posts.specterops.io Open in urlscan Pro
52.4.145.119 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Effective URL:
https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
Submission: On May 02 via api (May 2nd 2022, 12:37:32 pm UTC) from BE — Scanned from DE

Summary HTTP 131 Redirects Links 70 Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 5 domains to perform 131 HTTP transactions. The main IP is 52.4.145.119, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is posts.specterops.io.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on January 5th 2022. Valid for: a year.

This is the only time posts.specterops.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 15	52.4.145.119 52.4.145.119	14618 (AMAZON-AES) (AMAZON-AES)
1 109	2606:4700:7::... 2606:4700:7::a29f:9904	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
1	143.204.98.117 143.204.98.117	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:231... 2600:9000:2315:2200:19:9934:6a80:93a1	16509 (AMAZON-02) (AMAZON-02)
4	2600:9000:231... 2600:9000:2315:a200:11:f728:3040:93a1	16509 (AMAZON-02) (AMAZON-02)
131	6

15 52.4.145.119 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-4-145-119.compute-1.amazonaws.com

posts.specterops.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

109 2606:4700:7::a29f:9904 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
glyph.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
miro.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-client.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.117 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-117.fra50.r.cloudfront.net

cdn.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2315:2200:19:9934:6a80:93a1 (United States)

ASN16509 (AMAZON-02, US)

app.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:2315:a200:11:f728:3040:93a1 (United States)

ASN16509 (AMAZON-02, US)

api2.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
109	medium.com 1 redirects medium.com — Cisco Umbrella Rank: 8606 glyph.medium.com — Cisco Umbrella Rank: 18579 miro.medium.com — Cisco Umbrella Rank: 11464 cdn-client.medium.com — Cisco Umbrella Rank: 19609	1 MB
15	specterops.io 1 redirects posts.specterops.io	58 KB
5	branch.io cdn.branch.io — Cisco Umbrella Rank: 965 api2.branch.io — Cisco Umbrella Rank: 609	26 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 33	20 KB
1	app.link app.link — Cisco Umbrella Rank: 1644	565 B
131	5

	Domain	Requested by
51	miro.medium.com	posts.specterops.io
50	cdn-client.medium.com	posts.specterops.io cdn-client.medium.com
15	posts.specterops.io	1 redirects cdn-client.medium.com
7	glyph.medium.com	posts.specterops.io glyph.medium.com
4	api2.branch.io	cdn-client.medium.com
3	www.google-analytics.com	posts.specterops.io cdn-client.medium.com
1	app.link	cdn.branch.io
1	cdn.branch.io	posts.specterops.io
1	medium.com	1 redirects
131	9

This site contains links to these domains. Also see Links.

Domain
medium.com
rsci.app.link
policy.medium.com
mattifestation.medium.com
docs.microsoft.com
www.youtube.com
technet.microsoft.com
www.bleepingcomputer.com
unmitigatedrisk.com
www.download.windowsupdate.com
gist.github.com
msdn.microsoft.com
specterops.io
jels-boulangier.medium.com
blog.readymag.com
readymag.medium.com
ngkio.medium.com
thenukewijesinghe.medium.com
help.medium.com
medium.statuspage.io
about.medium.com
blog.medium.com
knowable.fyi

Subject Issuer	Validity	Valid
posts.specterops.io Sectigo RSA Domain Validation Secure Server CA	`2022-01-05` - `2023-01-05`	a year	crt.sh
medium.com Cloudflare Inc ECC CA-3	`2022-04-27` - `2022-07-26`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
*.branch.io DigiCert TLS RSA SHA256 2020 CA1	`2021-10-27` - `2022-11-27`	a year	crt.sh
appipv4.link Amazon	`2021-06-24` - `2022-07-23`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
Frame ID: 0CE2ABE3F1ECE3634B94A886D86D1944
Requests: 131 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Code Signing Certificate Cloning Attacks and Defenses | by Matt Graeber | Posts By SpecterOps Team Members

Page URL History Show full URLs

https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec HTTP 307
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fposts.specterops.io%2Fcode-signi... HTTP 302
https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524b... Page URL

Detected technologies

Medium (Blogs) Expand

Overall confidence: 100%
Detected patterns

medium\.com

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Page Statistics

131
Requests

100 %
HTTPS

67 %
IPv6

5
Domains

9
Subdomains

6
IPs

2
Countries

1612 kB
Transfer

3927 kB
Size

11
Cookies

70 Outgoing links

These are links going to different origins than the main page.

URL: https://medium.com/

Search URL Search Domain Scan URL

URL: https://rsci.app.link/?$canonical_url=https%3A%2F%2Fmedium.com/p/6f98657fc6ec&~feature=LoOpenInAppButton&~channel=ShowPostUnderCollection&~stage=mobileNavBar
Title: Open in app

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&source=post_page--------------------------nav_reg-----------
Title: Sign In

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&source=post_page--------------------------nav_reg-----------
Title: Get started

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fme%2Fnotifications&source=--------------------------notifications_sidenav-----------
Title: Notifications

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fme%2Flists&source=--------------------------lists_sidenav-----------
Title: Lists

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fme%2Fstories%2Fdrafts&source=--------------------------stories_sidenav-----------
Title: Stories

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fnew-story&source=--------------------------new_post_sidenav-----------
Title: Write

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-rules-30e5502c4eb4?source=responses-----6f98657fc6ec--------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&source=-----6f98657fc6ec---------------------respond_sidebar-----------
Title: What are your thoughts?

Search URL Search Domain Scan URL

URL: https://mattifestation.medium.com/?source=post_page-----6f98657fc6ec--------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fuser%2Fe8e64b89121&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&user=Matt+Graeber&userId=e8e64b89121&source=post_page-e8e64b89121----6f98657fc6ec---------------------follow_byline-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F6f98657fc6ec&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&source=--------------------------bookmark_header-----------

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/sysinternals/
Title: Sysinternals

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns
Title: Autoruns

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=AEmuhCwFL5I
Title: can be abused

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/powershell/module/pkiclient/new-selfsignedcertificate?view=win10-ps
Title: New-SelfSignedCertificate

Search URL Search Domain Scan URL

URL: https://technet.microsoft.com/en-us/library/cc783813(v=ws.10).aspx
Title: online

Search URL Search Domain Scan URL

URL: https://technet.microsoft.com/en-us/library/cc754841(v=ws.11).aspx
Title: via Group Policy

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/security/popular-usb-audio-driver-ships-with-root-certificate-big-security-no-no/
Title: Savitech audio driver

Search URL Search Domain Scan URL

URL: https://technet.microsoft.com/en-us/library/cc751157.aspx
Title: trusted by Microsoft

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/sysinternals/downloads/sigcheck
Title: sigcheck

Search URL Search Domain Scan URL

URL: http://unmitigatedrisk.com/?p=259
Title: authroot.stl

Search URL Search Domain Scan URL

URL: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Title: this link

Search URL Search Domain Scan URL

URL: https://gist.github.com/mattifestation/c712e525109f786fbaf6ed576b8d2832
Title: crude parser

Search URL Search Domain Scan URL

URL: https://msdn.microsoft.com/en-us/library/windows/desktop/aa377163(v=vs.85).aspx
Title: CertVerifyCertificateChainPolicy

Search URL Search Domain Scan URL

URL: https://specterops.io/assets/resources/SpecterOps_Subverting_Trust_in_Windows.pdf
Title: hijack Subject Interface Packages

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fspecter-ops-posts%2F6f98657fc6ec&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&user=Matt+Graeber&userId=e8e64b89121&source=-----6f98657fc6ec---------------------clap_footer-----------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fcollection%2Fspecter-ops-posts%2F6f98657fc6ec&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&collection=Posts+By+SpecterOps+Team+Members&collectionId=f05f8696e3cc&source=post_page-----6f98657fc6ec---------------------follow_footer-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://jels-boulangier.medium.com/first-steps-of-a-new-python-project-91f5360021ac?source=post_internal_links---------0----------------------------
Title: Jels BoulangierFirst Steps of a New Python Project

Search URL Search Domain Scan URL

URL: https://jels-boulangier.medium.com/?source=post_internal_links---------0----------------------------

Search URL Search Domain Scan URL

URL: https://blog.readymag.com/new-interactive-mode-new-ways-to-activate-shots-e682ecdd207c?source=post_internal_links---------1----------------------------
Title: ReadymaginReadymagNew interactive mode, new ways to activate Shots

Search URL Search Domain Scan URL

URL: https://readymag.medium.com/?source=post_internal_links---------1----------------------------

Search URL Search Domain Scan URL

URL: https://blog.readymag.com/?source=post_internal_links---------1----------------------------
Title: Readymag

Search URL Search Domain Scan URL

URL: https://medium.com/@andyjones_1981/making-user-journeys-configurable-in-the-gov-prototype-kit-d472d23d86a8?source=post_internal_links---------2----------------------------
Title: Andy JonesMaking user journeys configurable in the GOV prototype kit

Search URL Search Domain Scan URL

URL: https://medium.com/@andyjones_1981?source=post_internal_links---------2----------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/@tejendrabhandari/chaos-linkerd-implementation-25055c74063a?source=post_internal_links---------3----------------------------
Title: TejendrabhandariChaos & LinkerD Implementation

Search URL Search Domain Scan URL

URL: https://medium.com/@tejendrabhandari?source=post_internal_links---------3----------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/cruise/securing-kubernetes-with-k-rail-5f77a1a11174?source=post_internal_links---------4----------------------------
Title: Dustin DeckerinCruiseSecuring Kubernetes with K-rail

Search URL Search Domain Scan URL

URL: https://medium.com/@humanatcomputer?source=post_internal_links---------4----------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/cruise?source=post_internal_links---------4----------------------------
Title: Cruise

Search URL Search Domain Scan URL

URL: https://medium.com/ramsatt/how-to-format-date-and-time-in-java-2faa0ea33fe6?source=post_internal_links---------5----------------------------
Title: Sathish kumar RamalingaminramsattHow to format Date and Time in Java

Search URL Search Domain Scan URL

URL: https://medium.com/@ramsatt?source=post_internal_links---------5----------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/ramsatt?source=post_internal_links---------5----------------------------
Title: ramsatt

Search URL Search Domain Scan URL

URL: https://medium.com/@pavan.kunchapu/android-ios-enterprise-mobile-application-architecture-part-2-d2458ea0773f?source=post_internal_links---------6----------------------------
Title: Pavan KunchapuAndroid, iOS - Enterprise Mobile Application Architecture - Part 2

Search URL Search Domain Scan URL

URL: https://medium.com/@pavan.kunchapu?source=post_internal_links---------6----------------------------

Search URL Search Domain Scan URL

URL: https://ngkio.medium.com/coinness-interviewed-representatives-of-baccarat-consultants-to-learn-more-about-baccarat-and-high-aaec8320a1b9?source=post_internal_links---------7----------------------------
Title: NGK.IOCoinness interviewed representatives of Baccarat consultants to learn more about Baccarat and high…

Search URL Search Domain Scan URL

URL: https://ngkio.medium.com/?source=post_internal_links---------7----------------------------

Search URL Search Domain Scan URL

URL: https://mattifestation.medium.com/

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fuser%2Fe8e64b89121&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&user=Matt+Graeber&userId=e8e64b89121&source=post_page-e8e64b89121-------------------------follow_profile-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=%2F_%2Fapi%2Fsubscriptions%2Fnewsletters%2F7db304d15601&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&newsletterV3=e8e64b89121&newsletterV3Id=7db304d15601&user=Matt+Graeber&userId=e8e64b89121&source=--------------------------subscribe_user-----------

Search URL Search Domain Scan URL

URL: https://medium.com/@boblord/security-culture-rough-notes-f6f1f5cd6865?source=read_next_recirc---------0---------------------2e19f832_275f_4fb3_b6df_5214ba72b5eb-------
Title: @boblordSecurity Culture Rough Notes

Search URL Search Domain Scan URL

URL: https://medium.com/@boblord?source=read_next_recirc---------0---------------------2e19f832_275f_4fb3_b6df_5214ba72b5eb-------

Search URL Search Domain Scan URL

URL: https://medium.com/@michallevram/my-new-podcast-operation-firewall-436f755832ad?source=read_next_recirc---------1---------------------2e19f832_275f_4fb3_b6df_5214ba72b5eb-------
Title: Michal Lev-RamMy new Podcast: Operation Firewall

Search URL Search Domain Scan URL

URL: https://medium.com/@michallevram?source=read_next_recirc---------1---------------------2e19f832_275f_4fb3_b6df_5214ba72b5eb-------

Search URL Search Domain Scan URL

URL: https://thenukewijesinghe.medium.com/tracking-location-within-6-feet-929e1417d47e?source=read_next_recirc---------2---------------------2e19f832_275f_4fb3_b6df_5214ba72b5eb-------
Title: Thenuke WijesingheTracking Location within 6 feet!

Search URL Search Domain Scan URL

URL: https://thenukewijesinghe.medium.com/?source=read_next_recirc---------2---------------------2e19f832_275f_4fb3_b6df_5214ba72b5eb-------

Search URL Search Domain Scan URL

URL: https://medium.com/@chad_8793/abscan-cybersecurity-aggregation-for-foss-solutions-2acef2b70419?source=read_next_recirc---------3---------------------2e19f832_275f_4fb3_b6df_5214ba72b5eb-------
Title: ChadABScan — Cybersecurity Aggregation for FOSS solutions.

