Report - mirror-medium.com/?q=https://medium.com/product-manager-hq

Report Overview

Visited public
2023-08-31 16:01:09
Tags
URL
mirror-medium.com/?q=https://medium.com/product-manager-hq
Finishing URL
mirror-medium.com/?q=https://medium.com/product-manager-hq
IP / ASN
185.61.153.110
#22612 NAMECHEAP-NET
Title
Product Manager HQ | Mirror Medium

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.pki.goog	175	2016-06-13	2018-07-01 08:43:07	2023-08-31 05:09:26	2.0 kB	4.2 kB	142.250.74.131
miro.medium.com	13183	1998-05-27	2017-08-01 15:23:26	2023-08-30 22:18:36	6.4 kB	598 kB	162.159.153.4
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-08-31 06:44:45	1.1 kB	35 kB	216.58.207.227
pub.highlight.run	326509	2020-08-30	2021-09-27 11:52:00	2023-08-31 16:51:52	5.0 kB	3.2 kB	52.14.99.139
static.highlight.io	unknown	2022-03-01	2022-11-09 12:15:49	2023-08-30 02:57:44	413 B	100 kB	54.230.111.56
o407027.ingest.sentry.io	unknown	2012-04-07	2022-12-04 19:09:19	2023-08-12 19:03:17	2.5 kB	2.3 kB	34.120.195.249
ocsp.sectigo.com	487	2018-08-16	2019-11-29 12:50:24	2023-08-31 06:36:24	660 B	1.9 kB	104.18.14.101
mirror-medium.com	442503	2021-11-21	2021-11-21 16:10:49	2023-08-12 19:03:40	14 kB	328 kB	185.61.153.110
browser.sentry-cdn.com	4393	2018-05-30	2018-07-13 13:42:06	2023-08-31 07:54:41	914 B	72 kB	151.101.2.217
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-08-31 06:22:29	426 B	84 kB	142.250.74.168
unpkg.com	11693	2016-01-06	2016-01-08 00:26:01	2023-08-31 05:12:24	1.3 kB	88 kB	104.16.123.175
ocsp.r2m02.amazontrust.com	unknown	2007-05-11	2022-10-12 16:01:39	2023-08-31 06:31:24	1.4 kB	3.8 kB	143.204.48.16
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-08-31 07:00:04	476 B	3.0 kB	142.250.74.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-08-31	medium	mirror-medium.com	Sinkholed
2023-08-31	medium	mirror-medium.com	Sinkholed
2023-08-31	medium	mirror-medium.com	Sinkholed
2023-08-31	medium	mirror-medium.com	Sinkholed
2023-08-31	medium	mirror-medium.com	Sinkholed
2023-08-31	medium	mirror-medium.com	Sinkholed
2023-08-31	medium	mirror-medium.com	Sinkholed
2023-08-31	medium	mirror-medium.com	Sinkholed
2023-08-31	medium	mirror-medium.com	Sinkholed
2023-08-31	medium	mirror-medium.com	Sinkholed
2023-08-31	medium	mirror-medium.com	Sinkholed
2023-08-31	medium	mirror-medium.com	Sinkholed
2023-08-31	medium	mirror-medium.com	Sinkholed
2023-08-31	medium	mirror-medium.com	Sinkholed
2023-08-31	medium	mirror-medium.com	Sinkholed
2023-08-31	medium	mirror-medium.com	Sinkholed
2023-08-31	medium	mirror-medium.com	Sinkholed
2023-08-31	medium	mirror-medium.com	Sinkholed
2023-08-31	medium	mirror-medium.com	Sinkholed
2023-08-31	medium	mirror-medium.com	Sinkholed
2023-08-31	medium	mirror-medium.com	Sinkholed
2023-08-31	medium	mirror-medium.com	Sinkholed
2023-08-31	medium	mirror-medium.com	Sinkholed
2023-08-31	medium	mirror-medium.com	Sinkholed
2023-08-31	medium	mirror-medium.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (12)

	URL	From	Size	First Seen	Last Seen
	mirror-medium.com/?q=https://medium.com/product-manager-hq	ScriptElement	0 B	0001-01-01	2025-05-13
Pretty URL mirror-medium.com/?q=https://medium.com/product-manager-hq IP 185.61.153.110 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-13 03:45 Times Seen4668643 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	browser.sentry-cdn.com/7.29.0/bundle.tracing.min.js	ScriptElement	79 kB	2023-08-12	2023-08-31
Pretty URL browser.sentry-cdn.com/7.29.0/bundle.tracing.min.js IP 151.101.2.217 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-12 19:03 Last Seen2023-08-31 18:04 Times Seen10 Hash baa77bd6c22ee0ebefd2f4c62d6979a5 e70b11496d16a5eee1f2deed3f0e2a4671c5d060 8bdaa0eb40b149c3956c51b953367a10060dc47e573c6c944c276cc1d936e126 Loading...

	mirror-medium.com/?q=https://medium.com/product-manager-hq	ScriptElement	0 B	0001-01-01	2025-05-13
Pretty URL mirror-medium.com/?q=https://medium.com/product-manager-hq IP 185.61.153.110 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-13 03:45 Times Seen4668643 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	static.highlight.io/v7.5.0/index.js	ScriptElement	343 kB	2023-08-31	2023-08-31
Pretty URL static.highlight.io/v7.5.0/index.js IP 54.230.111.56 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-31 18:01 Last Seen2023-08-31 18:04 Times Seen9 Hash 918103971fcd8ac2c4d971dc19f94a91 7b1dce97b5e54bc05bb0dff7c010bf7ac0c66986 7e46db24348ef39bc103780cdc16e63d9f6cb1a29f596d4d203d15d0c8bfbebb Loading...

	mirror-medium.com/js/vendor/modernizr-3.11.2.min.js	ScriptElement	8.6 kB	2023-03-07	2025-04-19
Pretty URL mirror-medium.com/js/vendor/modernizr-3.11.2.min.js IP 185.61.153.110 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:07 Last Seen2025-04-19 12:50 Times Seen52 Hash 57b15b0dca5ebae4fadef49608433646 aa41dda4c7cb4f4f898b4124bcdb8f35ea43ce28 8c52fd09c046eb1c50d8c10ed30e5ee15aa1f46c3ba26ee4019b1509277ffc2d Loading...

	mirror-medium.com/?q=https://medium.com/product-manager-hq	ScriptElement	0 B	0001-01-01	2025-05-13
Pretty URL mirror-medium.com/?q=https://medium.com/product-manager-hq IP 185.61.153.110 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-13 03:45 Times Seen4668643 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	unpkg.com/highlight.run	ScriptElement	37 kB	2023-08-31	2023-08-31
Pretty URL unpkg.com/highlight.run IP 104.16.123.175 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-31 18:01 Last Seen2023-08-31 18:04 Times Seen9 Hash b32de0abc0b48425df36d0d80e40d761 3229df45e57a8bd33dc5a388c541ba73a50c5c2a 2c08b8b683d1e585af3800499213387540968e692372dae3c64e863913f5a220 Loading...

	browser.sentry-cdn.com/7.29.0/replay.min.js	ScriptElement	144 kB	2023-08-12	2023-08-31
Pretty URL browser.sentry-cdn.com/7.29.0/replay.min.js IP 151.101.2.217 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-12 19:03 Last Seen2023-08-31 18:04 Times Seen10 Hash be03f7dc6292e628d35aae6141cf7f06 a9758d25bdba4189f6934d0c5b47c110a0f434aa 8f8a419e7ecc939e187925993608decd2306d2202e7da1f73822721d7cc7c1af Loading...

	mirror-medium.com/?q=https://medium.com/product-manager-hq	ScriptElement	0 B	0001-01-01	2025-05-13
Pretty URL mirror-medium.com/?q=https://medium.com/product-manager-hq IP 185.61.153.110 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-13 03:45 Times Seen4668643 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	mirror-medium.com/js/plugins.js	ScriptElement	706 B	2023-03-07	2025-05-12
Pretty URL mirror-medium.com/js/plugins.js IP 185.61.153.110 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:07 Last Seen2025-05-12 03:10 Times Seen80 Hash 9baec86da49af9bae5ba6b3b5b6f5eca 594a87f64eabd1c0ed40f4354ffea72b4bcf3154 ba48d440c79456c03c9bd51bc75d3367d8b4b12c8c5dd889b11c33c651561d11 Loading...

	mirror-medium.com/js/main.js?3264	ScriptElement	6.7 kB	2023-08-12	2023-08-31
Pretty URL mirror-medium.com/js/main.js?3264 IP 185.61.153.110 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-12 19:03 Last Seen2023-08-31 18:04 Times Seen10 Hash 89a580cb5cf98d301dd21369e5c5f79a e471674d04e2a09340e4556e0bffc5a884bbd33e a0b34517e1da63600a8118634b6da138c0893fa82a60e4c3755443a690bb8221 Loading...

	www.googletagmanager.com/gtag/js?id=G-NG5GYKZ70H	ScriptElement	238 kB	2023-08-31	2023-08-31
Pretty URL www.googletagmanager.com/gtag/js?id=G-NG5GYKZ70H IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-31 18:01 Last Seen2023-08-31 18:01 Times Seen2 Hash db5f2277ecd685d54702f06d676e1708 6659e1507786be8d48fecfd4436f31d7e25cc7ae fd6a7ac880706800de3fd4d69d8cdd52645bd278feec5a7f807465ccbbbfe664 Loading...

HTTP Transactions (73)

URL IP Response Size

ocsp.sectigo.com/

104.18.14.101

472 B

URL
ocsp.sectigo.com/
IP
104.18.14.101:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
9c4537ff5791f0b9984faf55b715799d
8dda24751d73c5dba64e515a5b578720976a5378
dfd22c09d800674261a70493ba9c7d82e596b2e35fefb3dd196399a479ea2351

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 31 Aug 2023 16:00:52 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 30 Aug 2023 16:21:14 GMT
Expires: Wed, 06 Sep 2023 16:21:13 GMT
Etag: "8dda24751d73c5dba64e515a5b578720976a5378"
Cache-Control: max-age=519021,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ff67d212860b4f4-OSL

mirror-medium.com/

185.61.153.110

707 B

URL
mirror-medium.com/
IP
185.61.153.110:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
707 B (707 bytes)
Hash
1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: mirror-medium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Thu, 31 Aug 2023 16:00:54 GMT
server: LiteSpeed
location: https://mirror-medium.com/
x-turbo-charged-by: LiteSpeed

mirror-medium.com/?q=https://medium.com/product-manager-hq

185.61.153.110

200 OK

2.9 kB

URL User Request GET HTTP/2
mirror-medium.com/?q=https://medium.com/product-manager-hq
IP
185.61.153.110:443
ASN
#22612 NAMECHEAP-NET

Certificate
IssuerSectigo Limited
Subjectmirror-medium.com
Fingerprint1D:CB:0E:06:6E:39:D6:6C:BB:D1:C9:9F:11:5E:1A:03:9F:CB:16:D5
ValidityMon, 14 Nov 2022 00:00:00 GMT - Tue, 21 Nov 2023 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (347)
Size
2.9 kB (2939 bytes)
Hash
a91e262177bd6a5640ee432b59a47120
75158990424bad9bf9c848419197a90d903db4bb
0ed13fd9ef38246a7132494e46a6cd9880dc72fe682184b7225edc073df9a030

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?q=https://medium.com/product-manager-hq HTTP/1.1
Host: mirror-medium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
cache-control: public, max-age=0
expires: Thu, 31 Aug 2023 16:00:54 GMT
content-length: 2939
content-encoding: br
vary: Accept-Encoding
date: Thu, 31 Aug 2023 16:00:54 GMT
server: LiteSpeed
x-ua-compatible: IE=edge
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.14.101

472 B

URL
ocsp.sectigo.com/
IP
104.18.14.101:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
9c4537ff5791f0b9984faf55b715799d
8dda24751d73c5dba64e515a5b578720976a5378
dfd22c09d800674261a70493ba9c7d82e596b2e35fefb3dd196399a479ea2351

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 31 Aug 2023 16:00:54 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 30 Aug 2023 16:21:14 GMT
Expires: Wed, 06 Sep 2023 16:21:13 GMT
Etag: "8dda24751d73c5dba64e515a5b578720976a5378"
Cache-Control: max-age=519018,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ff67d341e60b4f4-OSL

mirror-medium.com/css/normalize.css

185.61.153.110

200 OK

1.6 kB

URL GET HTTP/2
mirror-medium.com/css/normalize.css
IP
185.61.153.110:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerSectigo Limited
Subjectmirror-medium.com
Fingerprint1D:CB:0E:06:6E:39:D6:6C:BB:D1:C9:9F:11:5E:1A:03:9F:CB:16:D5
ValidityMon, 14 Nov 2022 00:00:00 GMT - Tue, 21 Nov 2023 23:59:59 GMT

