posts.specterops.io Open in urlscan Pro
52.4.38.70 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Effective URL:
https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
Submission: On May 12 via api (May 12th 2022, 3:57:02 pm UTC) from BE — Scanned from DE

Summary HTTP 132 Redirects Links 77 Behaviour Indicators

Summary

This website contacted 7 IPs in 2 countries across 5 domains to perform 132 HTTP transactions. The main IP is 52.4.38.70, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is posts.specterops.io.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on January 5th 2022. Valid for: a year.

This is the only time posts.specterops.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 15	52.4.38.70 52.4.38.70	14618 (AMAZON-AES) (AMAZON-AES)
1 14	2606:4700:7::... 2606:4700:7::a29f:9804	13335 (CLOUDFLAR...) (CLOUDFLARENET)
96	2606:4700:7::... 2606:4700:7::a29f:9904	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:809::200e	15169 (GOOGLE) (GOOGLE)
1	18.65.39.74 18.65.39.74	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:20e... 2600:9000:20ef:400:19:9934:6a80:93a1	16509 (AMAZON-02) (AMAZON-02)
4	2600:9000:231... 2600:9000:2315:5a00:11:f728:3040:93a1	16509 (AMAZON-02) (AMAZON-02)
132	7

15 52.4.38.70 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-4-38-70.compute-1.amazonaws.com

posts.specterops.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2606:4700:7::a29f:9804 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
glyph.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
miro.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-client.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

96 2606:4700:7::a29f:9904 (United States)

ASN13335 (CLOUDFLARENET, US)

glyph.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
miro.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-client.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.65.39.74 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-65-39-74.ams1.r.cloudfront.net

cdn.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20ef:400:19:9934:6a80:93a1 (United States)

ASN16509 (AMAZON-02, US)

app.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:2315:5a00:11:f728:3040:93a1 (United States)

ASN16509 (AMAZON-02, US)

api2.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
110	medium.com 1 redirects medium.com — Cisco Umbrella Rank: 9339 glyph.medium.com — Cisco Umbrella Rank: 21600 miro.medium.com — Cisco Umbrella Rank: 13276 cdn-client.medium.com — Cisco Umbrella Rank: 23411	1 MB
15	specterops.io 1 redirects posts.specterops.io	60 KB
5	branch.io cdn.branch.io — Cisco Umbrella Rank: 1015 api2.branch.io — Cisco Umbrella Rank: 589	26 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 37	20 KB
1	app.link app.link — Cisco Umbrella Rank: 1729	562 B
132	5

	Domain	Requested by
53	miro.medium.com	posts.specterops.io
49	cdn-client.medium.com	posts.specterops.io cdn-client.medium.com
15	posts.specterops.io	1 redirects cdn-client.medium.com
7	glyph.medium.com	posts.specterops.io glyph.medium.com
4	api2.branch.io	cdn-client.medium.com
3	www.google-analytics.com	posts.specterops.io cdn-client.medium.com
1	app.link	cdn.branch.io
1	cdn.branch.io	posts.specterops.io
1	medium.com	1 redirects
132	9

This site contains links to these domains. Also see Links.

Domain
medium.com
rsci.app.link
policy.medium.com
mattifestation.medium.com
docs.microsoft.com
www.youtube.com
technet.microsoft.com
www.bleepingcomputer.com
unmitigatedrisk.com
www.download.windowsupdate.com
gist.github.com
msdn.microsoft.com
specterops.io
m4ntle.medium.com
mackjacksonjr.medium.com
blog.dvn.cy
ioannis-tsiokos.medium.com
dismarketed1904.medium.com
help.medium.com
itunes.apple.com
play.google.com
hybridanalyst.medium.com
mattbryson55.medium.com
mackenzie-jackson.medium.com
medium.statuspage.io
about.medium.com
blog.medium.com
knowable.fyi

Subject Issuer	Validity	Valid
posts.specterops.io Sectigo RSA Domain Validation Secure Server CA	`2022-01-05` - `2023-01-05`	a year	crt.sh
medium.com Cloudflare Inc ECC CA-3	`2022-04-27` - `2022-07-26`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-04-18` - `2022-07-11`	3 months	crt.sh
*.branch.io DigiCert TLS RSA SHA256 2020 CA1	`2021-10-27` - `2022-11-27`	a year	crt.sh
appipv4.link Amazon	`2021-06-24` - `2022-07-23`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
Frame ID: DA70A8DFA66205F41AC20286F2C93402
Requests: 132 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Code Signing Certificate Cloning Attacks and Defenses | by Matt Graeber | Posts By SpecterOps Team Members

Page URL History Show full URLs

https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec HTTP 307
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fposts.specterops.io%2Fcode-signi... HTTP 302
https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34... Page URL

Detected technologies

Medium (Blogs) Expand

Overall confidence: 100%
Detected patterns

medium\.com

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Page Statistics

132
Requests

100 %
HTTPS

71 %
IPv6

5
Domains

9
Subdomains

7
IPs

2
Countries

1589 kB
Transfer

3946 kB
Size

11
Cookies

77 Outgoing links

These are links going to different origins than the main page.

URL: https://medium.com/

Search URL Search Domain Scan URL

URL: https://rsci.app.link/?$canonical_url=https%3A%2F%2Fmedium.com/p/6f98657fc6ec&~feature=LoOpenInAppButton&~channel=ShowPostUnderCollection&~stage=mobileNavBar
Title: Open in app

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&source=post_page--------------------------nav_reg-----------
Title: Sign In

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&source=post_page--------------------------nav_reg-----------
Title: Get started

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fme%2Fnotifications&source=--------------------------notifications_sidenav-----------
Title: Notifications

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fme%2Flists&source=--------------------------lists_sidenav-----------
Title: Lists

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fme%2Fstories%2Fdrafts&source=--------------------------stories_sidenav-----------
Title: Stories

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fnew-story&source=--------------------------new_post_sidenav-----------
Title: Write

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-rules-30e5502c4eb4?source=responses-----6f98657fc6ec--------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&source=-----6f98657fc6ec---------------------respond_sidebar-----------
Title: What are your thoughts?

Search URL Search Domain Scan URL

URL: https://mattifestation.medium.com/?source=post_page-----6f98657fc6ec--------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fuser%2Fe8e64b89121&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&user=Matt+Graeber&userId=e8e64b89121&source=post_page-e8e64b89121----6f98657fc6ec---------------------follow_byline-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F6f98657fc6ec&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&source=--------------------------bookmark_header-----------

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/sysinternals/
Title: Sysinternals

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns
Title: Autoruns

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=AEmuhCwFL5I
Title: can be abused

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/powershell/module/pkiclient/new-selfsignedcertificate?view=win10-ps
Title: New-SelfSignedCertificate

Search URL Search Domain Scan URL

URL: https://technet.microsoft.com/en-us/library/cc783813(v=ws.10).aspx
Title: online

Search URL Search Domain Scan URL

URL: https://technet.microsoft.com/en-us/library/cc754841(v=ws.11).aspx
Title: via Group Policy

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/security/popular-usb-audio-driver-ships-with-root-certificate-big-security-no-no/
Title: Savitech audio driver

Search URL Search Domain Scan URL

URL: https://technet.microsoft.com/en-us/library/cc751157.aspx
Title: trusted by Microsoft

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/sysinternals/downloads/sigcheck
Title: sigcheck

Search URL Search Domain Scan URL

URL: http://unmitigatedrisk.com/?p=259
Title: authroot.stl

Search URL Search Domain Scan URL

URL: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Title: this link

Search URL Search Domain Scan URL

URL: https://gist.github.com/mattifestation/c712e525109f786fbaf6ed576b8d2832
Title: crude parser

Search URL Search Domain Scan URL

URL: https://msdn.microsoft.com/en-us/library/windows/desktop/aa377163(v=vs.85).aspx
Title: CertVerifyCertificateChainPolicy

Search URL Search Domain Scan URL

URL: https://specterops.io/assets/resources/SpecterOps_Subverting_Trust_in_Windows.pdf
Title: hijack Subject Interface Packages

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fspecter-ops-posts%2F6f98657fc6ec&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&user=Matt+Graeber&userId=e8e64b89121&source=-----6f98657fc6ec---------------------clap_footer-----------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fcollection%2Fspecter-ops-posts%2F6f98657fc6ec&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&collection=Posts+By+SpecterOps+Team+Members&collectionId=f05f8696e3cc&source=post_page-----6f98657fc6ec---------------------follow_footer-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://m4ntle.medium.com/my-journey-through-infosec-e5453f900404?source=post_internal_links---------0----------------------------
Title: Interests of the HeartMy Journey Through InfoSec

Search URL Search Domain Scan URL

URL: https://m4ntle.medium.com/?source=post_internal_links---------0----------------------------

Search URL Search Domain Scan URL

URL: https://mackjacksonjr.medium.com/how-to-protect-you-and-your-family-from-identity-theft-2020-a9a34735af7e?source=post_internal_links---------1----------------------------
Title: Mack Jackson JrHow To Protect You And Your Family From Identity Theft 2020

Search URL Search Domain Scan URL

URL: https://mackjacksonjr.medium.com/?source=post_internal_links---------1----------------------------

Search URL Search Domain Scan URL

URL: https://blog.dvn.cy/adjusted-blocks-per-round-on-stakeglmr-com-6ac2c5bc3b5d?source=post_internal_links---------2----------------------------
Title: Ioannis TsiokosinDiversified Validator NetworkAdjusted “Blocks per Round” on stakeglmr.com

Search URL Search Domain Scan URL

URL: https://ioannis-tsiokos.medium.com/?source=post_internal_links---------2----------------------------

Search URL Search Domain Scan URL

URL: https://blog.dvn.cy/?source=post_internal_links---------2----------------------------
Title: Diversified Validator Network

Search URL Search Domain Scan URL

URL: https://dismarketed1904.medium.com/update-dinosaur-assassin-hack-free-resources-generator-f692ca43607a?source=post_internal_links---------3----------------------------
Title: Thomasina Panchito{UPDATE} Dinosaur Assassin Hack Free Resources Generator

Search URL Search Domain Scan URL

URL: https://dismarketed1904.medium.com/?source=post_internal_links---------3----------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/@akashsharma_61397/tryhackme-juicy-details-writeup-677a90e4974f?source=post_internal_links---------4----------------------------
Title: Akash SharmaTryhackme : Juicy Details Writeup

Search URL Search Domain Scan URL

URL: https://medium.com/@akashsharma_61397?source=post_internal_links---------4----------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/@popdogsec/hack-the-box-traverxec-writeup-b95a08275697?source=post_internal_links---------5----------------------------
Title: Benjamin SchaferHack The Box Traverxec Writeup

Search URL Search Domain Scan URL

URL: https://medium.com/@popdogsec?source=post_internal_links---------5----------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/@williambassey5_77581/follow-thedapplist-official-channels-to-stay-safe-informed-a57cc35965e0?source=post_internal_links---------6----------------------------
Title: Em WilliamsBeeFollow @thedapplist official channels to stay safe & informed!

Search URL Search Domain Scan URL

URL: https://medium.com/@williambassey5_77581?source=post_internal_links---------6----------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/@beautyon_/the-final-battle-of-the-crypto-wars-is-over-and-we-have-irrevocably-won-1510022d1049?source=post_internal_links---------7----------------------------
Title: BeautyonThe Final Battle of the Crypto Wars is Over, and We Have Irrevocably Won.

Search URL Search Domain Scan URL

URL: https://medium.com/@beautyon_?source=post_internal_links---------7----------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/?source=post_page-----6f98657fc6ec--------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/about?autoplay=1&source=post_page-----6f98657fc6ec--------------------------------
Title: About

Search URL Search Domain Scan URL

URL: https://help.medium.com/hc/en-us?source=post_page-----6f98657fc6ec--------------------------------
Title: Help

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-terms-of-service-9db0094a1e0f?source=post_page-----6f98657fc6ec--------------------------------
Title: Terms

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-privacy-policy-f03bf92035c9?source=post_page-----6f98657fc6ec--------------------------------
Title: Privacy

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/app/medium-everyones-stories/id828256236?pt=698524&mt=8&ct=post_page&source=post_page-----6f98657fc6ec--------------------------------

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.medium.reader&source=post_page-----6f98657fc6ec--------------------------------

Search URL Search Domain Scan URL

URL: https://mattifestation.medium.com/

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fuser%2Fe8e64b89121&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&user=Matt+Graeber&userId=e8e64b89121&source=post_page-e8e64b89121-------------------------follow_profile-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=%2F_%2Fapi%2Fsubscriptions%2Fnewsletters%2F7db304d15601&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&newsletterV3=e8e64b89121&newsletterV3Id=7db304d15601&user=Matt+Graeber&userId=e8e64b89121&source=--------------------------subscribe_user-----------

Search URL Search Domain Scan URL

URL: https://medium.com/hybrid-analyst/talking-about-malicious-qr-codes-da8c70f544f6?source=read_next_recirc---------0---------------------d8f4c305_20c2_4e02_8b44_f2f7eb2de524-------
Title: Michael LortzinHybrid AnalystTalking about Malicious QR codes

Search URL Search Domain Scan URL

URL: https://hybridanalyst.medium.com/?source=read_next_recirc---------0---------------------d8f4c305_20c2_4e02_8b44_f2f7eb2de524-------

Search URL Search Domain Scan URL

URL: https://medium.com/hybrid-analyst?source=read_next_recirc---------0---------------------d8f4c305_20c2_4e02_8b44_f2f7eb2de524-------
Title: Hybrid Analyst

Search URL Search Domain Scan URL

URL: https://medium.com/@seclabstech/writeup-challenge-5-e2ae6e707863?source=read_next_recirc---------1---------------------d8f4c305_20c2_4e02_8b44_f2f7eb2de524-------
Title: SecurityLabsWriteup : Challenge-5

Search URL Search Domain Scan URL

URL: https://medium.com/@seclabstech?source=read_next_recirc---------1---------------------d8f4c305_20c2_4e02_8b44_f2f7eb2de524-------

Search URL Search Domain Scan URL

URL: https://mattbryson55.medium.com/speed-up-vagrant-vmware-on-osx-9416872504db?source=read_next_recirc---------2---------------------d8f4c305_20c2_4e02_8b44_f2f7eb2de524-------
Title: Matt BrysonSpeed up Vagrant + VMWare on OSX

Search URL Search Domain Scan URL

URL: https://mattbryson55.medium.com/?source=read_next_recirc---------2---------------------d8f4c305_20c2_4e02_8b44_f2f7eb2de524-------

Search URL Search Domain Scan URL

URL: https://medium.com/gitguardian/source-code-as-a-vulnerability-a-deep-dive-into-the-real-security-threats-from-the-twitch-leak-ba020121a57b?source=read_next_recirc---------3---------------------d8f4c305_20c2_4e02_8b44_f2f7eb2de524-------
Title: Mackenzie JacksoninGitGuardianSource Code as a Vulnerability — A Deep Dive into the Real Security Threats From the Twitch Leak