Search URL Search Domain Scan URL

URL: https://medium.com/@chad_8793?source=read_next_recirc---------3---------------------2e19f832_275f_4fb3_b6df_5214ba72b5eb-------

Search URL Search Domain Scan URL

URL: https://help.medium.com/hc/en-us
Title: Help

Search URL Search Domain Scan URL

URL: https://medium.statuspage.io/
Title: Status

Search URL Search Domain Scan URL

URL: https://about.medium.com/creators/
Title: Writers

Search URL Search Domain Scan URL

URL: https://blog.medium.com/
Title: Blog

Search URL Search Domain Scan URL

URL: https://medium.com/jobs-at-medium/work-at-medium-959d1a85284e
Title: Careers

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-privacy-policy-f03bf92035c9
Title: Privacy

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-terms-of-service-9db0094a1e0f
Title: Terms

Search URL Search Domain Scan URL

URL: https://medium.com/about?autoplay=1
Title: About

Search URL Search Domain Scan URL

URL: https://knowable.fyi/
Title: Knowable

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec HTTP 307
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec HTTP 302
https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

131 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec Show response
posts.specterops.io/
Redirect Chain

https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

221 KB
50 KB

878ms
877ms

Document
text/html

52.4.145.119
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.4.145.119 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-4-145-119.compute-1.amazonaws.com

Software

nginx /

Resource Hash

bf096ada6166b8293ff0da78e4a9f4d711a1c8858fd299a0d512ba4626c4c8bf

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://medium.com

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: frame-ancestors 'self' https://medium.com
content-type: text/html; charset=utf-8
date: Mon, 02 May 2022 12:38:02 GMT
etag: W/"375e3-vJ0uCaO92SFdpZfUcvfuv6sL12c"
medium-fulfilled-by: valencia/main-20220427-204309-b6dfbe6d15, lite/main-20220429-164525-76b86985eb, rito/main-20220502-112849-d11ea35936, tutu/main-20220429-184122-1a1a67f8b7
medium-missing-time: 241
sepia-upstream: medium
server: nginx
vary: Accept-Encoding
x-envoy-upstream-service-time: 777
x-request-received-at: 1651495044081

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache, no-store, max-age=0, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7050ced768ddcc4e-ZRH
content-length: 0
content-security-policy: default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://medium.com https://*.medium.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
content-type: text/plain;charset=UTF-8
date: Mon, 02 May 2022 12:37:23 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: Thu, 09 Sep 1999 09:09:09 GMT
link: <https://medium.com/humans.txt>; rel="humans"
location: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
medium-fulfilled-by: edgy/8.3.0, valencia/main-20220427-204309-b6dfbe6d15
pragma: no-cache
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
worker-missing-cookies: 1
x-content-type-options: nosniff
x-envoy-upstream-service-time: 27
x-frame-options: sameorigin
x-obvious-info: 20220429-1842-root,1a1a67f8
x-obvious-tid: 1651495043834:46260e160002
x-opentracing: {"ot-tracer-spanid":"6a0987ec7f4727ec","ot-tracer-traceid":"7f514b3234b7d148","ot-tracer-sampled":"true"}
x-powered-by: Medium
x-ua-compatible: IE=edge, Chrome=1
x-xss-protection: 1; mode=block

GET
H2 200 unbound.css
glyph.medium.com/css/ 12 KB
1 KB 55ms
43ms Stylesheet
text/css 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/css/unbound.css

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9f2c1f3ed67f960d3ba0f120c688de9a9ac07db0a32ef8ad2eec65e703fe62f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 833
x-envoy-upstream-service-time: 2
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: text/css
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=7200
access-control-allow-credentials: true
cf-ray: 7050cede385dcc4e-ZRH
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Mon, 02 May 2022 14:37:24 GMT

GET
H2 200 1*D-FDlfkqivRBQZoESrwtqw.png
miro.medium.com/fit/c/64/64/ 2 KB
3 KB 36ms
27ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/64/64/1*D-FDlfkqivRBQZoESrwtqw.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8bbe6871b13980a0c8d28ad8267ab8827abb9a9eb1f80691d0e91ffb57a8a51b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:24 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 168547
x-envoy-upstream-service-time: 37
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2399
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220303-000533-8c0cdff0ab
accept-ranges: bytes
cf-ray: 7050cedeb90ecc4e-ZRH
expires: Wed, 01 Jun 2022 12:37:24 GMT

GET
H2 200 1*rzDEywT-rGMVud0vq03qfw.jpeg
miro.medium.com/fit/c/96/96/ 7 KB
7 KB 139ms
131ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/96/96/1*rzDEywT-rGMVud0vq03qfw.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

27638e3a4e36b6a4a403e0fad7c322855c9a7559a585475e7f1347a109790503

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 64
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 7062
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 7050cedeb910cc4e-ZRH
expires: Wed, 01 Jun 2022 12:37:25 GMT

GET
H3 200 sohne-400-normal.woff
glyph.medium.com/font/b492c44/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 19 KB
19 KB 54ms
36ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/b492c44/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b0f424bafe993b016ea96973894f95dfc4290608478a2d7d3fdd080d9b0a60d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 16123479
x-envoy-upstream-service-time: 32
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 7050cedecc6b23f7-ZRH
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 02 May 2023 12:37:24 GMT

GET
H3 200 sohne-700-normal.woff
glyph.medium.com/font/cf896f3/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 19 KB
19 KB 85ms
69ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/cf896f3/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-700-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78661d3e6871b6e5c37f3113d811cb3dfc69546449e3b2c28095b6e7f28d9a7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 16123479
x-envoy-upstream-service-time: 16
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 7050cedecc6a23f7-ZRH
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 02 May 2023 12:37:24 GMT

GET
H3 200 charter-400-normal.woff
glyph.medium.com/font/be78681/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 15 KB
16 KB 66ms
50ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/be78681/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/charter-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3231d9c5077d6423b7ab05c50dbb1c953d5213c24ac287793b8217985743321

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 16123479
x-envoy-upstream-service-time: 20
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 7050cedecc6523f7-ZRH
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 02 May 2023 12:37:24 GMT

GET
H3 200 charter-400-italic.woff
glyph.medium.com/font/81d2bf1/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 16 KB
17 KB 71ms
55ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/81d2bf1/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/charter-400-italic.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ec7121b47a89c0f8c46fc497009d41ebd3f25601b5485753d11bc366050a8e0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 16123479
x-envoy-upstream-service-time: 39
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 7050cedecc6923f7-ZRH
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 02 May 2023 12:37:24 GMT

GET
H3 200 1*Pe1OeWP-UySRMW4aWa4jJQ.png
miro.medium.com/max/1400/ 36 KB
36 KB 229ms
207ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/1400/1*Pe1OeWP-UySRMW4aWa4jJQ.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a9d4d3245169f56ad9bc167adec56c07184e6deef4256da99d14f7ed48dbdd4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 35
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 36474
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cedf2b8f0204-ZRH
expires: Wed, 01 Jun 2022 12:37:25 GMT

GET
H3 200 1*fLrpueTtcZk_Gx5qOIxvsA.png
miro.medium.com/max/1400/ 229 KB
229 KB 175ms
156ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/1400/1*fLrpueTtcZk_Gx5qOIxvsA.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

33ca0a574612f3d1c32cbfa41440556463cadae2608bc6ecc90726275771bdc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 51
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 234084
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cedf2b8d0204-ZRH
expires: Wed, 01 Jun 2022 12:37:25 GMT

GET
H3 200 1*3toLhPm3VGMpDEl36JE3dg.png
miro.medium.com/max/1400/ 130 KB
130 KB 213ms
194ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/1400/1*3toLhPm3VGMpDEl36JE3dg.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3140d725f076fec762b22640c8a80c4f96fc5345e5d2081858f540c9395be220

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 106
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 133094
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cedf2b890204-ZRH
expires: Wed, 01 Jun 2022 12:37:25 GMT

GET
H3 200 1*AKQ4cT51gcN4EmWpcJbNEQ.jpeg
miro.medium.com/fit/c/40/40/ 1 KB
2 KB 212ms
194ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/1*AKQ4cT51gcN4EmWpcJbNEQ.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55639d0f6de7e3d3d8205dc12f5d243178451e4afb9eaecd062a317f825ea527

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 50
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1268
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 7050cedf2b880204-ZRH
expires: Wed, 01 Jun 2022 12:37:25 GMT

GET
H3 200 0*T_vmStdFlN9LwSqy
miro.medium.com/focal/112/112/50/50/ 6 KB
7 KB 216ms
198ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/0*T_vmStdFlN9LwSqy

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fcd5ede73d71dc3c5ad03d804457853cb598e1721f92c94603ccf084272c97a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 36
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6321
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cedf2b8b0204-ZRH
expires: Wed, 01 Jun 2022 12:37:25 GMT

GET
H3 200 1*OHbXtgSIV1gGcnG6_0u_YA.png
miro.medium.com/fit/c/40/40/ 960 B
1 KB 57ms
40ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/1*OHbXtgSIV1gGcnG6_0u_YA.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0d94f7b463a101acc0aab3becbe0d63929025e42eaa6ff23e6999953ffbcf719

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 14040
x-envoy-upstream-service-time: 55
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 960
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 7050cedf2b8a0204-ZRH
expires: Wed, 01 Jun 2022 12:37:25 GMT

GET
H3 200 1*yhUMsApmfVB7sDiFfnJM8Q.png
miro.medium.com/focal/112/112/50/50/ 6 KB
7 KB 225ms
208ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/1*yhUMsApmfVB7sDiFfnJM8Q.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

81419976c7e01b2408ed407e5a7e8e505478286c3d01df8f6d206824fc45189f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 32
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6378
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cedf2b940204-ZRH
expires: Wed, 01 Jun 2022 12:37:25 GMT

GET
H3 200 1*vs59_LRb_SmKADkM4KVXjg.jpeg
miro.medium.com/fit/c/40/40/ 1 KB
2 KB 66ms
49ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/1*vs59_LRb_SmKADkM4KVXjg.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0933460b008ff84e427d5cfad6fcc11996c98c27f59bff0b496d864a73aaa4e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 15387
x-envoy-upstream-service-time: 147
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1499
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 7050cedf2b910204-ZRH
expires: Wed, 01 Jun 2022 12:37:25 GMT

GET
H3 200 0*g6bDQ-QUmmG1mDIH
miro.medium.com/focal/112/112/50/50/ 5 KB
5 KB 210ms
193ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/0*g6bDQ-QUmmG1mDIH

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cef387bd6938302d335cab8ac0f319e04575f1844f7762ef2e129852187d263c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 79
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5082
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cedf2b810204-ZRH
expires: Wed, 01 Jun 2022 12:37:25 GMT

GET
H3 200 0*7B0qujBEUf9Mws-4
miro.medium.com/fit/c/40/40/ 2 KB
2 KB 210ms
194ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/0*7B0qujBEUf9Mws-4

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

63229414edb249c22a6cdf3e2754b19bb02198ade86fb46af6e562e0e22918b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 76
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1645
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cedf2b830204-ZRH
expires: Wed, 01 Jun 2022 12:37:25 GMT

GET
H3 200 2*2hUfjdY1ONGsla6XJcBHEw.jpeg
miro.medium.com/fit/c/40/40/ 1 KB
2 KB 152ms
136ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/2*2hUfjdY1ONGsla6XJcBHEw.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bfc89bb7b75673e8e83d8aa5ff747a0a069ed5b2a44a2a732a5353eb2f2e3198

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 42
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1419
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cedf2b840204-ZRH
expires: Wed, 01 Jun 2022 12:37:25 GMT

GET
H3 200 1*oTmcx_qDWCtP5RKvy3iuxg.png
miro.medium.com/focal/112/112/50/50/ 4 KB
4 KB 210ms
194ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/1*oTmcx_qDWCtP5RKvy3iuxg.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a2e285c9f7c472800ad0ac72c8085b82ed56000b1de8ad3aeb7980b98ee7d31c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 49
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4157
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cedf2b860204-ZRH
expires: Wed, 01 Jun 2022 12:37:25 GMT

GET
H3 200 1*RC7gZWdczzhbRG_CV1vz1g.jpeg
miro.medium.com/fit/c/40/40/ 2 KB
2 KB 65ms
50ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/1*RC7gZWdczzhbRG_CV1vz1g.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

83bcf6db343ac887a1fa044213341d8aac44115fcce7d7aad16107ff0c1ea0ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 96266
x-envoy-upstream-service-time: 66
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1733
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 7050cedf2b870204-ZRH
expires: Wed, 01 Jun 2022 12:37:25 GMT

GET
H3 200 0*YmNZ97vPVmaIM90T.jpg
miro.medium.com/fit/c/40/40/ 449 B
860 B 199ms
184ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/0*YmNZ97vPVmaIM90T.jpg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

666dcc08996aba0b6cca9bd8b2cf2f8d3968d7c496c13a52da52c5a5a23f8c04

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 39
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 449
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 7050cedf2b730204-ZRH
expires: Wed, 01 Jun 2022 12:37:25 GMT

GET
H3 200 1*6fGkhqo16iFGDEQ-wQZw3A.jpeg
miro.medium.com/focal/112/112/50/50/ 6 KB
6 KB 199ms
184ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/1*6fGkhqo16iFGDEQ-wQZw3A.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

11857895e79aef7d5589552ff01742119d0a0750f0a96e9335155d0c38bbd7d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 64
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5802
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cedf2b740204-ZRH
expires: Wed, 01 Jun 2022 12:37:25 GMT

GET
H3 200 1*Ul6gtVQZaiI1qhnp-zJWLg.png
miro.medium.com/fit/c/40/40/ 698 B
1 KB 73ms
59ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/1*Ul6gtVQZaiI1qhnp-zJWLg.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3f1df0bf2819fa8b0b3ddd7b0ce20305fbe8b92d6234fc46d57815d20754541a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 345350
x-envoy-upstream-service-time: 44
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 698
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 7050cedf2b760204-ZRH
expires: Wed, 01 Jun 2022 12:37:25 GMT

GET
H3 200 1*Kf_1bx1MP-isDfC4vop3aw.png
miro.medium.com/focal/112/112/50/50/ 24 KB
25 KB 200ms
185ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/1*Kf_1bx1MP-isDfC4vop3aw.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

67cde6c1e33ba068d019511f7ef65043e04f558350da9fc582e79267d0d36f52

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 88
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 25055
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cedf2b780204-ZRH
expires: Wed, 01 Jun 2022 12:37:25 GMT

GET
H3 200 1*rzDEywT-rGMVud0vq03qfw.jpeg
miro.medium.com/fit/c/176/176/ 23 KB
24 KB 197ms
183ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/176/176/1*rzDEywT-rGMVud0vq03qfw.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c3996ced907a09be9c8cbac17bde56953fa8f5000dc8759ac8b692ab8e2c2c7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 38
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 23726
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220309-195817-93688b9a29
accept-ranges: bytes
cf-ray: 7050cedf2b6f0204-ZRH
expires: Wed, 01 Jun 2022 12:37:25 GMT

GET
H3 200 0*e6CtPa9OWXxpfQ-f.png
miro.medium.com/fit/c/40/40/ 3 KB
3 KB 198ms
184ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/0*e6CtPa9OWXxpfQ-f.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

23bcf80d51d93cdc5b76301b2817c0ca11a86952938d489ed798a7c251ced164

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 39
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2795
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 7050cedf2b710204-ZRH
expires: Wed, 01 Jun 2022 12:37:25 GMT

