/static/js/
10 KB
1 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/4078.182beff5.chunk.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5a9538496fc598aef8185ce64a1416f66dbb480363eacd5466477f888985c161
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
xjtc1w3dA5YeyATt8lkc6IY7tO0v2BCH
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
97NSSTE6BHWPZPWE
age
314828
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
TKMzwc4qqgLaceiuzfHxqsIMLxkgGp4pzOero8twZKE2GR4jbg+iTIkXOaqcSUVPogPR7hY8FNtQJr47gyVkZA==
last-modified
Thu, 09 Mar 2023 20:25:05 GMT
server
cloudflare
etag
W/"46c9eaa275cbf3108a4c9c63c30a6a5a"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c058432bfe43a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
8093.00ba3eb9.chunk.js
cdn-client.medium.com/lite/static/js/
22 KB
6 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/8093.00ba3eb9.chunk.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bb13425885ee713fb8e0df5308e088502decb5ba7bdeda770a6588c71d2e8583
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
gjUcW7gqPr8rNLnnE9owqe9ILinhR3l2
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
9KQ38HQEEWSJQT48
age
306332
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
GWnTGRsDEh/Pf7Va9pFbw2bU1+Fy7YeyltrO7aD/iFgslwwreRjswHpYc2m5uDiMyWHaPIoILZQ=
last-modified
Thu, 27 Apr 2023 15:37:37 GMT
server
cloudflare
etag
W/"70f542420964161fe4493acc8b6938d5"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c058432bfe73a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
1743.42985c62.chunk.js
cdn-client.medium.com/lite/static/js/
9 KB
4 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/1743.42985c62.chunk.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b7a186a71840944885d3c455f4e3c5b73fcc575b75fcd91f4e111ea512e75b8f
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
lln_mSqQczRjOIEMXIxBEgGqsFD3hyhB
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
4MRBKHCZY7DRMFQB
age
1187630
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
KqcGk24OpH7ZWFOxUYIgH34J0m9KAUpMr75iwZBkQ+OBkUzh/p+97sMnOtwWasDQIYIQ+BpiYOI=
last-modified
Mon, 20 Mar 2023 10:25:00 GMT
server
cloudflare
etag
W/"3e107f7798febeec4247918bdd418957"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c058432bfe83a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
3115.3302bd02.chunk.js
cdn-client.medium.com/lite/static/js/
30 KB
10 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/3115.3302bd02.chunk.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
be1f68b533d20ee61daf543dff9e6a9b3aebb19e6ec07a3bc7a84db8b1b4d86d
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
LX.xmLrHZit_3s_CTGft2De1szzi28Pj
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
D2A1E8KWY7GF1JZV
age
314741
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
lKvLus5i3TTdHLL0+rnGA3/bPdjKpcHeee0KJwnR7Caa6+2QQ7ASA7zASlfyeN03kW/QmyA8siw=
last-modified
Tue, 25 Apr 2023 20:34:02 GMT
server
cloudflare
etag
W/"63eb68c2d07c896cb05506cf9bc7b0ff"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c058432bfe93a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
2287.a89f9d21.chunk.js
cdn-client.medium.com/lite/static/js/
15 KB
5 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/2287.a89f9d21.chunk.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
93ec15dd15d0b36925c06e9cd208be62b2bd75010d9681c067867fc429b29d9f
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
rqICbRIWEFamsXMFg_kW4QvWWY96KbA7
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
QG33HSDPZ5HZSASJ
age
1037433
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
yhtm1SybL3c0lowTHiSFTNcc2ZWjKza/zm/yMdsfCwxjRiGYMBXAiPFXl/vTmzKEKIBMe3KpULo=
last-modified
Fri, 03 Mar 2023 20:15:53 GMT
server
cloudflare
etag
W/"a73a2c40d4fc740817809c493ef138ba"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c058432bfed3a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
3685.22fa1dc7.chunk.js
cdn-client.medium.com/lite/static/js/
31 KB
5 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/3685.22fa1dc7.chunk.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
26bb5d52850ebd86df6c5f1e39549d6caa9c730fa614748d465be34fe3ad02a2
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
6qTAq.IzY8gMWzP3po8oIauvLpMW7K2O
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
ZSAACD20X5RDKR19
age
314776
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
+jMX7OLpRPBb1oC+nI0OztPSA1tujHY+GjTdeA9Oxy1anIxPFc0NRsnywZ3v0/CKVw6HdtMwLPE=
last-modified
Tue, 25 Apr 2023 19:43:31 GMT
server
cloudflare
etag
W/"e251379d2c9cb9c45e496d8a3046ae0e"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c058432bfef3a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
2092.0b9868e3.chunk.js
cdn-client.medium.com/lite/static/js/
21 KB
3 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/2092.0b9868e3.chunk.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0497bc851b9b9d3211ae22c89f36c5e47fd708bc7239ed6cdde7f39cb5ea3664
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
tk03ftqRtY0SsD83PSYlEo4CJTXYXqep
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
MAG85M1BMPNG9AQT
age
463176
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
+Gs4WHGFXx1mIIwwoL4LNLZIGWr+tYbN13s5DtgaXU5sXblpJ5WHXo17CGWxyqOn7ts17RHuOOU=
last-modified
Tue, 11 Apr 2023 19:42:58 GMT
server
cloudflare
etag
W/"f50afecac7a61bf276ac5115c0113efb"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c058432bff03a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
8824.e4a9134e.chunk.js
cdn-client.medium.com/lite/static/js/
23 KB
7 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/8824.e4a9134e.chunk.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e2913d7530f3f6c73b724c9882136bae20c7a5939038a4a1f3dbf3aea33dba79
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
neRlkFcyWMOpvcNZg2IlDkGh1jbXJmPK
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
X3AFN7VK90AAFZC6
age
391116
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
0mMwUm8FGTGr5TR3R/N0mZLGSEjoPbzN0V3Js4Cje6pxYzGvLKqEVLVad6fLNuBxUrqRWnq5v9oAPTl14QLNbQ==
last-modified
Thu, 09 Mar 2023 22:28:11 GMT
server
cloudflare
etag
W/"16a0e081b5bc3b11a05cfd283a41011f"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c058432bff13a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
9225.9cfbe85d.chunk.js
cdn-client.medium.com/lite/static/js/
24 KB
9 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/9225.9cfbe85d.chunk.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7b9e8109c78ad9e76bff06adea00cb379e26a2d11a9a3498b200c3df0be3331c
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
Wv79.y3emBILIFd04WPjj7dzLiC3hCzE
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
Z1TCBDV402Q70YB0
age
1156390
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
5upxKuFLkMj3IUHw7v91/CpPofRM9SRn6vafES4WU9ZRchYJZGZYhHYayRVCFoZnocTUhUi7y88=
last-modified
Fri, 14 Apr 2023 15:53:59 GMT
server
cloudflare
etag
W/"7ca308acced522a9edd9ab9385b9994c"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c058432bfff3a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
6804.9f6509a8.chunk.js
cdn-client.medium.com/lite/static/js/
8 KB
3 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/6804.9f6509a8.chunk.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cdda40bda76a0adaed3fe045e8396748669078e1b15c59975119e243bc6b45c0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
NVrQH4q4xvrcfoHdLeIg.51Iv_sCsOy.
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
R86TS9RKJR39HDTS
age
314796
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
yvofB+N+7t4ktlj+eCKJ4lY3l8oa9D/9X3aKUAF/j0+ad1QXBHxR5xegiyWz0d3GT8ycGT7XLGNLMzi7C0oLHQ==
last-modified
Fri, 14 Apr 2023 15:53:56 GMT
server
cloudflare
etag
W/"f2cbb9f705f073135ecf5a1894d992de"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c058432b8023a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
8051.3f4b510b.chunk.js
cdn-client.medium.com/lite/static/js/
60 KB
15 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/8051.3f4b510b.chunk.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a8385e7b05d48e9989413e1cb765038ac3f15f5aea672954c765bd7f19c9a058
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
wbqD_5.G38v4LtmYmwLRN_J6S5qHAUye
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
VYCZ46HP0BB1AKEK
age
317205
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
MfYwultGOpTO1AXXFAter+eHtKJVdEBaJVFrE+9/edKVCiGAA+3vzeSdVFBDE7HIeY8RGj8CkUE=
last-modified
Tue, 18 Apr 2023 13:01:28 GMT
server
cloudflare
etag
W/"45a649fd3bd02f4d793f6ecb55d1ac13"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c058432b8033a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
1069.c2523576.chunk.js
cdn-client.medium.com/lite/static/js/
24 KB
7 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/1069.c2523576.chunk.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
08efafd9f373304b3cfa3b84b75d5913cb39b2b1ebcefa8061f94882a4408985
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
Ssoe0adrL3_Sxy_AwvpunUjJpXQo15Ik
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
QQJCDV14FF7EWM41
age
554773
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
UcrTDdhczV0jorihihFLJYRXnps9ujsY8+4Li5J8D4vtMF5l/IjaFlyCyvDLmB+R3aiUxUH9o60=
last-modified
Fri, 21 Apr 2023 20:03:55 GMT
server
cloudflare
etag
W/"d7d4146f92563c078a230e76f94bcdda"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c058432b8043a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
5076.1a6c0ef7.chunk.js
cdn-client.medium.com/lite/static/js/
20 KB
4 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/5076.1a6c0ef7.chunk.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
28b2e2a4c843a58cf41b34958d7abfcaca4c2c8e2f8edb32089fba5fa18b30bb
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
GXLyhUzNC2ioOiLmVUK768IOKYnWpaZs
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
Z1T6HT6YPBXGK4AY
age
1156390
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
XpdzwH4w6IqNrqZYwcorsOQ3+CttfgD2m8ZLSMeDTH3x3WUOt7VnuczCndeJdSMlkC59RTI7CTM=
last-modified
Fri, 14 Apr 2023 15:53:55 GMT
server
cloudflare
etag
W/"895e481a80bd53b47249ed6f7aee7336"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c058432b8053a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
847.383abb1d.chunk.js
cdn-client.medium.com/lite/static/js/
26 KB
9 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/847.383abb1d.chunk.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
135b7b1da534d97eb7e05355530e0af783c988f9a34815185c0e75400d175cf9
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
tIFIpUVmQ5XxKdglDqwVMYOBz3DPjrFd
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
A5R5R8AYQQ5BJ8KN
age
900247
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
Qsto+LMwZkJmy8TfZh6HgU9PzwC/mKG89BW6fCAPeIa2C29mrFGwsw76MFwHSB3avMAaHdHXjpI=
last-modified
Tue, 18 Apr 2023 18:04:01 GMT
server
cloudflare
etag
W/"f326dada9781e6e6d193ee6fb0a75029"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c058432b8073a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
8316.a8c19480.chunk.js
cdn-client.medium.com/lite/static/js/
21 KB
4 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/8316.a8c19480.chunk.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4756b8554d2e2b0ea985aefed9d0000d175c5c9ae6536b143adedf436531a834
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
n10lg5iK.NQ3tiJuMjoA37pzqxcxwvKS
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
KNQ6HWR2PTCKDP6C
age
997888
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
u0TaRiAMBvxCzmp4mrz7CAPRCb7IGlh0DJ7DaykDhuFz7hO5uzkt/B5qyknReLbNMOOJOOe+pas=
last-modified
Wed, 19 Apr 2023 02:25:41 GMT
server
cloudflare
etag
W/"669a41f9156da71861ea524bc4cb415c"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c058432b8083a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
8908.4e0cfe80.chunk.js
cdn-client.medium.com/lite/static/js/
127 KB
30 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/8908.4e0cfe80.chunk.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3a2a69f3e2ba94d54c995b56440590df5ec1f82cc4e16443c97566de4095328b
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
Lmyp2hpQlv.QFsl0TqNdFWGCGvxatvcK
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
YG3W9QTVP1GE63BT
age
280499
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
H0Yq8cX44U/XrxIHVu1SuCcYovKNSg95h+5ZiYAP+d1CnqKI8cM2HBWliVIE2QwDiHfxUWBXduo=
last-modified
Tue, 25 Apr 2023 19:43:37 GMT
server
cloudflare
etag
W/"3bbf75a173d5d07d1475fe9b765956d9"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c058432b8093a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
PostPage.MainContent.1bb15d52.chunk.js
cdn-client.medium.com/lite/static/js/
29 KB
10 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/PostPage.MainContent.1bb15d52.chunk.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6482695d7a4f61334413b48d08762f0741c24cf2f5fac96d097ee76f7864b9a1
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
YKfdwlTs6p6gka75rTQmq0AyGTPvZ28j
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
Q1XRG0YWA085G11P
age
314796
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
5Tn6pqVUHv1i7PlctWiApS569f1YneOafikln8AkjjuT0hyAd901+bqTG6fT+XU2nnJ6sJYKoOQ=
last-modified
Mon, 17 Apr 2023 20:31:42 GMT
server
cloudflare
etag
W/"b46ab08db7999e91b79c8ea497e12a7d"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c058432bfdd3a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
5627.b01cea75.chunk.js
cdn-client.medium.com/lite/static/js/
17 KB
5 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/5627.b01cea75.chunk.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d1bb0e18dda94e73f54955d08e8579d5958e168fb032edb5a01d4766acea6d10
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
pAN2lVNCNXEWOxnmSxK0qtaqQKF6UxqN
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
4Z9D2AKRGK5GJDC1
age
289195
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
px2h2Fs111qqEAmbZxI3xnrMgj/Oub3RcqfiW0ziQQbNBWDBsmS5uO5RVO35iltM21oMTm8TfmA=
last-modified
Thu, 27 Apr 2023 20:25:53 GMT
server
cloudflare
etag
W/"6ccf1e17d32f569df8a6de7e315ca899"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c058432bfde3a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
8880.97b5ed81.chunk.js
cdn-client.medium.com/lite/static/js/
24 KB
7 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/8880.97b5ed81.chunk.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9310c83c18743911f4124d65452c68aca614a19c2426e4c406b8297824f26563
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
prPQkSIaxhwMEL9Tu7Ept69eIWrIE7nJ
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
R86JC9RTTASRFPRP
age
317205
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
gDGf1+H7FrSjBk26LefNsB9pWhB6TBmHC+PUJ/TindxUWY9Di1YIsLrUbaKILphYK7nA+oyihdzSVYLwqHz+XQ==
last-modified
Fri, 14 Apr 2023 15:53:59 GMT
server
cloudflare
etag
W/"a1d5901136728fe526dbc7a8142102a7"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c058432bfe03a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
PostPage.RightColumnContent.153512e3.chunk.js
cdn-client.medium.com/lite/static/js/
37 KB
8 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/PostPage.RightColumnContent.153512e3.chunk.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3fe5d07b773a4441577b5ae257f3bfbebb10c308c73d6664656c172080f363bb
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
x-amz-version-id
UCRvhoapQk.boWvpc7tzj.QQybUaYtYK
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
R86T8F02MTYXQ8TV
age
1156390
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
tDIcOSGX/cyrnBY3HRCCiWimxMCHkjum8+5GvyaiBixt9TEqiyadjyWkspcc5KRiD9kZ2ZVOnQHBSvgMmMkgHA==
last-modified
Mon, 17 Apr 2023 09:09:32 GMT
server
cloudflare
etag
W/"0433c4a2b9aefb94957db15db1ab5910"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c058432bfe23a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
v52afc6f149f6479b8c77fa569edb01181681764108816
static.cloudflareinsights.com/beacon.min.js/
19 KB
7 KB
Script
General
Full URL
https://static.cloudflareinsights.com/beacon.min.js/v52afc6f149f6479b8c77fa569edb01181681764108816
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:3965 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
13a548e040a1ec08f77911fed1d559b95e5daae0ee227e632140e003c7268e7b