Search URL Search Domain Scan URL

URL: https://mackenzie-jackson.medium.com/?source=read_next_recirc---------3---------------------d8f4c305_20c2_4e02_8b44_f2f7eb2de524-------

Search URL Search Domain Scan URL

URL: https://medium.com/gitguardian?source=read_next_recirc---------3---------------------d8f4c305_20c2_4e02_8b44_f2f7eb2de524-------
Title: GitGuardian

Search URL Search Domain Scan URL

URL: https://help.medium.com/hc/en-us
Title: Help

Search URL Search Domain Scan URL

URL: https://medium.statuspage.io/
Title: Status

Search URL Search Domain Scan URL

URL: https://about.medium.com/creators/
Title: Writers

Search URL Search Domain Scan URL

URL: https://blog.medium.com/
Title: Blog

Search URL Search Domain Scan URL

URL: https://medium.com/jobs-at-medium/work-at-medium-959d1a85284e
Title: Careers

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-privacy-policy-f03bf92035c9
Title: Privacy

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-terms-of-service-9db0094a1e0f
Title: Terms

Search URL Search Domain Scan URL

URL: https://medium.com/about?autoplay=1
Title: About

Search URL Search Domain Scan URL

URL: https://knowable.fyi/
Title: Knowable

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec HTTP 307
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec HTTP 302
https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

132 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec Show response
posts.specterops.io/
Redirect Chain

https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

227 KB
52 KB

579ms
579ms

Document
text/html

52.4.38.70
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.4.38.70 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-4-38-70.compute-1.amazonaws.com

Software

nginx /

Resource Hash

11dcd31754df7a974976e3825f6e4365e992fe0ed11c9fcecb8f78ee0594f558

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://medium.com

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: frame-ancestors 'self' https://medium.com
content-type: text/html; charset=utf-8
date: Thu, 12 May 2022 15:56:54 GMT
etag: W/"38b39-jBs+EKnRikQbZmlygzZGUNztOq8"
medium-fulfilled-by: valencia/main-20220505-143206-9ef6171d35, lite/main-20220512-145156-a363be82b8, rito/main-20220510-113448-e79275d516, tutu/main-20220512-122642-2ba4116808
medium-missing-time: 210
sepia-upstream: medium
server: nginx
vary: Accept-Encoding
x-envoy-upstream-service-time: 469
x-request-received-at: 1652371013593

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache, no-store, max-age=0, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 70a458d12bd3915e-FRA
content-length: 0
content-security-policy: default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://medium.com https://*.medium.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
content-type: text/plain;charset=UTF-8
date: Thu, 12 May 2022 15:56:53 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: Thu, 09 Sep 1999 09:09:09 GMT
link: <https://medium.com/humans.txt>; rel="humans"
location: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
medium-fulfilled-by: edgy/8.3.0, valencia/main-20220505-143206-9ef6171d35
pragma: no-cache
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
worker-missing-cookies: 1
x-content-type-options: nosniff
x-envoy-upstream-service-time: 25
x-frame-options: sameorigin
x-obvious-info: 20220512-1228-root,2ba41168
x-obvious-tid: 1652371013398:5bb172afa30b
x-opentracing: {"ot-tracer-spanid":"4db9e4a71137e33a","ot-tracer-traceid":"1e3fe2167debd885","ot-tracer-sampled":"true"}
x-powered-by: Medium
x-ua-compatible: IE=edge, Chrome=1
x-xss-protection: 1; mode=block

GET
H2 200 unbound.css
glyph.medium.com/css/ 12 KB
1 KB 54ms
41ms Stylesheet
text/css 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/css/unbound.css

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9f2c1f3ed67f960d3ba0f120c688de9a9ac07db0a32ef8ad2eec65e703fe62f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 458
x-envoy-upstream-service-time: 27
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: text/css
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=7200
access-control-allow-credentials: true
cf-ray: 70a458d63f6a915e-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Thu, 12 May 2022 17:56:54 GMT

GET
H2 200 1*D-FDlfkqivRBQZoESrwtqw.png
miro.medium.com/fit/c/64/64/ 2 KB
3 KB 51ms
42ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/64/64/1*D-FDlfkqivRBQZoESrwtqw.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8bbe6871b13980a0c8d28ad8267ab8827abb9a9eb1f80691d0e91ffb57a8a51b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 422076
x-envoy-upstream-service-time: 37
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2399
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220303-000533-8c0cdff0ab
accept-ranges: bytes
cf-ray: 70a458d6b8a2915e-FRA
expires: Sat, 11 Jun 2022 15:56:54 GMT

GET
H2 200 1*rzDEywT-rGMVud0vq03qfw.jpeg
miro.medium.com/fit/c/96/96/ 7 KB
7 KB 67ms
58ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/96/96/1*rzDEywT-rGMVud0vq03qfw.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

27638e3a4e36b6a4a403e0fad7c322855c9a7559a585475e7f1347a109790503

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 22128
x-envoy-upstream-service-time: 64
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 7062
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 70a458d6b8a0915e-FRA
expires: Sat, 11 Jun 2022 15:56:54 GMT

GET
H3 200 sohne-400-normal.woff
glyph.medium.com/font/b492c44/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 19 KB
19 KB 73ms
41ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/b492c44/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b0f424bafe993b016ea96973894f95dfc4290608478a2d7d3fdd080d9b0a60d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 7893009
x-envoy-upstream-service-time: 32
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 70a458d6ed6f9165-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H2 200 1*Pe1OeWP-UySRMW4aWa4jJQ.png
miro.medium.com/max/1400/ 36 KB
36 KB 157ms
156ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/1400/1*Pe1OeWP-UySRMW4aWa4jJQ.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a9d4d3245169f56ad9bc167adec56c07184e6deef4256da99d14f7ed48dbdd4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 39
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 36474
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70a458d6c8b0915e-FRA
expires: Sat, 11 Jun 2022 15:56:54 GMT

GET
H2 200 1*fLrpueTtcZk_Gx5qOIxvsA.png
miro.medium.com/max/1400/ 229 KB
229 KB 185ms
184ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/1400/1*fLrpueTtcZk_Gx5qOIxvsA.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

33ca0a574612f3d1c32cbfa41440556463cadae2608bc6ecc90726275771bdc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 94
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 234084
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70a458d6c8bd915e-FRA
expires: Sat, 11 Jun 2022 15:56:54 GMT

GET
H2 200 1*3toLhPm3VGMpDEl36JE3dg.png
miro.medium.com/max/1400/ 130 KB
130 KB 132ms
130ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/1400/1*3toLhPm3VGMpDEl36JE3dg.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3140d725f076fec762b22640c8a80c4f96fc5345e5d2081858f540c9395be220

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 86
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 133094
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70a458d6c8bf915e-FRA
expires: Sat, 11 Jun 2022 15:56:54 GMT

GET
H2 200 1*7aMh2GK1bLfeqzC-yALhCA.jpeg
miro.medium.com/fit/c/40/40/ 2 KB
2 KB 130ms
128ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/1*7aMh2GK1bLfeqzC-yALhCA.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

49477754c9515c4307279bedafd2e750f22c1631d450dd6c2d8ebea09209b1f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 41
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1611
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70a458d6c8c0915e-FRA
expires: Sat, 11 Jun 2022 15:56:54 GMT

GET
H3 200 2*6vgNLa-doYWjz31_y2TLIw.jpeg
miro.medium.com/fit/c/40/40/ 2 KB
2 KB 146ms
109ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/2*6vgNLa-doYWjz31_y2TLIw.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

66536b5dc6d6c9e738011f6c6ec9898a30f475dec20e1cc9fc96a46f4b58b7c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 21142
x-envoy-upstream-service-time: 77
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1626
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70a458d73ddf9b43-FRA
expires: Sat, 11 Jun 2022 15:56:54 GMT

GET
H3 200 0*dbJdQ1v2ExwSKRw1
miro.medium.com/focal/112/112/50/50/ 4 KB
5 KB 207ms
170ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/0*dbJdQ1v2ExwSKRw1

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

63156590cf4e539a16ac321514e0f97425f82c243071a199f5ce75ef170d9e79

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 50
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4451
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70a458d73ddc9b43-FRA
expires: Sat, 11 Jun 2022 15:56:54 GMT

GET
H3 200 1*HqLlOzvZsxbd7k12j2xyBQ.jpeg
miro.medium.com/fit/c/40/40/ 2 KB
2 KB 110ms
74ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/1*HqLlOzvZsxbd7k12j2xyBQ.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b24c01bb95671134075ae44a4574cc70ac11f812b09b7d066e75538db70744e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 193363
x-envoy-upstream-service-time: 43
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1654
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70a458d73de09b43-FRA
expires: Sat, 11 Jun 2022 15:56:54 GMT

GET
H3 200 1*miqt_F7JnxIkO8B3AavThg.png
miro.medium.com/focal/112/112/50/50/ 11 KB
11 KB 214ms
177ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/1*miqt_F7JnxIkO8B3AavThg.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

edc5a5c8a864651f9e0462a4a8ff5e9d4d6e1b17e817e2d5590037c2971b9a07

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 42
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 11240
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70a458d73de39b43-FRA
expires: Sat, 11 Jun 2022 15:56:54 GMT

GET
H3 200 1*dmbNkD5D-u45r44go_cf0g.png
miro.medium.com/fit/c/40/40/ 570 B
977 B 146ms
109ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/1*dmbNkD5D-u45r44go_cf0g.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6fce0922ef388ad6f81ae62add760596c852b7c66503f3183cce6943ec5d4f5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 504193
x-envoy-upstream-service-time: 29
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 570
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 70a458d73dea9b43-FRA
expires: Sat, 11 Jun 2022 15:56:54 GMT

GET
H3 200 0*vSjtuBcUgnLR65k_
miro.medium.com/fit/c/40/40/ 1 KB
2 KB 147ms
109ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/0*vSjtuBcUgnLR65k_

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

70df1ef1e43b6b2bf298078311f03d5b12edea21838c716042330c6cbc7119a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 211840
x-envoy-upstream-service-time: 45
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1157
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70a458d73deb9b43-FRA
expires: Sat, 11 Jun 2022 15:56:54 GMT

GET
H3 200 1*Q6lDUW3cI_1YpIwkMpRrJw.jpeg
miro.medium.com/focal/112/112/50/50/ 4 KB
5 KB 111ms
73ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/1*Q6lDUW3cI_1YpIwkMpRrJw.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bedd2616e4b6f959d9f753b46d9c3bcae2cd1573b55ab08df1506e33bf3ade38

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 20238
x-envoy-upstream-service-time: 54
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4335
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70a458d73dec9b43-FRA
expires: Sat, 11 Jun 2022 15:56:54 GMT

GET
H3 200 0*S8paQaENPCN3vcAE.jpg
miro.medium.com/fit/c/40/40/ 455 B
866 B 234ms
196ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/0*S8paQaENPCN3vcAE.jpg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cdfa49fd2c59de0ff9e4f9891c002c3349e0bbaa10e66898e3b352e44790822e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 78
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 455
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70a458d73ded9b43-FRA
expires: Sat, 11 Jun 2022 15:56:54 GMT

GET
H3 200 1*bfogUi3aRBMBMJv8ioXQDw.jpeg
miro.medium.com/focal/112/112/50/50/ 4 KB
5 KB 265ms
228ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/1*bfogUi3aRBMBMJv8ioXQDw.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f78bb75370cf39337a5faeadbec473ccf5e5dfb3689022634b759e6886634a9e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 44
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4605
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70a458d73dee9b43-FRA
expires: Sat, 11 Jun 2022 15:56:54 GMT

GET
H3 200 1*3oI6T9POhZ3Yr_yFjFVyCA.jpeg
miro.medium.com/fit/c/40/40/ 745 B
1 KB 85ms
48ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/1*3oI6T9POhZ3Yr_yFjFVyCA.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

856a0d2b4f709630ed941ceda9601dde3502bfdaa54f3622d9fda0a44d3f9ad3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 216108
x-envoy-upstream-service-time: 47
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 745
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70a458d73def9b43-FRA
expires: Sat, 11 Jun 2022 15:56:54 GMT

GET
H3 200 1*XtE--tsa1TEdNZWm3NLwbg.jpeg
miro.medium.com/focal/112/112/50/50/ 4 KB
4 KB 208ms
171ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/1*XtE--tsa1TEdNZWm3NLwbg.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a256833e5bf72abac2f21b0f4089aa1fb52e14579f8bd7f17da423e59d321eb9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 66
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3746
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70a458d73df19b43-FRA
expires: Sat, 11 Jun 2022 15:56:54 GMT

GET
H3 200 0*JbSNmu6R1Lq0pifj.png
miro.medium.com/fit/c/40/40/ 2 KB
2 KB 146ms
109ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/0*JbSNmu6R1Lq0pifj.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c646f635922d8642096e479524d2798193a2a43c9ed585ac047d9461c28cfcd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 354169
x-envoy-upstream-service-time: 46
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1754
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70a458d73de49b43-FRA
expires: Sat, 11 Jun 2022 15:56:54 GMT

GET
H3 200 1*KPCoIn5tL9f6Z_io_8vRLA.jpeg
miro.medium.com/focal/112/112/50/50/ 6 KB
6 KB 86ms
49ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/1*KPCoIn5tL9f6Z_io_8vRLA.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6462f170743e6e8662d3712d4c4961f10799a3597b63b9d564a1e6b337037500

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 89264
x-envoy-upstream-service-time: 45
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5997
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70a458d73de69b43-FRA
expires: Sat, 11 Jun 2022 15:56:54 GMT

GET
H3 200 1*Crl55Tm6yDNMoucPo1tvDg.png
miro.medium.com/max/270/ 10 KB
10 KB 107ms
71ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/270/1*Crl55Tm6yDNMoucPo1tvDg.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3642d3805e9ba66fb550403766a10734052136d07789afe554763dc5658d41f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 471268
x-envoy-upstream-service-time: 49
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 9821
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 70a458d73de79b43-FRA
expires: Sat, 11 Jun 2022 15:56:54 GMT

GET
H3 200 1*W_RAPQ62h0em559zluJLdQ.png
miro.medium.com/max/270/ 7 KB
7 KB 111ms
73ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/270/1*W_RAPQ62h0em559zluJLdQ.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8b0c060701a878582fead05b30ef2d4786ef2dd4f61d58b56f1edd52fe91781b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 496541
x-envoy-upstream-service-time: 29
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6839
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 70a458d73dfc9b43-FRA
expires: Sat, 11 Jun 2022 15:56:54 GMT