GET
H3 200 1*eQ2bDN8sD2idKHs_XQpNZw.png
miro.medium.com/focal/112/112/50/50/ 15 KB
15 KB 198ms
184ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/1*eQ2bDN8sD2idKHs_XQpNZw.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0ecbb2bd9e04b3e953a44b24420e54ccf06cd332750b04079d4e49bc89455a00

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 68
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 15226
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cedf2b720204-ZRH
expires: Wed, 01 Jun 2022 12:37:25 GMT

GET
H3 200 1*zfpPaX15PJxOKjPH7ciGQw.jpeg
miro.medium.com/fit/c/40/40/ 2 KB
2 KB 199ms
185ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/1*zfpPaX15PJxOKjPH7ciGQw.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

03d1b9a863bbcc586a87dd7fd37e96e7b23d46552c1e9e862332eac62b391a23

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 3084
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1703
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cedf2b790204-ZRH
expires: Wed, 01 Jun 2022 12:37:25 GMT

GET
H3 200 1*A6bf_zkD888pFA3P-O7w2A.jpeg
miro.medium.com/focal/112/112/50/50/ 6 KB
6 KB 199ms
186ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/1*A6bf_zkD888pFA3P-O7w2A.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

11aed8810f133a7e03e92571aaf9d6e4b47e6a008ff64f8a1409a2a191627f87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 129
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5992
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cedf2b7a0204-ZRH
expires: Wed, 01 Jun 2022 12:37:25 GMT

GET
H3 200 0*HmJx-3_KqJvmxYcJ
miro.medium.com/fit/c/40/40/ 2 KB
2 KB 199ms
186ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/0*HmJx-3_KqJvmxYcJ

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf9b8a68d7b854c401d427fd8fd5f1c49b5a5eeb23a878171529f810852cdd49

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 43
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1612
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cedf2b7b0204-ZRH
expires: Wed, 01 Jun 2022 12:37:25 GMT

GET
H3 200 1*yzFIeRjbME07ZTDm6OLOGw.jpeg
miro.medium.com/focal/112/112/50/50/ 6 KB
7 KB 200ms
186ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/1*yzFIeRjbME07ZTDm6OLOGw.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3f25762cbf878575de21d2fac0757c522ea159e204e8c6fdf0b528ccad20afa2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 29
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6330
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cedf2b7d0204-ZRH
expires: Wed, 01 Jun 2022 12:37:25 GMT

GET
H3 200 0*nhRB_dadhiEmWoJi
miro.medium.com/fit/c/40/40/ 707 B
1 KB 200ms
187ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/0*nhRB_dadhiEmWoJi

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

935650ae2b5ed7fa1c4e27c084d660e0af387e2e1eed30f61dedaebae112b10f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 30
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 707
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 7050cedf2b7f0204-ZRH
expires: Wed, 01 Jun 2022 12:37:25 GMT

GET
H3 200 1*YD6dMS_npmKs1A3kSFgymA.png
miro.medium.com/focal/112/112/50/50/ 13 KB
13 KB 201ms
187ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/1*YD6dMS_npmKs1A3kSFgymA.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7116e4c1e6212fdcc6af90fe98df0df8b97d02387f69235d2006b1dc7dfcdff4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 46
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 12923
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 7050cedf2b800204-ZRH
expires: Wed, 01 Jun 2022 12:37:25 GMT

GET
H3 200 sohne-500-normal.woff
glyph.medium.com/font/df9ba7f/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 18 KB
19 KB 60ms
60ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/df9ba7f/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-500-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

65f0c65b5db3aa0568c7986479a4a3e909a05a84fb34ced48d70a2d628dd1444

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 16123480
x-envoy-upstream-service-time: 31
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 7050cedf1d3023f7-ZRH
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H2 200 manifest.2de70306.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
5 KB 47ms
38ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/manifest.2de70306.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9822ff5ce7974082b226d2b60b5f3f5bb0d175d5595995b9d10b7c796242e3ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 242238
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: XF7FSP4R9KBC1Y49
x-amz-id-2: xyqOqPcL/q4yGWNjOSTgFL9sG6SfCEP3rIFVzkd7cWSQCnyI3qHJ5kq9M2vCYRO/TXbYHNMFOGM=
last-modified: Fri, 29 Apr 2022 16:42:37 GMT
server: cloudflare
etag: W/"6413d8dc46cc40262d5851084a35c8e1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: tggR_8EnKLu7jvp6I3l0VYksUpaba95m
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cedf69edcc4e-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H2 200 2432.d8441b61.js Show response
cdn-client.medium.com/lite/static/js/ 693 KB
214 KB 78ms
71ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a132b202e134fc5a2a9179cf72ece97a614f94ba00bce8af1778633d2337557b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1183525
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH8BMWK1N5ERYNB
x-amz-id-2: jAy3kdCgwBfIv7KBM+U07XOSCfobzL3CnmV/bwHExnUTLRSF3QxV5TpAtpSfQIF9+XWEOrbc7Xc=
last-modified: Thu, 14 Apr 2022 09:35:47 GMT
server: cloudflare
etag: W/"4ea04e083777417655bdfab94e3b1988"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: d4yOD0d3viUzyB5H2ftJictqMsEU7ccN
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cedf69f6cc4e-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H2 200 main.aca3d227.js Show response
cdn-client.medium.com/lite/static/js/ 722 KB
175 KB 47ms
40ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/main.aca3d227.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

32e2f51b7c073d9ffa72b18ddb1ee134d471e36e901c3f49aa61b28013160b34

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 242238
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: XF7CPAA4F4QA64PM
x-amz-id-2: CCYTdsuxmJQQwLi+qs1tGG2OAA5l5TOq4qPV6Asbtxmasbvo40aAyaw8NGwj7lsU9Y0NOcnivSs=
last-modified: Wed, 27 Apr 2022 13:59:57 GMT
server: cloudflare
etag: W/"1ca96c568a0dca95532b7189b491298e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 3AAg_AjtToRjDhZvrTqVcj51gL6WF.h8
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cedf69fdcc4e-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H2 200 5573.159bf40f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 62 KB
16 KB 49ms
43ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5573.159bf40f.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e94f5c9ab17624e0617356aa0ce9b87c16a4a62e48ff8ccaabe6963072b76ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 234974
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: W5EH3ZWGCATAJ0JK
x-amz-id-2: uquA+D1mKTUgmaodaYFoBDYRFjBCghvQCPgGBuwnPNqPSgEh4m7aoHPDNWRkrQ4qGn6JNGvqqTU=
last-modified: Mon, 24 May 2021 10:33:47 GMT
server: cloudflare
etag: W/"285e9d718f6e570e00b30e966996ec1c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: HmLCtdjGYWgk2SnFK4M0oX_6tJ50SNp9
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cedf69f1cc4e-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H2 200 instrumentation.3c974b48.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 3 KB
2 KB 49ms
43ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/instrumentation.3c974b48.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e5c7d6eec6793799ee5594da6b8f51b2f2e5b49d6744ffca0e250613481ab452

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 234974
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNHC8B1TRZR74CBF
x-amz-id-2: z3WhWz+YlBJc2hPnc0ARhb27k1kgSjFT/omm5ncUygZ+Qwpg6JZUV6n4y0L6MjdGIun1sEhSbss=
last-modified: Thu, 14 Apr 2022 09:07:11 GMT
server: cloudflare
etag: W/"ff66ec13bbcc5b73c4019bb39bd044bb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: qjF6fisK9JJ5aoxqQKyOQ9uuWcg0f8QA
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cedf69f5cc4e-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H2 200 407.bc239897.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 21 KB
8 KB 57ms
51ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/407.bc239897.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

57d7e335635b2bbec137dff9afc1d284e8efcff1cc28cd2ac92edc8ccddc3749

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 234974
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNHFBM4SFEDKW4XV
x-amz-id-2: fJ+MDNRq2AsSO8E4R0uzQUZCJCS/I01UR4pzp879vBoGbMZ6IHI8cgB5YdD3jUSL17qHZ/lHxS8=
last-modified: Thu, 14 Apr 2022 09:06:27 GMT
server: cloudflare
etag: W/"34675f828a974dbf83babace038c3f15"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: sGsjD3uwddUrPGuYfsZf8a24w0k_0NA3
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cedf69f0cc4e-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H3 200 9216.3db13475.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 13 KB
6 KB 44ms
41ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9216.3db13475.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a8021cf2dae7f4997b2c1a72ffe82fe2ad7fd4299ccfd7279c8fb8892ef0c495

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 234974
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH296CRQQDYB2V8
x-amz-id-2: mY6rALMQB4cP9fqaURW2Y07YZHRs8vI5IdWzNsYIPZHORAoA+OOSU49hBGVHiRclmeqYQ3m8v58=
last-modified: Thu, 14 Apr 2022 09:06:35 GMT
server: cloudflare
etag: W/"5b419d65f14cdfdf454bd2f33e125a38"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: heA.L9U6.758IbuJl9cz9qkk4zZnDDyl
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cedfac620204-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H3 200 AppLayout.8f4a2cfb.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 108 KB
21 KB 58ms
56ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/AppLayout.8f4a2cfb.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

52c93d4beae39b5288a3cb267d812797664c89f82eafdf9435193149b64c480c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 242238
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: XF7FB2WN7C2SA3Q7
x-amz-id-2: URgTo/EBq4H7ysffd4Gnw3ebgC3+RHrLBH5ehQQZXbUxh4/MAU1xi+YHXTLfIUJmPvA+8XdciI4=
last-modified: Wed, 27 Apr 2022 13:59:29 GMT
server: cloudflare
etag: W/"cef5788314fc6145fac049341040f964"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: qxAyHAdnbwhpkctzuqUbrkFbTHac6znm
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cedfac670204-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H3 200 reporting.f90575a9.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 1 KB
1 KB 69ms
66ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/reporting.f90575a9.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9abe5f8b85053850abb6e03c4fde96e2a2ea3f1d9220fdd307f18d5c371d50cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 234974
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: ZTNFQ3DE11YMHABW
x-amz-id-2: MaoH80zs6gT3mZ9kscdnCoX3sGPVpE7mKymkioceeAFcF5EY9v+ywF0g+A/3xSr64Ws1eTUy2wE=
last-modified: Thu, 14 Apr 2022 09:07:31 GMT
server: cloudflare
etag: W/"635d49707990cdd4f3c1ad13b0d0eafa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: OrnP3Wx_LBAu5tvJHOBGMuYc5kyast0a
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cedfac680204-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H3 200 3402.43690127.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 5 KB
2 KB 69ms
67ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3402.43690127.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

16b223867849c67d463897ff4aa970bc9eb172b5ce0089c824bf15b9279a4d65

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 234114
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: HAAG24G2J6Z2R75J
x-amz-id-2: jJHkPZz4jKyAsNP2i/dv6IaWMQwqhAapRtXjUBSK8q3UBd/y+/If7ERC72s6fXSiDmDrpgBjRnE=
last-modified: Thu, 14 Apr 2022 09:06:26 GMT
server: cloudflare
etag: W/"ca4b6f5071c04a623a9bc72ced0f2727"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: L_jxD7YdqC4D7M.9gF7agHoI1l8zYyGo
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cedfac690204-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H3 200 1752.a348f767.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 23 KB
11 KB 129ms
127ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1752.a348f767.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

961f2b3e92eba06b032c090511ab8fb8b65ff7f0b471c7bd22817061288f8368

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1106885
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: KZ14F4DJ39Z3KD31
x-amz-id-2: EH9a3SVQgwGg+xgKP+wLoMBxv4vi3bqNF1lLFBsPfty2oXINnyDdoXCZNr63aUDBWO4Du/Lj2Tk=
last-modified: Tue, 25 May 2021 18:36:29 GMT
server: cloudflare
etag: W/"7741f0aa651938c2144d2a015cea95e3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: tE2Oq32GJtDB6jVcHF3DcPbZYJQJcUaP
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cedfac6c0204-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H3 200 7794.9590314e.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
4 KB 129ms
127ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7794.9590314e.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a68bdc22aa6d2deedff5c4999e3618222cf20b0902530b7f924b9e2a4300e40

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 234974
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: ZZ2GZ8XPEV2XSK8Q
x-amz-id-2: ZlnxwgkjMnGtnnoC7ojH0QwhC0XfdFWPNT0tzpzMx7ygzdLPg6cqgl3wZCpV+Z2ow4dAGrEJyes=
last-modified: Tue, 25 May 2021 18:36:34 GMT
server: cloudflare
etag: W/"fdb51abd005c8009b18f0a8ff313072f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: edEnQQoOPA8J97QSUBTjXG.e16leDLA5
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cedfac6e0204-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H3 200 8316.18f2a6aa.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 6 KB
3 KB 130ms
127ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8316.18f2a6aa.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

83ba7707bfe79a63651504c93f7a572d83f1effea66a3e9429a4b10f26c38899

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 234974
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNHD5SFN5Y8TW45S
x-amz-id-2: hFIjAklPE8uAiFD3F+iWoIjr1hZAL+bvgJNwZvAJEZUDnYTo6ZgZ84z2QdIcyEiccMTz7/tDkuo=
last-modified: Thu, 14 Apr 2022 09:06:33 GMT
server: cloudflare
etag: W/"9fa67454adaeb385a3a70077ff7b7df1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: QUYK47Sx_vLYH.MHyrUF8Ib7srVpusAN
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cedfac6f0204-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H3 200 2405.89e8736f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
3 KB 130ms
127ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2405.89e8736f.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f5fa5d264f847e3bcd45c3aedbf330f93c59e6fe473ef54ff9f6aa59c3afffa0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 234974
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH2TE2SJTAHKM5Z
x-amz-id-2: XhOOvodMaGPRX1ojQDX2fJ825yiUBac3LNf3jZg8okPfD032sOJYW39eboPyYoY017frR5Y++MU=
last-modified: Thu, 14 Apr 2022 09:06:25 GMT
server: cloudflare
etag: W/"d00a20bd58905eea8d54536e9f107647"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: rVT8_6QruDr0MpUrMx5.bmLv9Vum6pG1
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cedfac710204-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H3 200 5221.181764f4.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 22 KB
7 KB 44ms
41ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5221.181764f4.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aac225fb0961062b19f4f980fb4424f22652ba2d24a50bc4190ad57476f0a11f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 505481
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: RRS7QBM6HPC96YM9
x-amz-id-2: XgOi2uZuYrZcl1w+yiTU4jreTzbYzXKLWoLLSzKPFvdYPDKUy7J35kPs2NoW5uLtmqjFNHwr+FY=
last-modified: Fri, 22 Apr 2022 12:21:15 GMT
server: cloudflare
etag: W/"9c10954e9712c77358a76e4b78269985"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: joRvdL39s_Auomhf12LS6FRNT_1Mfret
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cedfac720204-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H3 200 7927.2808b7fb.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 22 KB
8 KB 131ms
128ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7927.2808b7fb.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2f6c2c34730d1750fbeeafda24dea309bda720a0ba14518453b2314f778eda6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 234974
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH1PP72JD7ZC4KX
x-amz-id-2: jL0uI8uuyrXYLFGE/1W82XjY6t/xLL2r94yNzdWzltKFy2xq+wPzVhtLYW216v/Z0kMGAC/0fqE=
last-modified: Thu, 14 Apr 2022 09:06:33 GMT
server: cloudflare
etag: W/"40219a5e404b723e34b385d93749eb93"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: IxrJR.aQAJezcuYFrtyltHojOozyWQpH
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cedfac730204-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H3 200 786.03a36ffb.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 4 KB
1 KB 132ms
129ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/786.03a36ffb.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