Request headers

Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Origin
https://blog.delivr.to
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
content-encoding
gzip
last-modified
Mon, 17 Apr 2023 20:41:48 GMT
server
cloudflare
etag
W/2023.4.2
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
cf-ray
7c058432bf719c01-FRA
0*xvsytvO6lgHgDL8a
miro.medium.com/v2/resize:fit:320/
12 KB
13 KB
Image
General
Full URL
https://miro.medium.com/v2/resize:fit:320/0*xvsytvO6lgHgDL8a
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a56d29a9c88368029672af32583293e1cfb7de32fa9a3b07014cb6349a291906
Security Headers
Name Value
Content-Security-Policy script-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'none'
cf-cache-status
HIT
age
144005
x-envoy-upstream-service-time
109
content-disposition
inline; filename="0*xvsytvO6lgHgDL8a.jpg"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
12586
x-request-id
70bd5140-650f-4dd2-9083-1e19a21ef96c
sepia-upstream
medium
cf-bgj
h2pri
server
cloudflare
etag
"QgkCGObhu9H76OOV2_SFzmfsG2NyRcPJJUM5pcMsGEg/RIjRhZDNmYTViMjQwZmYxNjgyZWRiZTkwNWEyZmZmOTYzIg"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
medium-fulfilled-by
miro-v2/main-20230425-162607-a984df2d9b
accept-ranges
bytes
cf-ray
7c058432afca3a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
0*tDfVLFwZ5eKJPy87
miro.medium.com/v2/resize:fit:320/
10 KB
11 KB
Image
General
Full URL
https://miro.medium.com/v2/resize:fit:320/0*tDfVLFwZ5eKJPy87
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e5a5c8bf0e32d365e821fd8f6d94d7c397c95ff6f10bbac9304b2e3a72470653
Security Headers
Name Value
Content-Security-Policy script-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'none'
cf-cache-status
HIT
age
288935
x-envoy-upstream-service-time
79
content-disposition
inline; filename="0*tDfVLFwZ5eKJPy87.jpg"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
10679
x-request-id
a2199298-0ea1-47ed-9248-ead7eed39c5a
sepia-upstream
medium
cf-bgj
h2pri
server
cloudflare
etag
"QgkCGObhu9H76OOV2_SFzmfsG2NyRcPJJUM5pcMsGEg/RIjQwMmZiMDM4YjRkMDk2ZmQ5MTJkOWM5M2YwMDVmZDJmIg"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
medium-fulfilled-by
miro-v2/main-20230425-162607-a984df2d9b
accept-ranges
bytes
cf-ray
7c058432afcb3a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
0*g4a2Ixq-13Tsq2N_
miro.medium.com/v2/resize:fit:320/
7 KB
7 KB
Image
General
Full URL
https://miro.medium.com/v2/resize:fit:320/0*g4a2Ixq-13Tsq2N_
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
456d098310cccea8bfc4879a194168a41a37adb126ccc4f1416ccf90ee392d8f
Security Headers
Name Value
Content-Security-Policy script-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'none'
cf-cache-status
HIT
age
288929
x-envoy-upstream-service-time
67
content-disposition
inline; filename="0*g4a2Ixq-13Tsq2N_.jpg"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
6741
x-request-id
6ed5aae9-ec74-43ee-bf1d-5165c12c41c4
sepia-upstream
medium
cf-bgj
h2pri
server
cloudflare
etag
"QgkCGObhu9H76OOV2_SFzmfsG2NyRcPJJUM5pcMsGEg/RImIyNGI1OTc5MjdmYTAzNTAzNmNlNzY0ZGU5MDE4NmYyIg"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
medium-fulfilled-by
miro-v2/main-20230420-004520-1827075847
accept-ranges
bytes
cf-ray
7c058432bfd33a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
0*-I13UndM4B1w2brg
miro.medium.com/v2/resize:fit:320/
7 KB
7 KB
Image
General
Full URL
https://miro.medium.com/v2/resize:fit:320/0*-I13UndM4B1w2brg
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0f653a4f4e90f0ef0df3f84e2e9877a0af5ada92528d458bdd26d9a8cb08e417
Security Headers
Name Value
Content-Security-Policy script-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'none'
cf-cache-status
HIT
age
144005
x-envoy-upstream-service-time
110
content-disposition
inline; filename="0*-I13UndM4B1w2brg.jpg"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
6734
x-request-id
99e78f6d-d100-4c65-baf9-13d4230946f4
sepia-upstream
medium
cf-bgj
h2pri
server
cloudflare
etag
"QgkCGObhu9H76OOV2_SFzmfsG2NyRcPJJUM5pcMsGEg/RImEwYTVmMjU2ZjAyOWIwN2JmMGNiMDFjNzhlNzY0MzFmIg"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
medium-fulfilled-by
miro-v2/main-20230425-162607-a984df2d9b
accept-ranges
bytes
cf-ray
7c058432bfd43a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
0*ltWN9AmW2cs4SW_j
miro.medium.com/v2/resize:fit:320/
10 KB
11 KB
Image
General
Full URL
https://miro.medium.com/v2/resize:fit:320/0*ltWN9AmW2cs4SW_j
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e5a5c8bf0e32d365e821fd8f6d94d7c397c95ff6f10bbac9304b2e3a72470653
Security Headers
Name Value
Content-Security-Policy script-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'none'
cf-cache-status
HIT
age
288929
x-envoy-upstream-service-time
118
content-disposition
inline; filename="0*ltWN9AmW2cs4SW_j.jpg"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
10679
x-request-id
3ab1a372-6178-4963-8c89-6ff0fb341fbc
sepia-upstream
medium
cf-bgj
h2pri
server
cloudflare
etag
"QgkCGObhu9H76OOV2_SFzmfsG2NyRcPJJUM5pcMsGEg/RIjQwMmZiMDM4YjRkMDk2ZmQ5MTJkOWM5M2YwMDVmZDJmIg"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
medium-fulfilled-by
miro-v2/main-20230420-004520-1827075847
accept-ranges
bytes
cf-ray
7c058432bfd53a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
0*1dhkKaICnAftKKM2
miro.medium.com/v2/resize:fit:320/
29 KB
30 KB
Image
General
Full URL
https://miro.medium.com/v2/resize:fit:320/0*1dhkKaICnAftKKM2
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7ae83513752ee9a8181dd755a464c8f4d6fa6f2de549342a91b5013857318c03
Security Headers
Name Value
Content-Security-Policy script-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
content-security-policy
script-src 'none'
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=15552000; includeSubDomains; preload
age
224198
x-envoy-upstream-service-time
290
content-disposition
inline; filename="0*1dhkKaICnAftKKM2.png"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
29955
x-request-id
ca469353-7500-487b-a650-589c810fb6a5
sepia-upstream
medium
server
cloudflare
etag
"QgkCGObhu9H76OOV2_SFzmfsG2NyRcPJJUM5pcMsGEg/RIjlmMDhjNjZlYzA4ODdjNTdhZjNmMTNkZTA2ZDNhYmFjIg"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
medium-fulfilled-by
miro-v2/main-20230425-162607-a984df2d9b
accept-ranges
bytes
cf-ray
7c058432bfd63a94-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
sohne-400-normal.woff
glyph.medium.com/font/b492c44/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/
19 KB
19 KB
Font
General
Full URL
https://glyph.medium.com/font/b492c44/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-400-normal.woff
Requested by
Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b0f424bafe993b016ea96973894f95dfc4290608478a2d7d3fdd080d9b0a60d1
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://glyph.medium.com/css/unbound.css
Origin
https://blog.delivr.to
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
age
205221
x-envoy-upstream-service-time
39
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
server
cloudflare
access-control-max-age
86400
access-control-allow-methods
GET, POST, PUT, DELETE
content-type
application/font-woff
access-control-allow-origin
*
cache-control
public, max-age=31536000
access-control-allow-credentials
true
vary
Accept-Encoding
cf-ray
7c058432cafc30f6-FRA
access-control-allow-headers
Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires
Tue, 30 Apr 2024 05:10:09 GMT
sohne-700-normal.woff
glyph.medium.com/font/cf896f3/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/
19 KB
19 KB
Font
General
Full URL
https://glyph.medium.com/font/cf896f3/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-700-normal.woff
Requested by
Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
78661d3e6871b6e5c37f3113d811cb3dfc69546449e3b2c28095b6e7f28d9a7d
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://glyph.medium.com/css/unbound.css
Origin
https://blog.delivr.to
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
age
8277862
x-envoy-upstream-service-time
16
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
server
cloudflare
access-control-max-age
86400
access-control-allow-methods
GET, POST, PUT, DELETE
content-type
application/font-woff
access-control-allow-origin
*
cache-control
public, max-age=31536000
access-control-allow-credentials
true
vary
Accept-Encoding
cf-ray
7c058432cafa30f6-FRA
access-control-allow-headers
Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires
Tue, 30 Apr 2024 05:10:09 GMT
source-serif-pro-400-normal.woff
glyph.medium.com/font/8e059b2/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/
12 KB
12 KB
Font
General
Full URL
https://glyph.medium.com/font/8e059b2/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/source-serif-pro-400-normal.woff
Requested by
Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d5d7947aa3e6131478a97f06e72913cb7b9e19161e03502ad1de3eb67f447213
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://glyph.medium.com/css/unbound.css
Origin
https://blog.delivr.to
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
age
14373627
x-envoy-upstream-service-time
30
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
server
cloudflare
access-control-max-age
86400
access-control-allow-methods
GET, POST, PUT, DELETE
content-type
application/font-woff
access-control-allow-origin
*
cache-control
public, max-age=31536000
access-control-allow-credentials
true
vary
Accept-Encoding
cf-ray
7c058432cafe30f6-FRA
access-control-allow-headers
Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires
Tue, 30 Apr 2024 05:10:09 GMT
source-serif-pro-700-italic.woff
glyph.medium.com/font/7f2eb60/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/
13 KB
14 KB
Font
General
Full URL
https://glyph.medium.com/font/7f2eb60/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/source-serif-pro-700-italic.woff
Requested by
Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e2be45fe7a399b7cd926a3daf4d472a60b61eefe3e9c19a68cd0acc2e4b3d991
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://glyph.medium.com/css/unbound.css
Origin
https://blog.delivr.to
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
age
257501
x-envoy-upstream-service-time
25
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
server
cloudflare
access-control-max-age
86400
access-control-allow-methods
GET, POST, PUT, DELETE
content-type
application/font-woff
access-control-allow-origin
*
cache-control
public, max-age=31536000
access-control-allow-credentials
true
vary
Accept-Encoding
cf-ray
7c058432caff30f6-FRA
access-control-allow-headers
Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires
Tue, 30 Apr 2024 05:10:09 GMT
source-serif-pro-400-italic.woff
glyph.medium.com/font/76c214a/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/
12 KB
13 KB
Font
General
Full URL
https://glyph.medium.com/font/76c214a/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/source-serif-pro-400-italic.woff
Requested by
Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1ca820b9aa7681184130d09157ea679d1d31390bee2af294c088f6dcaa24923b
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://glyph.medium.com/css/unbound.css
Origin
https://blog.delivr.to
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
age
20204603
x-envoy-upstream-service-time
32
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
server
cloudflare
access-control-max-age
86400
access-control-allow-methods
GET, POST, PUT, DELETE
content-type
application/font-woff
access-control-allow-origin
*
cache-control
public, max-age=31536000
access-control-allow-credentials
true
vary
Accept-Encoding
cf-ray
7c058432cb0030f6-FRA
access-control-allow-headers
Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires
Tue, 30 Apr 2024 05:10:09 GMT
source-serif-pro-700-normal.woff
glyph.medium.com/font/b156742/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/
12 KB
13 KB
Font
General
Full URL
https://glyph.medium.com/font/b156742/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/source-serif-pro-700-normal.woff
Requested by
Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b0bb60d88b2542c309808da080e6c3bfe7c4c3ff03e679ab29a4394c00a11c4f
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://glyph.medium.com/css/unbound.css
Origin
https://blog.delivr.to
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
age
20258455
x-envoy-upstream-service-time
1475
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
server
cloudflare
access-control-max-age
86400
access-control-allow-methods
GET, POST, PUT, DELETE
content-type
application/font-woff
access-control-allow-origin
*
cache-control
public, max-age=31536000
access-control-allow-credentials
true
vary
Accept-Encoding
cf-ray
7c058432cb0130f6-FRA
access-control-allow-headers
Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires
Tue, 30 Apr 2024 05:10:09 GMT
source-code-pro-400-normal.woff
glyph.medium.com/font/3bd49b7/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/
7 KB
7 KB
Font
General
Full URL
https://glyph.medium.com/font/3bd49b7/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/source-code-pro-400-normal.woff
Requested by
Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d6c90ff7bddb2b437a4130fbfaad1dd6fdc87a532ed4a97b5a4484c659e632ee
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://glyph.medium.com/css/unbound.css
Origin
https://blog.delivr.to
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
age
14874895
x-envoy-upstream-service-time
583
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
server
cloudflare
access-control-max-age
86400
access-control-allow-methods
GET, POST, PUT, DELETE
content-type
application/font-woff
access-control-allow-origin
*
cache-control
public, max-age=31536000
access-control-allow-credentials
true
vary
Accept-Encoding
cf-ray
7c058432cb0230f6-FRA
access-control-allow-headers
Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires
Tue, 30 Apr 2024 05:10:09 GMT
sohne-500-normal.woff
glyph.medium.com/font/df9ba7f/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/
18 KB
19 KB
Font
General
Full URL
https://glyph.medium.com/font/df9ba7f/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-500-normal.woff
Requested by
Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
65f0c65b5db3aa0568c7986479a4a3e909a05a84fb34ced48d70a2d628dd1444
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://glyph.medium.com/css/unbound.css
Origin
https://blog.delivr.to
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
age
257619
x-envoy-upstream-service-time
48
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
server
cloudflare
access-control-max-age
86400
access-control-allow-methods
GET, POST, PUT, DELETE
content-type
application/font-woff
access-control-allow-origin
*
cache-control
public, max-age=31536000
access-control-allow-credentials
true
vary
Accept-Encoding
cf-ray
7c058432cb0430f6-FRA
access-control-allow-headers
Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires
Tue, 30 Apr 2024 05:10:09 GMT
1*dmbNkD5D-u45r44go_cf0g.png
miro.medium.com/v2/resize:fill:64:64/
1 KB
2 KB
Image
General
Full URL
https://miro.medium.com/v2/resize:fill:64:64/1*dmbNkD5D-u45r44go_cf0g.png
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f90d19259478cca4381bea7e760845de9bcf2155ee96cd8b06049add894022d3
Security Headers
Name Value
Content-Security-Policy script-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
content-security-policy
script-src 'none'
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=15552000; includeSubDomains; preload
age
225548
x-envoy-upstream-service-time
43
content-disposition
inline; filename="1*dmbNkD5D-u45r44go_cf0g.png"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1310
x-request-id
b019cc1c-dc12-4f57-a350-e915bc339ed4
sepia-upstream
medium
server
cloudflare
etag
"qUlGJkYhB4LINmyi_TVOvM25Dy409gGbmK5EqrHhPd0/RImNiNjU3ZGRlN2RhNjI0NjU3YTVmNmQ0ZDdhNzEyMDM3Ig"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
7c05843319d19061-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
1*tPw5vhej02IQk7SGTNWSmg.png
miro.medium.com/v2/resize:fill:96:96/
5 KB
6 KB
Image
General
Full URL
https://miro.medium.com/v2/resize:fill:96:96/1*tPw5vhej02IQk7SGTNWSmg.png
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5b4a371c6adf95bf152794e200975d8c9944a326cf6d08862f3f9a7dadd679f8
Security Headers
Name Value
Content-Security-Policy script-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
content-security-policy
script-src 'none'
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=15552000; includeSubDomains; preload
age
2
x-envoy-upstream-service-time
87
content-disposition
inline; filename="1*tPw5vhej02IQk7SGTNWSmg.png"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
5579
x-request-id
5afd8fc9-c6cc-411f-aced-8d2657e4689b
sepia-upstream
medium
server
cloudflare
etag
"2ClxYkeZkhLd4kUTfpOdRzBNwICgGzimHBVrQIKoB9U/RImI0ZmMzOWJlMTdhM2QzNjIxMDkzYjQ4NjRjZDU5MjlhIg"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
medium-fulfilled-by
miro-v2/main-20230425-162607-a984df2d9b
accept-ranges
bytes
cf-ray
7c05843319d29061-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
1*tPw5vhej02IQk7SGTNWSmg.png
miro.medium.com/v2/resize:fill:176:176/
10 KB
11 KB
Image
General
Full URL
https://miro.medium.com/v2/resize:fill:176:176/1*tPw5vhej02IQk7SGTNWSmg.png
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dee0b96b9a0b8d892256c83ca6b65c0660e33e57c8ce1bb89b91351135c91540
Security Headers
Name Value
Content-Security-Policy script-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:09 GMT
content-security-policy
script-src 'none'
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=15552000; includeSubDomains; preload
age
2
x-envoy-upstream-service-time
89
content-disposition
inline; filename="1*tPw5vhej02IQk7SGTNWSmg.png"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
10502
x-request-id
7df876a2-c814-45c4-8153-c227f319c9dc
sepia-upstream
medium
server
cloudflare
etag
"cYOHBppU5_IQqNc_J_FqxtylWztmHm-fdmnA7PgkwUg/RImI0ZmMzOWJlMTdhM2QzNjIxMDkzYjQ4NjRjZDU5MjlhIg"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
medium-fulfilled-by
miro-v2/main-20230424-181312-96029c8415
accept-ranges
bytes
cf-ray
7c05843319d39061-FRA
expires
Tue, 30 Apr 2024 05:10:09 GMT
2230.571ed6c4.chunk.js
cdn-client.medium.com/lite/static/js/
20 KB
8 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/2230.571ed6c4.chunk.js
Requested by
Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.8d489425.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
293cb36ca1c002f569bcbce51360a20745ce87b2e515be849d83d5269d7d2174
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:10 GMT
x-amz-version-id
jyYM.ZgM9PE2gJOEnsek2uD4i4PcWdTK
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
5B1CYTHMK2616DY7
age
560102
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
Otu4Bzadtbnet2y7EcEb8o/GGiEGQboxNDtYyXCV5GM+59Q94+pwvBgKKEOrg9xRHn4Y4uwRjlE=
last-modified
Mon, 24 Oct 2022 03:04:44 GMT
server
cloudflare
etag
W/"80138a2fe8e56b8f784a37863eea34c5"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c058438fda39061-FRA
expires
Tue, 30 Apr 2024 05:10:10 GMT
PostGiveTipOnExternalPlatform.9d2f1bb0.chunk.js
cdn-client.medium.com/lite/static/js/
9 KB
4 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/PostGiveTipOnExternalPlatform.9d2f1bb0.chunk.js
Requested by
Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.8d489425.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c4a0cb6328126994438b5a127dc9d3bb890323c339df243cc9f19bc3bde40bfa
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:10 GMT
x-amz-version-id
gfVC0i9ar1hRC7yHzx0kIpM2hym2t6ri
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
2A6P84E28JSP8YA7
age
1161481
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
vA9lirNj43z6QkmTpGbyFmB32LEvivucepjrDE0ZWsI6trIBiNDiFEsb6NNY/jhQK3K7powF82o=
last-modified
Fri, 03 Mar 2023 20:16:19 GMT
server
cloudflare
etag
W/"0c24ccc2ef91aca3121eafe35386f13a"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c05843a2e4a9061-FRA
expires
Tue, 30 Apr 2024 05:10:10 GMT
graphql
blog.delivr.to/_/
143 B
529 B
Fetch
General
Full URL
https://blog.delivr.to/_/graphql
Requested by
Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/8493.12cd6497.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
93108a3457063b609549bfad7f49c89fc0ce3580e2f737fe23a59076b2fbd633
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

apollographql-client-name
lite
medium-frontend-route
post
ot-tracer-sampled
true
accept-language
de-DE,de;q=0.9
ot-tracer-traceid
5ba6c071d4c7346f
medium-frontend-path
/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
graphql-operation
VisitorQuery
content-type
application/json
accept
*/*
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
medium-frontend-app
lite/main-20230428-203318-aaad2de49e
apollographql-client-version
main-20230428-203318-aaad2de49e
ot-tracer-spanid
19a5826861d6684c

Response headers

date
Mon, 01 May 2023 05:10:10 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
gzip
x-envoy-upstream-service-time
28
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
0
server
cloudflare
etag
W/"8f-dSe7+48rwZAQefU/MdCSLoqto28"
worker-missing-cookies
0
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
medium-fulfilled-by
edgy/8.3.0, valencia/main-20230428-203318-aaad2de49e, rito/main-20230428-225134-947047c49c
cf-ray
7c05843c0d22bbaf-FRA
x-request-received-at
1682917810641
graphql
blog.delivr.to/_/
0
0

graphql
blog.delivr.to/_/
0
0

graphql
blog.delivr.to/_/
210 B
579 B
Fetch
General
Full URL
https://blog.delivr.to/_/graphql
Requested by
Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/8493.12cd6497.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a5c74680eff9f1e435e751ec4cc5fb1f37b6c9beb550146025d7899752833ed5
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

apollographql-client-name
lite
medium-frontend-route
post
ot-tracer-sampled
true
accept-language
de-DE,de;q=0.9
ot-tracer-traceid
5ba6c071d4c7346f
medium-frontend-path
/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
graphql-operation
NewsletterV3ViewerEdge
content-type
application/json
accept
*/*
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
medium-frontend-app
lite/main-20230428-203318-aaad2de49e
apollographql-client-version
main-20230428-203318-aaad2de49e
ot-tracer-spanid
19a5826861d6684c

Response headers

date
Mon, 01 May 2023 05:10:10 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
gzip
x-envoy-upstream-service-time
63
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
0
server
cloudflare
etag
W/"d2-sJdQuohHzN5sSlgXU3n9mj41GOk"
worker-missing-cookies
0
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
medium-fulfilled-by
edgy/8.3.0, valencia/main-20230428-203318-aaad2de49e, rito/main-20230428-225134-947047c49c, tutu/main-20230428-171126-272d4798c4
cf-ray
7c05843c0d27bbaf-FRA
x-request-received-at
1682917810648
graphql
blog.delivr.to/_/
108 B
544 B
Fetch
General
Full URL
https://blog.delivr.to/_/graphql
Requested by
Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/8493.12cd6497.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
02e9e1939e214dfa38c8eab94afca48043e7f00c46e95908662548a7d19819e1
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

apollographql-client-name
lite
medium-frontend-route
post
ot-tracer-sampled
true
accept-language
de-DE,de;q=0.9
ot-tracer-traceid
5ba6c071d4c7346f
medium-frontend-path
/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
graphql-operation
usePostPageMeterQuery
content-type
application/json
accept
*/*
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
medium-frontend-app
lite/main-20230428-203318-aaad2de49e
apollographql-client-version
main-20230428-203318-aaad2de49e
ot-tracer-spanid
19a5826861d6684c