File type
ASCII text
Size
1.6 kB (1554 bytes)
Hash
112272e51c80ffe5bd01becd2ce7d656
7ffde343bdf10add1f052f3c4308a15180eb4404
580818700724d42d7fcc4979b0197971fca1c6d2e0286769237a0ac897df5512

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/normalize.css HTTP/1.1
Host: mirror-medium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=31536000
expires: Fri, 30 Aug 2024 16:00:54 GMT
content-type: text/css; charset=utf-8
last-modified: Thu, 04 Jun 2020 17:32:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1554
date: Thu, 31 Aug 2023 16:00:54 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

mirror-medium.com/css/main.css?9113

185.61.153.110

200 OK

4.9 kB

URL GET HTTP/2
mirror-medium.com/css/main.css?9113
IP
185.61.153.110:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerSectigo Limited
Subjectmirror-medium.com
Fingerprint1D:CB:0E:06:6E:39:D6:6C:BB:D1:C9:9F:11:5E:1A:03:9F:CB:16:D5
ValidityMon, 14 Nov 2022 00:00:00 GMT - Tue, 21 Nov 2023 23:59:59 GMT

File type
ASCII text
Size
4.9 kB (4931 bytes)
Hash
ce77ebad42e8af2e627ae2b64c9269cd
8f418c67c1a869fd358ee9dce095094d1d8901a4
7caebf64080b5a98db9deef7ab16805217233eecb58fa935567892eb430fa7d0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/main.css?9113 HTTP/1.1
Host: mirror-medium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=31536000
expires: Fri, 30 Aug 2024 16:00:54 GMT
content-type: text/css; charset=utf-8
last-modified: Fri, 04 Mar 2022 06:30:20 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4931
date: Thu, 31 Aug 2023 16:00:54 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

mirror-medium.com/img/logo.png

185.61.153.110

200 OK

15 kB

URL GET HTTP/2
mirror-medium.com/img/logo.png
IP
185.61.153.110:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerSectigo Limited
Subjectmirror-medium.com
Fingerprint1D:CB:0E:06:6E:39:D6:6C:BB:D1:C9:9F:11:5E:1A:03:9F:CB:16:D5
ValidityMon, 14 Nov 2022 00:00:00 GMT - Tue, 21 Nov 2023 23:59:59 GMT

File type
PNG image data, 400 x 50, 8-bit/color RGBA, non-interlaced\012- data
Size
15 kB (14631 bytes)
Hash
5e59219d8f6bf1562b6249b643fb4f35
16165b44c326e411e40cd5f4458db37a26b60a2a
d5cd134775d99fa50cdc4fac484cee2e26cdca7d907aaccd6cbed55eed76eb83

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/logo.png HTTP/1.1
Host: mirror-medium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=2592000
expires: Sat, 30 Sep 2023 16:00:54 GMT
content-type: image/png
last-modified: Sun, 21 Nov 2021 19:02:52 GMT
accept-ranges: bytes
content-length: 14631
date: Thu, 31 Aug 2023 16:00:54 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

browser.sentry-cdn.com/7.29.0/bundle.tracing.min.js

151.101.2.217

200 OK

26 kB

URL GET HTTP/2
browser.sentry-cdn.com/7.29.0/bundle.tracing.min.js
IP
151.101.2.217:443
ASN
#54113 FASTLY

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerGlobalSign nv-sa
Subject*.sentry-cdn.com
FingerprintF4:BF:96:D1:20:5D:BA:52:63:EB:1F:F7:56:39:FA:81:01:A3:64:DE
ValidityTue, 01 Aug 2023 14:42:24 GMT - Sun, 01 Sep 2024 14:42:23 GMT

File type
ASCII text, with very long lines (65429)
Size
26 kB (26088 bytes)
Hash
baa77bd6c22ee0ebefd2f4c62d6979a5
e70b11496d16a5eee1f2deed3f0e2a4671c5d060
8bdaa0eb40b149c3956c51b953367a10060dc47e573c6c944c276cc1d936e126

HTTP Headers

GET /7.29.0/bundle.tracing.min.js HTTP/1.1
Host: browser.sentry-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mirror-medium.com
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: public, max-age=31536000
expires: Thu, 08 Aug 2024 10:49:48 GMT
last-modified: Wed, 04 Jan 2023 13:59:29 GMT
etag: "241b8841b9eb59c3eeb1b3bb3ca33082"
content-type: application/javascript; charset=utf-8
content-encoding: gzip
accept-ranges: bytes
date: Thu, 31 Aug 2023 16:00:54 GMT
age: 1919466
vary: Accept-Encoding
access-control-allow-origin: *
server: Fastly
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 26088
X-Firefox-Spdy: h2

browser.sentry-cdn.com/7.29.0/replay.min.js

151.101.2.217

200 OK

44 kB

URL GET HTTP/2
browser.sentry-cdn.com/7.29.0/replay.min.js
IP
151.101.2.217:443
ASN
#54113 FASTLY

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerGlobalSign nv-sa
Subject*.sentry-cdn.com
FingerprintF4:BF:96:D1:20:5D:BA:52:63:EB:1F:F7:56:39:FA:81:01:A3:64:DE
ValidityTue, 01 Aug 2023 14:42:24 GMT - Sun, 01 Sep 2024 14:42:23 GMT

File type
ASCII text, with very long lines (65448)
Size
44 kB (44409 bytes)
Hash
be03f7dc6292e628d35aae6141cf7f06
a9758d25bdba4189f6934d0c5b47c110a0f434aa
8f8a419e7ecc939e187925993608decd2306d2202e7da1f73822721d7cc7c1af

HTTP Headers

GET /7.29.0/replay.min.js HTTP/1.1
Host: browser.sentry-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mirror-medium.com
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: public, max-age=31536000
expires: Thu, 15 Aug 2024 11:52:33 GMT
last-modified: Wed, 04 Jan 2023 13:59:29 GMT
etag: "b5104c7a3e4b146c655b6327beafaa31"
content-type: application/javascript; charset=utf-8
content-encoding: gzip
accept-ranges: bytes
date: Thu, 31 Aug 2023 16:00:54 GMT
age: 1310902
vary: Accept-Encoding
access-control-allow-origin: *
server: Fastly
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 44409
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
92863e68af4291e55b0bd28ec5cd26f8
1de2b2f643ea36f1067d46e0fd86aca4e04ec102
8c2e98db7573c6d3c76454f96035b06d5e58eb36c4811de2e93a04ca8966d162

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 31 Aug 2023 16:00:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
a400cf16b1d7599abf0c3d84396d4dcf
ee7008d9c5ab4e79ebdad5508831a050248115de
d25b07b54abb9acaff33f0bb887bab3b6eb1568bf0bf204364269716f22302c3

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 31 Aug 2023 16:00:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

miro.medium.com/fit/60/60/1*fd7CcLfnloJUF54rlmjbEQ.png

162.159.153.4

301 Moved Permanently

0 B

URL GET HTTP/2
miro.medium.com/fit/60/60/1*fd7CcLfnloJUF54rlmjbEQ.png
IP
162.159.153.4:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerCloudflare, Inc.
Subjectmedium.com
FingerprintC1:F5:F2:1F:BB:E1:6E:CF:41:84:19:7C:8D:96:EF:01:6B:9B:CF:DC
ValiditySun, 20 Aug 2023 00:00:00 GMT - Sat, 18 Nov 2023 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /fit/60/60/1*fd7CcLfnloJUF54rlmjbEQ.png HTTP/1.1
Host: miro.medium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 301 Moved Permanently
date: Thu, 31 Aug 2023 16:00:55 GMT
content-type: image/png
content-length: 0
sepia-upstream: medium
access-control-allow-origin: *
location: /v2/resize:fill:60:60/1*fd7CcLfnloJUF54rlmjbEQ.png
x-envoy-upstream-service-time: 1
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: HIT
expires: Thu, 31 Aug 2023 18:00:55 GMT
cache-control: public, max-age=7200
vary: Accept-Encoding
x-content-type-options: nosniff
set-cookie: __cfruid=980af2c876a0ef460fe020d09073df9d81ebbb9f-1693497655; path=/; domain=.medium.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7ff67d378b2eb4f4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

mirror-medium.com/js/vendor/modernizr-3.11.2.min.js

185.61.153.110

200 OK

3.4 kB

URL GET HTTP/2
mirror-medium.com/js/vendor/modernizr-3.11.2.min.js
IP
185.61.153.110:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerSectigo Limited
Subjectmirror-medium.com
Fingerprint1D:CB:0E:06:6E:39:D6:6C:BB:D1:C9:9F:11:5E:1A:03:9F:CB:16:D5
ValidityMon, 14 Nov 2022 00:00:00 GMT - Tue, 21 Nov 2023 23:59:59 GMT

File type
ASCII text, with very long lines (8289)
Size
3.4 kB (3400 bytes)
Hash
57b15b0dca5ebae4fadef49608433646
aa41dda4c7cb4f4f898b4124bcdb8f35ea43ce28
8c52fd09c046eb1c50d8c10ed30e5ee15aa1f46c3ba26ee4019b1509277ffc2d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/vendor/modernizr-3.11.2.min.js HTTP/1.1
Host: mirror-medium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=31536000
expires: Fri, 30 Aug 2024 16:00:54 GMT
content-type: text/javascript; charset=utf-8
last-modified: Sun, 11 Sep 2022 09:30:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3400
date: Thu, 31 Aug 2023 16:00:54 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

mirror-medium.com/js/plugins.js

185.61.153.110

200 OK

330 B

URL GET HTTP/2
mirror-medium.com/js/plugins.js
IP
185.61.153.110:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerSectigo Limited
Subjectmirror-medium.com
Fingerprint1D:CB:0E:06:6E:39:D6:6C:BB:D1:C9:9F:11:5E:1A:03:9F:CB:16:D5
ValidityMon, 14 Nov 2022 00:00:00 GMT - Tue, 21 Nov 2023 23:59:59 GMT

File type
ASCII text
Size
330 B (330 bytes)
Hash
9baec86da49af9bae5ba6b3b5b6f5eca
594a87f64eabd1c0ed40f4354ffea72b4bcf3154
ba48d440c79456c03c9bd51bc75d3367d8b4b12c8c5dd889b11c33c651561d11

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/plugins.js HTTP/1.1
Host: mirror-medium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=31536000
expires: Fri, 30 Aug 2024 16:00:54 GMT
content-type: text/javascript; charset=utf-8
last-modified: Sun, 11 Sep 2022 09:30:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 330
date: Thu, 31 Aug 2023 16:00:54 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

mirror-medium.com/js/main.js?3264

185.61.153.110

200 OK

1.6 kB

URL GET HTTP/2
mirror-medium.com/js/main.js?3264
IP
185.61.153.110:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerSectigo Limited
Subjectmirror-medium.com
Fingerprint1D:CB:0E:06:6E:39:D6:6C:BB:D1:C9:9F:11:5E:1A:03:9F:CB:16:D5
ValidityMon, 14 Nov 2022 00:00:00 GMT - Tue, 21 Nov 2023 23:59:59 GMT

File type
ASCII text
Size
1.6 kB (1594 bytes)
Hash
89a580cb5cf98d301dd21369e5c5f79a
e471674d04e2a09340e4556e0bffc5a884bbd33e
a0b34517e1da63600a8118634b6da138c0893fa82a60e4c3755443a690bb8221

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/main.js?3264 HTTP/1.1
Host: mirror-medium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=31536000
expires: Fri, 30 Aug 2024 16:00:54 GMT
content-type: text/javascript; charset=utf-8
last-modified: Sun, 30 Oct 2022 13:55:59 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1594
date: Thu, 31 Aug 2023 16:00:54 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-NG5GYKZ70H

142.250.74.168

200 OK

83 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-NG5GYKZ70H
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint4E:35:EC:AC:A4:3A:09:F9:F3:9A:26:43:94:A7:BA:2C:01:54:DA:12
ValidityMon, 07 Aug 2023 12:16:40 GMT - Mon, 30 Oct 2023 12:16:39 GMT

File type
ASCII text, with very long lines (3034)
Size
83 kB (82862 bytes)
Hash
db5f2277ecd685d54702f06d676e1708
6659e1507786be8d48fecfd4436f31d7e25cc7ae
fd6a7ac880706800de3fd4d69d8cdd52645bd278feec5a7f807465ccbbbfe664

HTTP Headers

GET /gtag/js?id=G-NG5GYKZ70H HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 31 Aug 2023 16:00:55 GMT
expires: Thu, 31 Aug 2023 16:00:55 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 82862
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

mirror-medium.com/img/loading-articles.gif

185.61.153.110

200 OK

262 kB

URL GET HTTP/2
mirror-medium.com/img/loading-articles.gif
IP
185.61.153.110:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerSectigo Limited
Subjectmirror-medium.com
Fingerprint1D:CB:0E:06:6E:39:D6:6C:BB:D1:C9:9F:11:5E:1A:03:9F:CB:16:D5
ValidityMon, 14 Nov 2022 00:00:00 GMT - Tue, 21 Nov 2023 23:59:59 GMT