631d2367c0fa2447811a1ce22c115bc828e6655cfedfc3ba4457ad8694cfd8ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 234974
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH6RV2AGRQ0H7A1
x-amz-id-2: GBzNzo/Yy4mLB5vDNQiiJZbJaFjzBRUpqk2qrtjNnJICjvhRI7l2CFpbT6MC/aYuo49KWxbvf2w=
last-modified: Thu, 14 Apr 2022 09:06:33 GMT
server: cloudflare
etag: W/"2851e5a2798ff3cbdd1138972426933b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 3Dc.8odO3AGlGT8yk7bJev0oeYPYJNZI
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cedfac7f0204-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H3 200 5472.5f6d4371.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 11 KB
1 KB 132ms
129ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5472.5f6d4371.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ee6184aa8ad5fa680d2808790bb04a001d8369d143b313da43af3794ab7ea3e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 234974
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH8PTMK5AP330DM
x-amz-id-2: xGpOOu8UZAzsu1YWUtNuDaspxj3NnwdsbLl4CFr6mQNnuC5VgdmPYNonihLFzHPh0iUQuVnGPss=
last-modified: Thu, 14 Apr 2022 09:06:30 GMT
server: cloudflare
etag: W/"6adb8844d763f7d58b6ed49ab89899c7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: M9BL7xv54wPjdaXSST5ko_cL9x0mMNwi
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cedfac820204-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H3 200 2981.a5db1477.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 8 KB
4 KB 132ms
130ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2981.a5db1477.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a50c182c3abff5281695952c4a4e15735b198053c6ffca9e67d44a2aa8a4696

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 234974
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNHD79BG7TYX8FQF
x-amz-id-2: i+703M4auI2KWsJr44vB1PX2t1YW8SvqTOaxNZoY6ZxLgCuFeMfj8xYi9lUJuKDlA8520qipoBs=
last-modified: Thu, 14 Apr 2022 09:06:26 GMT
server: cloudflare
etag: W/"2195fa1153170d02f4e8ffe85e34c5b2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 0P7ivI0fxCKSZ0gTEie59OTCIkM7d5eE
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cedfac830204-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H3 200 5260.626b1a4f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 150 KB
39 KB 133ms
130ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5260.626b1a4f.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a81b674bedff3bff07f4f79c82d99f7fb4abc4d051725c3d370506bbfc002540

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 234974
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH0NGF7PM5XVM3Q
x-amz-id-2: tUN9V2+xFd4zjSA+ZMII7pflnNw+pyPpiJtuuyR339PAg2pEfEqGPZ4lYH2M6DDxdgzZ7ePoFLk=
last-modified: Thu, 14 Apr 2022 09:06:29 GMT
server: cloudflare
etag: W/"d54dc2b69a8408e4b05103b956019a69"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: XEFVan_esU9zit2XEfJ9ZVMckrSpVrqN
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cedfac840204-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H3 200 4869.c2275563.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 17 KB
6 KB 133ms
130ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4869.c2275563.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0e4afb12eda0b925f25e1e14874cc5ec3f8107a481fdf55da978358e4f245a99

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 242238
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 1RMTRHVEA6XKMBKV
x-amz-id-2: Lm1W5pJdiThTuARwLlzGcprvDMWk01A6F89PIbKUCDjMoQRtx4dLn+tF82Ub7M51ZfbhcL5Z//s=
last-modified: Mon, 25 Apr 2022 15:05:56 GMT
server: cloudflare
etag: W/"00d847f1547ff2e05282073c86977aa5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: sS.6Hn4eyhXamKADS6gcRFBV2ae6UyK8
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cedfac860204-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H3 200 7404.8e1be3ba.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 23 KB
6 KB 133ms
130ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7404.8e1be3ba.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed75ede75b5c0944c5d43581211b6d17951dd92a4f11932dccaa56fd7636094d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 242238
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 1RMW5BKJR7XF3STD
x-amz-id-2: dhY4jfNcvziFGLsLFWLtMJe7sHCAHmWVxuNKacUQTS+cIqc+j63FhbEY3YdETUOTlw97qjz9OO4=
last-modified: Wed, 27 Apr 2022 13:59:24 GMT
server: cloudflare
etag: W/"abb70e8f1ad2ffc355639710a245ada3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: xLp2Wz3y3szGGrz7ntGsr1lGvQ3NSa1n
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cedfac870204-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H3 200 455.f5fbf145.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 20 KB
6 KB 135ms
132ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/455.f5fbf145.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ac9fa4a572df7ae8001d71bfc68fa058f4387611061b8683388d57393fa33d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 242238
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 1RMHP4FC2N3W27WX
x-amz-id-2: IfoG9I7b2fEA936C0tAqT/hh38rVVJgcpd5SOYUvC1uu5jfZ7fpNwCLsZbzBhRTR8Q0d39u44+k=
last-modified: Wed, 27 Apr 2022 13:59:21 GMT
server: cloudflare
etag: W/"8ce7ca38caf343032e4b3dfca7502d10"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: kmR3rBWKakAsj1J2.Y_vlYgnfxHS91eF
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cedfac880204-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H3 200 7070.088d513c.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 18 KB
6 KB 135ms
132ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7070.088d513c.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9b01204c367b33010f85cfd42e023acd087dd548f8dfa8e68b18cacb45e1f876

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 234974
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH32NHX2PK3308V
x-amz-id-2: zsvx/2w1ItKRz24BnsDl2fEJq4IZfPeeSEGQvT066vYkRPZNDOGz5UOf42N7pg1czdlQpuPnmjk=
last-modified: Thu, 14 Apr 2022 09:06:31 GMT
server: cloudflare
etag: W/"4d8fdc449efd237280288bbf688558f2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: K0muy9JORxUH6p6bJfgV09ZGno7nymcE
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cedfac890204-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H3 200 7217.3953b0f0.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
4 KB 135ms
132ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7217.3953b0f0.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e44b89888ba69b9a2e0fbf4cf2e26389f9ecf2711df12d0d286dbbebc1281b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 234974
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNHBYVEYW8BWXXNQ
x-amz-id-2: P0LsJ8j9mlyYmTP45azx+eH4U8lLRKb1lUbqryQn4YVtC5ILscAPJR9rhFMHGH+DeUDK/Eis60c=
last-modified: Thu, 14 Apr 2022 09:06:32 GMT
server: cloudflare
etag: W/"58720bdd388e0656b76f62b4a5ff5342"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: OZwFHpgdUD2sKDAtk4gZmMMvNPTrJlRt
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cedfac8a0204-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H3 200 8491.a2b7fab7.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 40 KB
12 KB 135ms
132ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8491.a2b7fab7.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

38111edac6045a680d3d8f2f7d638f024047b53fcc055dc11250d40dd98ee2d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 234974
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH6SVKHC1BPPRR3
x-amz-id-2: 36Hrc4Echk9c0rXd/ZzV2AvDGV98iS/Rer07bucHbq7lb1+RCcRBOopXJ7HxCt0ZJwpVnBB5rWo=
last-modified: Thu, 14 Apr 2022 09:06:34 GMT
server: cloudflare
etag: W/"5d01285ddf2c787bd518a32b366af371"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: Jsy2Lxh1msL6Y.ooRtLzR4d6vHqwlQ3F
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cedfac910204-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H3 200 9211.b7a00c16.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 13 KB
5 KB 136ms
132ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9211.b7a00c16.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c98433e98decfbc9278b45b95d83623746fcdb2662870afdbc0d9cd6d84caf54

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 234974
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH4W640C9XF6RJN
x-amz-id-2: DRUt8mSyKes8nCq/psp4HGMhhDPpua9crWNc+2eEgEb5nqFc75RzvIl1M2mhUnBmuNlGMDhfBlA=
last-modified: Thu, 14 Apr 2022 09:06:35 GMT
server: cloudflare
etag: W/"577263f7900d50e63a75a1f0f05dbbe5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: VWEllxqkFrnSXO387u0TA6YYdC3U.pgv
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cedfac930204-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H3 200 6562.6c3f9802.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
3 KB 137ms
133ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6562.6c3f9802.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

68d0a56f118231878b6efb098e52c15c24d01bb1d8ad2f4d6d4237bc4dfc3f3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1027169
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: P1M42AW9QBTBBTZQ
x-amz-id-2: XdlBeJW5OdzmY786nhuIdMkGi2IaxnEmlov0XClJV207SbauWrBY1qFK0AgNP/3pD/YaEE3wnLk=
last-modified: Fri, 15 Apr 2022 15:45:14 GMT
server: cloudflare
etag: W/"1ca654d2edbbd07104403857df5f81b4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: AASPv5ptCk06M_vQZi9Up905TWUR.1Rn
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cedfac940204-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H3 200 7215.d799b2b5.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 37 KB
12 KB 137ms
133ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7215.d799b2b5.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ca1be7fb0f10c09765a6b7bbe5cacd522ef68ca9656954e2ab93ebfbeadd5d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 234974
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH6ASKCBHWEH6YT
x-amz-id-2: thX0A0WpRM7CNFcf0QiWHYAuHXq2b/71GV+8DWH0JZPx+pWB1sXCstFGQZINVjbMbe+ngkvwu0I=
last-modified: Thu, 14 Apr 2022 09:06:32 GMT
server: cloudflare
etag: W/"3c526ca7c5fee7883f16deb523109c91"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 8XpJXp74sBSDTltKZ7Iy4ZGcwhFWJyxk
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cedfac960204-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H3 200 864.41fe9c86.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 16 KB
5 KB 138ms
134ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/864.41fe9c86.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5f8e45dd2eada0aa7f9746e369496a99ed0d1bc70ec364dc99066674373224f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 234974
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: ZTNAF09XCK1FJT5C
x-amz-id-2: dTTttVwlA3PTaKgrh4eq3rmxgPAxiCJymvctDY+V9ov9AlhKhryMTs6tH98N8ocHdHR28jk/7A0=
last-modified: Thu, 14 Apr 2022 09:06:34 GMT
server: cloudflare
etag: W/"fff5133a06973c44d03a9975ebc499f7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 35onYHaq2EFcCuHneGFmh1Rlc_q4dy_H
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cedfac970204-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H3 200 4351.0369de5f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 13 KB
5 KB 138ms
134ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4351.0369de5f.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

823af0ed59d37ff692a804950379a09490c6418e7b18629616ab9b6bc3b7d9ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 234974
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNHCBPE4W0A996V8
x-amz-id-2: ikWd7+eLYjwl8TmJwUxM03Dido2xgcO6wFP9ksGOFjfI4XE/6rk8TJPre7k1fc9qIg18H/76XN0=
last-modified: Thu, 14 Apr 2022 09:06:27 GMT
server: cloudflare
etag: W/"706de7bad195044244572950d562e14d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: LnE7PgGhZCmzrDthwn8d8CF.czjYz2iU
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cedfac990204-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H3 200 82.83ce6d83.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
5 KB 139ms
135ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/82.83ce6d83.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78a688bf794d2b0344741a5bd24831d2527d999e5395b8f19055b0b82805373d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 234974
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNHDCBR3B6ZMNA8X
x-amz-id-2: qJC1bfUmqAsLIIwNe7N7rxiKFcgwA3LbPEVSUrfDXggaxU5TzfiCXUlaRZhTzGUJfS/J8TMbnsU=
last-modified: Thu, 14 Apr 2022 09:06:33 GMT
server: cloudflare
etag: W/"14e1c3bb89a150e9af8b6e481200d7f9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: pPofGSIVAl0KmPhGyMZSP9BXsaGh4qy_
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cedfac9a0204-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H3 200 108.03b9652e.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 100 KB
18 KB 139ms
135ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/108.03b9652e.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55a9dfcc7fb458905a960b1d44c73ef9fd59c959393f31d0e5ecdf99e137a849

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 234974
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH7CFHB8RDR73VJ
x-amz-id-2: kYoF14l5ZxbPwO0NZ+X7+shscUQBWUmUeGhVd5s+iLTzZpfb0QCDxLnTpatDgpMPWsaCDdUegaI=
last-modified: Fri, 15 Apr 2022 08:10:20 GMT
server: cloudflare
etag: W/"7c2ea1f36d696b74936232f1e88900d4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: G2eY.NzI3u6RxUOwjwtpIZlWWV4tJwUj
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cedfac9c0204-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H3 200 5281.652a7988.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
3 KB 139ms
135ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5281.652a7988.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2efe526dc817b96a4822fdfbee06c9100af12e59e1e3a20932e6745c35e09988

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 234974
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNHA6FG3QS6BVZBR
x-amz-id-2: bKpvQT0l0R+9iZqrjI+NXH9ySdz2IFP+YXfDKuy5s72Zk70knnO/JKoSdTDbKkL+TCOkHk72s6s=
last-modified: Thu, 14 Apr 2022 09:06:29 GMT
server: cloudflare
etag: W/"04b131139a2938b205f512652ec29a97"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 33irNxWTdFjop9o1_s8tyzZ.0zoR_rMU
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cedfac9d0204-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H3 200 4483.0101c012.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 38 KB
11 KB 140ms
135ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4483.0101c012.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