Response headers

date
Mon, 01 May 2023 05:10:10 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
gzip
x-envoy-upstream-service-time
237
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
0
server
cloudflare
etag
W/"6c-I3CG28DxUiEEF9QH3iLEotaTHR8"
worker-missing-cookies
0
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
medium-fulfilled-by
edgy/8.3.0, valencia/main-20230428-203318-aaad2de49e, rito/main-20230428-225134-947047c49c, tutu/main-20230428-171126-272d4798c4
cf-ray
7c05843c0d28bbaf-FRA
x-request-received-at
1682917810652
graphql
blog.delivr.to/_/
8 KB
2 KB
Fetch
General
Full URL
https://blog.delivr.to/_/graphql
Requested by
Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/8493.12cd6497.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2a09c82b74435b64d254e424ae969a20eb928657761505396b8424583b10c044
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

apollographql-client-name
lite
medium-frontend-route
post
ot-tracer-sampled
true
accept-language
de-DE,de;q=0.9
ot-tracer-traceid
5ba6c071d4c7346f
medium-frontend-path
/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
graphql-operation
RecircSidebarQuery
content-type
application/json
accept
*/*
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
medium-frontend-app
lite/main-20230428-203318-aaad2de49e
apollographql-client-version
main-20230428-203318-aaad2de49e
ot-tracer-spanid
19a5826861d6684c

Response headers

date
Mon, 01 May 2023 05:10:10 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
gzip
x-envoy-upstream-service-time
153
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
0
server
cloudflare
etag
W/"1eb3-NKnJaEP357yP6ZY1ifIax30T6vA"
worker-missing-cookies
0
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
medium-fulfilled-by
edgy/8.3.0, valencia/main-20230428-203318-aaad2de49e, rito/main-20230428-225134-947047c49c, tutu/main-20230428-171126-272d4798c4
cf-ray
7c05843c0d29bbaf-FRA
x-request-received-at
1682917810645
graphql
blog.delivr.to/_/
27 B
419 B
Fetch
General
Full URL
https://blog.delivr.to/_/graphql
Requested by
Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/8493.12cd6497.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
706e568e0c4a22004a1c177674ae9489b5a3ca9f5a97e4addb3c626c03016548
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

apollographql-client-name
lite
medium-frontend-route
post
ot-tracer-sampled
true
accept-language
de-DE,de;q=0.9
ot-tracer-traceid
5ba6c071d4c7346f
medium-frontend-path
/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
graphql-operation
ViewerQuery
content-type
application/json
accept
*/*
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
medium-frontend-app
lite/main-20230428-203318-aaad2de49e
apollographql-client-version
main-20230428-203318-aaad2de49e
ot-tracer-spanid
19a5826861d6684c

Response headers

date
Mon, 01 May 2023 05:10:10 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-envoy-upstream-service-time
22
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
27
x-xss-protection
0
server
cloudflare
etag
W/"1b-zcE2qsOE110W+7rHoTa9C+cwT68"
worker-missing-cookies
0
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
medium-fulfilled-by
edgy/8.3.0, valencia/main-20230428-203318-aaad2de49e, rito/main-20230428-225134-947047c49c
cf-ray
7c05843c1d2dbbaf-FRA
x-request-received-at
1682917810646
graphql
blog.delivr.to/_/
0
0

graphql
blog.delivr.to/_/
0
0

rum
blog.delivr.to/cdn-cgi/
0
176 B
XHR
General
Full URL
https://blog.delivr.to/cdn-cgi/rum?
Requested by
Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/8493.12cd6497.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
content-type
application/json

Response headers

date
Mon, 01 May 2023 05:10:10 GMT
x-content-type-options
nosniff
server
cloudflare
vary
Origin
access-control-max-age
86400
access-control-allow-methods
POST,OPTIONS
access-control-allow-origin
https://blog.delivr.to
x-frame-options
DENY
access-control-allow-credentials
true
cf-ray
7c05843c4d50bbaf-FRA
graphql
blog.delivr.to/_/
122 KB
24 KB
Fetch
General
Full URL
https://blog.delivr.to/_/graphql
Requested by
Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/8493.12cd6497.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9904f1b2ded29c98bc93716c7c1cd44fe7d0bc1fb7042451bcccfb857480fc23
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

apollographql-client-name
lite
medium-frontend-route
post
ot-tracer-sampled
true
accept-language
de-DE,de;q=0.9
ot-tracer-traceid
5ba6c071d4c7346f
medium-frontend-path
/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
graphql-operation
PostPageQuery
content-type
application/json
accept
*/*
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
medium-frontend-app
lite/main-20230428-203318-aaad2de49e
apollographql-client-version
main-20230428-203318-aaad2de49e
ot-tracer-spanid
19a5826861d6684c