File type
GIF image data, version 89a, 398 x 208\012- data
Size
262 kB (261951 bytes)
Hash
5e8dd42bcbe2b49b38075b3eb5ed96ae
46ca6812d30f2963f83050753b8c2a644184b1ba
6e02feba847a7b9a513cf33885b70ae0afe1fe744900a2e1136961115278fe73

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/loading-articles.gif HTTP/1.1
Host: mirror-medium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=2592000
expires: Sat, 30 Sep 2023 16:00:54 GMT
content-type: image/gif
last-modified: Fri, 07 Jan 2022 17:13:02 GMT
accept-ranges: bytes
content-length: 261951
date: Thu, 31 Aug 2023 16:00:54 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
92863e68af4291e55b0bd28ec5cd26f8
1de2b2f643ea36f1067d46e0fd86aca4e04ec102
8c2e98db7573c6d3c76454f96035b06d5e58eb36c4811de2e93a04ca8966d162

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 31 Aug 2023 16:00:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
a400cf16b1d7599abf0c3d84396d4dcf
ee7008d9c5ab4e79ebdad5508831a050248115de
d25b07b54abb9acaff33f0bb887bab3b6eb1568bf0bf204364269716f22302c3

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 31 Aug 2023 16:00:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

miro.medium.com/v2/resize:fill:60:60/1*fd7CcLfnloJUF54rlmjbEQ.png

162.159.153.4

200 OK

2.5 kB

URL GET HTTP/3
miro.medium.com/v2/resize:fill:60:60/1*fd7CcLfnloJUF54rlmjbEQ.png
IP
162.159.153.4:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerCloudflare, Inc.
Subjectmedium.com
FingerprintC1:F5:F2:1F:BB:E1:6E:CF:41:84:19:7C:8D:96:EF:01:6B:9B:CF:DC
ValiditySun, 20 Aug 2023 00:00:00 GMT - Sat, 18 Nov 2023 23:59:59 GMT

File type
PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced\012- data
Size
2.5 kB (2506 bytes)
Hash
141379735085c017619c18b67e4c7e6d
a6e0fb740da05023ccf68cd243f52b7fa7b0243f
a4ae38f376fa478ae7af33690b8ea140cc61d2761418d608801d5f8deb7b5000

HTTP Headers

GET /v2/resize:fill:60:60/1*fd7CcLfnloJUF54rlmjbEQ.png HTTP/1.1
Host: miro.medium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mirror-medium.com/
DNT: 1
Connection: keep-alive
Cookie: __cfruid=980af2c876a0ef460fe020d09073df9d81ebbb9f-1693497655
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 31 Aug 2023 16:00:55 GMT
content-type: image/png
content-length: 2506
sepia-upstream: medium
access-control-allow-origin: *
cache-control: public, max-age=31536000
content-disposition: inline; filename="1*fd7CcLfnloJUF54rlmjbEQ.png"
content-security-policy: script-src 'none'
etag: "152yEylKEMWMGnMK4ya_rcYawyQVEwz4A7rwbuainwA/RIjdkZGVjMjcwYjdlNzk2ODI1NDE3OWUyYjk2NjhkYjExIg"
expires: Fri, 30 Aug 2024 16:00:55 GMT
medium-fulfilled-by: miro-v2/main-20230504-173313-6b0ae64c18
x-envoy-upstream-service-time: 96
x-request-id: 6446be97-55dc-4ba2-91ab-de6cc6f23733
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7ff67d395c955690-OSL
alt-svc: h3=":443"; ma=86400

unpkg.com/highlight.run@7.5.0/dist/index.umd.js

104.16.123.175

200 OK

13 kB

URL GET HTTP/2
unpkg.com/highlight.run@7.5.0/dist/index.umd.js
IP
104.16.123.175:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintF7:B6:41:CA:15:FD:D1:0C:27:39:55:5D:C5:CE:3F:1C:A6:BB:9D:6F
ValidityTue, 02 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT

File type
ASCII text, with very long lines (37110)
Size
13 kB (12669 bytes)
Hash
b32de0abc0b48425df36d0d80e40d761
3229df45e57a8bd33dc5a388c541ba73a50c5c2a
2c08b8b683d1e585af3800499213387540968e692372dae3c64e863913f5a220

HTTP Headers

GET /highlight.run@7.5.0/dist/index.umd.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mirror-medium.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 31 Aug 2023 16:00:55 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Fri, 22 Jun 1984 21:50:00 GMT
etag: W/"90f7-MinfReV6i9M9xaOIxUG6c6UMXCo"
via: 1.1 fly.io
fly-request-id: 01H9656NMGFKCB1YMMQCS80XGR-fra
cf-cache-status: HIT
age: 11
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7ff67d3978ff569f-OSL
content-encoding: br
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
3f3748de57691f2f1755a7268854f753
65725a8df6ce3217b7f0d38d5f6e9834dc7d25f1
37142f58e3d799f83113c070edfe50406e272a8919035abf45477f746acdea38

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 31 Aug 2023 16:00:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

216.58.207.227

200 OK

7.7 kB

URL GET HTTP/2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint1B:14:11:9F:49:14:C3:A3:7C:87:B0:E1:5B:18:75:10:3D:2A:B3:72
ValidityMon, 07 Aug 2023 12:21:56 GMT - Mon, 30 Oct 2023 12:21:55 GMT

File type
Web Open Font Format (Version 2), TrueType, length 7748, version 1.0\012- data
Size
7.7 kB (7748 bytes)
Hash
a09f2fccfee35b7247b08a1a266f0328
0da2d17e738f46d2a09e6fb7969da451719a9820
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446

HTTP Headers

GET /s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mirror-medium.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7748
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 26 Aug 2023 13:23:30 GMT
expires: Sun, 25 Aug 2024 13:23:30 GMT
cache-control: public, max-age=31536000
age: 441445
last-modified: Wed, 27 Apr 2022 16:21:30 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

mirror-medium.com/

185.61.153.110

5.8 kB

URL
mirror-medium.com/
IP
185.61.153.110:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (439)
Size
5.8 kB (5843 bytes)
Hash
760fdd682e2751dbfae5c9f9987165e1
fee6b45d61fd1e8fdd73dd46025584b3f11968d3
f170ce8abdf296c371956d07738dfa36d09ea0a014d84afd92932ef2eeb2e510

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: mirror-medium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
cache-control: public, max-age=0
expires: Thu, 31 Aug 2023 16:00:55 GMT
content-length: 5843
content-encoding: br
vary: Accept-Encoding
date: Thu, 31 Aug 2023 16:00:55 GMT
server: LiteSpeed
x-ua-compatible: IE=edge
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

fonts.gstatic.com/s/crimsontext/v19/wlp2gwHKFkZgtmSR3NB0oRJfbwhT.woff2

216.58.207.227

200 OK

25 kB

URL GET HTTP/2
fonts.gstatic.com/s/crimsontext/v19/wlp2gwHKFkZgtmSR3NB0oRJfbwhT.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint1B:14:11:9F:49:14:C3:A3:7C:87:B0:E1:5B:18:75:10:3D:2A:B3:72
ValidityMon, 07 Aug 2023 12:21:56 GMT - Mon, 30 Oct 2023 12:21:55 GMT

File type
Web Open Font Format (Version 2), TrueType, length 25184, version 1.0\012- data
Size
25 kB (25184 bytes)
Hash
23eec75ba54d389a0188abbb596b7614
daa4672ad515a108325f52116e9a49aab8cdd5fa
538c7067580f457dd3dd98ebaabeb19405c12bdd01674d3db8fd9948ee73c862

HTTP Headers

GET /s/crimsontext/v19/wlp2gwHKFkZgtmSR3NB0oRJfbwhT.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mirror-medium.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 25184
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Aug 2023 01:33:21 GMT
expires: Wed, 28 Aug 2024 01:33:21 GMT
cache-control: public, max-age=31536000
age: 224854
last-modified: Tue, 24 May 2022 18:26:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
3f3748de57691f2f1755a7268854f753
65725a8df6ce3217b7f0d38d5f6e9834dc7d25f1
37142f58e3d799f83113c070edfe50406e272a8919035abf45477f746acdea38

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 31 Aug 2023 16:00:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.r2m02.amazontrust.com/

143.204.48.16

471 B

URL
ocsp.r2m02.amazontrust.com/
IP
143.204.48.16:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
9f2646c0114f5d8b8aac76a600d60102
81e3a9947dcce8a39ecc60ebf6dc8f18b741508b
3b7fef779281ff0d4e289067366e4f5f4efabdc52f51d35bc97f1489370f135c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Thu, 31 Aug 2023 16:00:55 GMT
Last-Modified: Thu, 31 Aug 2023 14:49:25 GMT
Server: ECAcc (amb/6B04)
X-Cache: Miss from cloudfront
Via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: KW5f9elR9GQNOjyr3q0XgMTBAvKLmWOIwEc22mZL-yGrx5L_lPD_uQ==
Age: 4290

static.highlight.io/v7.5.0/index.js

54.230.111.56

200 OK

99 kB

URL GET HTTP/2
static.highlight.io/v7.5.0/index.js
IP
54.230.111.56:443
ASN
#16509 AMAZON-02

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerAmazon
Subjectstatic.highlight.io
Fingerprint1C:0A:21:FF:EA:D5:F6:60:0D:16:08:2B:CD:EE:AA:96:FD:60:DB:53
ValidityThu, 27 Oct 2022 00:00:00 GMT - Sat, 25 Nov 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
99 kB (98994 bytes)
Hash
918103971fcd8ac2c4d971dc19f94a91
7b1dce97b5e54bc05bb0dff7c010bf7ac0c66986
7e46db24348ef39bc103780cdc16e63d9f6cb1a29f596d4d203d15d0c8bfbebb

HTTP Headers

GET /v7.5.0/index.js HTTP/1.1
Host: static.highlight.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
date: Wed, 30 Aug 2023 17:41:23 GMT
last-modified: Wed, 30 Aug 2023 17:36:42 GMT
etag: W/"918103971fcd8ac2c4d971dc19f94a91"
x-amz-server-side-encryption: AES256
cache-control: public, immutable, max-age=31536000
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: GQM33mL8zhhDIpzX3FB_c59JENvg5WIjv2cBV8tr5h8R6jPuFIwQZg==
age: 80373
X-Firefox-Spdy: h2

ocsp.r2m02.amazontrust.com/

143.204.48.16

471 B

URL
ocsp.r2m02.amazontrust.com/
IP
143.204.48.16:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
9f2646c0114f5d8b8aac76a600d60102
81e3a9947dcce8a39ecc60ebf6dc8f18b741508b
3b7fef779281ff0d4e289067366e4f5f4efabdc52f51d35bc97f1489370f135c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Thu, 31 Aug 2023 16:00:55 GMT
Last-Modified: Thu, 31 Aug 2023 14:26:21 GMT
Server: ECAcc (ska/F757)
X-Cache: Miss from cloudfront
Via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: CDi6G3jQ524dGkUSPXuuyVIRzJ4EIzEZNwy5XJUJkuFVBqz10RUgfg==
Age: 5674

o407027.ingest.sentry.io/api/6244912/envelope/?sentry_key=43236543f254454390626b5f7ec0de92&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.29.0

34.120.195.249

200 OK

2 B

URL POST HTTP/2
o407027.ingest.sentry.io/api/6244912/envelope/?sentry_key=43236543f254454390626b5f7ec0de92&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.29.0
IP
34.120.195.249:443
ASN
#15169 GOOGLE

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerDigiCert Inc
Subjectingest.sentry.io
FingerprintE6:02:79:BF:9C:EF:53:C1:5D:BA:58:F5:2B:59:51:19:EE:9D:70:91
ValidityTue, 25 Jul 2023 00:00:00 GMT - Sat, 24 Aug 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

HTTP Headers

POST /api/6244912/envelope/?sentry_key=43236543f254454390626b5f7ec0de92&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.29.0 HTTP/1.1
Host: o407027.ingest.sentry.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mirror-medium.com/
Content-Type: text/plain;charset=UTF-8
Content-Length: 404
Origin: https://mirror-medium.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 31 Aug 2023 16:00:55 GMT
content-type: application/json
content-length: 2
access-control-allow-origin: *
vary: origin,access-control-request-method,access-control-request-headers
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy: cross-origin
x-envoy-upstream-service-time: 0
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

o407027.ingest.sentry.io/api/6244912/envelope/?sentry_key=43236543f254454390626b5f7ec0de92&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.29.0

34.120.195.249

200 OK

41 B

URL POST HTTP/2
o407027.ingest.sentry.io/api/6244912/envelope/?sentry_key=43236543f254454390626b5f7ec0de92&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.29.0
IP
34.120.195.249:443
ASN
#15169 GOOGLE