GET
H3 200 1*rzDEywT-rGMVud0vq03qfw.jpeg
miro.medium.com/fit/c/176/176/ 23 KB
24 KB 108ms
71ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/176/176/1*rzDEywT-rGMVud0vq03qfw.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c3996ced907a09be9c8cbac17bde56953fa8f5000dc8759ac8b692ab8e2c2c7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 96409
x-envoy-upstream-service-time: 38
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 23726
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220309-195817-93688b9a29
accept-ranges: bytes
cf-ray: 70a458d73dfd9b43-FRA
expires: Sat, 11 Jun 2022 15:56:54 GMT

GET
H3 200 2*OeWAwMjimYeWAngthRitTw.jpeg
miro.medium.com/fit/c/40/40/ 2 KB
2 KB 148ms
110ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/2*OeWAwMjimYeWAngthRitTw.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f59a3dea52d70d7d8f8ab3022232aaafadc5097a07372a1827848528f6f48575

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 212633
x-envoy-upstream-service-time: 38
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1649
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70a458d73dfe9b43-FRA
expires: Sat, 11 Jun 2022 15:56:54 GMT

GET
H3 200 1*jeYTThrNx0oynYtMzYwLnA.jpeg
miro.medium.com/focal/112/112/50/50/ 6 KB
6 KB 87ms
49ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/1*jeYTThrNx0oynYtMzYwLnA.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3651cf0d17fd1c5ab2ec2c85232e937033c6cd587bf9971393fc78d148c46a49

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 245600
x-envoy-upstream-service-time: 40
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6199
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70a458d73e019b43-FRA
expires: Sat, 11 Jun 2022 15:56:54 GMT

GET
H3 200 0*a8Pl23IRRozMvhFH
miro.medium.com/fit/c/40/40/ 783 B
1 KB 148ms
110ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/0*a8Pl23IRRozMvhFH

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9016d03d1b08d6352fed47c3e1cc876d33e4f8fb53639e473923440fb00387c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 160364
x-envoy-upstream-service-time: 37
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 783
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70a458d73e039b43-FRA
expires: Sat, 11 Jun 2022 15:56:54 GMT

GET
H3 200 1*KWZTf0L8kmI2KxKzMHBeyQ.png
miro.medium.com/focal/112/112/50/50/ 825 B
1 KB 108ms
71ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/1*KWZTf0L8kmI2KxKzMHBeyQ.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b7c881871198101049af39b223776c61013757c372efb088bfdb471b02afe2af

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 181654
x-envoy-upstream-service-time: 29
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 825
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70a458d73df29b43-FRA
expires: Sat, 11 Jun 2022 15:56:54 GMT

GET
H3 200 0*DVk8skZ_N1F807UO
miro.medium.com/fit/c/40/40/ 2 KB
2 KB 146ms
110ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/0*DVk8skZ_N1F807UO

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

215aea1279af89a275d2777f40ac48c3218ea932f39e05ae8786964d57efe6ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 333110
x-envoy-upstream-service-time: 43
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1619
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70a458d73df49b43-FRA
expires: Sat, 11 Jun 2022 15:56:54 GMT

GET
H3 200 0*wj49dT6ssQfuL7Qm
miro.medium.com/focal/112/112/50/50/ 3 KB
4 KB 155ms
118ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/0*wj49dT6ssQfuL7Qm

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f0a180c8ef5ec478bfd3f8207df858604cd049501d9f3a530bfb2dcbf9ccac15

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 17512
x-envoy-upstream-service-time: 3051
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3423
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70a458d73df69b43-FRA
expires: Sat, 11 Jun 2022 15:56:54 GMT

GET
H3 200 1*TLeOOKQ0L9JSV_Da9ivuQA.jpeg
miro.medium.com/fit/c/40/40/ 2 KB
2 KB 265ms
228ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/1*TLeOOKQ0L9JSV_Da9ivuQA.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7f53dbec8814fe1357f158f4edfd546b091e6646c16f05032a4274321593e686

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 26
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1611
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70a458d73df79b43-FRA
expires: Sat, 11 Jun 2022 15:56:54 GMT

GET
H3 200 1*HcW2jJZUXZyFDtp5fJvM1w.png
miro.medium.com/focal/112/112/50/50/ 5 KB
5 KB 265ms
228ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/1*HcW2jJZUXZyFDtp5fJvM1w.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3c983b406ac52816c8d987484c238d6ca8072c6a3fd14ff7ddc4629f66162b7f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 422
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4741
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70a458d73df99b43-FRA
expires: Sat, 11 Jun 2022 15:56:54 GMT

GET
H3 200 sohne-500-normal.woff
glyph.medium.com/font/df9ba7f/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 18 KB
19 KB 64ms
63ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/df9ba7f/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-500-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

65f0c65b5db3aa0568c7986479a4a3e909a05a84fb34ced48d70a2d628dd1444

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 6311851
x-envoy-upstream-service-time: 31
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 70a458d6dd6c9165-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H3 200 sohne-700-normal.woff
glyph.medium.com/font/cf896f3/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 19 KB
19 KB 65ms
63ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/cf896f3/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-700-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78661d3e6871b6e5c37f3113d811cb3dfc69546449e3b2c28095b6e7f28d9a7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 6306108
x-envoy-upstream-service-time: 16
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 70a458d6ed729165-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H3 200 charter-400-normal.woff
glyph.medium.com/font/be78681/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 15 KB
16 KB 85ms
85ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/be78681/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/charter-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3231d9c5077d6423b7ab05c50dbb1c953d5213c24ac287793b8217985743321

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 6306001
x-envoy-upstream-service-time: 20
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 70a458d6ed769165-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H3 200 charter-400-italic.woff
glyph.medium.com/font/81d2bf1/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 16 KB
17 KB 87ms
86ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/81d2bf1/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/charter-400-italic.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ec7121b47a89c0f8c46fc497009d41ebd3f25601b5485753d11bc366050a8e0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 9273426
x-envoy-upstream-service-time: 39
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 70a458d6ed799165-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H2 200 manifest.1ffe3824.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
5 KB 53ms
44ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/manifest.1ffe3824.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b80dd1c664ab8730cdb59fea548a9a1810d39088cd284d8240ba7996e8a4ff10

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2502
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 76JZTMC3DGWQDQTD
x-amz-id-2: KDe/7e9bT20uhCBWlOd5g3IavH6EyH9s4VFzWYxHJjnUZZIAyiI9W6KmsygW+R08JBKouH48Be0=
last-modified: Thu, 12 May 2022 13:09:14 GMT
server: cloudflare
etag: W/"87caa41c24ebec33149cc16df1ae0503"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 0Qb3rVnpGsjcQjvOKGNUb_b7X0QSD16U
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458d77a1e915e-FRA
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H2 200 5040.62718a97.js Show response
cdn-client.medium.com/lite/static/js/ 703 KB
217 KB 51ms
44ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5040.62718a97.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f466284ad2ed7916b38876dcd8b2f30b236b5d2108a0ffb2422c0ffb023a8ad2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 846771
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: ZA4CNNGPDYTE40H6
x-amz-id-2: e5Ckg6oTOrPRIoOjMRVaMI1H0pkjprUOxg0Wgs9bLbBrGDGruTHqqhO8BDqK6dNx7Enoe/zLt2Y=
last-modified: Mon, 02 May 2022 19:38:26 GMT
server: cloudflare
etag: W/"69512dc0eb1c0643d091b84a8d24eb91"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: DoXP.jcmIfZWfUO_E6i1ASgs3_dsQZR2
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458d77a2a915e-FRA
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H2 200 main.4df3f062.js Show response
cdn-client.medium.com/lite/static/js/ 723 KB
175 KB 82ms
75ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/main.4df3f062.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e53f46926b147151d9555f9c91a7b7fd63eb60f45a18aca22d3122e2ac4a0e3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 148669
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: SX60N9C0G9356JNX
x-amz-id-2: Ee+YjYFtqIMB/BHDZI3XKNKIM72v1n3YaW0f7njCnFx6Wx1nITOuDHczVejVq9nWVCl4sQ0zxis=
last-modified: Tue, 10 May 2022 13:34:23 GMT
server: cloudflare
etag: W/"15a7ea4059ab89bcc9a9387c2900d504"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: kepVepyYNRG2j_I1YibqTnKF3j3Cr.7_
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458d77a20915e-FRA
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H2 200 5573.159bf40f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 62 KB
16 KB 50ms
44ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5573.159bf40f.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e94f5c9ab17624e0617356aa0ce9b87c16a4a62e48ff8ccaabe6963072b76ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1142336
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: W5EH3ZWGCATAJ0JK
x-amz-id-2: uquA+D1mKTUgmaodaYFoBDYRFjBCghvQCPgGBuwnPNqPSgEh4m7aoHPDNWRkrQ4qGn6JNGvqqTU=
last-modified: Mon, 24 May 2021 10:33:47 GMT
server: cloudflare
etag: W/"285e9d718f6e570e00b30e966996ec1c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: HmLCtdjGYWgk2SnFK4M0oX_6tJ50SNp9
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458d77a23915e-FRA
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H2 200 instrumentation.3c974b48.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 3 KB
2 KB 50ms
44ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/instrumentation.3c974b48.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e5c7d6eec6793799ee5594da6b8f51b2f2e5b49d6744ffca0e250613481ab452

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1111253
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNHC8B1TRZR74CBF
x-amz-id-2: z3WhWz+YlBJc2hPnc0ARhb27k1kgSjFT/omm5ncUygZ+Qwpg6JZUV6n4y0L6MjdGIun1sEhSbss=
last-modified: Thu, 14 Apr 2022 09:07:11 GMT
server: cloudflare
etag: W/"ff66ec13bbcc5b73c4019bb39bd044bb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: qjF6fisK9JJ5aoxqQKyOQ9uuWcg0f8QA
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458d77a27915e-FRA
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H2 200 407.6b0ceaf5.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 65 KB
19 KB 81ms
75ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/407.6b0ceaf5.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

327f3c5fd126b1c5c05c9f01e71970590e8f8fa3289831be5d75bcd2de2a5fcb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 846771
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: ZA47A6V4V39YGS09
x-amz-id-2: +7qYi6/q/rzT5BSi972tnwiMRA3pdgrEUr722NV4tjp+m300e8WXINhfb8Idx5E2kvYLIFhQjPY=
last-modified: Mon, 02 May 2022 19:38:25 GMT
server: cloudflare
etag: W/"8324dabf5b464a16b00d363302039e58"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: uUy9NNW6eRl63Mde4CmBjhNR7WHlsb60
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458d77a29915e-FRA
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H3 200 9216.3db13475.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 13 KB
6 KB 83ms
64ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9216.3db13475.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a8021cf2dae7f4997b2c1a72ffe82fe2ad7fd4299ccfd7279c8fb8892ef0c495

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1111088
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH296CRQQDYB2V8
x-amz-id-2: mY6rALMQB4cP9fqaURW2Y07YZHRs8vI5IdWzNsYIPZHORAoA+OOSU49hBGVHiRclmeqYQ3m8v58=
last-modified: Thu, 14 Apr 2022 09:06:35 GMT
server: cloudflare
etag: W/"5b419d65f14cdfdf454bd2f33e125a38"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: heA.L9U6.758IbuJl9cz9qkk4zZnDDyl
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458d7ef649b43-FRA
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H3 200 AppLayout.97c1c8bf.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 107 KB
21 KB 108ms
86ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/AppLayout.97c1c8bf.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1d0bfb71824c241cd1af2fa9799ac63cd94104bbee057a5c1ccbe4f40e23e238

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 607092
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 3C3007FD29MJX2WK
x-amz-id-2: IO+qLAnbKo0swXVuYlcM3em8lUd7tUa7yENdYP7htdPaEzB9VDUOIEvdhCHb/Dt9UZ8ZtEfbFu0=
last-modified: Thu, 05 May 2022 15:11:49 GMT
server: cloudflare
etag: W/"5f1dc10bbeafb7881aff5205fa670887"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: LdqfGwU1hJb_8x1FzDbtnjCFVRB4UYhi
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458d80fa29b43-FRA
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H3 200 reporting.f90575a9.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 1 KB
1 KB 109ms
86ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/reporting.f90575a9.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9abe5f8b85053850abb6e03c4fde96e2a2ea3f1d9220fdd307f18d5c371d50cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1111088
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: ZTNFQ3DE11YMHABW
x-amz-id-2: MaoH80zs6gT3mZ9kscdnCoX3sGPVpE7mKymkioceeAFcF5EY9v+ywF0g+A/3xSr64Ws1eTUy2wE=
last-modified: Thu, 14 Apr 2022 09:07:31 GMT
server: cloudflare
etag: W/"635d49707990cdd4f3c1ad13b0d0eafa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: OrnP3Wx_LBAu5tvJHOBGMuYc5kyast0a
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458d80fa59b43-FRA
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H3 200 3402.43690127.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 5 KB
2 KB 83ms
61ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3402.43690127.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

16b223867849c67d463897ff4aa970bc9eb172b5ce0089c824bf15b9279a4d65

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1111088
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: HAAG24G2J6Z2R75J
x-amz-id-2: jJHkPZz4jKyAsNP2i/dv6IaWMQwqhAapRtXjUBSK8q3UBd/y+/If7ERC72s6fXSiDmDrpgBjRnE=
last-modified: Thu, 14 Apr 2022 09:06:26 GMT
server: cloudflare
etag: W/"ca4b6f5071c04a623a9bc72ced0f2727"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: L_jxD7YdqC4D7M.9gF7agHoI1l8zYyGo
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458d80fa79b43-FRA
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H3 200 1752.a348f767.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 23 KB
11 KB 84ms
61ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1752.a348f767.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

961f2b3e92eba06b032c090511ab8fb8b65ff7f0b471c7bd22817061288f8368

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 800112
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: KZ14F4DJ39Z3KD31
x-amz-id-2: EH9a3SVQgwGg+xgKP+wLoMBxv4vi3bqNF1lLFBsPfty2oXINnyDdoXCZNr63aUDBWO4Du/Lj2Tk=
last-modified: Tue, 25 May 2021 18:36:29 GMT
server: cloudflare
etag: W/"7741f0aa651938c2144d2a015cea95e3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: tE2Oq32GJtDB6jVcHF3DcPbZYJQJcUaP
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458d80fad9b43-FRA
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H3 200 7794.9590314e.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
4 KB 84ms
61ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7794.9590314e.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a68bdc22aa6d2deedff5c4999e3618222cf20b0902530b7f924b9e2a4300e40

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1111088
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: ZZ2GZ8XPEV2XSK8Q
x-amz-id-2: ZlnxwgkjMnGtnnoC7ojH0QwhC0XfdFWPNT0tzpzMx7ygzdLPg6cqgl3wZCpV+Z2ow4dAGrEJyes=
last-modified: Tue, 25 May 2021 18:36:34 GMT
server: cloudflare
etag: W/"fdb51abd005c8009b18f0a8ff313072f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: edEnQQoOPA8J97QSUBTjXG.e16leDLA5
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458d80faf9b43-FRA
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H3 200 8316.18f2a6aa.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 6 KB
3 KB 109ms
86ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8316.18f2a6aa.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