Response headers

date
Mon, 01 May 2023 05:10:11 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
gzip
x-envoy-upstream-service-time
110
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
0
server
cloudflare
etag
W/"1e709-6acl62rTkXTe/mV9Kef5JROXVbY"
worker-missing-cookies
0
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
medium-fulfilled-by
edgy/8.3.0, valencia/main-20230428-203318-aaad2de49e, rito/main-20230428-225134-947047c49c, tutu/main-20230428-171126-272d4798c4
cf-ray
7c05843c5d54bbaf-FRA
x-request-received-at
1682917810692
analytics.js
www.google-analytics.com/
51 KB
21 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 01 May 2023 05:05:04 GMT
last-modified
Mon, 17 Apr 2023 22:36:01 GMT
server
Golfe2
age
306
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20737
expires
Mon, 01 May 2023 07:05:04 GMT
branch-latest.min.js
cdn.branch.io/
73 KB
22 KB
Script
General
Full URL
https://cdn.branch.io/branch-latest.min.js
Requested by
Host: blog.delivr.to
URL: https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=f8787d049c12&utm_campaign=c64cca00e7-EMAIL_CAMPAIGN_2023_04_27_06_23&utm_medium=email&utm_source=The+InQuest+Insider&utm_term=0_-c64cca00e7-%5BLIST_EMAIL_ID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.95.129 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-95-129.prg50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
cdc2bb26fe76a79d54a6f197edf1188e4829093003f26707eed349267a8a96d3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-version-id
RcGafUhyGoCBAIKL0sPQaqgYc5MW5qY6
content-encoding
gzip
via
1.1 df0aa1ee2f3a5b8f1aa2a31aa4b7db86.cloudfront.net (CloudFront)
date
Mon, 01 May 2023 05:08:16 GMT
last-modified
Tue, 04 Apr 2023 19:50:38 GMT
server
AmazonS3
x-amz-cf-pop
PRG50-C1
age
114
etag
"ce82fd24f9c8aae0ff0fa6e15c400c97"
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
max-age=300
content-length
22498
x-amz-cf-id
QqOOfFIbSQ7XDLTe8cudKywc_6RgN6yhhLlexhzAqoTILE-xd01Imw==
/
blog.delivr.to/_/clientele/reports/performance/
0
0
Fetch
General
Full URL
https://blog.delivr.to/_/clientele/reports/performance/
Requested by
Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.e44d912a.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
Medium-Clientele-Client
lite
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 01 May 2023 05:10:10 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
worker-missing-cookies
0
vary
Accept-Encoding
content-type
text/plain;charset=UTF-8
medium-fulfilled-by
edgy/8.3.0, valencia/main-20230428-203318-aaad2de49e, clientele/main-20230331-165901-ac9beed054
x-envoy-upstream-service-time
13
cf-ray
7c05843d5e35bbaf-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
/
blog.delivr.to/_/clientele/reports/performance/
0
0
Fetch
General
Full URL
https://blog.delivr.to/_/clientele/reports/performance/
Requested by
Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.e44d912a.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
Medium-Clientele-Client
lite
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 01 May 2023 05:10:10 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
worker-missing-cookies
0
vary
Accept-Encoding
content-type
text/plain;charset=UTF-8
medium-fulfilled-by
edgy/8.3.0, valencia/main-20230428-203318-aaad2de49e, clientele/main-20230331-165901-ac9beed054
x-envoy-upstream-service-time
11
cf-ray
7c05843d5e37bbaf-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
/
blog.delivr.to/_/clientele/reports/performance/
0
0
Fetch
General
Full URL
https://blog.delivr.to/_/clientele/reports/performance/
Requested by
Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.e44d912a.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
Medium-Clientele-Client
lite
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 01 May 2023 05:10:10 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
worker-missing-cookies
0
vary
Accept-Encoding
content-type
text/plain;charset=UTF-8
medium-fulfilled-by
edgy/8.3.0, valencia/main-20230428-203318-aaad2de49e, clientele/main-20230331-165901-ac9beed054
x-envoy-upstream-service-time
9
cf-ray
7c05843d5e38bbaf-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
_r
app.link/
91 B
634 B
Script
General
Full URL
https://app.link/_r?sdk=web2.74.0&branch_key=key_live_ofxXr2qTrrU9NqURK8ZwEhknBxiI6KBm&callback=branch_callback__0
Requested by
Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:ac00:19:9934:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty /
Resource Hash
3379ecb222bb071c4a5b6f72af5de2cc14f589b47914fa2daaac19f1c47113c6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
via
1.1 1277de71b2472d19ca0bfc510db9ec54.cloudfront.net (CloudFront)
server
openresty
accept-ch
Sec-CH-UA-Platform-Version,Sec-CH-UA-Model
x-amz-cf-pop
FRA6-C1
etag
W/"5b-tC+nHGtXnzc2uTCK5Jae6tK8DmY"
x-cache
Miss from cloudfront
content-type
text/javascript; charset=utf-8
content-length
91
x-amz-cf-id
zLg_FDrh9OhgxfYx7Y0GVc2veYKKuwI_CYUVLBqNpK-_s4Z4wuJMVg==
collect
www.google-analytics.com/j/
3 B
207 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j100&a=516710252&t=pageview&_s=1&dl=https%3A%2F%2Fblog.delivr.to%2Fhtml-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06&ul=en-us&de=UTF-8&dt=Medium&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=749365547&gjid=1682848172&cid=56441920.1682917811&tid=UA-24232453-2&_gid=735435329.1682917811&_r=1&_slc=1&z=12635554
Requested by
Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/8493.12cd6497.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 01 May 2023 05:10:10 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://blog.delivr.to
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3
expires
Fri, 01 Jan 1990 00:00:00 GMT
sohne-700-normal.woff
glyph.medium.com/font/cf896f3/3k-4f_4h-52_54-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/
28 KB
29 KB
Font
General
Full URL
https://glyph.medium.com/font/cf896f3/3k-4f_4h-52_54-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/sohne-700-normal.woff
Requested by
Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9ed76cfe62861007eee5b0ef44f3bd185ce3b60f0b9ead0b91ab62af01e9efa4
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://glyph.medium.com/css/unbound.css
Origin
https://blog.delivr.to
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:11 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
age
6862497
x-envoy-upstream-service-time
81
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
server
cloudflare
access-control-max-age
86400
access-control-allow-methods
GET, POST, PUT, DELETE
content-type
application/font-woff
access-control-allow-origin
*
cache-control
public, max-age=31536000
access-control-allow-credentials
true
vary
Accept-Encoding
cf-ray
7c05843e9c7b30f6-FRA
access-control-allow-headers
Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires
Tue, 30 Apr 2024 05:10:11 GMT
1*CENyvmUBnmAnOCfFoTNyFw.jpeg
miro.medium.com/v2/resize:fill:20:20/
636 B
1 KB
Image
General
Full URL
https://miro.medium.com/v2/resize:fill:20:20/1*CENyvmUBnmAnOCfFoTNyFw.jpeg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
05f58f4713341ff1b2cbd045e254a438e1c8ee2cb41a21e0ece2570b38266532
Security Headers
Name Value
Content-Security-Policy script-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:10 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'none'
cf-cache-status
HIT
age
232159
x-envoy-upstream-service-time
98
content-disposition
inline; filename="1*CENyvmUBnmAnOCfFoTNyFw.jpg"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
636
x-request-id
746f5474-0efe-4bde-91c1-50fd5890292c
sepia-upstream
medium
cf-bgj
h2pri
server
cloudflare
etag
"otqmLAd0vwSg8JnocfiFOlzcufMbpEtiQZGBgUclANM/RIjA4NDM3MmJlNjUwMTllNjAyNzM4MjdjNWExMzM3MjE3Ig"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
medium-fulfilled-by
miro-v2/main-20230331-165901-ac9beed054
accept-ranges
bytes
cf-ray
7c05843e996a9061-FRA
expires
Tue, 30 Apr 2024 05:10:10 GMT
0*LLv00uaoWKv56e0D
miro.medium.com/v2/resize:fill:56:56/g:fp:0.5:0.5/
2 KB
2 KB
Image
General
Full URL
https://miro.medium.com/v2/resize:fill:56:56/g:fp:0.5:0.5/0*LLv00uaoWKv56e0D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d76b4ee6a984d23489a153fc293a0a08007c7a8daeb1ed5c3bfa87e58a34cd98
Security Headers
Name Value
Content-Security-Policy script-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:10 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'none'
cf-cache-status
HIT
age
588814
x-envoy-upstream-service-time
1231
content-disposition
inline; filename="0*LLv00uaoWKv56e0D.jpg"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1741
x-request-id
18bed306-7e0c-46c2-a337-264c196ea22f
sepia-upstream
medium
cf-bgj
h2pri
server
cloudflare
etag
"CEJCrFHfG4y6nbf_epJhcTgOn_SkbQA5Li5dB0M7VUE/RIjU2MWM4NGI4ZWYzNjFiNjVmMzY0MWNiYjlmMzNlZTJlLTQi"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
medium-fulfilled-by
miro-v2/main-20230420-004520-1827075847
accept-ranges
bytes
cf-ray
7c05843e996d9061-FRA
expires
Tue, 30 Apr 2024 05:10:10 GMT
1*39EmsUc5QYyKGj7vST2CXA.jpeg
miro.medium.com/v2/resize:fill:20:20/
736 B
1 KB
Image
General
Full URL
https://miro.medium.com/v2/resize:fill:20:20/1*39EmsUc5QYyKGj7vST2CXA.jpeg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3f055f8001b617ca9be7a7cd3bb751515f7db6b5323adf1305d55d3a972d0442
Security Headers
Name Value
Content-Security-Policy script-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:10 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'none'
cf-cache-status
HIT
age
123011
x-envoy-upstream-service-time
67
content-disposition
inline; filename="1*39EmsUc5QYyKGj7vST2CXA.jpg"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
736
x-request-id
4ada319e-67d2-47ac-8f4f-230f8c9b3d14
sepia-upstream
medium
cf-bgj
h2pri
server
cloudflare
etag
"otqmLAd0vwSg8JnocfiFOlzcufMbpEtiQZGBgUclANM/RImRmZDEyNmIxNDczOTQxOGM4YTFhM2VlZjQ5M2Q4MjVjIg"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
medium-fulfilled-by
miro-v2/main-20230303-101917-2bba7b0c9d
accept-ranges
bytes
cf-ray
7c05843e996e9061-FRA
expires
Tue, 30 Apr 2024 05:10:10 GMT
1*otiV9Az7L0Xtw3w-tsYa4w.png
miro.medium.com/v2/resize:fill:56:56/g:fp:0.5:0.5/
8 KB
9 KB
Image
General
Full URL
https://miro.medium.com/v2/resize:fill:56:56/g:fp:0.5:0.5/1*otiV9Az7L0Xtw3w-tsYa4w.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1b675cf46d0b6de52083440daff415ecf33a9f38bbdc549cce55d68801c77ee9
Security Headers
Name Value
Content-Security-Policy script-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:10 GMT
content-security-policy
script-src 'none'
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=15552000; includeSubDomains; preload
age
588317
x-envoy-upstream-service-time
116
content-disposition
inline; filename="1*otiV9Az7L0Xtw3w-tsYa4w.png"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
8288
x-request-id
a7433c93-f7b5-40f9-b4f3-e2206f3c5e3b
sepia-upstream
medium
server
cloudflare
etag
"CEJCrFHfG4y6nbf_epJhcTgOn_SkbQA5Li5dB0M7VUE/RImEyZDg5NWY0MGNmYjJmNDVlZGMzN2MzZWI2YzYxYWUzIg"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
medium-fulfilled-by
miro-v2/main-20230308-234401-14525b721d
accept-ranges
bytes
cf-ray
7c05843e996f9061-FRA
expires
Tue, 30 Apr 2024 05:10:10 GMT
0*Wmsm_zoOjQfYiqqb
miro.medium.com/v2/resize:fill:56:56/g:fp:0.5:0.5/
2 KB
2 KB
Image
General
Full URL
https://miro.medium.com/v2/resize:fill:56:56/g:fp:0.5:0.5/0*Wmsm_zoOjQfYiqqb
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
67a83af9433bfca6f02e8960f7557bfa07a1ac6fa66895f8cae71ed3af9f8294
Security Headers
Name Value
Content-Security-Policy script-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:11 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'none'
cf-cache-status
HIT
age
2
x-envoy-upstream-service-time
161
content-disposition
inline; filename="0*Wmsm_zoOjQfYiqqb.jpg"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1714
x-request-id
e973bf5c-0189-4b41-8da8-2f300425593e
sepia-upstream
medium
cf-bgj
h2pri
server
cloudflare
etag
"CEJCrFHfG4y6nbf_epJhcTgOn_SkbQA5Li5dB0M7VUE/RIjQxNzYxYjgyMjI2MzA1NWFlNzRiYjgwYzAzODg5NDc2Ig"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
medium-fulfilled-by
miro-v2/main-20230425-162607-a984df2d9b
accept-ranges
bytes
cf-ray
7c05843e99719061-FRA
expires
Tue, 30 Apr 2024 05:10:11 GMT
1*btXDmVSikt1P-_PVrx6UDA.png
miro.medium.com/v2/resize:fill:20:20/
1 KB
2 KB
Image
General
Full URL
https://miro.medium.com/v2/resize:fill:20:20/1*btXDmVSikt1P-_PVrx6UDA.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
31f2941787b000deb56a7607dd7922bc98bd20d64bcedeb37aa6e4208a438bf9
Security Headers
Name Value
Content-Security-Policy script-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:11 GMT
content-security-policy
script-src 'none'
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=15552000; includeSubDomains; preload
age
503090
x-envoy-upstream-service-time
78
content-disposition
inline; filename="1*btXDmVSikt1P-_PVrx6UDA.png"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1206
x-request-id