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerDigiCert Inc
Subjectingest.sentry.io
FingerprintE6:02:79:BF:9C:EF:53:C1:5D:BA:58:F5:2B:59:51:19:EE:9D:70:91
ValidityTue, 25 Jul 2023 00:00:00 GMT - Sat, 24 Aug 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
41 B (41 bytes)
Hash
33ee1cb740239d174d32d9b5e1c27dda
88c617b0cf2628cab76ecbe89a9e57faad249e85
58e51f246d5176d159800c8f04245c32100024481f778fa6a710e1bcb110d4be

HTTP Headers

POST /api/6244912/envelope/?sentry_key=43236543f254454390626b5f7ec0de92&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.29.0 HTTP/1.1
Host: o407027.ingest.sentry.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mirror-medium.com/
Content-Length: 8517
Origin: https://mirror-medium.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 31 Aug 2023 16:00:55 GMT
content-type: application/json
content-length: 41
access-control-allow-origin: *
vary: origin,access-control-request-method,access-control-request-headers
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy: cross-origin
x-envoy-upstream-service-time: 0
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

mirror-medium.com/img/icons/android-icon-192x192.png

185.61.153.110

200 OK

9.8 kB

URL GET HTTP/2
mirror-medium.com/img/icons/android-icon-192x192.png
IP
185.61.153.110:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerSectigo Limited
Subjectmirror-medium.com
Fingerprint1D:CB:0E:06:6E:39:D6:6C:BB:D1:C9:9F:11:5E:1A:03:9F:CB:16:D5
ValidityMon, 14 Nov 2022 00:00:00 GMT - Tue, 21 Nov 2023 23:59:59 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
9.8 kB (9776 bytes)
Hash
957c5ede854068a228aef05869018015
7206109c86197ffaea65cbacf61aae593aa60292
32d3e83882995a714e0a6ad917959344210fbb2eaf36154575dcf6a83f65ccf6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/icons/android-icon-192x192.png HTTP/1.1
Host: mirror-medium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Cookie: _ga_NG5GYKZ70H=GS1.1.1693497644.1.0.1693497644.0.0.0; _ga=GA1.1.1170710639.1693497644
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=2592000
expires: Sat, 30 Sep 2023 16:00:56 GMT
content-type: image/png
last-modified: Sat, 20 Nov 2021 18:03:32 GMT
accept-ranges: bytes
content-length: 9776
date: Thu, 31 Aug 2023 16:00:56 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

mirror-medium.com/img/icons/favicon-16x16.png

185.61.153.110

200 OK

1.0 kB

URL GET HTTP/2
mirror-medium.com/img/icons/favicon-16x16.png
IP
185.61.153.110:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerSectigo Limited
Subjectmirror-medium.com
Fingerprint1D:CB:0E:06:6E:39:D6:6C:BB:D1:C9:9F:11:5E:1A:03:9F:CB:16:D5
ValidityMon, 14 Nov 2022 00:00:00 GMT - Tue, 21 Nov 2023 23:59:59 GMT

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Size
1.0 kB (1024 bytes)
Hash
43b8048ba2a7226ab05ac621e70e7d3b
1fa93ff88ce03367e27626ee2951098e3a407ac1
61dd257ecd891d7c934393fb194e749fb915dda57499df3dd6c6c8fb8c032ad7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/icons/favicon-16x16.png HTTP/1.1
Host: mirror-medium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Cookie: _ga_NG5GYKZ70H=GS1.1.1693497644.1.0.1693497644.0.0.0; _ga=GA1.1.1170710639.1693497644
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=2592000
expires: Sat, 30 Sep 2023 16:00:56 GMT
content-type: image/png
last-modified: Sat, 20 Nov 2021 18:03:32 GMT
accept-ranges: bytes
content-length: 1024
date: Thu, 31 Aug 2023 16:00:56 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

ocsp.r2m02.amazontrust.com/

143.204.48.16

471 B

URL
ocsp.r2m02.amazontrust.com/
IP
143.204.48.16:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
f4c1abcba16330aea46a01f7a77a8207
062428984e0f5dd71fcafde6fa9fa875e840b47d
6ab1495fec528cdd31da158e0a63c815013876202939ab6aa851eb2421190d8b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Thu, 31 Aug 2023 16:00:56 GMT
Last-Modified: Thu, 31 Aug 2023 14:32:35 GMT
Server: ECAcc (ska/F756)
X-Cache: Miss from cloudfront
Via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: iQa4K1n0vDYuGJT6X7NY00YlN0gYarLhrgrq-s0S6MfReksrWD0OAA==
Age: 5301

ocsp.r2m02.amazontrust.com/

143.204.48.16

471 B

URL
ocsp.r2m02.amazontrust.com/
IP
143.204.48.16:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
f4c1abcba16330aea46a01f7a77a8207
062428984e0f5dd71fcafde6fa9fa875e840b47d
6ab1495fec528cdd31da158e0a63c815013876202939ab6aa851eb2421190d8b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Thu, 31 Aug 2023 16:00:56 GMT
Last-Modified: Thu, 31 Aug 2023 14:39:09 GMT
Server: ECAcc (ska/F790)
X-Cache: Miss from cloudfront
Via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: LyfiZZ4mDwn4yEt_B_VhIETFpEDPpnXLe0jFDmKsTb4Wkq3gq4iCIw==
Age: 4907

pub.highlight.run/

52.14.99.139

200 OK

0 B

URL POST HTTP/2
pub.highlight.run/
IP
52.14.99.139:443
ASN
#16509 AMAZON-02

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerAmazon
Subjectpub.highlight.run
Fingerprint34:00:AE:C7:18:43:EF:CC:69:5B:E0:5D:62:64:BA:90:A7:5A:F0:72
ValidityWed, 05 Jul 2023 00:00:00 GMT - Fri, 02 Aug 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS / HTTP/1.1
Host: pub.highlight.run
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://mirror-medium.com/
Origin: https://mirror-medium.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 31 Aug 2023 16:00:56 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-methods: POST
access-control-allow-origin: https://mirror-medium.com
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
X-Firefox-Spdy: h2

pub.highlight.run/

52.14.99.139

200 OK

84 B

URL POST HTTP/2
pub.highlight.run/
IP
52.14.99.139:443
ASN
#16509 AMAZON-02

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerAmazon
Subjectpub.highlight.run
Fingerprint34:00:AE:C7:18:43:EF:CC:69:5B:E0:5D:62:64:BA:90:A7:5A:F0:72
ValidityWed, 05 Jul 2023 00:00:00 GMT - Fri, 02 Aug 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
84 B (84 bytes)
Hash
1695e362ed7cf6b5020672d6f33fb8ad
1be1c7f4baa7ccc765e34bed3bf31d35ad7a47fe
4a302fd07b93405414e4f8aadc067b44bc00546f43463e5e0e14507e5e486e1d

HTTP Headers

POST / HTTP/1.1
Host: pub.highlight.run
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 1811
Origin: https://mirror-medium.com
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 31 Aug 2023 16:00:56 GMT
content-type: application/json
content-length: 84
access-control-allow-credentials: true
access-control-allow-origin: https://mirror-medium.com
content-encoding: br
vary: Accept-Encoding
X-Firefox-Spdy: h2

pub.highlight.run/

52.14.99.139

200 OK

67 B

URL POST HTTP/2
pub.highlight.run/
IP
52.14.99.139:443
ASN
#16509 AMAZON-02

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerAmazon
Subjectpub.highlight.run
Fingerprint34:00:AE:C7:18:43:EF:CC:69:5B:E0:5D:62:64:BA:90:A7:5A:F0:72
ValidityWed, 05 Jul 2023 00:00:00 GMT - Fri, 02 Aug 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
67 B (67 bytes)
Hash
f1a2ec129ef5a0e2988121bbddecdd88
94af7ba3378b11200d7dfb9d3042f2177bba7a8d
b7341d5b54a433f607007c176f047331bdb2c89feec7073a3b75294e5e4681b1

HTTP Headers

POST / HTTP/1.1
Host: pub.highlight.run
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 425
Origin: https://mirror-medium.com
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 31 Aug 2023 16:00:56 GMT
content-type: application/json
content-length: 67
access-control-allow-credentials: true
access-control-allow-origin: https://mirror-medium.com
content-encoding: br
vary: Accept-Encoding
X-Firefox-Spdy: h2

pub.highlight.run/

52.14.99.139

200 OK

30 B

URL POST HTTP/2
pub.highlight.run/
IP
52.14.99.139:443
ASN
#16509 AMAZON-02

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerAmazon
Subjectpub.highlight.run
Fingerprint34:00:AE:C7:18:43:EF:CC:69:5B:E0:5D:62:64:BA:90:A7:5A:F0:72
ValidityWed, 05 Jul 2023 00:00:00 GMT - Fri, 02 Aug 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
30 B (30 bytes)
Hash
09c973fb5085d21f461964faac39fd21
24b68ac5a82b8e64cd99d449953834fd21dd998c
1866794ad9b790d526e1ac4b4d5792593716e6c17832c4daa3aaaaafd0779f22

HTTP Headers

POST / HTTP/1.1
Host: pub.highlight.run
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 1316
Origin: https://mirror-medium.com
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 31 Aug 2023 16:00:57 GMT
content-type: application/json
content-length: 30
access-control-allow-credentials: true
access-control-allow-origin: https://mirror-medium.com
content-encoding: br
vary: Accept-Encoding
X-Firefox-Spdy: h2

pub.highlight.run/

52.14.99.139

200 OK

34 B

URL POST HTTP/2
pub.highlight.run/
IP
52.14.99.139:443
ASN
#16509 AMAZON-02

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerAmazon
Subjectpub.highlight.run
Fingerprint34:00:AE:C7:18:43:EF:CC:69:5B:E0:5D:62:64:BA:90:A7:5A:F0:72
ValidityWed, 05 Jul 2023 00:00:00 GMT - Fri, 02 Aug 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
34 B (34 bytes)
Hash
a401357a4b3d815de6be101cbc317eb8
2658f5ebd724bab684976b9cac21744c556c0934
08e9db01adc4c934dfeb7b68b2f3506cf8b3d2e9b9c29c4e52b0a3ef39438b81

HTTP Headers

POST / HTTP/1.1
Host: pub.highlight.run
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 15668
Origin: https://mirror-medium.com
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 31 Aug 2023 16:00:57 GMT
content-type: application/json
content-length: 34
access-control-allow-credentials: true
access-control-allow-origin: https://mirror-medium.com
content-encoding: br
vary: Accept-Encoding
X-Firefox-Spdy: h2

mirror-medium.com//pages/get_rss_links.php?t=https://medium.com/feed/product-manager-hq

185.61.153.110

200 OK

2.2 kB

URL GET HTTP/2
mirror-medium.com//pages/get_rss_links.php?t=https://medium.com/feed/product-manager-hq
IP
185.61.153.110:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerSectigo Limited
Subjectmirror-medium.com
Fingerprint1D:CB:0E:06:6E:39:D6:6C:BB:D1:C9:9F:11:5E:1A:03:9F:CB:16:D5
ValidityMon, 14 Nov 2022 00:00:00 GMT - Tue, 21 Nov 2023 23:59:59 GMT

File type
JSON data\012- , ASCII text, with very long lines (2185)
Size
2.2 kB (2186 bytes)
Hash
3c62585642d832e18d57b92d9e544227
cfb2f1e925eb1bc67043b92241d83b30a962bbe1
311e33554068f470c15e0ae99c04ed6804ac8fa4b79530ad509491d1701ce3f3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET //pages/get_rss_links.php?t=https://medium.com/feed/product-manager-hq HTTP/1.1
Host: mirror-medium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Cookie: _ga_NG5GYKZ70H=GS1.1.1693497644.1.0.1693497644.0.0.0; _ga=GA1.1.1170710639.1693497644
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/json; charset=utf-8
cache-control: public, max-age=0
expires: Thu, 31 Aug 2023 16:00:58 GMT
content-length: 2186
date: Thu, 31 Aug 2023 16:00:58 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

mirror-medium.com/img/avatar-img.png

185.61.153.110

200 OK

955 B

URL GET HTTP/2
mirror-medium.com/img/avatar-img.png
IP
185.61.153.110:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerSectigo Limited
Subjectmirror-medium.com
Fingerprint1D:CB:0E:06:6E:39:D6:6C:BB:D1:C9:9F:11:5E:1A:03:9F:CB:16:D5
ValidityMon, 14 Nov 2022 00:00:00 GMT - Tue, 21 Nov 2023 23:59:59 GMT