83ba7707bfe79a63651504c93f7a572d83f1effea66a3e9429a4b10f26c38899

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1111088
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNHD5SFN5Y8TW45S
x-amz-id-2: hFIjAklPE8uAiFD3F+iWoIjr1hZAL+bvgJNwZvAJEZUDnYTo6ZgZ84z2QdIcyEiccMTz7/tDkuo=
last-modified: Thu, 14 Apr 2022 09:06:33 GMT
server: cloudflare
etag: W/"9fa67454adaeb385a3a70077ff7b7df1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: QUYK47Sx_vLYH.MHyrUF8Ib7srVpusAN
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458d80fb19b43-FRA
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H3 200 5221.181764f4.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 22 KB
7 KB 140ms
117ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5221.181764f4.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aac225fb0961062b19f4f980fb4424f22652ba2d24a50bc4190ad57476f0a11f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 172638
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: RRS7QBM6HPC96YM9
x-amz-id-2: XgOi2uZuYrZcl1w+yiTU4jreTzbYzXKLWoLLSzKPFvdYPDKUy7J35kPs2NoW5uLtmqjFNHwr+FY=
last-modified: Fri, 22 Apr 2022 12:21:15 GMT
server: cloudflare
etag: W/"9c10954e9712c77358a76e4b78269985"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: joRvdL39s_Auomhf12LS6FRNT_1Mfret
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458d80fb79b43-FRA
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H3 200 3928.41df235f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 26 KB
9 KB 109ms
84ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3928.41df235f.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fa4581cee311f43bb6768f4fb2a10f1297b8d75ae6e759d4423759e378f8f5ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 598179
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: ZBEGN4S1465MWVV4
x-amz-id-2: XDXnvSQX3tuZBV70WeFl8TeMQdRtO2d5aOIpGmctZR/Ti0b0sId0fYzWtCIrS/kUgEi16gbZO8E=
last-modified: Thu, 05 May 2022 17:08:38 GMT
server: cloudflare
etag: W/"cb5531d7657062c4bb7c85aa958132b9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: kYGA9zjLQ0DxNsmee5YEqsfEJ_BP4dhu
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458d80fb99b43-FRA
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H3 200 5472.5f6d4371.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 11 KB
1 KB 111ms
86ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5472.5f6d4371.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ee6184aa8ad5fa680d2808790bb04a001d8369d143b313da43af3794ab7ea3e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1111088
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH8PTMK5AP330DM
x-amz-id-2: xGpOOu8UZAzsu1YWUtNuDaspxj3NnwdsbLl4CFr6mQNnuC5VgdmPYNonihLFzHPh0iUQuVnGPss=
last-modified: Thu, 14 Apr 2022 09:06:30 GMT
server: cloudflare
etag: W/"6adb8844d763f7d58b6ed49ab89899c7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: M9BL7xv54wPjdaXSST5ko_cL9x0mMNwi
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458d80fbb9b43-FRA
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H3 200 2981.a5db1477.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 8 KB
4 KB 88ms
62ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2981.a5db1477.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a50c182c3abff5281695952c4a4e15735b198053c6ffca9e67d44a2aa8a4696

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1111088
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNHD79BG7TYX8FQF
x-amz-id-2: i+703M4auI2KWsJr44vB1PX2t1YW8SvqTOaxNZoY6ZxLgCuFeMfj8xYi9lUJuKDlA8520qipoBs=
last-modified: Thu, 14 Apr 2022 09:06:26 GMT
server: cloudflare
etag: W/"2195fa1153170d02f4e8ffe85e34c5b2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 0P7ivI0fxCKSZ0gTEie59OTCIkM7d5eE
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458d80fbe9b43-FRA
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H3 200 5260.626b1a4f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 150 KB
39 KB 112ms
86ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5260.626b1a4f.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a81b674bedff3bff07f4f79c82d99f7fb4abc4d051725c3d370506bbfc002540

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1111088
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH0NGF7PM5XVM3Q
x-amz-id-2: tUN9V2+xFd4zjSA+ZMII7pflnNw+pyPpiJtuuyR339PAg2pEfEqGPZ4lYH2M6DDxdgzZ7ePoFLk=
last-modified: Thu, 14 Apr 2022 09:06:29 GMT
server: cloudflare
etag: W/"d54dc2b69a8408e4b05103b956019a69"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: XEFVan_esU9zit2XEfJ9ZVMckrSpVrqN
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458d80fc19b43-FRA
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H3 200 4869.72713845.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 16 KB
6 KB 116ms
91ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4869.72713845.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d249cbd7cbf3eb8f50ecf4cf58f16eab93b196c0aede55e77a9287a692b622fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 857082
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: FQCVHCGSPQNTCN5H
x-amz-id-2: 05RvPd/HkPbpIQ1CTgDzQFQfLHkijhNSKtbWjeXdRxXtyB/cggfb/exg3xqxq/6NQUe2gp9NTHY=
last-modified: Mon, 02 May 2022 17:43:23 GMT
server: cloudflare
etag: W/"6ddd79b03b065f04d104fda495522b4b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: zVkq4v28nvxv5nYOxzZ_jvVeEqvwFkAo
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458d80fc59b43-FRA
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H3 200 7404.8e1be3ba.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 23 KB
6 KB 117ms
91ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7404.8e1be3ba.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed75ede75b5c0944c5d43581211b6d17951dd92a4f11932dccaa56fd7636094d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1119038
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 1RMW5BKJR7XF3STD
x-amz-id-2: dhY4jfNcvziFGLsLFWLtMJe7sHCAHmWVxuNKacUQTS+cIqc+j63FhbEY3YdETUOTlw97qjz9OO4=
last-modified: Wed, 27 Apr 2022 13:59:24 GMT
server: cloudflare
etag: W/"abb70e8f1ad2ffc355639710a245ada3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: xLp2Wz3y3szGGrz7ntGsr1lGvQ3NSa1n
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458d80fc89b43-FRA
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H3 200 455.f5fbf145.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 20 KB
6 KB 141ms
115ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/455.f5fbf145.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ac9fa4a572df7ae8001d71bfc68fa058f4387611061b8683388d57393fa33d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1119038
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 1RMHP4FC2N3W27WX
x-amz-id-2: IfoG9I7b2fEA936C0tAqT/hh38rVVJgcpd5SOYUvC1uu5jfZ7fpNwCLsZbzBhRTR8Q0d39u44+k=
last-modified: Wed, 27 Apr 2022 13:59:21 GMT
server: cloudflare
etag: W/"8ce7ca38caf343032e4b3dfca7502d10"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: kmR3rBWKakAsj1J2.Y_vlYgnfxHS91eF
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458d80fd19b43-FRA
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H3 200 7070.088d513c.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 18 KB
6 KB 117ms
88ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7070.088d513c.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9b01204c367b33010f85cfd42e023acd087dd548f8dfa8e68b18cacb45e1f876

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1111088
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH32NHX2PK3308V
x-amz-id-2: zsvx/2w1ItKRz24BnsDl2fEJq4IZfPeeSEGQvT066vYkRPZNDOGz5UOf42N7pg1czdlQpuPnmjk=
last-modified: Thu, 14 Apr 2022 09:06:31 GMT
server: cloudflare
etag: W/"4d8fdc449efd237280288bbf688558f2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: K0muy9JORxUH6p6bJfgV09ZGno7nymcE
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458d80fd69b43-FRA
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H3 200 7217.3953b0f0.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
4 KB 117ms
88ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7217.3953b0f0.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e44b89888ba69b9a2e0fbf4cf2e26389f9ecf2711df12d0d286dbbebc1281b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1111088
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNHBYVEYW8BWXXNQ
x-amz-id-2: P0LsJ8j9mlyYmTP45azx+eH4U8lLRKb1lUbqryQn4YVtC5ILscAPJR9rhFMHGH+DeUDK/Eis60c=
last-modified: Thu, 14 Apr 2022 09:06:32 GMT
server: cloudflare
etag: W/"58720bdd388e0656b76f62b4a5ff5342"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: OZwFHpgdUD2sKDAtk4gZmMMvNPTrJlRt
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458d80fd89b43-FRA
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H3 200 8491.ebddc1fa.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 40 KB
12 KB 118ms
89ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8491.ebddc1fa.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22ab70ba946528f299be6c9115bf5e61420a2d97d44a5044345c108fc17984fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 170358
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: FY0YPFA2X27FM29A
x-amz-id-2: AKnsk6yb7DgGSROHrMJgI6SbSFFOkOA3MNDMoH5uncYgTUYwQMZOfJRb+WzYMQkv9nYCN+lxPfc=
last-modified: Tue, 10 May 2022 13:33:54 GMT
server: cloudflare
etag: W/"88b2c18129e54eeb321912647ef7d69c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: qD3dqBeZq6dvpdiTmsyV9qSoHa4YiQnG
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458d80fdd9b43-FRA
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H3 200 9211.b7a00c16.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 13 KB
5 KB 86ms
57ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9211.b7a00c16.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c98433e98decfbc9278b45b95d83623746fcdb2662870afdbc0d9cd6d84caf54

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1111088
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH4W640C9XF6RJN
x-amz-id-2: DRUt8mSyKes8nCq/psp4HGMhhDPpua9crWNc+2eEgEb5nqFc75RzvIl1M2mhUnBmuNlGMDhfBlA=
last-modified: Thu, 14 Apr 2022 09:06:35 GMT
server: cloudflare
etag: W/"577263f7900d50e63a75a1f0f05dbbe5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: VWEllxqkFrnSXO387u0TA6YYdC3U.pgv
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458d80fde9b43-FRA
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H3 200 6562.e778b1c6.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
4 KB 141ms
112ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6562.e778b1c6.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f990085012dc4cd43bb4f28a7180ae53a0d42d66a7f89d903dda7865e01d157d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 610090
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 9XSFEMSA00VR6NFT
x-amz-id-2: nHVRj2O1+Wk0kw8LSSoMsv/nQOO+YlvuJMey8b3QmEOUzldqNrVBYyLihf6JkeHb7zw17FNPGFQ=
last-modified: Wed, 04 May 2022 01:22:17 GMT
server: cloudflare
etag: W/"efabcdfaceccbcbd36f7e2c7df086c70"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 4LvYIQckQYVuOeiVwDLehPTVpAmKDoAO
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458d80fe19b43-FRA
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H3 200 7215.d799b2b5.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 37 KB
12 KB 142ms
113ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7215.d799b2b5.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ca1be7fb0f10c09765a6b7bbe5cacd522ef68ca9656954e2ab93ebfbeadd5d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1111088
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH6ASKCBHWEH6YT
x-amz-id-2: thX0A0WpRM7CNFcf0QiWHYAuHXq2b/71GV+8DWH0JZPx+pWB1sXCstFGQZINVjbMbe+ngkvwu0I=
last-modified: Thu, 14 Apr 2022 09:06:32 GMT
server: cloudflare
etag: W/"3c526ca7c5fee7883f16deb523109c91"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 8XpJXp74sBSDTltKZ7Iy4ZGcwhFWJyxk
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458d80fe29b43-FRA
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H3 200 864.d1b390df.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 16 KB
5 KB 142ms
113ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/864.d1b390df.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

615c95e0e14f3359031243ba6c540c062645a9cf4b095f31bdb8e90571e8ee12

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 598179
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: ZBEJPACYF48JDJ00
x-amz-id-2: j04jlaKP1aIfCU7CG+mjTOBFF7x6pVXiTo9+wN3A8Hvt+z9g9MQrlquoBaja9QJLJxIS9j89Ryo=
last-modified: Thu, 05 May 2022 17:08:44 GMT
server: cloudflare
etag: W/"46cad2447b8044c909c60de72af5e005"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: XJ4qLe7rU85BOHETPfEifdkVgOh56.6o
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458d80fe39b43-FRA
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H3 200 4351.0369de5f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 13 KB
5 KB 143ms
113ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4351.0369de5f.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

823af0ed59d37ff692a804950379a09490c6418e7b18629616ab9b6bc3b7d9ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1111088
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNHCBPE4W0A996V8
x-amz-id-2: ikWd7+eLYjwl8TmJwUxM03Dido2xgcO6wFP9ksGOFjfI4XE/6rk8TJPre7k1fc9qIg18H/76XN0=
last-modified: Thu, 14 Apr 2022 09:06:27 GMT
server: cloudflare
etag: W/"706de7bad195044244572950d562e14d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: LnE7PgGhZCmzrDthwn8d8CF.czjYz2iU
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458d80fe49b43-FRA
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H3 200 82.e1c0faca.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
5 KB 143ms
113ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/82.e1c0faca.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3a1b9daa4ad416eea38db22e3ea734d0f7f18256db4679772a0a19e1c4bffa0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 671703
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 6SMN6SWJJP41QYY6
x-amz-id-2: 7680vSlC1ZsRNiw2BKKj7d/kWcLGviE+1G54ynQt+t/+8/UQstdjmxT6QF+WTY9JuXgYx8AC67A=
last-modified: Wed, 04 May 2022 20:24:25 GMT
server: cloudflare
etag: W/"dea61a418101f1bb2811c2ce86e25b12"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: TqOgHH8hdWJz3qnSKm7W7yK538Hs_HDp
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458d80feb9b43-FRA
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H3 200 108.bc1c8af6.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 101 KB
18 KB 143ms
114ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/108.bc1c8af6.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c38ea53a8b603902886f52adf56194f398536c0901e501948d76f031c2ad1e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 170330
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: FY0QT3ZWS8Q9J866
x-amz-id-2: DjOcB1VN784adFkFIStTgJp0KkdohY/AwQTz73batQhJz+N3rB+RpVV4WQmHJWcTKqp7Sks5y9E=
last-modified: Tue, 10 May 2022 13:33:45 GMT
server: cloudflare
etag: W/"416ce2f3c64771265d217d0176f8394e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: TBbUEKFle5WBBa44PIVFJaP.aBUmYwWB
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458d80fef9b43-FRA
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H3 200 5281.652a7988.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
3 KB 145ms
115ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5281.652a7988.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2efe526dc817b96a4822fdfbee06c9100af12e59e1e3a20932e6745c35e09988

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1111088
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNHA6FG3QS6BVZBR
x-amz-id-2: bKpvQT0l0R+9iZqrjI+NXH9ySdz2IFP+YXfDKuy5s72Zk70knnO/JKoSdTDbKkL+TCOkHk72s6s=
last-modified: Thu, 14 Apr 2022 09:06:29 GMT
server: cloudflare
etag: W/"04b131139a2938b205f512652ec29a97"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 33irNxWTdFjop9o1_s8tyzZ.0zoR_rMU
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458d80ff39b43-FRA
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H3 200 4483.5048fd96.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 38 KB
11 KB 145ms
115ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4483.5048fd96.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