51f7f39a-a04c-4511-9602-7adc1b0d3d54
sepia-upstream
medium
server
cloudflare
etag
"otqmLAd0vwSg8JnocfiFOlzcufMbpEtiQZGBgUclANM/RIjZlZDVjMzk5NTRhMjkyZGQ0ZmZiZjNkNWFmMWU5NDBjIg"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
medium-fulfilled-by
miro-v2/main-20230420-004520-1827075847
accept-ranges
bytes
cf-ray
7c05843e99749061-FRA
expires
Tue, 30 Apr 2024 05:10:11 GMT
1*S2WkwQU3LWpttmPfrQiI9Q.jpeg
miro.medium.com/v2/resize:fill:56:56/g:fp:0.5:0.5/
2 KB
2 KB
Image
General
Full URL
https://miro.medium.com/v2/resize:fill:56:56/g:fp:0.5:0.5/1*S2WkwQU3LWpttmPfrQiI9Q.jpeg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e6c4743badcee0a99f2822bb55470e7fdf831dfcc17b818f0612794fb85396de
Security Headers
Name Value
Content-Security-Policy script-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:10 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'none'
cf-cache-status
HIT
age
503089
x-envoy-upstream-service-time
212
content-disposition
inline; filename="1*S2WkwQU3LWpttmPfrQiI9Q.jpg"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1853
x-request-id
d989836d-ee0a-487c-a7ab-d78ebce93da2
sepia-upstream
medium
cf-bgj
h2pri
server
cloudflare
etag
"CEJCrFHfG4y6nbf_epJhcTgOn_SkbQA5Li5dB0M7VUE/RIjRiNjVhNGMxMDUzNzJkNmE2ZGI2NjNkZmFkMDg4OGY1Ig"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
medium-fulfilled-by
miro-v2/main-20230331-165901-ac9beed054
accept-ranges
bytes
cf-ray
7c05843e99759061-FRA
expires
Tue, 30 Apr 2024 05:10:10 GMT
1*C-oov1hPATgpC9aJkKpm_w.png
miro.medium.com/v2/resize:fit:720/format:webp/
7 KB
8 KB
Image
General
Full URL
https://miro.medium.com/v2/resize:fit:720/format:webp/1*C-oov1hPATgpC9aJkKpm_w.png
Requested by
Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/8493.12cd6497.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ca419d293aea6be37299c6d398b7bbff362c7108fd94042dea0f0f3b24fbcf79
Security Headers
Name Value
Content-Security-Policy script-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:11 GMT
content-security-policy
script-src 'none'
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=15552000; includeSubDomains; preload
age
2
x-envoy-upstream-service-time
373
content-disposition
inline; filename="1*C-oov1hPATgpC9aJkKpm_w.webp"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
7582
x-request-id
1a305aab-5089-4e40-8331-f5accd9e9a03
sepia-upstream
medium
server
cloudflare
etag
"YXzh1miX4qndlYVobhq_bxorivcuaUlJ2JfvURNm1xU/RIjBiZWEyOGJmNTg0ZjAxMzgyOTBiZDY4OTkwYWE2NmZmIg"
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
medium-fulfilled-by
miro-v2/main-20230428-203318-aaad2de49e
accept-ranges
bytes
cf-ray
7c05843ef9a09061-FRA
expires
Tue, 30 Apr 2024 05:10:11 GMT
0*xvsytvO6lgHgDL8a
miro.medium.com/v2/resize:fit:160/
4 KB
5 KB
Image
General
Full URL
https://miro.medium.com/v2/resize:fit:160/0*xvsytvO6lgHgDL8a
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ccf2d179ea542c4a803f261321baa76b4628ee1ceb56fadd5b112f49467d7fca
Security Headers
Name Value
Content-Security-Policy script-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:11 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'none'
cf-cache-status
HIT
age
2
x-envoy-upstream-service-time
260
content-disposition
inline; filename="0*xvsytvO6lgHgDL8a.jpg"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
4420
x-request-id
92c0cc90-d2d2-43c5-8b9c-2d659776bb67
sepia-upstream
medium
cf-bgj
h2pri
server
cloudflare
etag
"QL2g0cdE-mpe-sOzDSBnkCHVu8hdS8-dZPLKmjfV4wU/RIjRhZDNmYTViMjQwZmYxNjgyZWRiZTkwNWEyZmZmOTYzIg"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
medium-fulfilled-by
miro-v2/main-20230420-004520-1827075847
accept-ranges
bytes
cf-ray
7c0584402a7e9061-FRA
expires
Tue, 30 Apr 2024 05:10:11 GMT
0*tDfVLFwZ5eKJPy87
miro.medium.com/v2/resize:fit:160/
3 KB
4 KB
Image
General
Full URL
https://miro.medium.com/v2/resize:fit:160/0*tDfVLFwZ5eKJPy87
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
37c3a926af9b28967f6f870ebdc232b2f6fb00246727741939e920af3fb867b4
Security Headers
Name Value
Content-Security-Policy script-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:11 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'none'
cf-cache-status
HIT
age
2
x-envoy-upstream-service-time
70
content-disposition
inline; filename="0*tDfVLFwZ5eKJPy87.jpg"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
3562
x-request-id
d8199d01-c52a-4ed1-b238-8f9dacd8e8af
sepia-upstream
medium
cf-bgj
h2pri
server
cloudflare
etag
"QL2g0cdE-mpe-sOzDSBnkCHVu8hdS8-dZPLKmjfV4wU/RIjQwMmZiMDM4YjRkMDk2ZmQ5MTJkOWM5M2YwMDVmZDJmIg"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
medium-fulfilled-by
miro-v2/main-20230420-004520-1827075847
accept-ranges
bytes
cf-ray
7c0584402a809061-FRA
expires
Tue, 30 Apr 2024 05:10:11 GMT
0*g4a2Ixq-13Tsq2N_
miro.medium.com/v2/resize:fit:160/
3 KB
3 KB
Image
General
Full URL
https://miro.medium.com/v2/resize:fit:160/0*g4a2Ixq-13Tsq2N_
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c7f33f9d86d68e8710c412762af168f3fc741c778f0eced14a2e3295ae8918eb
Security Headers
Name Value
Content-Security-Policy script-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:11 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'none'
cf-cache-status
HIT
age
2
x-envoy-upstream-service-time
102
content-disposition
inline; filename="0*g4a2Ixq-13Tsq2N_.jpg"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
2564
x-request-id
ef2c060f-14ca-4de4-8f9b-90854dd57697
sepia-upstream
medium
cf-bgj
h2pri
server
cloudflare
etag
"QL2g0cdE-mpe-sOzDSBnkCHVu8hdS8-dZPLKmjfV4wU/RImIyNGI1OTc5MjdmYTAzNTAzNmNlNzY0ZGU5MDE4NmYyIg"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
medium-fulfilled-by
miro-v2/main-20230420-004520-1827075847
accept-ranges
bytes
cf-ray
7c0584402a829061-FRA
expires
Tue, 30 Apr 2024 05:10:11 GMT
0*-I13UndM4B1w2brg
miro.medium.com/v2/resize:fit:160/
2 KB
3 KB
Image
General
Full URL
https://miro.medium.com/v2/resize:fit:160/0*-I13UndM4B1w2brg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8d00a4a3f4fd39488c2b2f0e587a7727a144a22c7b42e62e5a19a2ec456b0510
Security Headers
Name Value
Content-Security-Policy script-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:11 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'none'
cf-cache-status
HIT
age
2
x-envoy-upstream-service-time
124
content-disposition
inline; filename="0*-I13UndM4B1w2brg.jpg"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
2470
x-request-id
315e86d3-3adb-4cce-9ea0-c7590c7ee382
sepia-upstream
medium
cf-bgj
h2pri
server
cloudflare
etag
"QL2g0cdE-mpe-sOzDSBnkCHVu8hdS8-dZPLKmjfV4wU/RImEwYTVmMjU2ZjAyOWIwN2JmMGNiMDFjNzhlNzY0MzFmIg"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
medium-fulfilled-by
miro-v2/main-20230425-162607-a984df2d9b
accept-ranges
bytes
cf-ray
7c0584402a849061-FRA
expires
Tue, 30 Apr 2024 05:10:11 GMT
0*ltWN9AmW2cs4SW_j
miro.medium.com/v2/resize:fit:160/
3 KB
4 KB
Image
General
Full URL
https://miro.medium.com/v2/resize:fit:160/0*ltWN9AmW2cs4SW_j
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
37c3a926af9b28967f6f870ebdc232b2f6fb00246727741939e920af3fb867b4
Security Headers
Name Value
Content-Security-Policy script-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:11 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
script-src 'none'
cf-cache-status
HIT
age
2
x-envoy-upstream-service-time
203
content-disposition
inline; filename="0*ltWN9AmW2cs4SW_j.jpg"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
3562
x-request-id
34e2a0e6-86a1-497c-bb13-4c374ca03f86
sepia-upstream
medium
cf-bgj
h2pri
server
cloudflare
etag
"QL2g0cdE-mpe-sOzDSBnkCHVu8hdS8-dZPLKmjfV4wU/RIjQwMmZiMDM4YjRkMDk2ZmQ5MTJkOWM5M2YwMDVmZDJmIg"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
medium-fulfilled-by
miro-v2/main-20230420-004520-1827075847
accept-ranges
bytes
cf-ray
7c0584402a859061-FRA
expires
Tue, 30 Apr 2024 05:10:11 GMT
0*1dhkKaICnAftKKM2
miro.medium.com/v2/resize:fit:160/
10 KB
11 KB
Image
General
Full URL
https://miro.medium.com/v2/resize:fit:160/0*1dhkKaICnAftKKM2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd0b37cbbaf700e3e7c52e849242a854118a8625f6e18bd01a84af825092f04f
Security Headers
Name Value
Content-Security-Policy script-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:11 GMT
content-security-policy
script-src 'none'
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=15552000; includeSubDomains; preload
age
2
x-envoy-upstream-service-time
166
content-disposition
inline; filename="0*1dhkKaICnAftKKM2.png"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
10353
x-request-id
7eabf2e1-d805-4807-b157-9353c5b669eb
sepia-upstream
medium
server
cloudflare
etag
"QL2g0cdE-mpe-sOzDSBnkCHVu8hdS8-dZPLKmjfV4wU/RIjlmMDhjNjZlYzA4ODdjNTdhZjNmMTNkZTA2ZDNhYmFjIg"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
medium-fulfilled-by
miro-v2/main-20230420-004520-1827075847
accept-ranges
bytes
cf-ray
7c0584403a899061-FRA
expires
Tue, 30 Apr 2024 05:10:11 GMT
9410.207f1d22.chunk.js
cdn-client.medium.com/lite/static/js/
6 KB
3 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/9410.207f1d22.chunk.js
Requested by
Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.8d489425.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bb1ed19249c07f3ad9aa269ca1a0a5a41096960f35bddb839fbdad08767e3017
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:11 GMT
x-amz-version-id
b8aj3gwm6vL2ggzrCpcbINd9fTj43ZJu
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
GY2FGSRF1VA9017M
age
284882
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
xr1KXaeT3EFtZxqnwafTL5aRp0ioTXXF99Bry62UPS3Sr6GDikSBYs6K6HmagKspVdmSeQEV+8o=
last-modified
Fri, 14 Oct 2022 16:15:50 GMT
server
cloudflare
etag
W/"3597e61f2093f3a02a7f54ef5ab8a2fb"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c0584406aa49061-FRA
expires
Tue, 30 Apr 2024 05:10:11 GMT
7136.50c74aec.chunk.js
cdn-client.medium.com/lite/static/js/
2 KB
1 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/7136.50c74aec.chunk.js
Requested by
Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.8d489425.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8403c71b056bddf7eae34e0bb4c66b4a445668fdd126efbd9bb0649ab77a4bd2
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:11 GMT
x-amz-version-id
dZrf7KxB1JsNSGkYRohQTWrDktmi3A8d
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
P86DRX9PRA1C1A6J
age
178293
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
Zd1AtRLh4giufpmjDz/rWHsjDqYgmFWDIR2wWudfLWhUALgG+elZyvzS2z4A0KzGWDWUvrqHVDY=
last-modified
Fri, 14 Oct 2022 16:15:46 GMT
server
cloudflare
etag
W/"577c727d64dc93cb7770df6b7cbba0cb"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c0584406aa59061-FRA
expires
Tue, 30 Apr 2024 05:10:11 GMT
8501.e569a7f8.chunk.js
cdn-client.medium.com/lite/static/js/
3 KB
2 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/8501.e569a7f8.chunk.js
Requested by
Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.8d489425.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
934a49c11a620a3958d807963c7a4927df9c64b243849e0ab1ea1576c29eb6c3
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:11 GMT
x-amz-version-id
38toCBLUC8GBtkniMIBTooDoc6N6trGE
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
H0DWTBJGPWY9DQBN
age
993440
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
oOzJVsFnvSLE3SlLi6RzVG9cbQpqHX542IKwHM+0tXxXkNpid+wkpunyEqae9THuMDX4Oi0A9z8=
last-modified
Fri, 14 Oct 2022 16:15:48 GMT
server
cloudflare
etag
W/"9bc243cc8eeb777dcf487b9f531dd90e"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c0584406aa69061-FRA
expires
Tue, 30 Apr 2024 05:10:11 GMT
1*tPw5vhej02IQk7SGTNWSmg.png
miro.medium.com/v2/resize:fill:48:48/
3 KB
3 KB
Image
General
Full URL
https://miro.medium.com/v2/resize:fill:48:48/1*tPw5vhej02IQk7SGTNWSmg.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
23cddb42622b81f34d4c55b8d5f0e214b59bbea178f733d397c7ff947bc082dc
Security Headers
Name Value
Content-Security-Policy script-src 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:11 GMT
content-security-policy
script-src 'none'
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=15552000; includeSubDomains; preload
age
2
x-envoy-upstream-service-time
65
content-disposition
inline; filename="1*tPw5vhej02IQk7SGTNWSmg.png"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
2716
x-request-id
7fb3f846-190d-4b64-98ba-40ab544ee63e
sepia-upstream
medium
server
cloudflare
etag
"c1CjgVkcafhdh7F-WEYEpOglzgQoBxTrHiRusf4J2s4/RImI0ZmMzOWJlMTdhM2QzNjIxMDkzYjQ4NjRjZDU5MjlhIg"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
medium-fulfilled-by
miro-v2/main-20230428-203318-aaad2de49e
accept-ranges
bytes
cf-ray
7c0584408ab49061-FRA
expires
Tue, 30 Apr 2024 05:10:11 GMT
graphql
blog.delivr.to/_/
103 B
512 B
Fetch
General
Full URL
https://blog.delivr.to/_/graphql
Requested by
Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/8493.12cd6497.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4808ccff977940729ce03387d0583d44a1061e1e3e13c8da41f0ff1edfeefb16
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