07918926d32c0d5d21c288246436f1cc382a3b9adf3aa176a4b8c0816af62223

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 234974
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH1YTQ6E6M920R7
x-amz-id-2: dYayIGduzTq4ZA4PK7fr/S4vhbNG20MqIBzVL0gN9baEYSZSgb+ekkXPwUV+BVhNUH2dpYE9jQc=
last-modified: Thu, 14 Apr 2022 09:06:27 GMT
server: cloudflare
etag: W/"561e556084890738e5ab71de9801ee5d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: hRmNv03McdnjlIEbnQRlszZjFIUcsYjR
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cedfac9e0204-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H3 200 5436.fc39abce.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 46 KB
12 KB 140ms
136ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5436.fc39abce.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd0087577c271b36d8fc5d37717b676f7a217bec2fb4bd5136768159ded5d46c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 242164
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 1RMK4RZ41YTA78QZ
x-amz-id-2: bX0nrnWvk7HvJIxVwSQG9t/IEtUV+avtvlVHRcMdaXwjoXxYi8r91uPcvKoynxyjCwNqfPHuOb0=
last-modified: Wed, 27 Apr 2022 15:47:54 GMT
server: cloudflare
etag: W/"86548260585abaa50379184d5886d9b7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: ..4jVd0te3irwrhfZcbtSr4ZJifMyKOq
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cedfac9f0204-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H3 200 3043.34648c6a.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 16 KB
4 KB 140ms
136ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3043.34648c6a.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

41234e184791c80f9a83742fa6c197d988d2565c6608e0ee4e3373e93e31445b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 424628
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 41JJSBHRFDQ8PDRD
x-amz-id-2: XSga7+dFr1nQbg0udnpaD+ZembEzEPdu+SftY2Oh1KKvw1c9bKoMx1JiDFAD6dkwWt7KaglqoQE=
last-modified: Wed, 13 Apr 2022 09:57:05 GMT
server: cloudflare
etag: W/"57e7dd326c1b4d24e44ed9b8655754f5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: qLLyYE6QMBOdC61niRO7qEtzgOLMz.Fw
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cedfaca30204-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H3 200 8849.e115d3a3.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
4 KB 142ms
138ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8849.e115d3a3.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

10e46dff53123335dce3e87dfc8251b15ed13b86826aa3118739b1243ed6d52c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 234974
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: HAATHP1X27M9HZPW
x-amz-id-2: 683N1h/tXCINTqDwy3VcGYllMGCVmR7O99borv9elo47JM5seRVfVFqZ/3Ntjb+Snb+lPFzB4UA=
last-modified: Thu, 14 Apr 2022 09:06:34 GMT
server: cloudflare
etag: W/"d163a762211dc93b003999a47cafe931"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: ugBxVtgkTa8ZpfcJJs1c.657kjvR0RNP
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cedfaca40204-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H3 200 PostPage.MainContent.4b390770.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 149 KB
35 KB 142ms
138ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/PostPage.MainContent.4b390770.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b43930561a52851efe9c47f9deef3b1343a4f280933855a288ac9952330c35da

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 242164
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 1RMM8BABVJYBYFRP
x-amz-id-2: DIL/kw4d+sbDBP7KFvJ4lYu06spblUKLq0IFSNpP2uNKlOi4yl7tx7bBmBbKK2w016L3ydD8iaU=
last-modified: Fri, 29 Apr 2022 16:42:17 GMT
server: cloudflare
etag: W/"34cd202db27cd0e9fbcea7b99b726c10"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 7rvg21TV3JAgWb0bMLk.jkAJO4W4.Kvu
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cedfaca50204-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H3 200 9855.9e69fa39.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 17 KB
6 KB 143ms
139ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9855.9e69fa39.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b8abac313c0dae8e2709ed36c1c1676d1a8a86c8e3a3965a179442e669c25afa

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 234974
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH7H59J7QC6V68X
x-amz-id-2: gyS8ldjT8aws/lMw9VGPbkNS48v4x0dQz9XhRbQlSgj4SBP/PTxNceMrNo1pV1Nwwd1aERiim2E=
last-modified: Fri, 15 Apr 2022 18:26:13 GMT
server: cloudflare
etag: W/"01bbdff36d0c4903b3d076b034dbd253"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: koXbgREQZJn8hxN5mgAbbW0MQggqXgDa
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cedfaca70204-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H3 200 6867.bcfa4e6c.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
3 KB 144ms
139ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6867.bcfa4e6c.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

045676d2831ed605d4edf201f9b8e3bc4fc46e4d488d9e677b6fa83043de6720

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 234974
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH7YTTQSSZG18XS
x-amz-id-2: XKHuYZfu5msrcHtwsAJFK4PajzVv2H7yH2KREVMevuFRrEo3FhDJ5YzD9YCBOURVowD9fmNpvk0=
last-modified: Thu, 14 Apr 2022 09:06:31 GMT
server: cloudflare
etag: W/"c35955eb45367a3c5a61cb3e5279c051"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: T1iOWUKz_Z7hLHCKM26CR_AUg99Ys3ui
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cedfaca80204-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H3 200 8267.bd6c7fcc.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 14 KB
5 KB 144ms
139ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8267.bd6c7fcc.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0e862a957a95b167600d06cd2c964ac06266092937f8ca2f587d302221e07736

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 234974
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH9TT2FRDHEJAJN
x-amz-id-2: CzZXWd4XJhBL5DlE2SA+PFp4LcvTYJPcsYcI34zw48MscRCdM4Mw+AsEGsodT9ffByISg9U31vw=
last-modified: Thu, 14 Apr 2022 09:06:33 GMT
server: cloudflare
etag: W/"6398675540e0c71d315b2ef2e05ed6fc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: fgCIJoEUvzHhaObJL5yEPMH3fkD2i4oj
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cedfaca90204-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H3 200 PostPage.RightColumnContent.ad17f5ca.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 29 KB
8 KB 144ms
140ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/PostPage.RightColumnContent.ad17f5ca.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

82da7bb07cf25157db0e2a0d86abf66d4657bd3bdbf0df82c806ad37cc2f2670

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 448321
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 4DKKM7ZVSG369GAQ
x-amz-id-2: lIR+N0aJYaAlmKCqrlUVVb3zjRX40givVN9jsZnW2KkwygcVqZbdjek2Byn4mj2yXCo4Se8lYxs=
last-modified: Tue, 26 Apr 2022 15:19:16 GMT
server: cloudflare
etag: W/"0be1fc1197eeff20c2723d32d395567a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: zc8_aQub6ydNnaRxC11_RVPjqI2Awjw.
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cedfacab0204-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H3 200 4792.14f7a597.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 92 KB
24 KB 40ms
39ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4792.14f7a597.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.2de70306.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

037c0651d9c9b72d1c9a88010e2530907e7fbca66d4f1c97bceea1393f1e7c3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 234974
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: HAAK2JN6DE2M03W6
x-amz-id-2: Ypea0MIYkuTkpRkidUVMlfjFOekUzA45uC+Vg260xcsMfq7uG8JtKFIS4kZQE6pRewZ1DuqXM8M=
last-modified: Thu, 14 Apr 2022 09:06:28 GMT
server: cloudflare
etag: W/"68d93728be9339fe82bac120d5ca3d8d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: G5oQk1h_lSKJ4xkTzMHQRHB7mff9ylPH
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cee49bc90204-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H3 200 7084.b2e2a6eb.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 68 KB
19 KB 31ms
31ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7084.b2e2a6eb.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.2de70306.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5f9800223ce8f0691ee91d0721640086a5022d8c27d9497adbef62b5b76678aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 234974
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: HAAQ1BHG1Q16PVH1
x-amz-id-2: rpTC/g1yauiB3ex3gZ+cTKDlgxEFf7nDWcxwzgh1Yqr5GFF4SJIy94jJA7RtkinTdZa5o0XjG1A=
last-modified: Thu, 14 Apr 2022 09:06:31 GMT
server: cloudflare
etag: W/"73521766007a340f43277ee2bb9cef8e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: cfpB7exect7gEoieK.cn9tDJbfHjhHR.
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cee49bcb0204-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H3 200 8537.29ab83f7.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 7 KB
3 KB 26ms
25ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8537.29ab83f7.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.2de70306.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5679f29ecd4ef217d09efc2f24975ae464eaacb7f2a5d0c6d8f8826da7ec021b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 234974
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: HAANM2B6MZQ1F68J
x-amz-id-2: 84d2zFKasory9ZlNDSGTzv3EI87GPZohOsS6HQXKDHJfZxnTUM7J1mJ4vUF7Ru6V2JeVI0zORIo=
last-modified: Thu, 14 Apr 2022 09:06:34 GMT
server: cloudflare
etag: W/"e184386ab56bc2c712b8e6fbc4f83a8f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: Qk_8LgS9pAqsMKxCAf8ZI8XsRNIYBH9A
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cee49bce0204-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H3 200 3551.69fe8b4c.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 22 KB
8 KB 32ms
32ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3551.69fe8b4c.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.2de70306.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e4cb950f759cf04de04b107cf1a1d3d7beb457c57abbb06ba0e53353d6854435

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 234974
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: HAAMWT2XVG25CV99
x-amz-id-2: O92GO+f5wp4MZTPejDTn027EcUMgktwemYti2/OluHYSoWgSQr9BjKB8dPZlk2XUWR7lcrHbwk0=
last-modified: Thu, 14 Apr 2022 09:06:26 GMT
server: cloudflare
etag: W/"bbfd20f6707f94928e866764ecff85e8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: ayC7oy9vYwAPAudL09GUE6theIm7Cjz_
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cee49bd00204-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H3 200 9104.d15c7fd3.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 93 KB
27 KB 40ms
39ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9104.d15c7fd3.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.2de70306.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f6da58ca59f2d4d96243cad2a0e35cdef45ded2eaa9f2288080cbb8f1a6b2e82

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 854170
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: QEQG1NQ8J5CB39CW
x-amz-id-2: g5IYOXQ9mUKoAEomLHx2Hx3CTMEbyMdOVut6d64NtPVU9YZCmoP6u5c9ErbYOUXj8WIA4/rrbYk=
last-modified: Fri, 22 Apr 2022 08:22:49 GMT
server: cloudflare
etag: W/"2f090aef0d5d462631bb3c8eb2c005b4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: lp88Tinxiq7hM9Uc.oqB0CgCT8vY1VHj
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cee49bd30204-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H3 200 ThreadedResponsesSidebar.5bca90ec.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 11 KB
5 KB 40ms
40ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/ThreadedResponsesSidebar.5bca90ec.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.2de70306.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e46ae7646156ceff7f10d7adf0ce70c42fe739a24a769c52b7377f7985d56ecb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 234974
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: HAAPMGZVJHNV5J09
x-amz-id-2: eF4yArygea9fVOUXGzbQQJNVcfA3odVWQVHCxt5IMmeKzyNRm4Msc5B29hxHg3vP7Uq2gsNocLY=
last-modified: Thu, 14 Apr 2022 09:07:04 GMT
server: cloudflare
etag: W/"6cb059260c23a64ab427e5204bbbf3f8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: cZnuP3jpIHqMOMoLkKnEZh4blbs.yVCq
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cee49bd40204-ZRH
expires: Tue, 02 May 2023 12:37:25 GMT

GET
H3 200 1*dmbNkD5D-u45r44go_cf0g.png
miro.medium.com/fit/c/24/24/ 383 B
790 B 33ms
33ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/24/24/1*dmbNkD5D-u45r44go_cf0g.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c7472f7ddd48154cafa5966a38a523318a4c9463190594712195bfaba962220a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:26 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 219495
x-envoy-upstream-service-time: 51
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 383
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 7050cee66e730204-ZRH
expires: Wed, 01 Jun 2022 12:37:26 GMT

GET
H3 200 1*AKQ4cT51gcN4EmWpcJbNEQ.jpeg
miro.medium.com/fit/c/20/20/ 887 B
1 KB 128ms
128ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*AKQ4cT51gcN4EmWpcJbNEQ.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

929f0b3618d0160011013f1e00fcc9e51defae6b76bb585af955baaec25413a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:26 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 44
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 887
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cee66e740204-ZRH
expires: Wed, 01 Jun 2022 12:37:26 GMT

GET
H3 200 0*T_vmStdFlN9LwSqy
miro.medium.com/focal/56/56/50/50/ 2 KB
2 KB 125ms
124ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/0*T_vmStdFlN9LwSqy

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c62910cdaa9ca3408e925cac99b9f4368f73a9d8de089ba25471a9aefa9476d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:26 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 35
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2127
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cee66e750204-ZRH
expires: Wed, 01 Jun 2022 12:37:26 GMT

GET
H3 200 1*OHbXtgSIV1gGcnG6_0u_YA.png
miro.medium.com/fit/c/20/20/ 552 B
958 B 40ms
39ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*OHbXtgSIV1gGcnG6_0u_YA.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7cf1f2a2ebfd5a5260aed8221a68b10b294764821c1465af0ed8ac884a882b30

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:26 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 14044
x-envoy-upstream-service-time: 34
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 552
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 7050cee66e780204-ZRH
expires: Wed, 01 Jun 2022 12:37:26 GMT

GET
H3 200 1*yhUMsApmfVB7sDiFfnJM8Q.png
miro.medium.com/focal/56/56/50/50/ 2 KB
3 KB 158ms
157ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/1*yhUMsApmfVB7sDiFfnJM8Q.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c8055d0abce3e3194f05d9b67751bd4096a9cd8573c31539c6f3316ca45bf7b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:26 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 39
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2383
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cee66e790204-ZRH
expires: Wed, 01 Jun 2022 12:37:26 GMT

GET
H3 200 1*vs59_LRb_SmKADkM4KVXjg.jpeg
miro.medium.com/fit/c/20/20/ 1014 B
1 KB 133ms
132ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*vs59_LRb_SmKADkM4KVXjg.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9659835bfed3392755119d8685120842003bbab1d1310625cef721d9e940a288

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:26 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 74
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1014
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 7050cee66e7b0204-ZRH
expires: Wed, 01 Jun 2022 12:37:26 GMT

GET
H3 200 0*g6bDQ-QUmmG1mDIH
miro.medium.com/focal/56/56/50/50/ 2 KB
2 KB 134ms
132ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/0*g6bDQ-QUmmG1mDIH

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

91bf45bb362b5ab124a381e15a1483d5617bad00a28ea887770432c2bc80b157

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:26 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 48
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2131
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cee66e7c0204-ZRH
expires: Wed, 01 Jun 2022 12:37:26 GMT