266127594663fa2a270d91b6d69541d16c9981fddd89e606db2c48e46d7b315e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 610090
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: HG6WB9YFAWWK9ZYA
x-amz-id-2: tjR8F6x0BRCh/Q8/kAccRwMDh8H5uEqrphln+XmzHAxj4q+i812vGQS4Y49QugMPtmp8KuvsWRE=
last-modified: Wed, 04 May 2022 01:22:14 GMT
server: cloudflare
etag: W/"cf8bd4cea2efe6a643008b3887044fdb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: ornq3YiZILpblU16PC7d.WGw07I8jcvH
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458d80ff49b43-FRA
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H3 200 5436.5bb5dddb.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 46 KB
12 KB 145ms
116ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5436.5bb5dddb.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

016780fbb65ca89b7b56e74a472a5d5fb27127c599883d0721864c344984e2a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 671516
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 6SMTYECSSBGR1FS1
x-amz-id-2: 4+BuEeX+sN/Ywyxs1OeSfhkYWysC1KImnb6LHxneKpEcCueUFB4HM/FJE6TO1KfFqHnMHCoOlLU=
last-modified: Wed, 04 May 2022 20:24:22 GMT
server: cloudflare
etag: W/"595517a0f0edec2ce1f8d042f27d9ed3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 5nRNHK941EfJhztH9rO6LDtmjqUR8RV2
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458d80ff79b43-FRA
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H3 200 3043.34648c6a.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 16 KB
4 KB 147ms
117ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3043.34648c6a.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

41234e184791c80f9a83742fa6c197d988d2565c6608e0ee4e3373e93e31445b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 91173
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 41JJSBHRFDQ8PDRD
x-amz-id-2: XSga7+dFr1nQbg0udnpaD+ZembEzEPdu+SftY2Oh1KKvw1c9bKoMx1JiDFAD6dkwWt7KaglqoQE=
last-modified: Wed, 13 Apr 2022 09:57:05 GMT
server: cloudflare
etag: W/"57e7dd326c1b4d24e44ed9b8655754f5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: qLLyYE6QMBOdC61niRO7qEtzgOLMz.Fw
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458d80ffa9b43-FRA
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H3 200 8363.2f2b9025.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 18 KB
6 KB 147ms
117ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8363.2f2b9025.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff82ebb059ae73a2e7b37cfb983289fe2ddb6c7d58febc2512028b2e691a9d28

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 598179
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: ZBEHSPZCDMVSR1AP
x-amz-id-2: TxP078U8IrVs2iFdDMnlcewYCdZtdiIuWlr1l/UNQJNXgE2xGxcXQRmzNHGsRwDkqjvp4KrVWpY=
last-modified: Thu, 05 May 2022 17:08:44 GMT
server: cloudflare
etag: W/"8e9b8e09c969309bc22762f75e7676cb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: HlGzo13GfoNsr_yqgot4kStiyRZYzBul
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458d80ffe9b43-FRA
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H3 200 8849.e115d3a3.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
4 KB 147ms
118ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8849.e115d3a3.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

10e46dff53123335dce3e87dfc8251b15ed13b86826aa3118739b1243ed6d52c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1111088
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: HAATHP1X27M9HZPW
x-amz-id-2: 683N1h/tXCINTqDwy3VcGYllMGCVmR7O99borv9elo47JM5seRVfVFqZ/3Ntjb+Snb+lPFzB4UA=
last-modified: Thu, 14 Apr 2022 09:06:34 GMT
server: cloudflare
etag: W/"d163a762211dc93b003999a47cafe931"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: ugBxVtgkTa8ZpfcJJs1c.657kjvR0RNP
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458d808019b43-FRA
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H3 200 PostPage.MainContent.4e2dbf31.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 132 KB
30 KB 148ms
118ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/PostPage.MainContent.4e2dbf31.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

954c84abc268c681467a979baf1bb7ae0c9d8faa0a0fcb6a53b8be3263b46530

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2523
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 3E1EDZSSAP7BDTM4
x-amz-id-2: 0+PVvWe/Q6GPQ/lzRDzMQ7I4Xec8YOuNyKKl799EEuTRh0L1wQGQ6lsnhdIXuC9nePhhOllQPTk=
last-modified: Thu, 12 May 2022 13:08:54 GMT
server: cloudflare
etag: W/"e8c1cfd2787c8ead71ede2f630a1f2aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: dtFSKn1XztR8Bk6BOzFHrkDHMvMGDIZb
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458d808039b43-FRA
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H3 200 9397.dc6a2e15.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 18 KB
7 KB 162ms
132ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9397.dc6a2e15.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

914c26df175fc8546e846039af3dfdd749f61d9695b11f0ca3390866c490a8d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 598179
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: ZBEW5ESJB2JPX4JG
x-amz-id-2: t4wUFXWYLfVUFgScXofr9yJBibUiXVqdJy2XrFCSMXR2sfCP7CCTAYAqKoYw/uKKnETqw5Ycfas=
last-modified: Thu, 05 May 2022 17:08:45 GMT
server: cloudflare
etag: W/"2f57e1a8e89dfe4fb1b3164dea75ebef"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: OzwNJPtPiSxezDAqW71LWenbCwHACtsT
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458d808059b43-FRA
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H3 200 6867.bcfa4e6c.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
3 KB 163ms
133ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6867.bcfa4e6c.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

045676d2831ed605d4edf201f9b8e3bc4fc46e4d488d9e677b6fa83043de6720

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1111088
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH7YTTQSSZG18XS
x-amz-id-2: XKHuYZfu5msrcHtwsAJFK4PajzVv2H7yH2KREVMevuFRrEo3FhDJ5YzD9YCBOURVowD9fmNpvk0=
last-modified: Thu, 14 Apr 2022 09:06:31 GMT
server: cloudflare
etag: W/"c35955eb45367a3c5a61cb3e5279c051"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: T1iOWUKz_Z7hLHCKM26CR_AUg99Ys3ui
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458d808069b43-FRA
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H3 200 6105.b574ef31.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 14 KB
5 KB 163ms
133ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6105.b574ef31.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a17e897411a436371d8d6d4c3b3a06d1436ed66232e435d6d446946ca640fe89

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 607061
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 3C36QVHENY332P15
x-amz-id-2: E+067Wx5tbriL1XCO/H2QZj0FuXWoT5Oh/SKyCBq+XdmjRcX0OimNd6Vu95zBjswStmluo2WlJc=
last-modified: Thu, 05 May 2022 15:11:42 GMT
server: cloudflare
etag: W/"c8faf21a83f181a6c6c43cfdbad1a96f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: i12F1lqCzyjeIeQtt2mQ0KBaf2BGDbZA
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458d808079b43-FRA
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H3 200 PostPage.RightColumnContent.723debc8.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 30 KB
9 KB 163ms
133ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/PostPage.RightColumnContent.723debc8.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e732335a15200ff25b5dd90cec317ad30fba12f6d44dd59e8d2e393dc48d4bd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 607059
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 3C314394D1GAX5KS
x-amz-id-2: 7+49gVa6t/GwK7EHJhMI5ZaG9dM1bFraQNoig8IEzYBfsgv6qeP/LBwUl+psgoihQ0Wtjwo2cas=
last-modified: Mon, 02 May 2022 20:58:55 GMT
server: cloudflare
etag: W/"f3780a1a733f8d3d28ae3c20634ad5ca"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: XWh2ozGt3UUAXfTqZ0q0KYcEGEpp3lSP
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458d808099b43-FRA
expires: Fri, 12 May 2023 15:56:54 GMT

GET
H3 200 4792.14f7a597.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 92 KB
24 KB 60ms
60ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4792.14f7a597.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.1ffe3824.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

037c0651d9c9b72d1c9a88010e2530907e7fbca66d4f1c97bceea1393f1e7c3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1111088
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: HAAK2JN6DE2M03W6
x-amz-id-2: Ypea0MIYkuTkpRkidUVMlfjFOekUzA45uC+Vg260xcsMfq7uG8JtKFIS4kZQE6pRewZ1DuqXM8M=
last-modified: Thu, 14 Apr 2022 09:06:28 GMT
server: cloudflare
etag: W/"68d93728be9339fe82bac120d5ca3d8d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: G5oQk1h_lSKJ4xkTzMHQRHB7mff9ylPH
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458dd3a6e9b43-FRA
expires: Fri, 12 May 2023 15:56:55 GMT

GET
H3 200 7084.ba43dc1e.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 68 KB
19 KB 38ms
38ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7084.ba43dc1e.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.1ffe3824.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

12ba9a24942100c45828729fe4da1a5e0c9e628c41467ca4d4d941d8793dfdea

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 846747
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 660F089PSVF80N59
x-amz-id-2: myF7kwwRuzUusBWniaiKppNhhVtV7yE6GuduDRHA/DiayvKBGcXUdNJN/uKLlCZYqtD6KngoxCU=
last-modified: Mon, 02 May 2022 19:38:28 GMT
server: cloudflare
etag: W/"0c018a88964c824b28074cac2a65237a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: zqkBJDSZr4KJ8NNCVzRy51JDl5wM6AG6
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458dd3a709b43-FRA
expires: Fri, 12 May 2023 15:56:55 GMT

GET
H3 200 8537.29ab83f7.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 7 KB
3 KB 38ms
37ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8537.29ab83f7.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.1ffe3824.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5679f29ecd4ef217d09efc2f24975ae464eaacb7f2a5d0c6d8f8826da7ec021b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1111088
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: HAANM2B6MZQ1F68J
x-amz-id-2: 84d2zFKasory9ZlNDSGTzv3EI87GPZohOsS6HQXKDHJfZxnTUM7J1mJ4vUF7Ru6V2JeVI0zORIo=
last-modified: Thu, 14 Apr 2022 09:06:34 GMT
server: cloudflare
etag: W/"e184386ab56bc2c712b8e6fbc4f83a8f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: Qk_8LgS9pAqsMKxCAf8ZI8XsRNIYBH9A
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458dd3a749b43-FRA
expires: Fri, 12 May 2023 15:56:55 GMT

GET
H3 200 3551.69fe8b4c.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 22 KB
8 KB 45ms
45ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3551.69fe8b4c.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.1ffe3824.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e4cb950f759cf04de04b107cf1a1d3d7beb457c57abbb06ba0e53353d6854435

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1111088
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: HAAMWT2XVG25CV99
x-amz-id-2: O92GO+f5wp4MZTPejDTn027EcUMgktwemYti2/OluHYSoWgSQr9BjKB8dPZlk2XUWR7lcrHbwk0=
last-modified: Thu, 14 Apr 2022 09:06:26 GMT
server: cloudflare
etag: W/"bbfd20f6707f94928e866764ecff85e8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: ayC7oy9vYwAPAudL09GUE6theIm7Cjz_
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458dd3a789b43-FRA
expires: Fri, 12 May 2023 15:56:55 GMT

GET
H3 200 9104.4f69e195.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 93 KB
27 KB 42ms
41ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9104.4f69e195.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.1ffe3824.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

425e9f6017f33951be2673ad2268a131f8115c85d9cf47d653af1555ade2677a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 96856
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: SBHE4B4CAVGECQ1F
x-amz-id-2: SrDShlZY6Bvc5R9YcQMO9/gT4s9ohyHQzw5Zt+dXJiLDFMImz41Xw7kVsEtBbIzzWRaVGGo05OI=
last-modified: Wed, 11 May 2022 10:07:53 GMT
server: cloudflare
etag: W/"d5d4182a30112408484d7db1f9aecddf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: U5xyWlfC64l714XB3wFCU8OfigPqIrZS
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458dd3a7a9b43-FRA
expires: Fri, 12 May 2023 15:56:55 GMT

GET
H3 200 ThreadedResponsesSidebar.5bca90ec.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 11 KB
5 KB 47ms
47ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/ThreadedResponsesSidebar.5bca90ec.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.1ffe3824.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e46ae7646156ceff7f10d7adf0ce70c42fe739a24a769c52b7377f7985d56ecb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1111088
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: HAAPMGZVJHNV5J09
x-amz-id-2: eF4yArygea9fVOUXGzbQQJNVcfA3odVWQVHCxt5IMmeKzyNRm4Msc5B29hxHg3vP7Uq2gsNocLY=
last-modified: Thu, 14 Apr 2022 09:07:04 GMT
server: cloudflare
etag: W/"6cb059260c23a64ab427e5204bbbf3f8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: cZnuP3jpIHqMOMoLkKnEZh4blbs.yVCq
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458dd3a7d9b43-FRA
expires: Fri, 12 May 2023 15:56:55 GMT

GET
H3 200 1*dmbNkD5D-u45r44go_cf0g.png
miro.medium.com/fit/c/24/24/ 383 B
790 B 39ms
38ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/24/24/1*dmbNkD5D-u45r44go_cf0g.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c7472f7ddd48154cafa5966a38a523318a4c9463190594712195bfaba962220a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 504935
x-envoy-upstream-service-time: 25
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 383
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 70a458df3f079b43-FRA
expires: Sat, 11 Jun 2022 15:56:55 GMT

GET
H3 200 1*7aMh2GK1bLfeqzC-yALhCA.jpeg
miro.medium.com/fit/c/20/20/ 1012 B
1 KB 141ms
140ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*7aMh2GK1bLfeqzC-yALhCA.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

51c8498c72d94aeda89bf1d495c1ebe62dbb9ef48fe806003db872c1d7dc70bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 47
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1012
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70a458df3f0a9b43-FRA
expires: Sat, 11 Jun 2022 15:56:55 GMT

GET
H3 200 2*6vgNLa-doYWjz31_y2TLIw.jpeg
miro.medium.com/fit/c/20/20/ 1008 B
1 KB 47ms
45ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/2*6vgNLa-doYWjz31_y2TLIw.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

faa9f20b40c627b552d326b3cc0d3129e3ee57c86637e06a060a7453f8cee7a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 37329
x-envoy-upstream-service-time: 36
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1008
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70a458df3f0c9b43-FRA
expires: Sat, 11 Jun 2022 15:56:55 GMT

GET
H3 200 0*dbJdQ1v2ExwSKRw1
miro.medium.com/focal/56/56/50/50/ 2 KB
2 KB 129ms
127ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/0*dbJdQ1v2ExwSKRw1

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2655edca5a334070fdf1d83d258ebd7620fc2581e53f2732ac4bc9fb23553403

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 42
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1969
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70a458df3f0f9b43-FRA
expires: Sat, 11 Jun 2022 15:56:55 GMT

GET
H3 200 1*HqLlOzvZsxbd7k12j2xyBQ.jpeg
miro.medium.com/fit/c/20/20/ 1006 B
1 KB 46ms
44ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*HqLlOzvZsxbd7k12j2xyBQ.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

61c5866c6fa4735bb2d8f6b7816002433cc043a5eff3abcc335b8d2870aac409

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 17020
x-envoy-upstream-service-time: 33
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1006
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70a458df3f149b43-FRA
expires: Sat, 11 Jun 2022 15:56:55 GMT

GET
H3 200 1*miqt_F7JnxIkO8B3AavThg.png
miro.medium.com/focal/56/56/50/50/ 4 KB
4 KB 157ms
155ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/1*miqt_F7JnxIkO8B3AavThg.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