File type
PNG image data, 30 x 30, 8-bit/color RGB, non-interlaced\012- data
Size
955 B (955 bytes)
Hash
9d9582b395e99c213b6878cb33fb6962
f66cbae85dee8031424d4dee969b50bdc47ec69a
fa204fddd5b32cc3d4453f898f3b38cb00af98a5b9417ee89663191c82726c8e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/avatar-img.png HTTP/1.1
Host: mirror-medium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Cookie: _ga_NG5GYKZ70H=GS1.1.1693497644.1.0.1693497644.0.0.0; _ga=GA1.1.1170710639.1693497644
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=2592000
expires: Sat, 30 Sep 2023 16:00:58 GMT
content-type: image/png
last-modified: Mon, 10 Jan 2022 07:15:08 GMT
accept-ranges: bytes
content-length: 955
date: Thu, 31 Aug 2023 16:00:58 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

mirror-medium.com/img/skelaton-img.png

185.61.153.110

200 OK

1.3 kB

URL GET HTTP/2
mirror-medium.com/img/skelaton-img.png
IP
185.61.153.110:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerSectigo Limited
Subjectmirror-medium.com
Fingerprint1D:CB:0E:06:6E:39:D6:6C:BB:D1:C9:9F:11:5E:1A:03:9F:CB:16:D5
ValidityMon, 14 Nov 2022 00:00:00 GMT - Tue, 21 Nov 2023 23:59:59 GMT

File type
PNG image data, 315 x 159, 8-bit/color RGB, non-interlaced\012- data
Size
1.3 kB (1322 bytes)
Hash
f62cb8110e17d2e65c762d03015749fc
7e982112809f0e34661600c241ffc123e58a7e5a
0b718dd1ddbcf30e70db4c11a9a22ce632ab81b95fe3aca685707d2b0d5eed14

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/skelaton-img.png HTTP/1.1
Host: mirror-medium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Cookie: _ga_NG5GYKZ70H=GS1.1.1693497644.1.0.1693497644.0.0.0; _ga=GA1.1.1170710639.1693497644
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=2592000
expires: Sat, 30 Sep 2023 16:00:58 GMT
content-type: image/png
last-modified: Mon, 10 Jan 2022 06:56:23 GMT
accept-ranges: bytes
content-length: 1322
date: Thu, 31 Aug 2023 16:00:58 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

mirror-medium.com/pages/get_article_meta.php?t=https://medium.com/product-manager-hq/product-synergies-c4b06e06a415?source=rss----d608fc558b52---4

185.61.153.110

200 OK

619 B

URL GET HTTP/2
mirror-medium.com/pages/get_article_meta.php?t=https://medium.com/product-manager-hq/product-synergies-c4b06e06a415?source=rss----d608fc558b52---4
IP
185.61.153.110:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerSectigo Limited
Subjectmirror-medium.com
Fingerprint1D:CB:0E:06:6E:39:D6:6C:BB:D1:C9:9F:11:5E:1A:03:9F:CB:16:D5
ValidityMon, 14 Nov 2022 00:00:00 GMT - Tue, 21 Nov 2023 23:59:59 GMT

File type
JSON data\012- , ASCII text, with very long lines (616)
Size
619 B (619 bytes)
Hash
949056b672f20122a0e21860228367bc
53fa661b39816ccb481ea1b500607cb607592465
d897c451e26195a357dfd4ae485fc36a17648a9bb269a58ebf68b0cfc0874305

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pages/get_article_meta.php?t=https://medium.com/product-manager-hq/product-synergies-c4b06e06a415?source=rss----d608fc558b52---4 HTTP/1.1
Host: mirror-medium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Cookie: _ga_NG5GYKZ70H=GS1.1.1693497644.1.0.1693497644.0.0.0; _ga=GA1.1.1170710639.1693497644
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/json; charset=utf-8
cache-control: public, max-age=0
expires: Thu, 31 Aug 2023 16:00:58 GMT
content-length: 619
date: Thu, 31 Aug 2023 16:00:58 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

miro.medium.com/v2/resize:fit:1000/0*7jAp54oq1eRygA0f.jpeg

162.159.153.4

200 OK

28 kB

URL GET HTTP/3
miro.medium.com/v2/resize:fit:1000/0*7jAp54oq1eRygA0f.jpeg
IP
162.159.153.4:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerCloudflare, Inc.
Subjectmedium.com
FingerprintC1:F5:F2:1F:BB:E1:6E:CF:41:84:19:7C:8D:96:EF:01:6B:9B:CF:DC
ValiditySun, 20 Aug 2023 00:00:00 GMT - Sat, 18 Nov 2023 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=5, orientation=upper-left, xresolution=74, yresolution=82, resolutionunit=2], baseline, precision 8, 1000x662, components 3\012- data
Size
28 kB (27787 bytes)
Hash
1cf09c2a864071629049ac39efb442c6
a8d85de59a72f7a110a132aee6c1b8354045a4ad
2ba598b7ad859f49bc4f84e4854aca349bd7919b55f6f6dda28d7872998b0852

HTTP Headers

GET /v2/resize:fit:1000/0*7jAp54oq1eRygA0f.jpeg HTTP/1.1
Host: miro.medium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/
Cookie: __cfruid=980af2c876a0ef460fe020d09073df9d81ebbb9f-1693497655
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 31 Aug 2023 16:00:58 GMT
content-type: image/jpeg
content-length: 27787
cf-bgj: h2pri
sepia-upstream: medium
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-origin: *
cache-control: public, max-age=31536000
content-disposition: inline; filename="0*7jAp54oq1eRygA0f.jpg"
content-security-policy: script-src 'none'
etag: "hlfIPUxoSL0RsahRXXbWt0H132QRLQ4MLCuz2JDzdnc/RIjgyYTNkYjUzMzRlYWFiZTc4NGEzZGU5MGU1M2M5NjE1Ig"
expires: Fri, 30 Aug 2024 16:00:58 GMT
medium-fulfilled-by: miro-v2/main-20230504-173313-6b0ae64c18
x-envoy-upstream-service-time: 75
x-request-id: 7bf975a6-6bbb-4429-8b5d-7ad4f51f95e5
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7ff67d4e1bda5690-OSL
alt-svc: h3=":443"; ma=86400

mirror-medium.com/pages/get_article_meta.php?t=https://medium.com/product-manager-hq/the-differences-between-resumes-and-linkedin-profiles-for-product-managers-229bdc263d23?source=rss----d608fc558b52---4

185.61.153.110

200 OK

688 B

URL GET HTTP/2
mirror-medium.com/pages/get_article_meta.php?t=https://medium.com/product-manager-hq/the-differences-between-resumes-and-linkedin-profiles-for-product-managers-229bdc263d23?source=rss----d608fc558b52---4
IP
185.61.153.110:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerSectigo Limited
Subjectmirror-medium.com
Fingerprint1D:CB:0E:06:6E:39:D6:6C:BB:D1:C9:9F:11:5E:1A:03:9F:CB:16:D5
ValidityMon, 14 Nov 2022 00:00:00 GMT - Tue, 21 Nov 2023 23:59:59 GMT

File type
JSON data\012- , ASCII text, with very long lines (685)
Size
688 B (688 bytes)
Hash
c68bdbd33cc23c39a7fbba25e4df0047
a2e95144a02049c16fa9cebafaec58a346fe921c
b05f9fad603a07567223c9889c93737d2fa209e69411bbd6571325a60b071b55

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pages/get_article_meta.php?t=https://medium.com/product-manager-hq/the-differences-between-resumes-and-linkedin-profiles-for-product-managers-229bdc263d23?source=rss----d608fc558b52---4 HTTP/1.1
Host: mirror-medium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Cookie: _ga_NG5GYKZ70H=GS1.1.1693497644.1.0.1693497644.0.0.0; _ga=GA1.1.1170710639.1693497644
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/json; charset=utf-8
cache-control: public, max-age=0
expires: Thu, 31 Aug 2023 16:00:59 GMT
content-length: 688
date: Thu, 31 Aug 2023 16:00:59 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

mirror-medium.com/pages/get_article_meta.php?t=https://medium.com/product-manager-hq/coordination-costs-8d614a81ec08?source=rss----d608fc558b52---4

185.61.153.110

200 OK

620 B

URL GET HTTP/2
mirror-medium.com/pages/get_article_meta.php?t=https://medium.com/product-manager-hq/coordination-costs-8d614a81ec08?source=rss----d608fc558b52---4
IP
185.61.153.110:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerSectigo Limited
Subjectmirror-medium.com
Fingerprint1D:CB:0E:06:6E:39:D6:6C:BB:D1:C9:9F:11:5E:1A:03:9F:CB:16:D5
ValidityMon, 14 Nov 2022 00:00:00 GMT - Tue, 21 Nov 2023 23:59:59 GMT

File type
JSON data\012- , ASCII text, with very long lines (617)
Size
620 B (620 bytes)
Hash
808a5b09740e72f5e340eb8421bf8148
e2b5317a77a09a7edd4f4fbdcac36637fb6e491b
e4b76dec1e3f7c299d069948bb4a88b3462e71a567233200f17f8128378449aa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pages/get_article_meta.php?t=https://medium.com/product-manager-hq/coordination-costs-8d614a81ec08?source=rss----d608fc558b52---4 HTTP/1.1
Host: mirror-medium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Cookie: _ga_NG5GYKZ70H=GS1.1.1693497644.1.0.1693497644.0.0.0; _ga=GA1.1.1170710639.1693497644
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/json; charset=utf-8
cache-control: public, max-age=0
expires: Thu, 31 Aug 2023 16:00:59 GMT
content-length: 620
date: Thu, 31 Aug 2023 16:00:59 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

miro.medium.com/v2/resize:fit:1000/0*Pb9f-FNUUZgER2T1.png

162.159.153.4

200 OK

23 kB

URL GET HTTP/3
miro.medium.com/v2/resize:fit:1000/0*Pb9f-FNUUZgER2T1.png
IP
162.159.153.4:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerCloudflare, Inc.
Subjectmedium.com
FingerprintC1:F5:F2:1F:BB:E1:6E:CF:41:84:19:7C:8D:96:EF:01:6B:9B:CF:DC
ValiditySun, 20 Aug 2023 00:00:00 GMT - Sat, 18 Nov 2023 23:59:59 GMT

File type
PNG image data, 1000 x 662, 8-bit colormap, non-interlaced\012- data
Size
23 kB (23369 bytes)
Hash
306176a681f2fb7b7e2ccfe8cc74d4ac
6c982a4da271b2792a2f9dc0b606ae8a29fe7e9b
811821340a892967d515604a13477445bb9ca73e86b3905da9840fc16e5f67aa

HTTP Headers

GET /v2/resize:fit:1000/0*Pb9f-FNUUZgER2T1.png HTTP/1.1
Host: miro.medium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/
Cookie: __cfruid=980af2c876a0ef460fe020d09073df9d81ebbb9f-1693497655
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 31 Aug 2023 16:00:59 GMT
content-type: image/png
content-length: 23369
sepia-upstream: medium
access-control-allow-origin: *
cache-control: public, max-age=31536000
content-disposition: inline; filename="0*Pb9f-FNUUZgER2T1.png"
content-security-policy: script-src 'none'
etag: "hlfIPUxoSL0RsahRXXbWt0H132QRLQ4MLCuz2JDzdnc/RIjFiZmM2ZjNmZWE0ZGMyYzA0NWRjN2Y1MzFhMjQ5ODBlIg"
expires: Fri, 30 Aug 2024 16:00:59 GMT
medium-fulfilled-by: miro-v2/main-20230504-173313-6b0ae64c18
x-envoy-upstream-service-time: 131
x-request-id: dc66a89e-d3a5-4986-9ab6-c578c2d36655
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7ff67d53aa865690-OSL
alt-svc: h3=":443"; ma=86400

pub.highlight.run/

52.14.99.139

200 OK

34 B

URL POST HTTP/2
pub.highlight.run/
IP
52.14.99.139:443
ASN
#16509 AMAZON-02

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerAmazon
Subjectpub.highlight.run
Fingerprint34:00:AE:C7:18:43:EF:CC:69:5B:E0:5D:62:64:BA:90:A7:5A:F0:72
ValidityWed, 05 Jul 2023 00:00:00 GMT - Fri, 02 Aug 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
34 B (34 bytes)
Hash
bd2315d8156e0e11e208899bc0bd9b04
5ae5225dee2a010cd2e538ade1e5daef917f085b
b36490c177d3944f1f26e632fc56e0f9c45e052862aba5e8f634cc44c8988769

HTTP Headers

POST / HTTP/1.1
Host: pub.highlight.run
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 41110
Origin: https://mirror-medium.com
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 31 Aug 2023 16:00:59 GMT
content-type: application/json
content-length: 34
access-control-allow-credentials: true
access-control-allow-origin: https://mirror-medium.com
content-encoding: br
vary: Accept-Encoding
X-Firefox-Spdy: h2

mirror-medium.com/pages/get_article_meta.php?t=https://medium.com/product-manager-hq/what-is-the-best-framework-to-prioritize-what-to-work-on-next-b20c091b1829?source=rss----d608fc558b52---4

185.61.153.110

200 OK

673 B

URL GET HTTP/2
mirror-medium.com/pages/get_article_meta.php?t=https://medium.com/product-manager-hq/what-is-the-best-framework-to-prioritize-what-to-work-on-next-b20c091b1829?source=rss----d608fc558b52---4
IP
185.61.153.110:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerSectigo Limited
Subjectmirror-medium.com
Fingerprint1D:CB:0E:06:6E:39:D6:6C:BB:D1:C9:9F:11:5E:1A:03:9F:CB:16:D5
ValidityMon, 14 Nov 2022 00:00:00 GMT - Tue, 21 Nov 2023 23:59:59 GMT