GET
H3 200 0*7B0qujBEUf9Mws-4
miro.medium.com/fit/c/20/20/ 996 B
1 KB 138ms
136ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/0*7B0qujBEUf9Mws-4

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae396a5a0cea065cb4430f4adb864267784154828334af3151cecf5a5020132a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:26 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 41
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 996
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cee66e7d0204-ZRH
expires: Wed, 01 Jun 2022 12:37:26 GMT

GET
H3 200 2*2hUfjdY1ONGsla6XJcBHEw.jpeg
miro.medium.com/fit/c/20/20/ 949 B
1 KB 127ms
124ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/2*2hUfjdY1ONGsla6XJcBHEw.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

211e4b049defdee73e54f4bc51a8e4b83f49508c9f7f1fca0e724eecc9c164be

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:26 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 47
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 949
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cee66e830204-ZRH
expires: Wed, 01 Jun 2022 12:37:26 GMT

GET
H3 200 1*oTmcx_qDWCtP5RKvy3iuxg.png
miro.medium.com/focal/56/56/50/50/ 2 KB
2 KB 128ms
126ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/1*oTmcx_qDWCtP5RKvy3iuxg.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

edd2545f35d67cbed67c28c7f44e2b33856c359a5f8a54b6aa513d35776b5d0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:26 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 37
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1573
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cee66e840204-ZRH
expires: Wed, 01 Jun 2022 12:37:26 GMT

GET
H3 200 1*RC7gZWdczzhbRG_CV1vz1g.jpeg
miro.medium.com/fit/c/20/20/ 998 B
1 KB 37ms
35ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*RC7gZWdczzhbRG_CV1vz1g.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9f7b1c49906eae527208ba88eada86422aa8b86c2820c74c68f56a62b693333b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:26 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 67063
x-envoy-upstream-service-time: 34
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 998
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 7050cee66e860204-ZRH
expires: Wed, 01 Jun 2022 12:37:26 GMT

GET
H3 200 0*YmNZ97vPVmaIM90T.jpg
miro.medium.com/fit/c/20/20/ 267 B
678 B 139ms
137ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/0*YmNZ97vPVmaIM90T.jpg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e12e786013197aef083989a0591e05cd3fe5314a5ee838f224225069df5d2ccb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:26 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 33
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 267
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cee66e8b0204-ZRH
expires: Wed, 01 Jun 2022 12:37:26 GMT

GET
H3 200 1*6fGkhqo16iFGDEQ-wQZw3A.jpeg
miro.medium.com/focal/56/56/50/50/ 2 KB
3 KB 157ms
155ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/1*6fGkhqo16iFGDEQ-wQZw3A.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5ce07b0c2d3f35e8193b9da4e829480830b9e9c9b061392018cd37f2b372e54b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:26 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 53
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2178
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cee66e8d0204-ZRH
expires: Wed, 01 Jun 2022 12:37:26 GMT

GET
H3 200 1*Ul6gtVQZaiI1qhnp-zJWLg.png
miro.medium.com/fit/c/20/20/ 305 B
711 B 42ms
40ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*Ul6gtVQZaiI1qhnp-zJWLg.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

12c6be40dcd70da7f8d8f70e0d150d45bc8ad57692a3e62403f0f754ee2bce86

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:26 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 53494
x-envoy-upstream-service-time: 98
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 305
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 7050cee66e8f0204-ZRH
expires: Wed, 01 Jun 2022 12:37:26 GMT

GET
H3 200 1*Kf_1bx1MP-isDfC4vop3aw.png
miro.medium.com/focal/56/56/50/50/ 7 KB
7 KB 140ms
138ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/1*Kf_1bx1MP-isDfC4vop3aw.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

24336f5b1f01e184ab7846ab979ea1a053edad46c666e094e2317b7a259d313b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:26 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 49
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 7096
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cee66e900204-ZRH
expires: Wed, 01 Jun 2022 12:37:26 GMT

GET
H3 200 0*e6CtPa9OWXxpfQ-f.png
miro.medium.com/fit/c/20/20/ 887 B
1 KB 124ms
123ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/0*e6CtPa9OWXxpfQ-f.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fccf5ac15c1f87152527ac52f878c87c370b0f101316ad1868338d9e645df70f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:26 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 93
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 887
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220322-153408-5d6507f242
accept-ranges: bytes
cf-ray: 7050cee66e920204-ZRH
expires: Wed, 01 Jun 2022 12:37:26 GMT

GET
H3 200 1*eQ2bDN8sD2idKHs_XQpNZw.png
miro.medium.com/focal/56/56/50/50/ 5 KB
6 KB 143ms
141ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/1*eQ2bDN8sD2idKHs_XQpNZw.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eb3be15be82444084b3a2ce9dec8ed35416cbd237cbf6904454fb56c896d0b01

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:26 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 61
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5357
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cee66e930204-ZRH
expires: Wed, 01 Jun 2022 12:37:26 GMT

GET
H3 200 1*zfpPaX15PJxOKjPH7ciGQw.jpeg
miro.medium.com/fit/c/20/20/ 1 KB
1 KB 135ms
134ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*zfpPaX15PJxOKjPH7ciGQw.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

da5995c95c7f9a202fda3d0122954b75c75a3ea2b83156699118fb87a2f400d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:26 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 2770
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1061
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cee66e940204-ZRH
expires: Wed, 01 Jun 2022 12:37:26 GMT

GET
H3 200 1*A6bf_zkD888pFA3P-O7w2A.jpeg
miro.medium.com/focal/56/56/50/50/ 2 KB
3 KB 144ms
142ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/1*A6bf_zkD888pFA3P-O7w2A.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

345d2b21b01c3d533a687d296a0214d36d2dd4d7f8acc772851bc49bee94a6aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:26 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 115
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2164
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cee66e950204-ZRH
expires: Wed, 01 Jun 2022 12:37:26 GMT

GET
H3 200 0*HmJx-3_KqJvmxYcJ
miro.medium.com/fit/c/20/20/ 973 B
1 KB 132ms
131ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/0*HmJx-3_KqJvmxYcJ

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bf59f57ab858e8d4970262473de4f5a7e7fa18b836c9827e579af4654fb94b92

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:26 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 83
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 973
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cee66e960204-ZRH
expires: Wed, 01 Jun 2022 12:37:26 GMT

GET
H3 200 1*yzFIeRjbME07ZTDm6OLOGw.jpeg
miro.medium.com/focal/56/56/50/50/ 2 KB
3 KB 123ms
122ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/1*yzFIeRjbME07ZTDm6OLOGw.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

09ed7f55967e73c995d82b30bf0ffb1bfc3bce1b01afd468b8efde5ef4ca39d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:26 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 63
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2419
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cee66e980204-ZRH
expires: Wed, 01 Jun 2022 12:37:26 GMT

GET
H3 200 0*nhRB_dadhiEmWoJi
miro.medium.com/fit/c/20/20/ 331 B
731 B 139ms
138ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/0*nhRB_dadhiEmWoJi

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8774d6086c4c6dedfbc82571bec2656a39ad57620b3242384e9436b0c6a91eb1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:26 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 39
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 331
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cee66e9b0204-ZRH
expires: Wed, 01 Jun 2022 12:37:26 GMT

GET
H3 200 1*YD6dMS_npmKs1A3kSFgymA.png
miro.medium.com/focal/56/56/50/50/ 4 KB
4 KB 135ms
134ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/1*YD6dMS_npmKs1A3kSFgymA.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8efc2ee287b42948ff9ee59c8e331d2dd0ea09541139b5bb9c282cadefe5e8a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:26 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 35
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3907
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cee66e9d0204-ZRH
expires: Wed, 01 Jun 2022 12:37:26 GMT

POST
H2 200 graphql Show response
posts.specterops.io/_/ 143 B
440 B 112ms
112ms Fetch
application/json 52.4.145.119
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.4.145.119 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-4-145-119.compute-1.amazonaws.com

Software

nginx /

Resource Hash

deb5205dd63882896669be64241e6544dcbdab3b81adecb9b0c3f2a820d194e6

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 73a868090b63b8ed
Medium-Frontend-Path: /code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
Graphql-Operation: VisitorQuery
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Medium-Frontend-App: lite/main-20220429-164525-76b86985eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
apollographql-client-version: main-20220429-164525-76b86985eb
ot-tracer-spanid: 78ec0389189f08e3

Response headers

date: Mon, 02 May 2022 12:38:04 GMT
sepia-upstream: medium
server: nginx
etag: W/"8f-J0WzRweT0z+YxVLN5XuM6dMgUJ4"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220427-204309-b6dfbe6d15, rito/main-20220502-112849-d11ea35936
x-envoy-upstream-service-time: 13
content-length: 143
x-xss-protection: 0
x-request-received-at: 1651495046490

POST
H2 200 graphql Show response
posts.specterops.io/_/ 108 B
429 B 167ms
167ms Fetch
application/json 52.4.145.119
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.4.145.119 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-4-145-119.compute-1.amazonaws.com

Software

nginx /

Resource Hash

02e9e1939e214dfa38c8eab94afca48043e7f00c46e95908662548a7d19819e1

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 73a868090b63b8ed
Medium-Frontend-Path: /code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
Graphql-Operation: PostPageMeterQuery
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Medium-Frontend-App: lite/main-20220429-164525-76b86985eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
apollographql-client-version: main-20220429-164525-76b86985eb
ot-tracer-spanid: 78ec0389189f08e3

Response headers

date: Mon, 02 May 2022 12:38:04 GMT
sepia-upstream: medium
server: nginx
etag: W/"6c-I3CG28DxUiEEF9QH3iLEotaTHR8"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220427-204309-b6dfbe6d15, rito/main-20220502-112849-d11ea35936, tutu/main-20220429-184122-1a1a67f8b7
x-envoy-upstream-service-time: 67
content-length: 108
x-xss-protection: 0
x-request-received-at: 1651495046490

POST
H2 200 graphql Show response
posts.specterops.io/_/ 838 B
1 KB 160ms
160ms Fetch
application/json 52.4.145.119
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.4.145.119 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-4-145-119.compute-1.amazonaws.com

Software

nginx /

Resource Hash

1dc394e89497372853c59d311779982cbbdc15933ee02ad954da5e62639f12f5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 73a868090b63b8ed
Medium-Frontend-Path: /code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
Graphql-Operation: UserViewerEdge
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Medium-Frontend-App: lite/main-20220429-164525-76b86985eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
apollographql-client-version: main-20220429-164525-76b86985eb
ot-tracer-spanid: 78ec0389189f08e3

Response headers

date: Mon, 02 May 2022 12:38:04 GMT
sepia-upstream: medium
server: nginx
etag: W/"346-fD0aBtnkn1X91yeixfok2CYhzyg"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220427-204309-b6dfbe6d15, rito/main-20220502-112849-d11ea35936, tutu/main-20220429-184122-1a1a67f8b7
x-envoy-upstream-service-time: 62
content-length: 838
x-xss-protection: 0
x-request-received-at: 1651495046491

POST
H2 200 graphql Show response
posts.specterops.io/_/ 210 B
533 B 141ms
141ms Fetch
application/json 52.4.145.119
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.4.145.119 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-4-145-119.compute-1.amazonaws.com

Software

nginx /

Resource Hash

fb0afa332846d569f168f519894bb864d92713b7a4502a1d7ce2efa2f6607475

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 73a868090b63b8ed
Medium-Frontend-Path: /code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
Graphql-Operation: NewsletterV3ViewerEdge
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Medium-Frontend-App: lite/main-20220429-164525-76b86985eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
apollographql-client-version: main-20220429-164525-76b86985eb
ot-tracer-spanid: 78ec0389189f08e3

Response headers

date: Mon, 02 May 2022 12:38:04 GMT
sepia-upstream: medium
server: nginx
etag: W/"d2-WTZyh/tNZgr763ESV+QTRcIkRwY"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220427-204309-b6dfbe6d15, rito/main-20220502-112849-d11ea35936, tutu/main-20220429-184122-1a1a67f8b7
x-envoy-upstream-service-time: 42
content-length: 210
x-xss-protection: 0
x-request-received-at: 1651495046492

POST
H2 200 graphql Show response
posts.specterops.io/_/ 268 B
590 B 136ms
136ms Fetch
application/json 52.4.145.119
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.4.145.119 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-4-145-119.compute-1.amazonaws.com

Software

nginx /

Resource Hash

de1476ade2ee62440245633af46e439c95be3d912baf9e6a1c92f239131856e3

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 73a868090b63b8ed
Medium-Frontend-Path: /code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
Graphql-Operation: PostViewerEdgeQuery
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Medium-Frontend-App: lite/main-20220429-164525-76b86985eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
apollographql-client-version: main-20220429-164525-76b86985eb
ot-tracer-spanid: 78ec0389189f08e3

Response headers

date: Mon, 02 May 2022 12:38:04 GMT
sepia-upstream: medium
server: nginx
etag: W/"10c-d0akinh5qYBiYHLouK6BJXCIRDY"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220427-204309-b6dfbe6d15, rito/main-20220502-112849-d11ea35936, tutu/main-20220429-184122-1a1a67f8b7
x-envoy-upstream-service-time: 38
content-length: 268
x-xss-protection: 0
x-request-received-at: 1651495046492

POST
H2 200 graphql Show response
posts.specterops.io/_/ 103 B
398 B 215ms
215ms Fetch
application/json 52.4.145.119
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.4.145.119 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-4-145-119.compute-1.amazonaws.com

Software

nginx /

Resource Hash

aff6e5d1740b33e9611dfd5f8c9aa4bb0842270f37bca94d654ef53ac21e422b

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 73a868090b63b8ed
Medium-Frontend-Path: /code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Graphql-Operation: MaybeTextToSpeechQuery
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Medium-Frontend-App: lite/main-20220429-164525-76b86985eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
apollographql-client-version: main-20220429-164525-76b86985eb
ot-tracer-spanid: 78ec0389189f08e3

Response headers

date: Mon, 02 May 2022 12:38:04 GMT
sepia-upstream: medium
server: nginx
etag: W/"67-hwVXqeGehpUH7w76cB3LOBt2Lkg"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220427-204309-b6dfbe6d15, rito/main-20220502-112849-d11ea35936
x-envoy-upstream-service-time: 26
content-length: 103
x-xss-protection: 0
x-request-received-at: 1651495046584

POST
H2 200 graphql Show response
posts.specterops.io/_/ 96 B
415 B 245ms
244ms Fetch
application/json 52.4.145.119
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.4.145.119 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-4-145-119.compute-1.amazonaws.com