64b84e0361a4da05cc73fd87b6da12f9bd4b4a8a7ac05bf89b5c6c6bf842f4de

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 59
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3841
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70a458df3f169b43-FRA
expires: Sat, 11 Jun 2022 15:56:55 GMT

GET
H3 200 1*dmbNkD5D-u45r44go_cf0g.png
miro.medium.com/fit/c/20/20/ 310 B
717 B 55ms
52ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*dmbNkD5D-u45r44go_cf0g.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c2294c42a99ae9402581e67fe5c0262d7ebf4cc7f45bfe9fd2f00862e304f4a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 445433
x-envoy-upstream-service-time: 137
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 310
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 70a458df4f189b43-FRA
expires: Sat, 11 Jun 2022 15:56:55 GMT

GET
H3 200 0*vSjtuBcUgnLR65k_
miro.medium.com/fit/c/20/20/ 839 B
1 KB 57ms
54ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/0*vSjtuBcUgnLR65k_

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

891368567fed949597410e3f9974470c9211a150e5145fae4c6f78302d825b67

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 211841
x-envoy-upstream-service-time: 48
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 839
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70a458df4f1a9b43-FRA
expires: Sat, 11 Jun 2022 15:56:55 GMT

GET
H3 200 1*Q6lDUW3cI_1YpIwkMpRrJw.jpeg
miro.medium.com/focal/56/56/50/50/ 2 KB
2 KB 149ms
146ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/1*Q6lDUW3cI_1YpIwkMpRrJw.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6a94273fbbacf1b7349890e63cc4571ccc698aa77e15a9979d6aa61e168fe2ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 53
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1893
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70a458df4f1b9b43-FRA
expires: Sat, 11 Jun 2022 15:56:55 GMT

GET
H3 200 0*S8paQaENPCN3vcAE.jpg
miro.medium.com/fit/c/20/20/ 271 B
681 B 146ms
143ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/0*S8paQaENPCN3vcAE.jpg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bf9efc591d682a78e13bc0d0e39cac1ed0b89efb844e696ceca895bacdfb6d0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 46
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 271
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70a458df4f1c9b43-FRA
expires: Sat, 11 Jun 2022 15:56:55 GMT

GET
H3 200 1*bfogUi3aRBMBMJv8ioXQDw.jpeg
miro.medium.com/focal/56/56/50/50/ 2 KB
2 KB 138ms
135ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/1*bfogUi3aRBMBMJv8ioXQDw.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bd18c6be2b60386a69552a202a49fe0c23a8e6a3677aedc935082605a61893bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 73
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2048
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70a458df4f1e9b43-FRA
expires: Sat, 11 Jun 2022 15:56:55 GMT

GET
H3 200 1*3oI6T9POhZ3Yr_yFjFVyCA.jpeg
miro.medium.com/fit/c/20/20/ 662 B
1 KB 45ms
42ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*3oI6T9POhZ3Yr_yFjFVyCA.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

46912ee6215bda6aee27034ee0c839fec09ea3440f1c18322a4b8c19dd0816e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 206658
x-envoy-upstream-service-time: 42
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 662
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70a458df4f1f9b43-FRA
expires: Sat, 11 Jun 2022 15:56:55 GMT

GET
H3 200 1*XtE--tsa1TEdNZWm3NLwbg.jpeg
miro.medium.com/focal/56/56/50/50/ 2 KB
2 KB 142ms
139ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/1*XtE--tsa1TEdNZWm3NLwbg.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

352df4d218d9899e2cea2b2e291e5c6bf6a9bbef9e615d0ca2b2a40c84ad8568

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 57
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1898
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70a458df4f219b43-FRA
expires: Sat, 11 Jun 2022 15:56:55 GMT

GET
H3 200 0*JbSNmu6R1Lq0pifj.png
miro.medium.com/fit/c/20/20/ 657 B
1 KB 52ms
49ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/0*JbSNmu6R1Lq0pifj.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e1cd89c7cdd486483486f5c20a0cef730580542fed26bf4c70a1f6d29f90990c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 186021
x-envoy-upstream-service-time: 42
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 657
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220322-153408-5d6507f242
accept-ranges: bytes
cf-ray: 70a458df4f239b43-FRA
expires: Sat, 11 Jun 2022 15:56:55 GMT

GET
H3 200 1*KPCoIn5tL9f6Z_io_8vRLA.jpeg
miro.medium.com/focal/56/56/50/50/ 2 KB
3 KB 52ms
49ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/1*KPCoIn5tL9f6Z_io_8vRLA.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a647a59183446a780cdd9bf588df63b6fa930654e07cd7ab0501ca2530063da0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 27272
x-envoy-upstream-service-time: 59
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2320
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70a458df4f249b43-FRA
expires: Sat, 11 Jun 2022 15:56:55 GMT

GET
H3 200 2*OeWAwMjimYeWAngthRitTw.jpeg
miro.medium.com/fit/c/20/20/ 1 KB
1 KB 46ms
44ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/2*OeWAwMjimYeWAngthRitTw.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

47dfe7c6f5b837e57b35f477af81de179390930f815487b7430b55b389c2804f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 148275
x-envoy-upstream-service-time: 104
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1040
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70a458df4f269b43-FRA
expires: Sat, 11 Jun 2022 15:56:55 GMT

GET
H3 200 1*jeYTThrNx0oynYtMzYwLnA.jpeg
miro.medium.com/focal/56/56/50/50/ 2 KB
3 KB 135ms
133ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/1*jeYTThrNx0oynYtMzYwLnA.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

20d43902e2e484000add5d075b8324778064ae7f6b86dd63bf93e456df46bc13

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 29
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2531
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70a458df4f279b43-FRA
expires: Sat, 11 Jun 2022 15:56:55 GMT

GET
H3 200 0*a8Pl23IRRozMvhFH
miro.medium.com/fit/c/20/20/ 358 B
765 B 41ms
39ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/0*a8Pl23IRRozMvhFH

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

356925d7d9850c16733be63d3e353089ac715afbd5a438ed630d632e8f726b5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 186368
x-envoy-upstream-service-time: 104
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 358
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70a458df4f289b43-FRA
expires: Sat, 11 Jun 2022 15:56:55 GMT

GET
H3 200 1*KWZTf0L8kmI2KxKzMHBeyQ.png
miro.medium.com/focal/56/56/50/50/ 351 B
758 B 39ms
37ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/1*KWZTf0L8kmI2KxKzMHBeyQ.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f5b6527b0aaaad26fd1a623db9870044756056f7256f065ba0ad58e78fa0ade2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 186368
x-envoy-upstream-service-time: 63
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 351
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70a458df4f2a9b43-FRA
expires: Sat, 11 Jun 2022 15:56:55 GMT

GET
H3 200 0*DVk8skZ_N1F807UO
miro.medium.com/fit/c/20/20/ 1 KB
1 KB 53ms
51ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/0*DVk8skZ_N1F807UO

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d84d187abdcbf2dc88757d781875b91d31b16deea847039a3c7be6c27ec36e06

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 270858
x-envoy-upstream-service-time: 71
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1045
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70a458df4f2c9b43-FRA
expires: Sat, 11 Jun 2022 15:56:55 GMT

GET
H3 200 0*wj49dT6ssQfuL7Qm
miro.medium.com/focal/56/56/50/50/ 2 KB
2 KB 39ms
38ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/0*wj49dT6ssQfuL7Qm

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

67398f5116a96c0b5803e49153ca4fdfbdc3309cd58614146fec82609a93dbab

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 17513
x-envoy-upstream-service-time: 3587
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1622
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70a458df4f2f9b43-FRA
expires: Sat, 11 Jun 2022 15:56:55 GMT

GET
H3 200 1*TLeOOKQ0L9JSV_Da9ivuQA.jpeg
miro.medium.com/fit/c/20/20/ 1 KB
1 KB 148ms
147ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*TLeOOKQ0L9JSV_Da9ivuQA.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

348d3380a679586adf623987a4469f20c5276ba4fed40a02cd58aff11f95b0a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 59
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1049
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70a458df4f319b43-FRA
expires: Sat, 11 Jun 2022 15:56:55 GMT

GET
H3 200 1*HcW2jJZUXZyFDtp5fJvM1w.png
miro.medium.com/focal/56/56/50/50/ 2 KB
3 KB 142ms
140ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/1*HcW2jJZUXZyFDtp5fJvM1w.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e590c8539bd39d7676455a1ad0d3aea12ba933c5573db26aa8b279ccb5a20c0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:55 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 39
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2305
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70a458df4f339b43-FRA
expires: Sat, 11 Jun 2022 15:56:55 GMT

POST
H2 200 graphql Show response
posts.specterops.io/_/ 143 B
439 B 120ms
120ms Fetch
application/json 52.4.38.70
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/5040.62718a97.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.4.38.70 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-4-38-70.compute-1.amazonaws.com

Software

nginx /

Resource Hash

95efa05f7cc6565b0c69f345436ef7376a9346c79bc99a73c37075f4b43599d9

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 4af78702471a50a6
Medium-Frontend-Path: /code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
Graphql-Operation: VisitorQuery
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Medium-Frontend-App: lite/main-20220512-145156-a363be82b8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
apollographql-client-version: main-20220512-145156-a363be82b8
ot-tracer-spanid: 7a2045891d53c0f5

Response headers

date: Thu, 12 May 2022 15:56:55 GMT
sepia-upstream: medium
server: nginx
etag: W/"8f-CHik+Hrr3BBqZMsxeMd5JHw8hIU"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220505-143206-9ef6171d35, rito/main-20220510-113448-e79275d516
x-envoy-upstream-service-time: 10
content-length: 143
x-xss-protection: 0
x-request-received-at: 1652371015979

POST
H2 200 graphql Show response
posts.specterops.io/_/ 108 B
429 B 168ms
168ms Fetch
application/json 52.4.38.70
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/5040.62718a97.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.4.38.70 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-4-38-70.compute-1.amazonaws.com

Software

nginx /

Resource Hash

02e9e1939e214dfa38c8eab94afca48043e7f00c46e95908662548a7d19819e1

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 4af78702471a50a6
Medium-Frontend-Path: /code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
Graphql-Operation: PostPageMeterQuery
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Medium-Frontend-App: lite/main-20220512-145156-a363be82b8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
apollographql-client-version: main-20220512-145156-a363be82b8
ot-tracer-spanid: 7a2045891d53c0f5

Response headers

date: Thu, 12 May 2022 15:56:56 GMT
sepia-upstream: medium
server: nginx
etag: W/"6c-I3CG28DxUiEEF9QH3iLEotaTHR8"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220505-143206-9ef6171d35, rito/main-20220510-113448-e79275d516, tutu/main-20220512-122642-2ba4116808
x-envoy-upstream-service-time: 61
content-length: 108
x-xss-protection: 0
x-request-received-at: 1652371015977

POST
H2 200 graphql Show response
posts.specterops.io/_/ 838 B
1 KB 175ms
175ms Fetch
application/json 52.4.38.70
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/5040.62718a97.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.4.38.70 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-4-38-70.compute-1.amazonaws.com

Software

nginx /

Resource Hash

825613135cc4052b6cc8f37c57f0a357dd1e03b41da5c0c5cec5247fbbdd0e0e

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 4af78702471a50a6
Medium-Frontend-Path: /code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
Graphql-Operation: UserViewerEdge
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Medium-Frontend-App: lite/main-20220512-145156-a363be82b8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
apollographql-client-version: main-20220512-145156-a363be82b8
ot-tracer-spanid: 7a2045891d53c0f5

Response headers

date: Thu, 12 May 2022 15:56:56 GMT
sepia-upstream: medium
server: nginx
etag: W/"346-Ser6vQot4tnIkwuU1L8P0KQEz3o"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220505-143206-9ef6171d35, rito/main-20220510-113448-e79275d516, tutu/main-20220512-122642-2ba4116808
x-envoy-upstream-service-time: 64
content-length: 838
x-xss-protection: 0
x-request-received-at: 1652371015982

POST
H2 200 graphql Show response
posts.specterops.io/_/ 210 B
532 B 145ms
145ms Fetch
application/json 52.4.38.70
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/5040.62718a97.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.4.38.70 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-4-38-70.compute-1.amazonaws.com

Software

nginx /

Resource Hash

4a08650c69ead9c9cd9edf877e20e401ccac1d61a88b4cca31e53412e0b6bb1d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 4af78702471a50a6
Medium-Frontend-Path: /code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
Graphql-Operation: NewsletterV3ViewerEdge
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Medium-Frontend-App: lite/main-20220512-145156-a363be82b8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
apollographql-client-version: main-20220512-145156-a363be82b8
ot-tracer-spanid: 7a2045891d53c0f5

Response headers

date: Thu, 12 May 2022 15:56:56 GMT
sepia-upstream: medium
server: nginx
etag: W/"d2-kCFQHX0vy8+XXz2zDj6MWDCjBP0"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220505-143206-9ef6171d35, rito/main-20220510-113448-e79275d516, tutu/main-20220512-122642-2ba4116808
x-envoy-upstream-service-time: 35
content-length: 210
x-xss-protection: 0
x-request-received-at: 1652371015982

POST
H2 200 graphql Show response
posts.specterops.io/_/ 268 B
589 B 152ms
152ms Fetch
application/json 52.4.38.70
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/5040.62718a97.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.4.38.70 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-4-38-70.compute-1.amazonaws.com

Software

nginx /

Resource Hash

58a2ca0e87b108d1bab012bd2712a56af511d92782b8660722aca032c37d64b8

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 4af78702471a50a6
Medium-Frontend-Path: /code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
Graphql-Operation: PostViewerEdgeQuery
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Medium-Frontend-App: lite/main-20220512-145156-a363be82b8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
apollographql-client-version: main-20220512-145156-a363be82b8
ot-tracer-spanid: 7a2045891d53c0f5

Response headers

date: Thu, 12 May 2022 15:56:56 GMT
sepia-upstream: medium
server: nginx
etag: W/"10c-bdVYDGxh1E9W48hhL5BeGDeNpx4"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220505-143206-9ef6171d35, rito/main-20220510-113448-e79275d516, tutu/main-20220512-122642-2ba4116808
x-envoy-upstream-service-time: 44
content-length: 268
x-xss-protection: 0
x-request-received-at: 1652371015981

POST
H2 200 graphql Show response
posts.specterops.io/_/ 103 B
397 B 227ms
227ms Fetch
application/json 52.4.38.70
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/5040.62718a97.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.4.38.70 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-4-38-70.compute-1.amazonaws.com

Software

nginx /

Resource Hash

aff6e5d1740b33e9611dfd5f8c9aa4bb0842270f37bca94d654ef53ac21e422b

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 4af78702471a50a6
Medium-Frontend-Path: /code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Graphql-Operation: MaybeTextToSpeechQuery
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Medium-Frontend-App: lite/main-20220512-145156-a363be82b8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
apollographql-client-version: main-20220512-145156-a363be82b8
ot-tracer-spanid: 7a2045891d53c0f5