File type
JSON data\012- , ASCII text, with very long lines (670)
Size
673 B (673 bytes)
Hash
d8203541beda45cd56fdfb37b64f9a4e
8cd2c548c76ac5df4bd5958b5b6328a55dc52332
9903aab340076bee9f7ee7b24110d2ae63d86e81d136b817491aed074e71b349

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pages/get_article_meta.php?t=https://medium.com/product-manager-hq/what-is-the-best-framework-to-prioritize-what-to-work-on-next-b20c091b1829?source=rss----d608fc558b52---4 HTTP/1.1
Host: mirror-medium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Cookie: _ga_NG5GYKZ70H=GS1.1.1693497644.1.0.1693497644.0.0.0; _ga=GA1.1.1170710639.1693497644
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/json; charset=utf-8
cache-control: public, max-age=0
expires: Thu, 31 Aug 2023 16:00:59 GMT
content-length: 673
date: Thu, 31 Aug 2023 16:00:59 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

miro.medium.com/v2/resize:fit:1000/0*UYQA4arP94JlSvfD.png

162.159.153.4

200 OK

81 kB

URL GET HTTP/3
miro.medium.com/v2/resize:fit:1000/0*UYQA4arP94JlSvfD.png
IP
162.159.153.4:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerCloudflare, Inc.
Subjectmedium.com
FingerprintC1:F5:F2:1F:BB:E1:6E:CF:41:84:19:7C:8D:96:EF:01:6B:9B:CF:DC
ValiditySun, 20 Aug 2023 00:00:00 GMT - Sat, 18 Nov 2023 23:59:59 GMT

File type
PNG image data, 1000 x 662, 8-bit/color RGBA, non-interlaced\012- data
Size
81 kB (80899 bytes)
Hash
6cac3d1f4a3137cbd6cf65ea7c2a2fb8
c998365e9fd350f1bff5561f5316578fe1bc0755
492ce9b722d1e554e68daae8022b26966d93b867a87699d64055d8d846512681

HTTP Headers

GET /v2/resize:fit:1000/0*UYQA4arP94JlSvfD.png HTTP/1.1
Host: miro.medium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/
Cookie: __cfruid=980af2c876a0ef460fe020d09073df9d81ebbb9f-1693497655
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 31 Aug 2023 16:00:59 GMT
content-type: image/png
content-length: 80899
sepia-upstream: medium
access-control-allow-origin: *
cache-control: public, max-age=31536000
content-disposition: inline; filename="0*UYQA4arP94JlSvfD.png"
content-security-policy: script-src 'none'
etag: "hlfIPUxoSL0RsahRXXbWt0H132QRLQ4MLCuz2JDzdnc/RIjg1Y2M4MGM3YzBkMjJlOWQ5YzVhOTY0YzQ3ZGZlMWI3Ig"
expires: Fri, 30 Aug 2024 16:00:59 GMT
medium-fulfilled-by: miro-v2/main-20230504-173313-6b0ae64c18
x-envoy-upstream-service-time: 178
x-request-id: f40de452-3674-48c4-865e-16baba86240c
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7ff67d54dbe25690-OSL
alt-svc: h3=":443"; ma=86400

miro.medium.com/v2/resize:fit:1153/1*woOn1Zf5MmkG874oqcdnJw.png

162.159.153.4

200 OK

217 kB

URL GET HTTP/3
miro.medium.com/v2/resize:fit:1153/1*woOn1Zf5MmkG874oqcdnJw.png
IP
162.159.153.4:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerCloudflare, Inc.
Subjectmedium.com
FingerprintC1:F5:F2:1F:BB:E1:6E:CF:41:84:19:7C:8D:96:EF:01:6B:9B:CF:DC
ValiditySun, 20 Aug 2023 00:00:00 GMT - Sat, 18 Nov 2023 23:59:59 GMT

File type
PNG image data, 1153 x 932, 8-bit/color RGBA, non-interlaced\012- data
Size
217 kB (217124 bytes)
Hash
c81d7af4d9964c3b4a47eb0b1b7532f0
227beb75145d5ae29f7225f9bdc212af0dc648de
c232d1f87e9362bdfad8da8a4f10212c25d2bdb7bd331992cc850ced6477dd1c

HTTP Headers

GET /v2/resize:fit:1153/1*woOn1Zf5MmkG874oqcdnJw.png HTTP/1.1
Host: miro.medium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/
Cookie: __cfruid=980af2c876a0ef460fe020d09073df9d81ebbb9f-1693497655
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 31 Aug 2023 16:01:00 GMT
content-type: image/png
content-length: 217124
sepia-upstream: medium
access-control-allow-origin: *
cache-control: public, max-age=31536000
content-disposition: inline; filename="1*woOn1Zf5MmkG874oqcdnJw.png"
content-security-policy: script-src 'none'
etag: "UQU1ZavXL-ZXglG35xj42D94-z40o2yN6xlpthJ2h2E/RImMyODNhN2Q1OTdmOTMyNjkwNmYzYmUyOGE5Yzc2NzI3Ig"
expires: Fri, 30 Aug 2024 16:01:00 GMT
medium-fulfilled-by: miro-v2/main-20230504-173313-6b0ae64c18
x-envoy-upstream-service-time: 252
x-request-id: 9d167807-a658-48d4-bf5b-0d94ceed8789
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7ff67d569d5d5690-OSL
alt-svc: h3=":443"; ma=86400

mirror-medium.com/pages/get_article_meta.php?t=https://medium.com/product-manager-hq/how-to-craft-a-solid-product-manager-linkedin-profile-c0fd6346539a?source=rss----d608fc558b52---4

185.61.153.110

200 OK

651 B

URL GET HTTP/2
mirror-medium.com/pages/get_article_meta.php?t=https://medium.com/product-manager-hq/how-to-craft-a-solid-product-manager-linkedin-profile-c0fd6346539a?source=rss----d608fc558b52---4
IP
185.61.153.110:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerSectigo Limited
Subjectmirror-medium.com
Fingerprint1D:CB:0E:06:6E:39:D6:6C:BB:D1:C9:9F:11:5E:1A:03:9F:CB:16:D5
ValidityMon, 14 Nov 2022 00:00:00 GMT - Tue, 21 Nov 2023 23:59:59 GMT

File type
JSON data\012- , ASCII text, with very long lines (648)
Size
651 B (651 bytes)
Hash
0e7e05ffbbc7a9bc3f23e8e756d8daa6
14634793cb31b7273e1ade8a084deb41a053139d
9269eb3fe563ae141cada3d5e6d79ab612ca03141917587263d9b0a2f54d5af0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pages/get_article_meta.php?t=https://medium.com/product-manager-hq/how-to-craft-a-solid-product-manager-linkedin-profile-c0fd6346539a?source=rss----d608fc558b52---4 HTTP/1.1
Host: mirror-medium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Cookie: _ga_NG5GYKZ70H=GS1.1.1693497644.1.0.1693497644.0.0.0; _ga=GA1.1.1170710639.1693497644
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/json; charset=utf-8
cache-control: public, max-age=0
expires: Thu, 31 Aug 2023 16:01:00 GMT
content-length: 651
date: Thu, 31 Aug 2023 16:01:00 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

mirror-medium.com/pages/get_article_meta.php?t=https://medium.com/product-manager-hq/revisiting-past-decisions-9bd12a9436f5?source=rss----d608fc558b52---4

185.61.153.110

200 OK

634 B

URL GET HTTP/2
mirror-medium.com/pages/get_article_meta.php?t=https://medium.com/product-manager-hq/revisiting-past-decisions-9bd12a9436f5?source=rss----d608fc558b52---4
IP
185.61.153.110:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerSectigo Limited
Subjectmirror-medium.com
Fingerprint1D:CB:0E:06:6E:39:D6:6C:BB:D1:C9:9F:11:5E:1A:03:9F:CB:16:D5
ValidityMon, 14 Nov 2022 00:00:00 GMT - Tue, 21 Nov 2023 23:59:59 GMT

File type
JSON data\012- , ASCII text, with very long lines (631)
Size
634 B (634 bytes)
Hash
9d02ed2db60cf89c27a6d8ac2fc4ae54
92cda8f6dfd45b84feb62f17c7acd7eea78e4a29
6078cd56a04b42fbcd93bfdbd76da14696e8a7a0f63d3ecbf96be7712c24d9b4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pages/get_article_meta.php?t=https://medium.com/product-manager-hq/revisiting-past-decisions-9bd12a9436f5?source=rss----d608fc558b52---4 HTTP/1.1
Host: mirror-medium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Cookie: _ga_NG5GYKZ70H=GS1.1.1693497644.1.0.1693497644.0.0.0; _ga=GA1.1.1170710639.1693497644
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/json; charset=utf-8
cache-control: public, max-age=0
expires: Thu, 31 Aug 2023 16:01:00 GMT
content-length: 634
date: Thu, 31 Aug 2023 16:01:00 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

miro.medium.com/v2/resize:fit:1000/1*yBCqCxrIYQgC8cfEF1JxUA.png

162.159.153.4

200 OK

20 kB

URL GET HTTP/3
miro.medium.com/v2/resize:fit:1000/1*yBCqCxrIYQgC8cfEF1JxUA.png
IP
162.159.153.4:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerCloudflare, Inc.
Subjectmedium.com
FingerprintC1:F5:F2:1F:BB:E1:6E:CF:41:84:19:7C:8D:96:EF:01:6B:9B:CF:DC
ValiditySun, 20 Aug 2023 00:00:00 GMT - Sat, 18 Nov 2023 23:59:59 GMT

File type
PNG image data, 1000 x 662, 8-bit colormap, non-interlaced\012- data
Size
20 kB (20292 bytes)
Hash
36d950df6798bd2de25622633cae9193
3f4d8e83297ec434ec3e86ac1f131f90198c1f0d
89d3d18cca5a91d6ebd0d38b16338e19443ee92cb9a09fc78a1fe34d1dda2d83

HTTP Headers

GET /v2/resize:fit:1000/1*yBCqCxrIYQgC8cfEF1JxUA.png HTTP/1.1
Host: miro.medium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/
Cookie: __cfruid=980af2c876a0ef460fe020d09073df9d81ebbb9f-1693497655
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 31 Aug 2023 16:01:00 GMT
content-type: image/png
content-length: 20292
sepia-upstream: medium
access-control-allow-origin: *
cache-control: public, max-age=31536000
content-disposition: inline; filename="1*yBCqCxrIYQgC8cfEF1JxUA.png"
content-security-policy: script-src 'none'
etag: "hlfIPUxoSL0RsahRXXbWt0H132QRLQ4MLCuz2JDzdnc/RImM4MTBhYTBiMWFjODYxMDgwMmYxYzdjNDE3NTI3MTUwIg"
expires: Fri, 30 Aug 2024 16:01:00 GMT
medium-fulfilled-by: miro-v2/main-20230504-173313-6b0ae64c18
x-envoy-upstream-service-time: 97
x-request-id: e477bd01-7ba2-49f5-ba57-f3223cf2a56b
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7ff67d589fda5690-OSL
alt-svc: h3=":443"; ma=86400

miro.medium.com/v2/resize:fit:1000/0*eJUXNqCmN0EV-0Ym.png

162.159.153.4

200 OK

65 kB

URL GET HTTP/3
miro.medium.com/v2/resize:fit:1000/0*eJUXNqCmN0EV-0Ym.png
IP
162.159.153.4:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerCloudflare, Inc.
Subjectmedium.com
FingerprintC1:F5:F2:1F:BB:E1:6E:CF:41:84:19:7C:8D:96:EF:01:6B:9B:CF:DC
ValiditySun, 20 Aug 2023 00:00:00 GMT - Sat, 18 Nov 2023 23:59:59 GMT

File type
PNG image data, 1000 x 662, 8-bit/color RGB, non-interlaced\012- data
Size
65 kB (65414 bytes)
Hash
065344e9425ad5176e759c4256206ab4
f6e03903473afd4b6c57ccc83b4dd96cfcd5d4a3
d8045def42638b35c28b6c40dbaf5b2810500ec397792254d2541bd5e9c28cfa

HTTP Headers

GET /v2/resize:fit:1000/0*eJUXNqCmN0EV-0Ym.png HTTP/1.1
Host: miro.medium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/
Cookie: __cfruid=980af2c876a0ef460fe020d09073df9d81ebbb9f-1693497655
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 31 Aug 2023 16:01:00 GMT
content-type: image/png
content-length: 65414
sepia-upstream: medium
access-control-allow-origin: *
cache-control: public, max-age=31536000
content-disposition: inline; filename="0*eJUXNqCmN0EV-0Ym.png"
content-security-policy: script-src 'none'
etag: "hlfIPUxoSL0RsahRXXbWt0H132QRLQ4MLCuz2JDzdnc/RIjRmZjhjZmY1YWYwYWY4MzEwMTQzNWYwZTM5ZjgzMThjIg"
expires: Fri, 30 Aug 2024 16:01:00 GMT
medium-fulfilled-by: miro-v2/main-20230504-173313-6b0ae64c18
x-envoy-upstream-service-time: 82
x-request-id: b2b55780-d6b6-487b-99d9-9aeada7d49c9
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7ff67d5928c25690-OSL
alt-svc: h3=":443"; ma=86400

mirror-medium.com/pages/get_article_meta.php?t=https://medium.com/product-manager-hq/objectives-and-key-results-okrs-668943c5fb13?source=rss----d608fc558b52---4