apollographql-client-name
lite
medium-frontend-route
post
ot-tracer-sampled
true
accept-language
de-DE,de;q=0.9
ot-tracer-traceid
5ba6c071d4c7346f
medium-frontend-path
/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
graphql-operation
MaybeTextToSpeechQuery
content-type
application/json
accept
*/*
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
medium-frontend-app
lite/main-20230428-203318-aaad2de49e
apollographql-client-version
main-20230428-203318-aaad2de49e
ot-tracer-spanid
19a5826861d6684c

Response headers

date
Mon, 01 May 2023 05:10:11 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
gzip
x-envoy-upstream-service-time
32
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
0
server
cloudflare
etag
W/"67-js9EjsjpqfgZHcScPWgryxiAuNc"
worker-missing-cookies
0
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
medium-fulfilled-by
edgy/8.3.0, valencia/main-20230428-203318-aaad2de49e, rito/main-20230428-225134-947047c49c
cf-ray
7c058441c9c3bbaf-FRA
x-request-received-at
1682917811565
5969.58b2c011.chunk.js
cdn-client.medium.com/lite/static/js/
14 KB
5 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/5969.58b2c011.chunk.js
Requested by
Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.8d489425.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3ffdb21f71e508c3aa7ce86275ceb73abd418d760aa38f1812e3e3e0a5013241
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:11 GMT
x-amz-version-id
.wbAioAG4Lcw8qAocrqkpqzIEmOAT2WV
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
NSX3KKXX5ETC4MTT
age
390234
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
3yy6NBylUhwhFbPHa2+UMmluCcQfC3oyjUBVg/uH4PZWQez60OD6aiy9q/s8LO1p9SBaeGn2alm1jx+eIMKPCzJ2C2mcBdoqT4RQJtPjnsI=
last-modified
Wed, 26 Apr 2023 14:13:40 GMT
server
cloudflare
etag
W/"5f0fa5b6873f9ac9366636ca8c152947"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c058442cc629061-FRA
expires
Tue, 30 Apr 2024 05:10:11 GMT
2998.8b0b57c6.chunk.js
cdn-client.medium.com/lite/static/js/
14 KB
5 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/2998.8b0b57c6.chunk.js
Requested by
Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.8d489425.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
337309e684b0643d1e2eb03b3be3e3df4e7183de1595f9f3575cd5f186f3a424
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:11 GMT
x-amz-version-id
.IE9zAA_DN7bxYuqvVhg_YxteBAu8OXx
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
1CQM2K0SY718A6XK
age
391138
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
aC5hiAY8x2HWKrUoarJYO+dzElRO0i8jg+mRIbNeBz6LhvDgjccaeRkbyA6IKCo2gkiX2mHf+ZA=
last-modified
Tue, 25 Apr 2023 19:43:30 GMT
server
cloudflare
etag
W/"a8645dd24b5ebbbd890131f0f27fb4d9"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c058442cc649061-FRA
expires
Tue, 30 Apr 2024 05:10:11 GMT
PostNextFiveStories.10a929c7.chunk.js
cdn-client.medium.com/lite/static/js/
3 KB
2 KB
Script
General
Full URL
https://cdn-client.medium.com/lite/static/js/PostNextFiveStories.10a929c7.chunk.js
Requested by
Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.8d489425.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
79eb96070f46bdfc877526347043fbe369069bd10ced3801aea4fae9c3a02405
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:11 GMT
x-amz-version-id
s3rnI8YlAYWIm5lqf6PbRBhoE00NmZwQ
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-amz-request-id
Y76XYP4PNN79A6B4
age
463067
x-amz-server-side-encryption
AES256
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
gyoPm0FNxCEM9JfB55cMRKjWitw21U5nPbvB/pqB1iWEWV4CJ/7LLx8ens9vg3wkmrvgYxkrjqY=
last-modified
Tue, 11 Apr 2023 19:43:25 GMT
server
cloudflare
etag
W/"8cc3a1cdb912499a31a0c32569d93cae"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
7c058442cc659061-FRA
expires
Tue, 30 Apr 2024 05:10:11 GMT
graphql
blog.delivr.to/_/
985 B
849 B
Fetch
General
Full URL
https://blog.delivr.to/_/graphql
Requested by
Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/8493.12cd6497.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6ffdb94bcfd60ad7bf5022e908429c9443e33535666224089cc60600689ed74a
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

apollographql-client-name
lite
medium-frontend-route
post
ot-tracer-sampled
true
accept-language
de-DE,de;q=0.9
ot-tracer-traceid
5ba6c071d4c7346f
medium-frontend-path
/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
graphql-operation
ClapCountQuery
content-type
application/json
accept
*/*
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
medium-frontend-app
lite/main-20230428-203318-aaad2de49e
apollographql-client-version
main-20230428-203318-aaad2de49e
ot-tracer-spanid
19a5826861d6684c