Response headers

date: Thu, 12 May 2022 15:56:56 GMT
sepia-upstream: medium
server: nginx
etag: W/"67-hwVXqeGehpUH7w76cB3LOBt2Lkg"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220505-143206-9ef6171d35, rito/main-20220510-113448-e79275d516
x-envoy-upstream-service-time: 19
content-length: 103
x-xss-protection: 0
x-request-received-at: 1652371016082

POST
H2 200 graphql Show response
posts.specterops.io/_/ 96 B
414 B 232ms
231ms Fetch
application/json 52.4.38.70
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/5040.62718a97.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.4.38.70 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-4-38-70.compute-1.amazonaws.com

Software

nginx /

Resource Hash

aaaca262fe6fc64fafe54bd0236329a0ad10abe3ece58da67d89725ebf0589bf

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 4af78702471a50a6
Medium-Frontend-Path: /code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Graphql-Operation: InteractivePostBodyQuery
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Medium-Frontend-App: lite/main-20220512-145156-a363be82b8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
apollographql-client-version: main-20220512-145156-a363be82b8
ot-tracer-spanid: 7a2045891d53c0f5

Response headers

date: Thu, 12 May 2022 15:56:56 GMT
sepia-upstream: medium
server: nginx
etag: W/"60-Ot8fahRq/24OZZD50baRxE1h1oo"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220505-143206-9ef6171d35, rito/main-20220510-113448-e79275d516, tutu/main-20220512-122642-2ba4116808
x-envoy-upstream-service-time: 31
content-length: 96
x-xss-protection: 0
x-request-received-at: 1652371016085

GET
H3 200 responses.editor.857df5ad.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
4 KB 48ms
47ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/responses.editor.857df5ad.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.1ffe3824.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c91ebb44296a087c6734815b767b2631cf21cbb446757abe01d92ebb97323a4a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1111083
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 887XZEAFQ44HRT6J
x-amz-id-2: flfXVoow0Wmc3WN/tyqoDVzkRf7DYQv4tJYETVVuuy28XaXVMqn40KHtB0lK5e8LRimUG5SDIZo=
last-modified: Thu, 14 Apr 2022 09:07:31 GMT
server: cloudflare
etag: W/"195376c9eb500dd7a4c4583562103d50"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: n9gS1uYafrO67iJ9cRLDZTxo6qKQufkF
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70a458e20ca99b43-FRA
expires: Fri, 12 May 2023 15:56:56 GMT

GET
H3 200 sohne-400-italic.woff
glyph.medium.com/font/3887986/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 19 KB
20 KB 58ms
57ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/3887986/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-400-italic.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d4997e3de54c0bc7f4b845fb053c714d48c52eed08a18f7555b2abc003e1990

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 6306138
x-envoy-upstream-service-time: 33
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 70a458e20ee19165-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Fri, 12 May 2023 15:56:56 GMT

POST
H2 200 graphql Show response
posts.specterops.io/_/ 9 KB
2 KB 229ms
228ms Fetch
application/json 52.4.38.70
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/5040.62718a97.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.4.38.70 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-4-38-70.compute-1.amazonaws.com

Software

nginx /

Resource Hash

99c9dcff2ceb63d26eafcbb4764f3e3d9721b954e217e6be12c1865a68ebbce4

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 4af78702471a50a6
Medium-Frontend-Path: /code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Graphql-Operation: PagedThreadedPostResponsesQuery
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Medium-Frontend-App: lite/main-20220512-145156-a363be82b8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
apollographql-client-version: main-20220512-145156-a363be82b8
ot-tracer-spanid: 7a2045891d53c0f5

Response headers

date: Thu, 12 May 2022 15:56:56 GMT
content-encoding: gzip
sepia-upstream: medium
server: nginx
etag: W/"22bb-3YbPVY79i2WnSK72ktSsjhcR7yc"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220505-143206-9ef6171d35, rito/main-20220510-113448-e79275d516, tutu/main-20220512-122642-2ba4116808
x-envoy-upstream-service-time: 121
x-xss-protection: 0
x-request-received-at: 1652371016089

POST
H2 200 /
posts.specterops.io/_/clientele/reports/performance/ 0
0 114ms
114ms Fetch
application/octet-stream 52.4.38.70
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://posts.specterops.io/_/clientele/reports/performance/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.4df3f062.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.4.38.70 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-4-38-70.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 12 May 2022 15:56:56 GMT
medium-fulfilled-by: valencia/main-20220505-143206-9ef6171d35, clientele/main-20220415-143145-f9ab5ad4ad
x-envoy-upstream-service-time: 5
sepia-upstream: medium
server: nginx
content-length: 0
content-type: application/octet-stream

POST
H2 200 /
posts.specterops.io/_/clientele/reports/performance/ 0
0 114ms
114ms Fetch
application/octet-stream 52.4.38.70
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://posts.specterops.io/_/clientele/reports/performance/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.4df3f062.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.4.38.70 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-4-38-70.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 12 May 2022 15:56:56 GMT
medium-fulfilled-by: valencia/main-20220505-143206-9ef6171d35, clientele/main-20220415-143145-f9ab5ad4ad
x-envoy-upstream-service-time: 5
sepia-upstream: medium
server: nginx
content-length: 0
content-type: application/octet-stream

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 68ms
20ms Script
text/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 1326
date: Thu, 12 May 2022 15:34:50 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 12 May 2022 17:34:50 GMT

GET
H2 200 branch-latest.min.js Show response
cdn.branch.io/ 81 KB
24 KB 107ms
31ms Script
text/javascript 18.65.39.74
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.branch.io/branch-latest.min.js
Requested by: Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=604b34589ada
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.65.39.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-65-39-74.ams1.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5bbb9c0f0e0824480fd077d8340987a94369f9565dfcf6b89dcb00229fb49673

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: qdsw2NkSLBBvb7vdgXpE9mqgp_9x4Fln
content-encoding: gzip
last-modified: Wed, 04 May 2022 17:13:35 GMT
server: AmazonS3
age: 180
etag: "02288b6b1ca1a8d5a1ce841c5df3ee19"
x-cache: Hit from cloudfront
content-type: text/javascript
via: 1.1 19f569e782b5b925c41d8bc4e292cc7a.cloudfront.net (CloudFront)
cache-control: max-age=300
date: Thu, 12 May 2022 15:53:57 GMT
x-amz-cf-pop: AMS1-P1
content-length: 24357
x-amz-cf-id: ethyFFFKPwwBszWX97RXrGIcMWJiPwQAovtO8n8EG_w6rUyGf9StCw==

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 69ms
27ms XHR
text/plain 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1352862218&t=pageview&_s=1&dl=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&ul=en-us&de=UTF-8&dt=Code%20Signing%20Certificate%20Cloning%20Attacks%20and%20Defenses%20%7C%20by%20Matt%20Graeber%20%7C%20Posts%20By%20SpecterOps%20Team%20Members&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1932708900&gjid=115765835&cid=1847797844.1652371018&tid=UA-24232453-2&_gid=1000450639.1652371018&_r=1&_slc=1&z=1230652662

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/5040.62718a97.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 12 May 2022 15:56:57 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://posts.specterops.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 58ms
28ms XHR
text/plain 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1352862218&t=pageview&_s=1&dl=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&ul=en-us&de=UTF-8&dt=Code%20Signing%20Certificate%20Cloning%20Attacks%20and%20Defenses%20%7C%20by%20Matt%20Graeber%20%7C%20Posts%20By%20SpecterOps%20Team%20Members&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEDAAEABAAAAAC~&jid=791970568&gjid=1295608369&cid=1847797844.1652371018&tid=UA-102239211-2&_gid=1000450639.1652371018&_r=1&_slc=1&z=1111588666

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/5040.62718a97.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 12 May 2022 15:56:57 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://posts.specterops.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 _r Show response
app.link/ 91 B
562 B 454ms
180ms Script
text/javascript 2600:9000:20ef:400:19:9934:6a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.link/_r?sdk=web2.61.0&branch_key=key_live_ofxXr2qTrrU9NqURK8ZwEhknBxiI6KBm&callback=branch_callback__0

Requested by

Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ef:400:19:9934:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

openresty / Express

Resource Hash

2892b5bc6164f006178b61089b8104a63bef3e48c0c310f74b811403be0306cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 12 May 2022 15:56:58 GMT
via: 1.1 a77dd74bb9c72f0eb05ce504c2023f4a.cloudfront.net (CloudFront)
x-content-type-options: nosniff
server: openresty
x-amz-cf-pop: DFW3-C1
x-powered-by: Express
x-cache: Miss from cloudfront
content-type: text/javascript; charset=utf-8
content-length: 91
etag: W/"5b-f/MzQrIxSNo79ZpZ0GtixKVah0k"
x-amz-cf-id: LHhRzgXUc9pW332Wdf5zTRk26Q7kWB3EpSk9bFS87sEO--26k6oP7A==

POST
H2 200 open Show response
api2.branch.io/v1/ 316 B
630 B 430ms
236ms XHR
application/json 2600:9000:2315:5a00:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/open
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/5040.62718a97.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:5a00:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7185a4d736def01ca65dc3ca023b271b0bb2981a221001b24ab4c5f8db3ae53c

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 12 May 2022 15:56:58 GMT
via: 1.1 6c90efa18f660ef893fb03f41073cde8.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P2
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache
x-branch-request-id: 2de7f07671d044ffa6808fc948c544bf-2022051215
content-length: 316
x-amz-cf-id: 1ev8d2SngpN3hvPK8ImzK9pGBCdanIINuGbbQiMiSXb9p2Rm50_4OQ==

POST
H2 200 /
posts.specterops.io/_/clientele/reports/performance/ 0
0 117ms
116ms Fetch
application/octet-stream 52.4.38.70
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://posts.specterops.io/_/clientele/reports/performance/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.4df3f062.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.4.38.70 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-4-38-70.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 12 May 2022 15:56:58 GMT
medium-fulfilled-by: valencia/main-20220505-143206-9ef6171d35, clientele/main-20220415-143145-f9ab5ad4ad
x-envoy-upstream-service-time: 5
sepia-upstream: medium
server: nginx
content-length: 0
content-type: application/octet-stream

POST
H2 200 profile Show response
api2.branch.io/v1/ 183 B
566 B 358ms
358ms XHR
application/json 2600:9000:2315:5a00:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/profile

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/5040.62718a97.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2315:5a00:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ Express

Resource Hash

6fa9008a4964d5ca00176ab69198651f9be72efd35c52d636279285db663d1f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 12 May 2022 15:56:58 GMT
via: 1.1 6c90efa18f660ef893fb03f41073cde8.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: DUS51-P2
x-powered-by: Express
etag: W/"b7-0rIArAv4t2t1+mbI2InhL3w2T7Q"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: 8fd9f9ff8c674cc7acd5823ff7cd2cd0-2022051215
content-length: 183
x-amz-cf-id: RqT5IakA-YSDzX_hgR1Oq6zNjDKcanpIx9Msk3cDN2APqmN1gYc23g==

POST
H2 400 graphql Show response
posts.specterops.io/_/ 138 B
450 B 220ms
220ms Fetch
text/html 52.4.38.70
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/5040.62718a97.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.4.38.70 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-4-38-70.compute-1.amazonaws.com

Software

nginx /

Resource Hash

dc0a4948011b3bf48695d6b088a8ad2a65b902eee0dfa2bff5ec3b7d77e9941c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 4af78702471a50a6
Medium-Frontend-Path: /code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Graphql-Operation: PostNextFiveStoriesCollection
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Medium-Frontend-App: lite/main-20220512-145156-a363be82b8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
apollographql-client-version: main-20220512-145156-a363be82b8
ot-tracer-spanid: 7a2045891d53c0f5

Response headers

content-security-policy: default-src 'none'
x-content-type-options: nosniff
sepia-upstream: medium
server: nginx
date: Thu, 12 May 2022 15:56:58 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220505-143206-9ef6171d35, rito/main-20220510-113448-e79275d516
x-envoy-upstream-service-time: 8
content-length: 138
x-xss-protection: 0
x-request-received-at: 1652371018962

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
388 B 352ms
352ms XHR
application/json 2600:9000:2315:5a00:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/pageview
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/5040.62718a97.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:5a00:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: / Express
Resource Hash: a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 12 May 2022 15:56:59 GMT
via: 1.1 6c90efa18f660ef893fb03f41073cde8.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P2
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: d7e2349de194466cb5de5795082d0b28-2022051215
content-length: 28
x-amz-cf-id: 0K_LerurjcJVDr9g4WjPIdIGDC1gePm6TvlLH9zCA3D8xrNx0wMMPw==

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
389 B 197ms
197ms XHR
application/json 2600:9000:2315:5a00:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/pageview
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/5040.62718a97.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:5a00:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: / Express
Resource Hash: a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 12 May 2022 15:56:59 GMT
via: 1.1 6c90efa18f660ef893fb03f41073cde8.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P2
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: 1fff0a77ec4a4298818fd4f49047e687-2022051215
content-length: 28
x-amz-cf-id: ghH3M1VWQNGIQDG1OqKMLeUpjHBM12BosyaBNkYRKkDJVnlbU3HmtQ==

POST
H2 200 batch Show response
posts.specterops.io/_/ 17 B
173 B 251ms
250ms Fetch
application/json 52.4.38.70
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://posts.specterops.io/_/batch
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.4df3f062.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.4.38.70 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-4-38-70.compute-1.amazonaws.com
Software: nginx /
Resource Hash: f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
x-xsrf-token: 1
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
content-type: application/json

Response headers

date: Thu, 12 May 2022 15:57:00 GMT
medium-fulfilled-by: valencia/main-20220505-143206-9ef6171d35
x-envoy-upstream-service-time: 143
sepia-upstream: medium
server: nginx
content-length: 17
content-type: application/json

Verdicts & Comments Add Verdict or Comment

24 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.medium.com/	1970-01-20 11:45:07	Name: sid Value: 1:CG3eE9AM57bSdrWaZ4geGYaCV0lj4FKYhCO3UN26Or7hMRKEF7/qKhkAr2cf70Qo
.medium.com/	1970-01-20 11:45:07	Name: uid Value: lo_676774f28a78
.medium.com/	1969-12-31 23:59:59	Name: __cfruid Value: 65c4791621e1128e5df1c8857b4c5fdedfc18641-1652371013
posts.specterops.io/	1970-01-20 11:45:07	Name: uid Value: lo_676774f28a78
posts.specterops.io/	1970-01-20 11:45:07	Name: sid Value: 1:C2oF+r1oGGD6XDP1kAo+TuNFZpNJpQBpxG3TWa96wBim3XBT7cbXG/fI2d6zVbfC
posts.specterops.io/	1970-01-20 02:59:31	Name: _dd_s Value: rum=0&expire=1652371915229
.specterops.io/	1970-01-20 20:30:43	Name: _ga Value: GA1.2.1847797844.1652371018
.specterops.io/	1970-01-20 03:00:57	Name: _gid Value: GA1.2.1000450639.1652371018
.specterops.io/	1970-01-20 02:59:31	Name: _gat Value: 1
.specterops.io/	1970-01-20 02:59:31	Name: _gat_tracker0 Value: 1
.app.link/	1970-01-20 11:45:07	Name: _s Value: 1wcBgyEqdcOtzAA8tUeZcsXOcV1ZSUf71CPi7UUB8C6QrfGhc1uK%2B32HUQWKapuN