185.61.153.110

200 OK

597 B

URL GET HTTP/2
mirror-medium.com/pages/get_article_meta.php?t=https://medium.com/product-manager-hq/objectives-and-key-results-okrs-668943c5fb13?source=rss----d608fc558b52---4
IP
185.61.153.110:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerSectigo Limited
Subjectmirror-medium.com
Fingerprint1D:CB:0E:06:6E:39:D6:6C:BB:D1:C9:9F:11:5E:1A:03:9F:CB:16:D5
ValidityMon, 14 Nov 2022 00:00:00 GMT - Tue, 21 Nov 2023 23:59:59 GMT

File type
JSON data\012- , ASCII text, with very long lines (594)
Size
597 B (597 bytes)
Hash
ce967b6a2db787faf0be49d13a947123
3dbe206aac96ddcac45e71634543fccbf046a1dd
ec2e185b55662516a24b827459847fef69e3a5bd61d88bd73040c0af87087623

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pages/get_article_meta.php?t=https://medium.com/product-manager-hq/objectives-and-key-results-okrs-668943c5fb13?source=rss----d608fc558b52---4 HTTP/1.1
Host: mirror-medium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Cookie: _ga_NG5GYKZ70H=GS1.1.1693497644.1.0.1693497644.0.0.0; _ga=GA1.1.1170710639.1693497644
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/json; charset=utf-8
cache-control: public, max-age=0
expires: Thu, 31 Aug 2023 16:01:00 GMT
content-length: 597
date: Thu, 31 Aug 2023 16:01:00 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

miro.medium.com/v2/resize:fit:1000/0*15wXMOBXn_OH4bMe.jpg

162.159.153.4

200 OK

37 kB

URL GET HTTP/3
miro.medium.com/v2/resize:fit:1000/0*15wXMOBXn_OH4bMe.jpg
IP
162.159.153.4:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerCloudflare, Inc.
Subjectmedium.com
FingerprintC1:F5:F2:1F:BB:E1:6E:CF:41:84:19:7C:8D:96:EF:01:6B:9B:CF:DC
ValiditySun, 20 Aug 2023 00:00:00 GMT - Sat, 18 Nov 2023 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=5, orientation=upper-left, xresolution=74, yresolution=82, resolutionunit=2], baseline, precision 8, 1000x662, components 3\012- data
Size
37 kB (37022 bytes)
Hash
b57d2e998c90125a7d99ba7b7001b0a7
97614e8582a18c738a304ac27f724e4402124e9c
29fcb96c58469aeebffddc78101195d4384fa6e6192ae3552e8c9651a73ab7b3

HTTP Headers

GET /v2/resize:fit:1000/0*15wXMOBXn_OH4bMe.jpg HTTP/1.1
Host: miro.medium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/
Cookie: __cfruid=980af2c876a0ef460fe020d09073df9d81ebbb9f-1693497655
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 31 Aug 2023 16:01:00 GMT
content-type: image/jpeg
content-length: 37022
sepia-upstream: medium
access-control-allow-origin: *
cache-control: public, max-age=31536000
content-disposition: inline; filename="0*15wXMOBXn_OH4bMe.jpg"
content-security-policy: script-src 'none'
etag: "hlfIPUxoSL0RsahRXXbWt0H132QRLQ4MLCuz2JDzdnc/RIjUyMzlkNGNhM2U1ODBiMzZlZDI0OGY5YmRmYWJlMTliIg"
expires: Fri, 30 Aug 2024 16:01:00 GMT
medium-fulfilled-by: miro-v2/main-20230504-173313-6b0ae64c18
x-envoy-upstream-service-time: 143
x-request-id: c5f19953-68fc-46f6-9d5b-8405132aa5b8
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7ff67d5a2a815690-OSL
alt-svc: h3=":443"; ma=86400

mirror-medium.com/pages/get_article_meta.php?t=https://medium.com/product-manager-hq/how-to-ask-for-linkedin-recommendations-as-a-product-manager-a1f0463823e?source=rss----d608fc558b52---4

185.61.153.110

200 OK

658 B

URL GET HTTP/2
mirror-medium.com/pages/get_article_meta.php?t=https://medium.com/product-manager-hq/how-to-ask-for-linkedin-recommendations-as-a-product-manager-a1f0463823e?source=rss----d608fc558b52---4
IP
185.61.153.110:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerSectigo Limited
Subjectmirror-medium.com
Fingerprint1D:CB:0E:06:6E:39:D6:6C:BB:D1:C9:9F:11:5E:1A:03:9F:CB:16:D5
ValidityMon, 14 Nov 2022 00:00:00 GMT - Tue, 21 Nov 2023 23:59:59 GMT

File type
JSON data\012- , ASCII text, with very long lines (655)
Size
658 B (658 bytes)
Hash
361bb86465da92e0e793863241696ecf
4b98e42cdf5200b8e09c5e5ed4fd62cc305dc171
2a58bc894d81a70b77152659105dc831c20236b110133030281fe46815040441

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pages/get_article_meta.php?t=https://medium.com/product-manager-hq/how-to-ask-for-linkedin-recommendations-as-a-product-manager-a1f0463823e?source=rss----d608fc558b52---4 HTTP/1.1
Host: mirror-medium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Cookie: _ga_NG5GYKZ70H=GS1.1.1693497644.1.0.1693497644.0.0.0; _ga=GA1.1.1170710639.1693497644
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/json; charset=utf-8
cache-control: public, max-age=0
expires: Thu, 31 Aug 2023 16:01:00 GMT
content-length: 658
date: Thu, 31 Aug 2023 16:01:00 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

mirror-medium.com/pages/get_article_meta.php?t=https://medium.com/product-manager-hq/how-to-manage-uncertainty-bc8e49e5a1c8?source=rss----d608fc558b52---4

185.61.153.110

200 OK

632 B

URL GET HTTP/2
mirror-medium.com/pages/get_article_meta.php?t=https://medium.com/product-manager-hq/how-to-manage-uncertainty-bc8e49e5a1c8?source=rss----d608fc558b52---4
IP
185.61.153.110:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerSectigo Limited
Subjectmirror-medium.com
Fingerprint1D:CB:0E:06:6E:39:D6:6C:BB:D1:C9:9F:11:5E:1A:03:9F:CB:16:D5
ValidityMon, 14 Nov 2022 00:00:00 GMT - Tue, 21 Nov 2023 23:59:59 GMT

File type
JSON data\012- , ASCII text, with very long lines (629)
Size
632 B (632 bytes)
Hash
ded7dcc5c3db444f7b2e29c54bede07f
69779861f92f25e56f50dee2bbf6b251c4a325ca
96929af41cdf277d00344c26802824ec5fec1e345792d1ecf010e2b32ce71d33

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pages/get_article_meta.php?t=https://medium.com/product-manager-hq/how-to-manage-uncertainty-bc8e49e5a1c8?source=rss----d608fc558b52---4 HTTP/1.1
Host: mirror-medium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Cookie: _ga_NG5GYKZ70H=GS1.1.1693497644.1.0.1693497644.0.0.0; _ga=GA1.1.1170710639.1693497644
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/json; charset=utf-8
cache-control: public, max-age=0
expires: Thu, 31 Aug 2023 16:01:00 GMT
content-length: 632
date: Thu, 31 Aug 2023 16:01:00 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

mirror-medium.com/pages/get_article_meta.php?t=https://medium.com/product-manager-hq/how-to-write-linkedin-recommendations-as-a-product-manager-36417c93b55f?source=rss----d608fc558b52---4

185.61.153.110

200 OK

657 B

URL GET HTTP/2
mirror-medium.com/pages/get_article_meta.php?t=https://medium.com/product-manager-hq/how-to-write-linkedin-recommendations-as-a-product-manager-36417c93b55f?source=rss----d608fc558b52---4
IP
185.61.153.110:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerSectigo Limited
Subjectmirror-medium.com
Fingerprint1D:CB:0E:06:6E:39:D6:6C:BB:D1:C9:9F:11:5E:1A:03:9F:CB:16:D5
ValidityMon, 14 Nov 2022 00:00:00 GMT - Tue, 21 Nov 2023 23:59:59 GMT

File type
JSON data\012- , ASCII text, with very long lines (654)
Size
657 B (657 bytes)
Hash
cc3b9a5d94c41d96de466b39aa144260
786c48346db6531cb008c89e48d5587f9ad7b0e7
dbcf5a92bf2a132e79e426042f84928bc84949986ee0e91490951a9c934f16ab

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pages/get_article_meta.php?t=https://medium.com/product-manager-hq/how-to-write-linkedin-recommendations-as-a-product-manager-36417c93b55f?source=rss----d608fc558b52---4 HTTP/1.1
Host: mirror-medium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Cookie: _ga_NG5GYKZ70H=GS1.1.1693497644.1.0.1693497644.0.0.0; _ga=GA1.1.1170710639.1693497644
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/json; charset=utf-8
cache-control: public, max-age=0
expires: Thu, 31 Aug 2023 16:01:00 GMT
content-length: 657
date: Thu, 31 Aug 2023 16:01:00 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

miro.medium.com/v2/resize:fit:1000/0*e1HkVSOcCHw5EaeG.png

162.159.153.4

200 OK

35 kB

URL GET HTTP/3
miro.medium.com/v2/resize:fit:1000/0*e1HkVSOcCHw5EaeG.png
IP
162.159.153.4:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerCloudflare, Inc.
Subjectmedium.com
FingerprintC1:F5:F2:1F:BB:E1:6E:CF:41:84:19:7C:8D:96:EF:01:6B:9B:CF:DC
ValiditySun, 20 Aug 2023 00:00:00 GMT - Sat, 18 Nov 2023 23:59:59 GMT

File type
PNG image data, 1000 x 662, 8-bit colormap, non-interlaced\012- data
Size
35 kB (34998 bytes)
Hash
edde1225a4fd042924955d7b21f44b41
dc0c3acc765213e75b5c973ba65b9bade1fc422f
e897d80da33ae09db218e2ea301d8c108ffde161d1755206097646840c211e4a

HTTP Headers

GET /v2/resize:fit:1000/0*e1HkVSOcCHw5EaeG.png HTTP/1.1
Host: miro.medium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/
Cookie: __cfruid=980af2c876a0ef460fe020d09073df9d81ebbb9f-1693497655
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 31 Aug 2023 16:01:01 GMT
content-type: image/png
content-length: 34998
sepia-upstream: medium
access-control-allow-origin: *
cache-control: public, max-age=31536000
content-disposition: inline; filename="0*e1HkVSOcCHw5EaeG.png"
content-security-policy: script-src 'none'
etag: "hlfIPUxoSL0RsahRXXbWt0H132QRLQ4MLCuz2JDzdnc/RIjliZjc1YTQwMTU4YWVmNDE5ZjQzNDAyZjZjMzQ0ZDhlIg"
expires: Fri, 30 Aug 2024 16:01:01 GMT
medium-fulfilled-by: miro-v2/main-20230504-173313-6b0ae64c18
x-envoy-upstream-service-time: 102
x-request-id: aa4df94b-85b3-4964-8232-d42c3d1ae0eb
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7ff67d5c5cd15690-OSL
alt-svc: h3=":443"; ma=86400

miro.medium.com/v2/resize:fit:1000/0*fRQFCourCuS_r_ow.png

162.159.153.4

200 OK

43 kB

URL GET HTTP/3
miro.medium.com/v2/resize:fit:1000/0*fRQFCourCuS_r_ow.png
IP
162.159.153.4:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerCloudflare, Inc.
Subjectmedium.com
FingerprintC1:F5:F2:1F:BB:E1:6E:CF:41:84:19:7C:8D:96:EF:01:6B:9B:CF:DC
ValiditySun, 20 Aug 2023 00:00:00 GMT - Sat, 18 Nov 2023 23:59:59 GMT

File type
PNG image data, 1000 x 662, 8-bit/color RGBA, non-interlaced\012- data
Size
43 kB (43249 bytes)
Hash
cdaba1224b96a5957bfa20a31c247851
42d14990a96422f5f998fc37e6941aa42100b7fb
3c10e29ded219e204e7cf6c51266acf713c04839c64a8fa2a47ca4500261ec74