Software

nginx /

Resource Hash

aaaca262fe6fc64fafe54bd0236329a0ad10abe3ece58da67d89725ebf0589bf

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 73a868090b63b8ed
Medium-Frontend-Path: /code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Graphql-Operation: InteractivePostBodyQuery
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Medium-Frontend-App: lite/main-20220429-164525-76b86985eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
apollographql-client-version: main-20220429-164525-76b86985eb
ot-tracer-spanid: 78ec0389189f08e3

Response headers

date: Mon, 02 May 2022 12:38:04 GMT
sepia-upstream: medium
server: nginx
etag: W/"60-Ot8fahRq/24OZZD50baRxE1h1oo"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220427-204309-b6dfbe6d15, rito/main-20220502-112849-d11ea35936, tutu/main-20220429-184122-1a1a67f8b7
x-envoy-upstream-service-time: 61
content-length: 96
x-xss-protection: 0
x-request-received-at: 1651495046583

GET
H3 200 responses.editor.857df5ad.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
4 KB 26ms
26ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/responses.editor.857df5ad.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.2de70306.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c91ebb44296a087c6734815b767b2631cf21cbb446757abe01d92ebb97323a4a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 234190
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 887XZEAFQ44HRT6J
x-amz-id-2: flfXVoow0Wmc3WN/tyqoDVzkRf7DYQv4tJYETVVuuy28XaXVMqn40KHtB0lK5e8LRimUG5SDIZo=
last-modified: Thu, 14 Apr 2022 09:07:31 GMT
server: cloudflare
etag: W/"195376c9eb500dd7a4c4583562103d50"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: n9gS1uYafrO67iJ9cRLDZTxo6qKQufkF
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cee899c60204-ZRH
expires: Tue, 02 May 2023 12:37:26 GMT

GET
H3 200 sohne-400-italic.woff
glyph.medium.com/font/3887986/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 19 KB
20 KB 24ms
24ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/3887986/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-400-italic.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d4997e3de54c0bc7f4b845fb053c714d48c52eed08a18f7555b2abc003e1990

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 16123479
x-envoy-upstream-service-time: 33
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 7050cee8acf623f7-ZRH
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 02 May 2023 12:37:26 GMT

POST
H2 200 graphql Show response
posts.specterops.io/_/ 9 KB
2 KB 211ms
211ms Fetch
application/json 52.4.145.119
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.4.145.119 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-4-145-119.compute-1.amazonaws.com

Software

nginx /

Resource Hash

fb04017a1bc9167cfdfd91bfffa2c0f6bfe9218d6c141aab23d0323981c54785

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 73a868090b63b8ed
Medium-Frontend-Path: /code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Graphql-Operation: PagedThreadedPostResponsesQuery
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Medium-Frontend-App: lite/main-20220429-164525-76b86985eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
apollographql-client-version: main-20220429-164525-76b86985eb
ot-tracer-spanid: 78ec0389189f08e3

Response headers

date: Mon, 02 May 2022 12:38:04 GMT
content-encoding: gzip
sepia-upstream: medium
server: nginx
etag: W/"22bb-4PHlTH7BP0l44tASbzc4IpnaW6M"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220427-204309-b6dfbe6d15, rito/main-20220502-112849-d11ea35936, tutu/main-20220429-184122-1a1a67f8b7
x-envoy-upstream-service-time: 114
x-xss-protection: 0
x-request-received-at: 1651495046593

POST
H2 200 /
posts.specterops.io/_/clientele/reports/performance/ 0
0 102ms
101ms Fetch
application/octet-stream 52.4.145.119
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://posts.specterops.io/_/clientele/reports/performance/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.aca3d227.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.4.145.119 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-4-145-119.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 02 May 2022 12:38:04 GMT
medium-fulfilled-by: valencia/main-20220427-204309-b6dfbe6d15, clientele/main-20220415-143145-f9ab5ad4ad
x-envoy-upstream-service-time: 5
sepia-upstream: medium
server: nginx
content-length: 0
content-type: application/octet-stream

POST
H2 200 /
posts.specterops.io/_/clientele/reports/performance/ 0
0 107ms
106ms Fetch
application/octet-stream 52.4.145.119
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://posts.specterops.io/_/clientele/reports/performance/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.aca3d227.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.4.145.119 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-4-145-119.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 02 May 2022 12:38:04 GMT
medium-fulfilled-by: valencia/main-20220427-204309-b6dfbe6d15, clientele/main-20220415-143145-f9ab5ad4ad
x-envoy-upstream-service-time: 5
sepia-upstream: medium
server: nginx
content-length: 0
content-type: application/octet-stream

POST
H2 200 /
posts.specterops.io/_/clientele/reports/performance/ 0
0 103ms
102ms Fetch
application/octet-stream 52.4.145.119
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://posts.specterops.io/_/clientele/reports/performance/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.aca3d227.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.4.145.119 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-4-145-119.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 02 May 2022 12:38:04 GMT
medium-fulfilled-by: valencia/main-20220427-204309-b6dfbe6d15, clientele/main-20220415-143145-f9ab5ad4ad
x-envoy-upstream-service-time: 4
sepia-upstream: medium
server: nginx
content-length: 0
content-type: application/octet-stream

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 27ms
6ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 1097
date: Mon, 02 May 2022 12:19:09 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 02 May 2022 14:19:09 GMT

GET
H2 200 branch-latest.min.js Show response
cdn.branch.io/ 79 KB
24 KB 32ms
7ms Script
text/javascript 143.204.98.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.branch.io/branch-latest.min.js
Requested by: Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=53524be7dbe4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-117.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 93019ef931f847b3f88047feb3c87914c648839920dfd0482fe4d640a106372e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-amz-version-id: dPcbo._dc8laXt1CGk.P2lrH66o74Yit
content-encoding: gzip
last-modified: Thu, 14 Oct 2021 16:27:46 GMT
server: AmazonS3
age: 65
etag: "49d34b8e058b253d35893807b3bac09d"
x-cache: Hit from cloudfront
content-type: text/javascript
via: 1.1 fb8c0300277bd0137c1693d3d64ab550.cloudfront.net (CloudFront)
cache-control: max-age=300
date: Mon, 02 May 2022 12:36:22 GMT
x-amz-cf-pop: FRA50-C1
content-length: 23872
x-amz-cf-id: aUMNT8XP4qjwMoIO-jKyi1ldm_k2jB3GFZeEb5DHCj5sDNcNym36mA==

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 29ms
14ms XHR
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1347261440&t=pageview&_s=1&dl=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&ul=en-us&de=UTF-8&dt=Code%20Signing%20Certificate%20Cloning%20Attacks%20and%20Defenses%20%7C%20by%20Matt%20Graeber%20%7C%20Posts%20By%20SpecterOps%20Team%20Members&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=990688862&gjid=76309472&cid=513093782.1651495048&tid=UA-24232453-2&_gid=1321042285.1651495048&_r=1&_slc=1&z=1575175131

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 02 May 2022 12:37:27 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://posts.specterops.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 24ms
13ms XHR
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1347261440&t=pageview&_s=1&dl=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&ul=en-us&de=UTF-8&dt=Code%20Signing%20Certificate%20Cloning%20Attacks%20and%20Defenses%20%7C%20by%20Matt%20Graeber%20%7C%20Posts%20By%20SpecterOps%20Team%20Members&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEDAAEABAAAAAC~&jid=43511045&gjid=1539301333&cid=513093782.1651495048&tid=UA-102239211-2&_gid=1321042285.1651495048&_r=1&_slc=1&z=95751508

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 02 May 2022 12:37:27 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://posts.specterops.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 _r Show response
app.link/ 91 B
565 B 195ms
165ms Script
text/javascript 2600:9000:2315:2200:19:9934:6a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.link/_r?sdk=web2.59.0&branch_key=key_live_ofxXr2qTrrU9NqURK8ZwEhknBxiI6KBm&callback=branch_callback__0

Requested by

Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:2200:19:9934:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

openresty / Express

Resource Hash

ec7ef9186d60b0090e46f05c88fab18835a3ef1826fe4e579633adfbbb34bcc2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:27 GMT
via: 1.1 98bb66c97d4f153aac116d087b36dc40.cloudfront.net (CloudFront)
x-content-type-options: nosniff
server: openresty
x-amz-cf-pop: DUS51-P2
x-powered-by: Express
x-cache: Miss from cloudfront
content-type: text/javascript; charset=utf-8
content-length: 91
etag: W/"5b-+MbIf+RlOzVlzw4DjUfKT65oXV0"
x-amz-cf-id: fRvbzmoXaY4m6GNDIw0K6_bV-zo4j-0gT0hZwYML6eVFCtW-YJkVSg==

POST
H2 400 graphql Show response
posts.specterops.io/_/ 138 B
452 B 207ms
206ms Fetch
text/html 52.4.145.119
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.4.145.119 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-4-145-119.compute-1.amazonaws.com

Software

nginx /

Resource Hash

dc0a4948011b3bf48695d6b088a8ad2a65b902eee0dfa2bff5ec3b7d77e9941c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 73a868090b63b8ed
Medium-Frontend-Path: /code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Graphql-Operation: PostNextFiveStoriesCollection
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Medium-Frontend-App: lite/main-20220429-164525-76b86985eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
apollographql-client-version: main-20220429-164525-76b86985eb
ot-tracer-spanid: 78ec0389189f08e3

Response headers

content-security-policy: default-src 'none'
x-content-type-options: nosniff
sepia-upstream: medium
server: nginx
date: Mon, 02 May 2022 12:38:05 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220427-204309-b6dfbe6d15, rito/main-20220502-112849-d11ea35936
x-envoy-upstream-service-time: 11
content-length: 138
x-xss-protection: 0
x-request-received-at: 1651495047917

POST
H2 200 open Show response
api2.branch.io/v1/ 316 B
631 B 363ms
329ms XHR
application/json 2600:9000:2315:a200:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/open
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:a200:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: f08a04bafd70509a7750b6713f406b759341255c84ab8f87419a9514002aaeab

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 02 May 2022 12:37:28 GMT
via: 1.1 374989d04bb9f7efef831637d8f4b234.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P2
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache
x-branch-request-id: 7a38a9a6d1c144cfb30c41cac5778684-2022050212
content-length: 316
x-amz-cf-id: RfPvyax5Mud07yZh3-jZdE2zTj8je-cMwx6zmQR7vWYJaeQVAFcjrA==

POST
H2 200 profile Show response
api2.branch.io/v1/ 183 B
569 B 346ms
346ms XHR
application/json 2600:9000:2315:a200:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/profile

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:a200:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ Express

Resource Hash

607517cba696588e1b4e019e6f977687309b76e6c34221402b8deecdacf1bfa5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 02 May 2022 12:37:28 GMT
via: 1.1 374989d04bb9f7efef831637d8f4b234.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: DUS51-P2
x-powered-by: Express
etag: W/"b7-GcG4pg3P9XsYmeAKPmVVierpMww"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: 179bb862f9c9437590522c4768595297-2022050212
content-length: 183
x-amz-cf-id: xtx1AyO7_OIu_wVKbC9oZ_MLqH1mbZhvLTV6CnkDTSz8y9najzuUjA==

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
390 B 190ms
190ms XHR
application/json 2600:9000:2315:a200:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/pageview
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:a200:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: / Express
Resource Hash: a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 02 May 2022 12:37:28 GMT
via: 1.1 374989d04bb9f7efef831637d8f4b234.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P2
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: 953d18ac699e42749bc789883a46364f-2022050212
content-length: 28
x-amz-cf-id: R4sMDd94Md4gWsQtMHYooryrMq0pO6D0NZK-QADDsg1TFJPuES2BBw==

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
390 B 178ms
177ms XHR
application/json 2600:9000:2315:a200:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/pageview
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:a200:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: / Express
Resource Hash: a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 02 May 2022 12:37:28 GMT
via: 1.1 374989d04bb9f7efef831637d8f4b234.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P2
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: bf8ebf4162454c66a73f6d1e654d93b6-2022050212
content-length: 28
x-amz-cf-id: rnbAcCmuyZZmPiuyVXLMkq9hhaiOoL8eOP_Hm94iv0Yys3seK_jZxQ==

POST
H2 400 batch Show response
posts.specterops.io/_/ 24 B
209 B 106ms
106ms Fetch
text/plain 52.4.145.119
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/batch

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.aca3d227.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.4.145.119 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-4-145-119.compute-1.amazonaws.com

Software

nginx /

Resource Hash

a2d7229fed40e53774254adcf39d0cd21e4a7c7de4512c32b189b79ea88a2d5f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
x-xsrf-token: 1
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
content-type: application/json

Response headers

date: Mon, 02 May 2022 12:38:08 GMT
x-content-type-options: nosniff
sepia-upstream: medium
server: nginx
content-type: text/plain; charset=utf-8
medium-fulfilled-by: valencia/main-20220427-204309-b6dfbe6d15
x-envoy-upstream-service-time: 4
content-length: 24

Verdicts & Comments Add Verdict or Comment

24 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.medium.com/	1970-01-20 11:30:31	Name: sid Value: 1:C94PsvmQgJb0aLy66A71Ow4eqDF9juNVMtJ8U1NM+QuXbTiK/vSMASFo7b/PKMcB
.medium.com/	1970-01-20 11:30:31	Name: uid Value: lo_c5afdc452996
.medium.com/	1969-12-31 23:59:59	Name: __cfruid Value: 1f1a4f39c83e78783814cc67f3e8ed0fc68d15dd-1651495043
posts.specterops.io/	1970-01-20 11:30:31	Name: uid Value: lo_c5afdc452996
posts.specterops.io/	1970-01-20 11:30:31	Name: sid Value: 1:C2oF+r1oGGD6XDP1kAo+Tk3x6VdvS9a4tj1QaNEXWhAgzIMk0SOBMsMsPUNTt+Eh
posts.specterops.io/	1970-01-20 02:44:55	Name: _dd_s Value: rum=0&expire=1651495945850
.specterops.io/	1970-01-20 20:16:07	Name: _ga Value: GA1.2.513093782.1651495048
.specterops.io/	1970-01-20 02:46:21	Name: _gid Value: GA1.2.1321042285.1651495048
.specterops.io/	1970-01-20 02:44:55	Name: _gat Value: 1
.specterops.io/	1970-01-20 02:44:55	Name: _gat_tracker0 Value: 1
.app.link/	1970-01-20 11:30:31	Name: _s Value: HiXgBA5LCX2SL6aa4UyOQ8a9U7udA2WMojLmLo0WHo5gs6CG%2FV6N6aUya59nvIkO