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://posts.specterops.io/_/graphql Message: Failed to load resource: the server responded with a status of 400 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' https://medium.com

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api2.branch.io
app.link
cdn-client.medium.com
cdn.branch.io
glyph.medium.com
medium.com
miro.medium.com
posts.specterops.io
www.google-analytics.com
18.65.39.74
2600:9000:20ef:400:19:9934:6a80:93a1
2600:9000:2315:5a00:11:f728:3040:93a1
2606:4700:7::a29f:9804
2606:4700:7::a29f:9904
2a00:1450:4001:809::200e
52.4.38.70
016780fbb65ca89b7b56e74a472a5d5fb27127c599883d0721864c344984e2a4
02e9e1939e214dfa38c8eab94afca48043e7f00c46e95908662548a7d19819e1
037c0651d9c9b72d1c9a88010e2530907e7fbca66d4f1c97bceea1393f1e7c3d
045676d2831ed605d4edf201f9b8e3bc4fc46e4d488d9e677b6fa83043de6720
0a68bdc22aa6d2deedff5c4999e3618222cf20b0902530b7f924b9e2a4300e40
0b24c01bb95671134075ae44a4574cc70ac11f812b09b7d066e75538db70744e
10e46dff53123335dce3e87dfc8251b15ed13b86826aa3118739b1243ed6d52c
11dcd31754df7a974976e3825f6e4365e992fe0ed11c9fcecb8f78ee0594f558
12ba9a24942100c45828729fe4da1a5e0c9e628c41467ca4d4d941d8793dfdea
16b223867849c67d463897ff4aa970bc9eb172b5ce0089c824bf15b9279a4d65
1d0bfb71824c241cd1af2fa9799ac63cd94104bbee057a5c1ccbe4f40e23e238
20d43902e2e484000add5d075b8324778064ae7f6b86dd63bf93e456df46bc13
215aea1279af89a275d2777f40ac48c3218ea932f39e05ae8786964d57efe6ce
22ab70ba946528f299be6c9115bf5e61420a2d97d44a5044345c108fc17984fc
2655edca5a334070fdf1d83d258ebd7620fc2581e53f2732ac4bc9fb23553403
266127594663fa2a270d91b6d69541d16c9981fddd89e606db2c48e46d7b315e
27638e3a4e36b6a4a403e0fad7c322855c9a7559a585475e7f1347a109790503
2892b5bc6164f006178b61089b8104a63bef3e48c0c310f74b811403be0306cf
2c646f635922d8642096e479524d2798193a2a43c9ed585ac047d9461c28cfcd
2efe526dc817b96a4822fdfbee06c9100af12e59e1e3a20932e6745c35e09988
3140d725f076fec762b22640c8a80c4f96fc5345e5d2081858f540c9395be220
327f3c5fd126b1c5c05c9f01e71970590e8f8fa3289831be5d75bcd2de2a5fcb
33ca0a574612f3d1c32cbfa41440556463cadae2608bc6ecc90726275771bdc7
348d3380a679586adf623987a4469f20c5276ba4fed40a02cd58aff11f95b0a8
352df4d218d9899e2cea2b2e291e5c6bf6a9bbef9e615d0ca2b2a40c84ad8568
356925d7d9850c16733be63d3e353089ac715afbd5a438ed630d632e8f726b5c
3642d3805e9ba66fb550403766a10734052136d07789afe554763dc5658d41f0
3651cf0d17fd1c5ab2ec2c85232e937033c6cd587bf9971393fc78d148c46a49
3a1b9daa4ad416eea38db22e3ea734d0f7f18256db4679772a0a19e1c4bffa0c
3c983b406ac52816c8d987484c238d6ca8072c6a3fd14ff7ddc4629f66162b7f
3ca1be7fb0f10c09765a6b7bbe5cacd522ef68ca9656954e2ab93ebfbeadd5d5
3d4997e3de54c0bc7f4b845fb053c714d48c52eed08a18f7555b2abc003e1990
41234e184791c80f9a83742fa6c197d988d2565c6608e0ee4e3373e93e31445b
425e9f6017f33951be2673ad2268a131f8115c85d9cf47d653af1555ade2677a
46912ee6215bda6aee27034ee0c839fec09ea3440f1c18322a4b8c19dd0816e1
47dfe7c6f5b837e57b35f477af81de179390930f815487b7430b55b389c2804f
49477754c9515c4307279bedafd2e750f22c1631d450dd6c2d8ebea09209b1f8
4a08650c69ead9c9cd9edf877e20e401ccac1d61a88b4cca31e53412e0b6bb1d
51c8498c72d94aeda89bf1d495c1ebe62dbb9ef48fe806003db872c1d7dc70bd
5679f29ecd4ef217d09efc2f24975ae464eaacb7f2a5d0c6d8f8826da7ec021b
58a2ca0e87b108d1bab012bd2712a56af511d92782b8660722aca032c37d64b8
5a50c182c3abff5281695952c4a4e15735b198053c6ffca9e67d44a2aa8a4696
5bbb9c0f0e0824480fd077d8340987a94369f9565dfcf6b89dcb00229fb49673
5c38ea53a8b603902886f52adf56194f398536c0901e501948d76f031c2ad1e3
615c95e0e14f3359031243ba6c540c062645a9cf4b095f31bdb8e90571e8ee12
61c5866c6fa4735bb2d8f6b7816002433cc043a5eff3abcc335b8d2870aac409
63156590cf4e539a16ac321514e0f97425f82c243071a199f5ce75ef170d9e79
6462f170743e6e8662d3712d4c4961f10799a3597b63b9d564a1e6b337037500
64b84e0361a4da05cc73fd87b6da12f9bd4b4a8a7ac05bf89b5c6c6bf842f4de
65f0c65b5db3aa0568c7986479a4a3e909a05a84fb34ced48d70a2d628dd1444
66536b5dc6d6c9e738011f6c6ec9898a30f475dec20e1cc9fc96a46f4b58b7c2
67398f5116a96c0b5803e49153ca4fdfbdc3309cd58614146fec82609a93dbab
6a94273fbbacf1b7349890e63cc4571ccc698aa77e15a9979d6aa61e168fe2ab
6ac9fa4a572df7ae8001d71bfc68fa058f4387611061b8683388d57393fa33d6
6fa9008a4964d5ca00176ab69198651f9be72efd35c52d636279285db663d1f0
6fce0922ef388ad6f81ae62add760596c852b7c66503f3183cce6943ec5d4f5e
70df1ef1e43b6b2bf298078311f03d5b12edea21838c716042330c6cbc7119a6
7185a4d736def01ca65dc3ca023b271b0bb2981a221001b24ab4c5f8db3ae53c
78661d3e6871b6e5c37f3113d811cb3dfc69546449e3b2c28095b6e7f28d9a7d
7a9d4d3245169f56ad9bc167adec56c07184e6deef4256da99d14f7ed48dbdd4
7e44b89888ba69b9a2e0fbf4cf2e26389f9ecf2711df12d0d286dbbebc1281b4
7f53dbec8814fe1357f158f4edfd546b091e6646c16f05032a4274321593e686
823af0ed59d37ff692a804950379a09490c6418e7b18629616ab9b6bc3b7d9ce
825613135cc4052b6cc8f37c57f0a357dd1e03b41da5c0c5cec5247fbbdd0e0e
83ba7707bfe79a63651504c93f7a572d83f1effea66a3e9429a4b10f26c38899
856a0d2b4f709630ed941ceda9601dde3502bfdaa54f3622d9fda0a44d3f9ad3
891368567fed949597410e3f9974470c9211a150e5145fae4c6f78302d825b67
8b0c060701a878582fead05b30ef2d4786ef2dd4f61d58b56f1edd52fe91781b
8bbe6871b13980a0c8d28ad8267ab8827abb9a9eb1f80691d0e91ffb57a8a51b
9016d03d1b08d6352fed47c3e1cc876d33e4f8fb53639e473923440fb00387c8
914c26df175fc8546e846039af3dfdd749f61d9695b11f0ca3390866c490a8d5
954c84abc268c681467a979baf1bb7ae0c9d8faa0a0fcb6a53b8be3263b46530
95efa05f7cc6565b0c69f345436ef7376a9346c79bc99a73c37075f4b43599d9
961f2b3e92eba06b032c090511ab8fb8b65ff7f0b471c7bd22817061288f8368
99c9dcff2ceb63d26eafcbb4764f3e3d9721b954e217e6be12c1865a68ebbce4
9abe5f8b85053850abb6e03c4fde96e2a2ea3f1d9220fdd307f18d5c371d50cd
9b01204c367b33010f85cfd42e023acd087dd548f8dfa8e68b18cacb45e1f876
9f2c1f3ed67f960d3ba0f120c688de9a9ac07db0a32ef8ad2eec65e703fe62f3
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a17e897411a436371d8d6d4c3b3a06d1436ed66232e435d6d446946ca640fe89
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a256833e5bf72abac2f21b0f4089aa1fb52e14579f8bd7f17da423e59d321eb9
a3231d9c5077d6423b7ab05c50dbb1c953d5213c24ac287793b8217985743321
a647a59183446a780cdd9bf588df63b6fa930654e07cd7ab0501ca2530063da0
a8021cf2dae7f4997b2c1a72ffe82fe2ad7fd4299ccfd7279c8fb8892ef0c495
a81b674bedff3bff07f4f79c82d99f7fb4abc4d051725c3d370506bbfc002540
a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb
aaaca262fe6fc64fafe54bd0236329a0ad10abe3ece58da67d89725ebf0589bf
aac225fb0961062b19f4f980fb4424f22652ba2d24a50bc4190ad57476f0a11f
aff6e5d1740b33e9611dfd5f8c9aa4bb0842270f37bca94d654ef53ac21e422b
b0f424bafe993b016ea96973894f95dfc4290608478a2d7d3fdd080d9b0a60d1
b7c881871198101049af39b223776c61013757c372efb088bfdb471b02afe2af
b80dd1c664ab8730cdb59fea548a9a1810d39088cd284d8240ba7996e8a4ff10
bd18c6be2b60386a69552a202a49fe0c23a8e6a3677aedc935082605a61893bf
bedd2616e4b6f959d9f753b46d9c3bcae2cd1573b55ab08df1506e33bf3ade38
bf9efc591d682a78e13bc0d0e39cac1ed0b89efb844e696ceca895bacdfb6d0d
c2294c42a99ae9402581e67fe5c0262d7ebf4cc7f45bfe9fd2f00862e304f4a8
c3996ced907a09be9c8cbac17bde56953fa8f5000dc8759ac8b692ab8e2c2c7a
c7472f7ddd48154cafa5966a38a523318a4c9463190594712195bfaba962220a
c91ebb44296a087c6734815b767b2631cf21cbb446757abe01d92ebb97323a4a
c98433e98decfbc9278b45b95d83623746fcdb2662870afdbc0d9cd6d84caf54
cdfa49fd2c59de0ff9e4f9891c002c3349e0bbaa10e66898e3b352e44790822e
d249cbd7cbf3eb8f50ecf4cf58f16eab93b196c0aede55e77a9287a692b622fd
d84d187abdcbf2dc88757d781875b91d31b16deea847039a3c7be6c27ec36e06
dc0a4948011b3bf48695d6b088a8ad2a65b902eee0dfa2bff5ec3b7d77e9941c
e1cd89c7cdd486483486f5c20a0cef730580542fed26bf4c70a1f6d29f90990c
e46ae7646156ceff7f10d7adf0ce70c42fe739a24a769c52b7377f7985d56ecb
e4cb950f759cf04de04b107cf1a1d3d7beb457c57abbb06ba0e53353d6854435
e53f46926b147151d9555f9c91a7b7fd63eb60f45a18aca22d3122e2ac4a0e3a
e590c8539bd39d7676455a1ad0d3aea12ba933c5573db26aa8b279ccb5a20c0d
e5c7d6eec6793799ee5594da6b8f51b2f2e5b49d6744ffca0e250613481ab452
e732335a15200ff25b5dd90cec317ad30fba12f6d44dd59e8d2e393dc48d4bd1
e94f5c9ab17624e0617356aa0ce9b87c16a4a62e48ff8ccaabe6963072b76ef8
ec7121b47a89c0f8c46fc497009d41ebd3f25601b5485753d11bc366050a8e0e
ed75ede75b5c0944c5d43581211b6d17951dd92a4f11932dccaa56fd7636094d
edc5a5c8a864651f9e0462a4a8ff5e9d4d6e1b17e817e2d5590037c2971b9a07
ee6184aa8ad5fa680d2808790bb04a001d8369d143b313da43af3794ab7ea3e5
f0a180c8ef5ec478bfd3f8207df858604cd049501d9f3a530bfb2dcbf9ccac15
f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
f466284ad2ed7916b38876dcd8b2f30b236b5d2108a0ffb2422c0ffb023a8ad2
f59a3dea52d70d7d8f8ab3022232aaafadc5097a07372a1827848528f6f48575
f5b6527b0aaaad26fd1a623db9870044756056f7256f065ba0ad58e78fa0ade2
f78bb75370cf39337a5faeadbec473ccf5e5dfb3689022634b759e6886634a9e
f990085012dc4cd43bb4f28a7180ae53a0d42d66a7f89d903dda7865e01d157d
fa4581cee311f43bb6768f4fb2a10f1297b8d75ae6e759d4423759e378f8f5ab
faa9f20b40c627b552d326b3cc0d3129e3ee57c86637e06a060a7453f8cee7a7
ff82ebb059ae73a2e7b37cfb983289fe2ddb6c7d58febc2512028b2e691a9d28

posts.specterops.io Open in urlscan Pro 52.4.38.70 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

132 Requests

100 %HTTPS

71 %IPv6

5 Domains

9 Subdomains

7 IPs

2 Countries

1589 kBTransfer

3946 kBSize

11 Cookies

77 Outgoing links

Page URL History

Redirected requests

132 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

posts.specterops.io Open in urlscan Pro
52.4.38.70 Public Scan

Screenshot
Live screenshot

Full Image

132
Requests

100 %
HTTPS

71 %
IPv6

5
Domains

9
Subdomains

7
IPs

2
Countries

1589 kB
Transfer

3946 kB
Size

11
Cookies

132 HTTP transactions
0 data transactions