HTTP Headers

GET /v2/resize:fit:1000/0*fRQFCourCuS_r_ow.png HTTP/1.1
Host: miro.medium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/
Cookie: __cfruid=980af2c876a0ef460fe020d09073df9d81ebbb9f-1693497655
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 31 Aug 2023 16:01:01 GMT
content-type: image/png
content-length: 43249
sepia-upstream: medium
access-control-allow-origin: *
cache-control: public, max-age=31536000
content-disposition: inline; filename="0*fRQFCourCuS_r_ow.png"
content-security-policy: script-src 'none'
etag: "hlfIPUxoSL0RsahRXXbWt0H132QRLQ4MLCuz2JDzdnc/RImZmNjBhYzE4Zjc5ZTE3YWE0MjY1YTNlOTk4ZTY0MjMyIg"
expires: Fri, 30 Aug 2024 16:01:01 GMT
medium-fulfilled-by: miro-v2/main-20230504-173313-6b0ae64c18
x-envoy-upstream-service-time: 91
x-request-id: c1dc4fc2-a332-417b-8b60-2ee528d9f001
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7ff67d5c9d105690-OSL
alt-svc: h3=":443"; ma=86400

miro.medium.com/v2/resize:fit:1000/0*ALPOVFTgfUcuJdNH.png

162.159.153.4

200 OK

36 kB

URL GET HTTP/3
miro.medium.com/v2/resize:fit:1000/0*ALPOVFTgfUcuJdNH.png
IP
162.159.153.4:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerCloudflare, Inc.
Subjectmedium.com
FingerprintC1:F5:F2:1F:BB:E1:6E:CF:41:84:19:7C:8D:96:EF:01:6B:9B:CF:DC
ValiditySun, 20 Aug 2023 00:00:00 GMT - Sat, 18 Nov 2023 23:59:59 GMT

File type
PNG image data, 1000 x 662, 8-bit colormap, non-interlaced\012- data
Size
36 kB (35744 bytes)
Hash
c4acd2faff101982ab3821e8cdad2468
0a14bdf873509daa43b50ffa68f36ed0202faf63
3a968951355e13b65aafec1efaf8ba62a3b9848eb9be4749ac24f02bb1b55133

HTTP Headers

GET /v2/resize:fit:1000/0*ALPOVFTgfUcuJdNH.png HTTP/1.1
Host: miro.medium.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/
Cookie: __cfruid=980af2c876a0ef460fe020d09073df9d81ebbb9f-1693497655
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 31 Aug 2023 16:01:01 GMT
content-type: image/png
content-length: 35744
sepia-upstream: medium
access-control-allow-origin: *
cache-control: public, max-age=31536000
content-disposition: inline; filename="0*ALPOVFTgfUcuJdNH.png"
content-security-policy: script-src 'none'
etag: "hlfIPUxoSL0RsahRXXbWt0H132QRLQ4MLCuz2JDzdnc/RIjM2NGJhMjc4NDVlYTM2OTRhMjllZjE2NjA1N2U1Njk0Ig"
expires: Fri, 30 Aug 2024 16:01:01 GMT
medium-fulfilled-by: miro-v2/main-20230504-173313-6b0ae64c18
x-envoy-upstream-service-time: 151
x-request-id: d9dd83af-653f-45cd-b379-e069d632fab1
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7ff67d5d0d905690-OSL
alt-svc: h3=":443"; ma=86400

pub.highlight.run/

52.14.99.139

200 OK

0 B

URL POST HTTP/2
pub.highlight.run/
IP
52.14.99.139:443
ASN
#16509 AMAZON-02

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerAmazon
Subjectpub.highlight.run
Fingerprint34:00:AE:C7:18:43:EF:CC:69:5B:E0:5D:62:64:BA:90:A7:5A:F0:72
ValidityWed, 05 Jul 2023 00:00:00 GMT - Fri, 02 Aug 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS / HTTP/1.1
Host: pub.highlight.run
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://mirror-medium.com/
Origin: https://mirror-medium.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 31 Aug 2023 16:01:01 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-methods: POST
access-control-allow-origin: https://mirror-medium.com
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
X-Firefox-Spdy: h2

pub.highlight.run/

52.14.99.139

200 OK

34 B

URL POST HTTP/2
pub.highlight.run/
IP
52.14.99.139:443
ASN
#16509 AMAZON-02

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerAmazon
Subjectpub.highlight.run
Fingerprint34:00:AE:C7:18:43:EF:CC:69:5B:E0:5D:62:64:BA:90:A7:5A:F0:72
ValidityWed, 05 Jul 2023 00:00:00 GMT - Fri, 02 Aug 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
34 B (34 bytes)
Hash
b70f599a21b005923410c03ba2bbb7ee
c5bf2ee5704a86b658a39a60c0c8f963785668a6
8889c47ce3d5e3babd6c008c0369c1e09c978fc69464830284908644427d12c7

HTTP Headers

POST / HTTP/1.1
Host: pub.highlight.run
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 84100
Origin: https://mirror-medium.com
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 31 Aug 2023 16:01:01 GMT
content-type: application/json
content-length: 34
access-control-allow-credentials: true
access-control-allow-origin: https://mirror-medium.com
content-encoding: br
vary: Accept-Encoding
X-Firefox-Spdy: h2

o407027.ingest.sentry.io/api/6244912/envelope/?sentry_key=43236543f254454390626b5f7ec0de92&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.29.0

34.120.195.249

200 OK

41 B

URL POST HTTP/2
o407027.ingest.sentry.io/api/6244912/envelope/?sentry_key=43236543f254454390626b5f7ec0de92&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.29.0
IP
34.120.195.249:443
ASN
#15169 GOOGLE

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerDigiCert Inc
Subjectingest.sentry.io
FingerprintE6:02:79:BF:9C:EF:53:C1:5D:BA:58:F5:2B:59:51:19:EE:9D:70:91
ValidityTue, 25 Jul 2023 00:00:00 GMT - Sat, 24 Aug 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
41 B (41 bytes)
Hash
54afc19e4e90cee187c3c94698ba5b02
67ee0ee23ed4390b30a611fc189f2311c85e9f7d
9b44ac7992c221b4f0175283a39f4df77e401f16e9d46b152233ccc421a7f653

HTTP Headers

POST /api/6244912/envelope/?sentry_key=43236543f254454390626b5f7ec0de92&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.29.0 HTTP/1.1
Host: o407027.ingest.sentry.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mirror-medium.com/
Content-Type: text/plain;charset=UTF-8
Content-Length: 16758
Origin: https://mirror-medium.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 31 Aug 2023 16:01:02 GMT
content-type: application/json
content-length: 41
access-control-allow-origin: *
vary: origin,access-control-request-method,access-control-request-headers
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy: cross-origin
x-envoy-upstream-service-time: 0
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

pub.highlight.run/

52.14.99.139

200 OK

32 B

URL POST HTTP/2
pub.highlight.run/
IP
52.14.99.139:443
ASN
#16509 AMAZON-02

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerAmazon
Subjectpub.highlight.run
Fingerprint34:00:AE:C7:18:43:EF:CC:69:5B:E0:5D:62:64:BA:90:A7:5A:F0:72
ValidityWed, 05 Jul 2023 00:00:00 GMT - Fri, 02 Aug 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
32 B (32 bytes)
Hash
7920a6bf93a86e107f103fb0c7055d46
97c78ed66ccf66fed3527869c8a0a0c75e8ed48a
ada492e36c8e6bc4fe43f66195edb531a3ee57897116bb0ee6aad37e2daa815f

HTTP Headers

POST / HTTP/1.1
Host: pub.highlight.run
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 1399
Origin: https://mirror-medium.com
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 31 Aug 2023 16:01:03 GMT
content-type: application/json
content-length: 32
access-control-allow-credentials: true
access-control-allow-origin: https://mirror-medium.com
content-encoding: br
vary: Accept-Encoding
X-Firefox-Spdy: h2

pub.highlight.run/

52.14.99.139

200 OK

31 B

URL POST HTTP/2
pub.highlight.run/
IP
52.14.99.139:443
ASN
#16509 AMAZON-02

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerAmazon
Subjectpub.highlight.run
Fingerprint34:00:AE:C7:18:43:EF:CC:69:5B:E0:5D:62:64:BA:90:A7:5A:F0:72
ValidityWed, 05 Jul 2023 00:00:00 GMT - Fri, 02 Aug 2024 23:59:59 GMT

File type
JSON data\012- , ASCII, ASCII text, with no line terminators
Size
31 B (31 bytes)
Hash
3eb155499eaf9aeab26ba4fb1e2871c2
70b8f6ec7aca49211d56c54ca01931e92aa59cd7
ce3d84488bc4c908a2de98fca9d5173f8a1243aeeb258f8de28210053829a52d

HTTP Headers

POST / HTTP/1.1
Host: pub.highlight.run
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 938
Origin: https://mirror-medium.com
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 31 Aug 2023 16:01:05 GMT
content-type: application/json
content-length: 31
access-control-allow-credentials: true
access-control-allow-origin: https://mirror-medium.com
content-encoding: br
vary: Accept-Encoding
X-Firefox-Spdy: h2

o407027.ingest.sentry.io/api/6244912/envelope/?sentry_key=43236543f254454390626b5f7ec0de92&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.29.0

34.120.195.249

200 OK

41 B

URL POST HTTP/2
o407027.ingest.sentry.io/api/6244912/envelope/?sentry_key=43236543f254454390626b5f7ec0de92&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.29.0
IP
34.120.195.249:443
ASN
#15169 GOOGLE

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerDigiCert Inc
Subjectingest.sentry.io
FingerprintE6:02:79:BF:9C:EF:53:C1:5D:BA:58:F5:2B:59:51:19:EE:9D:70:91
ValidityTue, 25 Jul 2023 00:00:00 GMT - Sat, 24 Aug 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
41 B (41 bytes)
Hash
33ee1cb740239d174d32d9b5e1c27dda
88c617b0cf2628cab76ecbe89a9e57faad249e85
58e51f246d5176d159800c8f04245c32100024481f778fa6a710e1bcb110d4be

HTTP Headers

POST /api/6244912/envelope/?sentry_key=43236543f254454390626b5f7ec0de92&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.29.0 HTTP/1.1
Host: o407027.ingest.sentry.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mirror-medium.com/
Content-Length: 7014
Origin: https://mirror-medium.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Thu, 31 Aug 2023 16:01:06 GMT
content-type: application/json
content-length: 41
access-control-allow-origin: *
vary: origin,access-control-request-method,access-control-request-headers
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy: cross-origin
x-envoy-upstream-service-time: 0
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.googleapis.com/css2?family=Crimson+Text&family=Poppins:wght@500&display=swap

142.250.74.106

200 OK

2.3 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Crimson+Text&family=Poppins:wght@500&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint94:C0:54:E4:BA:6C:E0:93:C6:8F:D9:27:1C:74:6F:E8:CE:6E:E2:BA
ValidityMon, 07 Aug 2023 12:21:56 GMT - Mon, 30 Oct 2023 12:21:55 GMT

File type
ASCII text, with very long lines (2396), with no line terminators
Size
2.3 kB (2342 bytes)
Hash
7804b3bdbe2e482f5493f5bd5546bca8
d2301b195b351271f73b47a1af2c9caf0e6c5424
770923003053df91bbe3bcdbff9c42a1cb654a26241bafe56c0513042d7dfdf8

HTTP Headers

GET /css2?family=Crimson+Text&family=Poppins:wght@500&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 31 Aug 2023 16:00:55 GMT
date: Thu, 31 Aug 2023 16:00:55 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

unpkg.com/highlight.run@7.5.0

104.16.123.175

302 Found

37 kB

URL GET HTTP/2
unpkg.com/highlight.run@7.5.0
IP
104.16.123.175:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintF7:B6:41:CA:15:FD:D1:0C:27:39:55:5D:C5:CE:3F:1C:A6:BB:9D:6F
ValidityTue, 02 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT

File type

Size
37 kB (37111 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /highlight.run@7.5.0 HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mirror-medium.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Thu, 31 Aug 2023 16:00:55 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
location: /highlight.run@7.5.0/dist/index.umd.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01H9656NC5N1SFWD7GR3NRY22J-fra
cf-cache-status: HIT
age: 11
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7ff67d387fdd569f-OSL
X-Firefox-Spdy: h2

unpkg.com/highlight.run

104.16.123.175

302 Found

37 kB

URL GET HTTP/2
unpkg.com/highlight.run
IP
104.16.123.175:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mirror-medium.com/?q=https://medium.com/product-manager-hq
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintF7:B6:41:CA:15:FD:D1:0C:27:39:55:5D:C5:CE:3F:1C:A6:BB:9D:6F
ValidityTue, 02 May 2023 00:00:00 GMT - Wed, 01 May 2024 23:59:59 GMT

File type

Size
37 kB (37111 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /highlight.run HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mirror-medium.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Thu, 31 Aug 2023 16:00:54 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /highlight.run@7.5.0
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01H9656N4ENV0S62924VK3T8G1-fra
cf-cache-status: HIT
age: 10
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7ff67d378ec3569f-OSL
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (12)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by