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://posts.specterops.io/_/graphql Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://posts.specterops.io/_/batch Message: Failed to load resource: the server responded with a status of 400 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' https://medium.com

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api2.branch.io
app.link
cdn-client.medium.com
cdn.branch.io
glyph.medium.com
medium.com
miro.medium.com
posts.specterops.io
www.google-analytics.com
143.204.98.117
2600:9000:2315:2200:19:9934:6a80:93a1
2600:9000:2315:a200:11:f728:3040:93a1
2606:4700:7::a29f:9904
2a00:1450:4001:827::200e
52.4.145.119
02e9e1939e214dfa38c8eab94afca48043e7f00c46e95908662548a7d19819e1
037c0651d9c9b72d1c9a88010e2530907e7fbca66d4f1c97bceea1393f1e7c3d
03d1b9a863bbcc586a87dd7fd37e96e7b23d46552c1e9e862332eac62b391a23
045676d2831ed605d4edf201f9b8e3bc4fc46e4d488d9e677b6fa83043de6720
07918926d32c0d5d21c288246436f1cc382a3b9adf3aa176a4b8c0816af62223
0933460b008ff84e427d5cfad6fcc11996c98c27f59bff0b496d864a73aaa4e9
09ed7f55967e73c995d82b30bf0ffb1bfc3bce1b01afd468b8efde5ef4ca39d1
0a68bdc22aa6d2deedff5c4999e3618222cf20b0902530b7f924b9e2a4300e40
0d94f7b463a101acc0aab3becbe0d63929025e42eaa6ff23e6999953ffbcf719
0e4afb12eda0b925f25e1e14874cc5ec3f8107a481fdf55da978358e4f245a99
0e862a957a95b167600d06cd2c964ac06266092937f8ca2f587d302221e07736
0ecbb2bd9e04b3e953a44b24420e54ccf06cd332750b04079d4e49bc89455a00
10e46dff53123335dce3e87dfc8251b15ed13b86826aa3118739b1243ed6d52c
11857895e79aef7d5589552ff01742119d0a0750f0a96e9335155d0c38bbd7d4
11aed8810f133a7e03e92571aaf9d6e4b47e6a008ff64f8a1409a2a191627f87
12c6be40dcd70da7f8d8f70e0d150d45bc8ad57692a3e62403f0f754ee2bce86
16b223867849c67d463897ff4aa970bc9eb172b5ce0089c824bf15b9279a4d65
1dc394e89497372853c59d311779982cbbdc15933ee02ad954da5e62639f12f5
211e4b049defdee73e54f4bc51a8e4b83f49508c9f7f1fca0e724eecc9c164be
23bcf80d51d93cdc5b76301b2817c0ca11a86952938d489ed798a7c251ced164
24336f5b1f01e184ab7846ab979ea1a053edad46c666e094e2317b7a259d313b
27638e3a4e36b6a4a403e0fad7c322855c9a7559a585475e7f1347a109790503
2efe526dc817b96a4822fdfbee06c9100af12e59e1e3a20932e6745c35e09988
2f6c2c34730d1750fbeeafda24dea309bda720a0ba14518453b2314f778eda6c
3140d725f076fec762b22640c8a80c4f96fc5345e5d2081858f540c9395be220
32e2f51b7c073d9ffa72b18ddb1ee134d471e36e901c3f49aa61b28013160b34
33ca0a574612f3d1c32cbfa41440556463cadae2608bc6ecc90726275771bdc7
345d2b21b01c3d533a687d296a0214d36d2dd4d7f8acc772851bc49bee94a6aa
38111edac6045a680d3d8f2f7d638f024047b53fcc055dc11250d40dd98ee2d1
3ca1be7fb0f10c09765a6b7bbe5cacd522ef68ca9656954e2ab93ebfbeadd5d5
3d4997e3de54c0bc7f4b845fb053c714d48c52eed08a18f7555b2abc003e1990
3f1df0bf2819fa8b0b3ddd7b0ce20305fbe8b92d6234fc46d57815d20754541a
3f25762cbf878575de21d2fac0757c522ea159e204e8c6fdf0b528ccad20afa2
41234e184791c80f9a83742fa6c197d988d2565c6608e0ee4e3373e93e31445b
52c93d4beae39b5288a3cb267d812797664c89f82eafdf9435193149b64c480c
55639d0f6de7e3d3d8205dc12f5d243178451e4afb9eaecd062a317f825ea527
55a9dfcc7fb458905a960b1d44c73ef9fd59c959393f31d0e5ecdf99e137a849
5679f29ecd4ef217d09efc2f24975ae464eaacb7f2a5d0c6d8f8826da7ec021b
57d7e335635b2bbec137dff9afc1d284e8efcff1cc28cd2ac92edc8ccddc3749
5a50c182c3abff5281695952c4a4e15735b198053c6ffca9e67d44a2aa8a4696
5ce07b0c2d3f35e8193b9da4e829480830b9e9c9b061392018cd37f2b372e54b
5f8e45dd2eada0aa7f9746e369496a99ed0d1bc70ec364dc99066674373224f7
5f9800223ce8f0691ee91d0721640086a5022d8c27d9497adbef62b5b76678aa
607517cba696588e1b4e019e6f977687309b76e6c34221402b8deecdacf1bfa5
631d2367c0fa2447811a1ce22c115bc828e6655cfedfc3ba4457ad8694cfd8ea
63229414edb249c22a6cdf3e2754b19bb02198ade86fb46af6e562e0e22918b8
65f0c65b5db3aa0568c7986479a4a3e909a05a84fb34ced48d70a2d628dd1444
666dcc08996aba0b6cca9bd8b2cf2f8d3968d7c496c13a52da52c5a5a23f8c04
67cde6c1e33ba068d019511f7ef65043e04f558350da9fc582e79267d0d36f52
68d0a56f118231878b6efb098e52c15c24d01bb1d8ad2f4d6d4237bc4dfc3f3b
6ac9fa4a572df7ae8001d71bfc68fa058f4387611061b8683388d57393fa33d6
7116e4c1e6212fdcc6af90fe98df0df8b97d02387f69235d2006b1dc7dfcdff4
78661d3e6871b6e5c37f3113d811cb3dfc69546449e3b2c28095b6e7f28d9a7d
78a688bf794d2b0344741a5bd24831d2527d999e5395b8f19055b0b82805373d
7a9d4d3245169f56ad9bc167adec56c07184e6deef4256da99d14f7ed48dbdd4
7cf1f2a2ebfd5a5260aed8221a68b10b294764821c1465af0ed8ac884a882b30
7e44b89888ba69b9a2e0fbf4cf2e26389f9ecf2711df12d0d286dbbebc1281b4
81419976c7e01b2408ed407e5a7e8e505478286c3d01df8f6d206824fc45189f
823af0ed59d37ff692a804950379a09490c6418e7b18629616ab9b6bc3b7d9ce
82da7bb07cf25157db0e2a0d86abf66d4657bd3bdbf0df82c806ad37cc2f2670
83ba7707bfe79a63651504c93f7a572d83f1effea66a3e9429a4b10f26c38899
83bcf6db343ac887a1fa044213341d8aac44115fcce7d7aad16107ff0c1ea0ec
8774d6086c4c6dedfbc82571bec2656a39ad57620b3242384e9436b0c6a91eb1
8bbe6871b13980a0c8d28ad8267ab8827abb9a9eb1f80691d0e91ffb57a8a51b
8efc2ee287b42948ff9ee59c8e331d2dd0ea09541139b5bb9c282cadefe5e8a5
91bf45bb362b5ab124a381e15a1483d5617bad00a28ea887770432c2bc80b157
929f0b3618d0160011013f1e00fcc9e51defae6b76bb585af955baaec25413a7
93019ef931f847b3f88047feb3c87914c648839920dfd0482fe4d640a106372e
935650ae2b5ed7fa1c4e27c084d660e0af387e2e1eed30f61dedaebae112b10f
961f2b3e92eba06b032c090511ab8fb8b65ff7f0b471c7bd22817061288f8368
9659835bfed3392755119d8685120842003bbab1d1310625cef721d9e940a288
9822ff5ce7974082b226d2b60b5f3f5bb0d175d5595995b9d10b7c796242e3ce
9abe5f8b85053850abb6e03c4fde96e2a2ea3f1d9220fdd307f18d5c371d50cd
9b01204c367b33010f85cfd42e023acd087dd548f8dfa8e68b18cacb45e1f876
9f2c1f3ed67f960d3ba0f120c688de9a9ac07db0a32ef8ad2eec65e703fe62f3
9f7b1c49906eae527208ba88eada86422aa8b86c2820c74c68f56a62b693333b
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a132b202e134fc5a2a9179cf72ece97a614f94ba00bce8af1778633d2337557b
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a2d7229fed40e53774254adcf39d0cd21e4a7c7de4512c32b189b79ea88a2d5f
a2e285c9f7c472800ad0ac72c8085b82ed56000b1de8ad3aeb7980b98ee7d31c
a3231d9c5077d6423b7ab05c50dbb1c953d5213c24ac287793b8217985743321
a8021cf2dae7f4997b2c1a72ffe82fe2ad7fd4299ccfd7279c8fb8892ef0c495
a81b674bedff3bff07f4f79c82d99f7fb4abc4d051725c3d370506bbfc002540
a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb
aaaca262fe6fc64fafe54bd0236329a0ad10abe3ece58da67d89725ebf0589bf
aac225fb0961062b19f4f980fb4424f22652ba2d24a50bc4190ad57476f0a11f
ae396a5a0cea065cb4430f4adb864267784154828334af3151cecf5a5020132a
aff6e5d1740b33e9611dfd5f8c9aa4bb0842270f37bca94d654ef53ac21e422b
b0f424bafe993b016ea96973894f95dfc4290608478a2d7d3fdd080d9b0a60d1
b43930561a52851efe9c47f9deef3b1343a4f280933855a288ac9952330c35da
b8abac313c0dae8e2709ed36c1c1676d1a8a86c8e3a3965a179442e669c25afa
bf096ada6166b8293ff0da78e4a9f4d711a1c8858fd299a0d512ba4626c4c8bf
bf59f57ab858e8d4970262473de4f5a7e7fa18b836c9827e579af4654fb94b92
bfc89bb7b75673e8e83d8aa5ff747a0a069ed5b2a44a2a732a5353eb2f2e3198
c3996ced907a09be9c8cbac17bde56953fa8f5000dc8759ac8b692ab8e2c2c7a
c62910cdaa9ca3408e925cac99b9f4368f73a9d8de089ba25471a9aefa9476d9
c7472f7ddd48154cafa5966a38a523318a4c9463190594712195bfaba962220a
c8055d0abce3e3194f05d9b67751bd4096a9cd8573c31539c6f3316ca45bf7b0
c91ebb44296a087c6734815b767b2631cf21cbb446757abe01d92ebb97323a4a
c98433e98decfbc9278b45b95d83623746fcdb2662870afdbc0d9cd6d84caf54
cef387bd6938302d335cab8ac0f319e04575f1844f7762ef2e129852187d263c
cf9b8a68d7b854c401d427fd8fd5f1c49b5a5eeb23a878171529f810852cdd49
da5995c95c7f9a202fda3d0122954b75c75a3ea2b83156699118fb87a2f400d5
dc0a4948011b3bf48695d6b088a8ad2a65b902eee0dfa2bff5ec3b7d77e9941c
de1476ade2ee62440245633af46e439c95be3d912baf9e6a1c92f239131856e3
deb5205dd63882896669be64241e6544dcbdab3b81adecb9b0c3f2a820d194e6
e12e786013197aef083989a0591e05cd3fe5314a5ee838f224225069df5d2ccb
e46ae7646156ceff7f10d7adf0ce70c42fe739a24a769c52b7377f7985d56ecb
e4cb950f759cf04de04b107cf1a1d3d7beb457c57abbb06ba0e53353d6854435
e5c7d6eec6793799ee5594da6b8f51b2f2e5b49d6744ffca0e250613481ab452
e94f5c9ab17624e0617356aa0ce9b87c16a4a62e48ff8ccaabe6963072b76ef8
eb3be15be82444084b3a2ce9dec8ed35416cbd237cbf6904454fb56c896d0b01
ec7121b47a89c0f8c46fc497009d41ebd3f25601b5485753d11bc366050a8e0e
ec7ef9186d60b0090e46f05c88fab18835a3ef1826fe4e579633adfbbb34bcc2
ed75ede75b5c0944c5d43581211b6d17951dd92a4f11932dccaa56fd7636094d
edd2545f35d67cbed67c28c7f44e2b33856c359a5f8a54b6aa513d35776b5d0c
ee6184aa8ad5fa680d2808790bb04a001d8369d143b313da43af3794ab7ea3e5
f08a04bafd70509a7750b6713f406b759341255c84ab8f87419a9514002aaeab
f5fa5d264f847e3bcd45c3aedbf330f93c59e6fe473ef54ff9f6aa59c3afffa0
f6da58ca59f2d4d96243cad2a0e35cdef45ded2eaa9f2288080cbb8f1a6b2e82
fb04017a1bc9167cfdfd91bfffa2c0f6bfe9218d6c141aab23d0323981c54785
fb0afa332846d569f168f519894bb864d92713b7a4502a1d7ce2efa2f6607475
fccf5ac15c1f87152527ac52f878c87c370b0f101316ad1868338d9e645df70f
fcd5ede73d71dc3c5ad03d804457853cb598e1721f92c94603ccf084272c97a8
fd0087577c271b36d8fc5d37717b676f7a217bec2fb4bd5136768159ded5d46c

posts.specterops.io Open in urlscan Pro 52.4.145.119 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

131 Requests

100 %HTTPS

67 %IPv6

5 Domains

9 Subdomains

6 IPs

2 Countries

1612 kBTransfer

3927 kBSize

11 Cookies

70 Outgoing links

Page URL History

Redirected requests

131 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

posts.specterops.io Open in urlscan Pro
52.4.145.119 Public Scan

Screenshot
Live screenshot

Full Image

131
Requests

100 %
HTTPS

67 %
IPv6

5
Domains

9
Subdomains

6
IPs

2
Countries

1612 kB
Transfer

3927 kB
Size

11
Cookies

131 HTTP transactions
0 data transactions