Response headers

date
Mon, 01 May 2023 05:10:11 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
gzip
x-envoy-upstream-service-time
46
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
0
server
cloudflare
etag
W/"3d9-vC/sTXL8PUYx0mcZWeG6tpDLxhg"
worker-missing-cookies
0
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
medium-fulfilled-by
edgy/8.3.0, valencia/main-20230428-203318-aaad2de49e, rito/main-20230428-225134-947047c49c, tutu/main-20230428-171126-272d4798c4
cf-ray
7c058442dac8bbaf-FRA
x-request-received-at
1682917811739
graphql
blog.delivr.to/_/
452 B
726 B
Fetch
General
Full URL
https://blog.delivr.to/_/graphql
Requested by
Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/8493.12cd6497.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
03bde33743d3f2802ffbe7f4ac896a9ea3662b7187a1ee2756bef2a1e68c3fff
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

apollographql-client-name
lite
medium-frontend-route
post
ot-tracer-sampled
true
accept-language
de-DE,de;q=0.9
ot-tracer-traceid
5ba6c071d4c7346f
medium-frontend-path
/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
graphql-operation
FloatingPostActionsQuery
content-type
application/json
accept
*/*
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
medium-frontend-app
lite/main-20230428-203318-aaad2de49e
apollographql-client-version
main-20230428-203318-aaad2de49e
ot-tracer-spanid
19a5826861d6684c

Response headers

date
Mon, 01 May 2023 05:10:11 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
gzip
x-envoy-upstream-service-time
49
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
0
server
cloudflare
etag
W/"1c4-ZwuMUDwcZtGe8qr0z6+GSbijY70"
worker-missing-cookies
0
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
medium-fulfilled-by
edgy/8.3.0, valencia/main-20230428-203318-aaad2de49e, rito/main-20230428-225134-947047c49c, tutu/main-20230428-171126-272d4798c4
cf-ray
7c058442dacabbaf-FRA
x-request-received-at
1682917811742
graphql
blog.delivr.to/_/
80 B
495 B
Fetch
General
Full URL
https://blog.delivr.to/_/graphql
Requested by
Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/8493.12cd6497.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
55ca412eac0d644ec6acbaf1fdffc069665d6253bdc3ae15940bd6c9732b643e
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

apollographql-client-name
lite
medium-frontend-route
post
ot-tracer-sampled
true
accept-language
de-DE,de;q=0.9
ot-tracer-traceid
5ba6c071d4c7346f
medium-frontend-path
/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
graphql-operation
PostGiveTipOnExternalPlatformQuery
content-type
application/json
accept
*/*
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
medium-frontend-app
lite/main-20230428-203318-aaad2de49e
apollographql-client-version
main-20230428-203318-aaad2de49e
ot-tracer-spanid
19a5826861d6684c

Response headers

date
Mon, 01 May 2023 05:10:11 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
gzip
x-envoy-upstream-service-time
32
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
0
server
cloudflare
etag
W/"50-d/l2GWqSQwieQlOFwoQSAVR+35s"
worker-missing-cookies
0
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
medium-fulfilled-by
edgy/8.3.0, valencia/main-20230428-203318-aaad2de49e, rito/main-20230428-225134-947047c49c
cf-ray
7c058442dacbbbaf-FRA
x-request-received-at
1682917811736
graphql
blog.delivr.to/_/
96 B
532 B
Fetch
General
Full URL
https://blog.delivr.to/_/graphql
Requested by
Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/8493.12cd6497.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
54a23671bc26755b7dad45ce48462d8731698480cce458ce91df295e3082f3f5
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

apollographql-client-name
lite
medium-frontend-route
post
ot-tracer-sampled
true
accept-language
de-DE,de;q=0.9
ot-tracer-traceid
5ba6c071d4c7346f
medium-frontend-path
/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
graphql-operation
InteractivePostBodyQuery
content-type
application/json
accept
*/*
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
medium-frontend-app
lite/main-20230428-203318-aaad2de49e
apollographql-client-version
main-20230428-203318-aaad2de49e
ot-tracer-spanid
19a5826861d6684c

Response headers

date
Mon, 01 May 2023 05:10:11 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
gzip
x-envoy-upstream-service-time
43
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
0
server
cloudflare
etag
W/"60-Oro7QSUARndcmElH6iONx3Ieg4Q"
worker-missing-cookies
0
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
medium-fulfilled-by
edgy/8.3.0, valencia/main-20230428-203318-aaad2de49e, rito/main-20230428-225134-947047c49c, tutu/main-20230428-171126-272d4798c4
cf-ray
7c058442daccbbaf-FRA
x-request-received-at
1682917811733
open
api2.branch.io/v1/
316 B
691 B
XHR
General
Full URL
https://api2.branch.io/v1/open
Requested by
Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/8493.12cd6497.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:4a00:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
0003080ca8c7d4bf35ef2c76229a2935892f8c28a003152d12e69e9d2cd7d6b8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Mon, 01 May 2023 05:10:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop
PRG50-C1
x-cache
Miss from cloudfront
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
no-cache
x-branch-request-id
ee68fbab-07b1-43ab-aef4-e883e717d939-2023050105
content-length
316
x-amz-cf-id
6SIrF-O0C4guGDplbw4ICTMEv_tDTDvzhk4xWenTNo0DFSg2Pmsplg==
profile
api2.branch.io/v1/
183 B
614 B
XHR
General
Full URL
https://api2.branch.io/v1/profile
Requested by
Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/8493.12cd6497.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:4a00:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/ Express
Resource Hash
02959cbc120f00c542830c53b1da5cf5e6bceef0f8b9bdec7d3ea44e13e229ed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Mon, 01 May 2023 05:10:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
via
1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop
PRG50-C1
etag
W/"b7-YYLA+4Yv9VgS9xZWWsHTqxgDx9Y"
x-powered-by
Express
x-cache
Miss from cloudfront
content-type
application/json; charset=utf-8
access-control-allow-origin
*
x-branch-request-id
473aaf17925d4b6ead9baaf56e5054a6-2023050105
content-length
183
x-amz-cf-id
MotbAGV_elDlAzLcIJJ9fdOrF6c_s_4cQLQx_x0JtyI6HTEwmFp8Cw==
graphql
blog.delivr.to/_/
82 B
497 B
Fetch
General
Full URL
https://blog.delivr.to/_/graphql
Requested by
Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/8493.12cd6497.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
90d004f37900892380a8ec6321e4821317be7ff6fa52b05651f927f4b663e833
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

apollographql-client-name
lite
medium-frontend-route
post
ot-tracer-sampled
true
accept-language
de-DE,de;q=0.9
ot-tracer-traceid
5ba6c071d4c7346f
medium-frontend-path
/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
graphql-operation
ClapCountQuery
content-type
application/json
accept
*/*
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
medium-frontend-app
lite/main-20230428-203318-aaad2de49e
apollographql-client-version
main-20230428-203318-aaad2de49e
ot-tracer-spanid
19a5826861d6684c

Response headers

date
Mon, 01 May 2023 05:10:12 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
gzip
x-envoy-upstream-service-time
25
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
0
server
cloudflare
etag
W/"52-p5J1pmhjoeW1rY5uHO6xq3F6qjE"
worker-missing-cookies
0
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
medium-fulfilled-by
edgy/8.3.0, valencia/main-20230428-203318-aaad2de49e, rito/main-20230428-225134-947047c49c
cf-ray
7c058445bcfebbaf-FRA
x-request-received-at
1682917812180
graphql
blog.delivr.to/_/
8 KB
3 KB
Fetch
General
Full URL
https://blog.delivr.to/_/graphql
Requested by
Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/8493.12cd6497.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e58ea73342f43bb80304dd85bac784d79bfbd64a472a510b0aaf5c230f68f441
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

apollographql-client-name
lite
medium-frontend-route
post
ot-tracer-sampled
true
accept-language
de-DE,de;q=0.9
ot-tracer-traceid
5ba6c071d4c7346f
medium-frontend-path
/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
graphql-operation
PostNextFiveStoriesQuery
content-type
application/json
accept
*/*
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
medium-frontend-app
lite/main-20230428-203318-aaad2de49e
apollographql-client-version
main-20230428-203318-aaad2de49e
ot-tracer-spanid
19a5826861d6684c

Response headers

date
Mon, 01 May 2023 05:10:12 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
gzip
x-envoy-upstream-service-time
51
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
0
server
cloudflare
etag
W/"2153-vHjMWK2HOYxHFPp4wxjYYJPLHqI"
worker-missing-cookies
0
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
medium-fulfilled-by
edgy/8.3.0, valencia/main-20230428-203318-aaad2de49e, rito/main-20230428-225134-947047c49c, tutu/main-20230428-171126-272d4798c4
cf-ray
7c058445cd21bbaf-FRA
x-request-received-at
1682917812206
source-serif-pro-400-normal.woff
glyph.medium.com/font/8e059b2/3k-4f_4h-52_54-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/
57 KB
57 KB
Font
General
Full URL
https://glyph.medium.com/font/8e059b2/3k-4f_4h-52_54-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/source-serif-pro-400-normal.woff
Requested by
Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4e8c5141a45860f1cf10629c45600c1c98754d05e3254d586950d9ec0f060b14
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://glyph.medium.com/css/unbound.css
Origin
https://blog.delivr.to
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 01 May 2023 05:10:12 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
age
9074086
x-envoy-upstream-service-time
46
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
server
cloudflare
access-control-max-age
86400
access-control-allow-methods
GET, POST, PUT, DELETE
content-type
application/font-woff
access-control-allow-origin
*
cache-control
public, max-age=31536000
access-control-allow-credentials
true
vary
Accept-Encoding
cf-ray
7c0584476b3230f6-FRA
access-control-allow-headers
Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires
Tue, 30 Apr 2024 05:10:12 GMT
pageview
api2.branch.io/v1/
28 B
434 B
XHR
General
Full URL
https://api2.branch.io/v1/pageview
Requested by
Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/8493.12cd6497.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:4a00:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/ Express
Resource Hash
a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Mon, 01 May 2023 05:10:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop
PRG50-C1
x-powered-by
Express
etag
W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
x-cache
Miss from cloudfront
content-type
application/json; charset=utf-8
access-control-allow-origin
*
x-branch-request-id
15f9da5d10d341e881f39a4ddf8b00e5-2023050105
content-length
28
x-amz-cf-id
t2lgzG28nNA5wwPQtHKxaZRtVoHMg7fPyELTXqP3I_djSM9c1I0PDQ==
pageview
api2.branch.io/v1/
28 B
433 B
XHR
General
Full URL
https://api2.branch.io/v1/pageview
Requested by
Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/8493.12cd6497.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:4a00:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/ Express
Resource Hash
a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Mon, 01 May 2023 05:10:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop
PRG50-C1
x-powered-by
Express
etag
W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
x-cache
Miss from cloudfront
content-type
application/json; charset=utf-8
access-control-allow-origin
*
x-branch-request-id
9aa8c5ee19794eb28b214b2761a1833c-2023050105
content-length
28
x-amz-cf-id
WLYbBlTeoiMcTUr1nbYM6dHf8A4UTdMhkpI9agJQS5aRRSx1-51byg==
batch
blog.delivr.to/_/
17 B
296 B
Fetch
General
Full URL
https://blog.delivr.to/_/batch
Requested by
Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.e44d912a.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.153.4 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06
x-xsrf-token
1
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
content-type
application/json

Response headers

date
Mon, 01 May 2023 05:10:15 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
worker-missing-cookies
0
vary
Accept-Encoding
content-type
application/json
medium-fulfilled-by
edgy/8.3.0, valencia/main-20230428-203318-aaad2de49e
x-envoy-upstream-service-time
147
cf-ray
7c0584583e88bbaf-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
17

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
blog.delivr.to
URL
https://blog.delivr.to/_/graphql
Domain
blog.delivr.to
URL
https://blog.delivr.to/_/graphql
Domain
blog.delivr.to
URL
https://blog.delivr.to/_/graphql
Domain
blog.delivr.to
URL
https://blog.delivr.to/_/graphql

Verdicts & Comments Add Verdict or Comment

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless string| __BUILD_ID__ string| __GRAPHQL_URI__ object| __PRELOADED_STATE__ object| __APOLLO_STATE__ object| webpackChunklite function| setImmediate function| clearImmediate object| regeneratorRuntime object| DD_RUM function| main object| __APOLLO_CLIENT__ function| _resizeIframe object| __cfBeacon string| GoogleAnalyticsObject function| ga object| branch object| google_tag_data object| gaplugins object| gaGlobal object| gaData

11 Cookies

Domain/Path Name / Value
.blog.delivr.to/ Name: __cfruid
Value: dd90b1bba1ddbbabf7b357815002bc91ddc8cf79-1682917808
.medium.com/ Name: uid
Value: lo_cf2e038c26be
.medium.com/ Name: sid
Value: 1:WLD0CuvrnuIXGjHcCzdw3gMDJfNe7GBjzXIHED1tigN38PWzvhmve0nrANED/hwE
.medium.com/ Name: __cfruid
Value: cf0c9f0bf6c7d2da62fbe55d7d1f762ad81f07aa-1682917808
blog.delivr.to/ Name: uid
Value: lo_cf2e038c26be
blog.delivr.to/ Name: sid
Value: 1:O+6JfINtRBVLV3S3u9Icv3833POuI6Xzuof5RZThXQU27OvrhVp0Bws0ZPOXFLUI
blog.delivr.to/ Name: _dd_s
Value: rum=0&expire=1682918710089
.delivr.to/ Name: _ga
Value: GA1.2.56441920.1682917811
.delivr.to/ Name: _gid
Value: GA1.2.735435329.1682917811
.delivr.to/ Name: _gat
Value: 1
.app.link/ Name: _s
Value: zfPNfT4L0xqXDJDsdn%2Bwlgl9bJ6QnkpJpISs5WnXOI7rj08Jn%2FSg30L9xHayA0KI

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self' https://medium.com
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api2.branch.io
app.link
blog.delivr.to
cdn-client.medium.com
cdn.branch.io
glyph.medium.com
medium.com
miro.medium.com
static.cloudflareinsights.com
www.google-analytics.com
blog.delivr.to
162.159.153.4
2600:9000:2057:ac00:19:9934:6a80:93a1
2600:9000:2127:4a00:11:f728:3040:93a1
2606:4700:7::a29f:9804
2606:4700:7::a29f:9904
2606:4700::6810:3965
2a00:1450:4001:827::200e
65.9.95.129
0003080ca8c7d4bf35ef2c76229a2935892f8c28a003152d12e69e9d2cd7d6b8
0017449cfda81bb089bf3cdcd944fc19f450c9e6d3bbcc0f752c7c9a44b5c88e
02959cbc120f00c542830c53b1da5cf5e6bceef0f8b9bdec7d3ea44e13e229ed
02e9e1939e214dfa38c8eab94afca48043e7f00c46e95908662548a7d19819e1
03339318237f203c39972793a5232b2c94f3ea7a2c814641ae62660d8dd6e02b
03bde33743d3f2802ffbe7f4ac896a9ea3662b7187a1ee2756bef2a1e68c3fff
0497bc851b9b9d3211ae22c89f36c5e47fd708bc7239ed6cdde7f39cb5ea3664
0573eb7e1b3f0dbaad578ead6eb03bfbd6280ae5d9a2827ad95b260717410939
05f58f4713341ff1b2cbd045e254a438e1c8ee2cb41a21e0ece2570b38266532
08efafd9f373304b3cfa3b84b75d5913cb39b2b1ebcefa8061f94882a4408985
0d19349e1a7fc17631e75d4434c94ded800f5bcb8cf8e019abe59369b9e574e0
0f653a4f4e90f0ef0df3f84e2e9877a0af5ada92528d458bdd26d9a8cb08e417
135b7b1da534d97eb7e05355530e0af783c988f9a34815185c0e75400d175cf9
13a548e040a1ec08f77911fed1d559b95e5daae0ee227e632140e003c7268e7b
17b661a486215879018ecdf2463102d385f2c4fb74558fd15582e9f4844523d3
18368d07cd53cd2a938e89d068ebb70ab2fac476f7bb58e8586d7d6cbf12cd55
1ac9025d007012b749a6753a31ba78e911b92a360195e13eb770064797008340
1b675cf46d0b6de52083440daff415ecf33a9f38bbdc549cce55d68801c77ee9
1ca820b9aa7681184130d09157ea679d1d31390bee2af294c088f6dcaa24923b
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
2334df49a3450802cab73e955c936a122a29bc92ffee9cd6196bb7902a47c713
23cddb42622b81f34d4c55b8d5f0e214b59bbea178f733d397c7ff947bc082dc
26bb5d52850ebd86df6c5f1e39549d6caa9c730fa614748d465be34fe3ad02a2
28b2e2a4c843a58cf41b34958d7abfcaca4c2c8e2f8edb32089fba5fa18b30bb
2911927df6c0a93829e78411112c7814bc7b90ecb78c3656c43d501ce89a0a65
293cb36ca1c002f569bcbce51360a20745ce87b2e515be849d83d5269d7d2174
2a09c82b74435b64d254e424ae969a20eb928657761505396b8424583b10c044
31f2941787b000deb56a7607dd7922bc98bd20d64bcedeb37aa6e4208a438bf9
32579933fa7409a851f4fed587cb4a19111bf097eb787ba275666500c1dc1596
337309e684b0643d1e2eb03b3be3e3df4e7183de1595f9f3575cd5f186f3a424
3379ecb222bb071c4a5b6f72af5de2cc14f589b47914fa2daaac19f1c47113c6
366bfb267958cf08b1d2dab865f82a1f9065bb019fe1db867815579503b0176d
37c3a926af9b28967f6f870ebdc232b2f6fb00246727741939e920af3fb867b4
3a2a69f3e2ba94d54c995b56440590df5ec1f82cc4e16443c97566de4095328b
3b7f1614e5eedf77fce5ff9d7bc8773033173d49af61ec3a624063bc8a304a88
3e479fe502330044c7e5957eaad0ecc55227da44e2f8d614e384d4e139e66dbc
3f055f8001b617ca9be7a7cd3bb751515f7db6b5323adf1305d55d3a972d0442
3fe5d07b773a4441577b5ae257f3bfbebb10c308c73d6664656c172080f363bb
3ffdb21f71e508c3aa7ce86275ceb73abd418d760aa38f1812e3e3e0a5013241
456d098310cccea8bfc4879a194168a41a37adb126ccc4f1416ccf90ee392d8f
4756b8554d2e2b0ea985aefed9d0000d175c5c9ae6536b143adedf436531a834
4808ccff977940729ce03387d0583d44a1061e1e3e13c8da41f0ff1edfeefb16
4a96cae42b1009fa744e6e9d4149f69da1ad14892d80a57ca04f6b0e3f1d9e46
4e8c5141a45860f1cf10629c45600c1c98754d05e3254d586950d9ec0f060b14
50a979f6e8a062abeacd9791b81cbedbe908659d6bc12d73f1102167bfc41937
54a23671bc26755b7dad45ce48462d8731698480cce458ce91df295e3082f3f5
55ca412eac0d644ec6acbaf1fdffc069665d6253bdc3ae15940bd6c9732b643e
5a9538496fc598aef8185ce64a1416f66dbb480363eacd5466477f888985c161
5b4a371c6adf95bf152794e200975d8c9944a326cf6d08862f3f9a7dadd679f8
5fd5bf01b4c556dfeba2a6382aab7a4520cc6574394567e97a3a5e09ec8cdddd
6173a1b363b6bffdf4ec8d533f260644b17cc6f8a747f2d4f529795a3cdf0c04
6482695d7a4f61334413b48d08762f0741c24cf2f5fac96d097ee76f7864b9a1
65f0c65b5db3aa0568c7986479a4a3e909a05a84fb34ced48d70a2d628dd1444
67a83af9433bfca6f02e8960f7557bfa07a1ac6fa66895f8cae71ed3af9f8294
6b400a4ec8b292df5747de9b0fca9f6528b1b1e027e1189db9ce24f15d5e1749
6d0f1f91751d635fce38f3af610e536f348ef6e22a9a9fc34d5c6d375169b3c0
6ffdb94bcfd60ad7bf5022e908429c9443e33535666224089cc60600689ed74a
706e568e0c4a22004a1c177674ae9489b5a3ca9f5a97e4addb3c626c03016548
78661d3e6871b6e5c37f3113d811cb3dfc69546449e3b2c28095b6e7f28d9a7d
79eb96070f46bdfc877526347043fbe369069bd10ced3801aea4fae9c3a02405
7ae83513752ee9a8181dd755a464c8f4d6fa6f2de549342a91b5013857318c03
7b9e8109c78ad9e76bff06adea00cb379e26a2d11a9a3498b200c3df0be3331c
8403c71b056bddf7eae34e0bb4c66b4a445668fdd126efbd9bb0649ab77a4bd2
8d00a4a3f4fd39488c2b2f0e587a7727a144a22c7b42e62e5a19a2ec456b0510
90d004f37900892380a8ec6321e4821317be7ff6fa52b05651f927f4b663e833
93108a3457063b609549bfad7f49c89fc0ce3580e2f737fe23a59076b2fbd633
9310c83c18743911f4124d65452c68aca614a19c2426e4c406b8297824f26563
934a49c11a620a3958d807963c7a4927df9c64b243849e0ab1ea1576c29eb6c3
93ec15dd15d0b36925c06e9cd208be62b2bd75010d9681c067867fc429b29d9f
9904f1b2ded29c98bc93716c7c1cd44fe7d0bc1fb7042451bcccfb857480fc23
9ed76cfe62861007eee5b0ef44f3bd185ce3b60f0b9ead0b91ab62af01e9efa4
a054981357a01eda3130a3303e830c3a1c131ad5e1ef9b7ae26cd5528f4c298a
a2dccb0664aa6be074668f722bd5e206d0632b561ed15eb7f4975bfdfc126605
a56d29a9c88368029672af32583293e1cfb7de32fa9a3b07014cb6349a291906
a5c74680eff9f1e435e751ec4cc5fb1f37b6c9beb550146025d7899752833ed5
a7d86022f2a24e2797798001ea8b3cbf6b4a6d9de3fa1d3ad1ab9e596e6c0a78
a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb
a8385e7b05d48e9989413e1cb765038ac3f15f5aea672954c765bd7f19c9a058
ae4a152dbc443cb2190ebe669b3604fa97bae75f8012b0364ffb2ff2d4def713
b0bb60d88b2542c309808da080e6c3bfe7c4c3ff03e679ab29a4394c00a11c4f
b0f424bafe993b016ea96973894f95dfc4290608478a2d7d3fdd080d9b0a60d1
b7a186a71840944885d3c455f4e3c5b73fcc575b75fcd91f4e111ea512e75b8f
bb13425885ee713fb8e0df5308e088502decb5ba7bdeda770a6588c71d2e8583
bb1ed19249c07f3ad9aa269ca1a0a5a41096960f35bddb839fbdad08767e3017
be18a208d4e5e0c3f3343588333535ac1efad32afa983e2ce0d6c42a80fff5d3
be1f68b533d20ee61daf543dff9e6a9b3aebb19e6ec07a3bc7a84db8b1b4d86d
c1c223b155a0b1cc4ab40250ddeeec6031a768c2417f0144392a8680b99d7282
c4a0cb6328126994438b5a127dc9d3bb890323c339df243cc9f19bc3bde40bfa
c7f33f9d86d68e8710c412762af168f3fc741c778f0eced14a2e3295ae8918eb
ca2b6c294049540bb3cf90a4425ee46c65a114fba4d1a91b0c76b644b95e4d2f
ca419d293aea6be37299c6d398b7bbff362c7108fd94042dea0f0f3b24fbcf79
ccf2d179ea542c4a803f261321baa76b4628ee1ceb56fadd5b112f49467d7fca
cdc2bb26fe76a79d54a6f197edf1188e4829093003f26707eed349267a8a96d3
cdda40bda76a0adaed3fe045e8396748669078e1b15c59975119e243bc6b45c0
d1bb0e18dda94e73f54955d08e8579d5958e168fb032edb5a01d4766acea6d10
d5d7947aa3e6131478a97f06e72913cb7b9e19161e03502ad1de3eb67f447213
d6c90ff7bddb2b437a4130fbfaad1dd6fdc87a532ed4a97b5a4484c659e632ee
d76b4ee6a984d23489a153fc293a0a08007c7a8daeb1ed5c3bfa87e58a34cd98
dd0b37cbbaf700e3e7c52e849242a854118a8625f6e18bd01a84af825092f04f
dee0b96b9a0b8d892256c83ca6b65c0660e33e57c8ce1bb89b91351135c91540
e2913d7530f3f6c73b724c9882136bae20c7a5939038a4a1f3dbf3aea33dba79
e2be45fe7a399b7cd926a3daf4d472a60b61eefe3e9c19a68cd0acc2e4b3d991
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e53ebfbcc9c25748543c93340d2eb361c3fae51ae63261e01e54758703593afc
e58ea73342f43bb80304dd85bac784d79bfbd64a472a510b0aaf5c230f68f441
e5a5c8bf0e32d365e821fd8f6d94d7c397c95ff6f10bbac9304b2e3a72470653
e6c4743badcee0a99f2822bb55470e7fdf831dfcc17b818f0612794fb85396de
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
f90d19259478cca4381bea7e760845de9bcf2155ee96cd8b06049add894022d3