posts.specterops.io Open in urlscan Pro
52.5.181.79 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Effective URL:
https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
Submission: On April 28 via api (April 28th 2022, 4:19:30 pm UTC) from BE — Scanned from DE

Summary HTTP 147 Redirects Links 86 Behaviour Indicators

Summary

This website contacted 7 IPs in 2 countries across 5 domains to perform 147 HTTP transactions. The main IP is 52.5.181.79, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is posts.specterops.io.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on January 5th 2022. Valid for: a year.

This is the only time posts.specterops.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 15	52.5.181.79 52.5.181.79	14618 (AMAZON-AES) (AMAZON-AES)
1 17	2606:4700:7::... 2606:4700:7::a29f:9804	13335 (CLOUDFLAR...) (CLOUDFLARENET)
108	2606:4700:7::... 2606:4700:7::a29f:9904	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:812::200e	15169 (GOOGLE) (GOOGLE)
1	65.9.68.6 65.9.68.6	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:21c... 2600:9000:21ca:e600:19:9934:6a80:93a1	16509 (AMAZON-02) (AMAZON-02)
4	2600:9000:226... 2600:9000:2260:1200:11:f728:3040:93a1	16509 (AMAZON-02) (AMAZON-02)
147	7

15 52.5.181.79 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-5-181-79.compute-1.amazonaws.com

posts.specterops.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2606:4700:7::a29f:9804 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
glyph.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
miro.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-client.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

108 2606:4700:7::a29f:9904 (United States)

ASN13335 (CLOUDFLARENET, US)

miro.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-client.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.68.6 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-68-6.fra56.r.cloudfront.net

cdn.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21ca:e600:19:9934:6a80:93a1 (United States)

ASN16509 (AMAZON-02, US)

app.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:2260:1200:11:f728:3040:93a1 (United States)

ASN16509 (AMAZON-02, US)

api2.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
125	medium.com 1 redirects medium.com — Cisco Umbrella Rank: 8671 glyph.medium.com — Cisco Umbrella Rank: 18688 miro.medium.com — Cisco Umbrella Rank: 11472 cdn-client.medium.com — Cisco Umbrella Rank: 19748	2 MB
15	specterops.io 1 redirects posts.specterops.io	63 KB
5	branch.io cdn.branch.io — Cisco Umbrella Rank: 991 api2.branch.io — Cisco Umbrella Rank: 615	26 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 32	20 KB
1	app.link app.link — Cisco Umbrella Rank: 1615	564 B
147	5

	Domain	Requested by
66	miro.medium.com	posts.specterops.io
50	cdn-client.medium.com	posts.specterops.io cdn-client.medium.com
15	posts.specterops.io	1 redirects cdn-client.medium.com
8	glyph.medium.com	posts.specterops.io glyph.medium.com
4	api2.branch.io	cdn-client.medium.com
3	www.google-analytics.com	posts.specterops.io cdn-client.medium.com
1	app.link	cdn.branch.io
1	cdn.branch.io	posts.specterops.io
1	medium.com	1 redirects
147	9

This site contains links to these domains. Also see Links.

Domain
medium.com
rsci.app.link
policy.medium.com
mattifestation.medium.com
docs.microsoft.com
www.youtube.com
technet.microsoft.com
www.bleepingcomputer.com
unmitigatedrisk.com
www.download.windowsupdate.com
gist.github.com
msdn.microsoft.com
specterops.io
cyb3rward0g.medium.com
harmj0y.medium.com
abhiroopbasak.medium.com
blog.tidalmigrations.com
dragonmaster.medium.com
nbadr-souk.medium.com
readme.security
help.medium.com
medium.statuspage.io
about.medium.com
blog.medium.com
knowable.fyi

Subject Issuer	Validity	Valid
posts.specterops.io Sectigo RSA Domain Validation Secure Server CA	`2022-01-05` - `2023-01-05`	a year	crt.sh
medium.com Cloudflare Inc ECC CA-3	`2022-04-27` - `2022-07-26`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
*.branch.io DigiCert TLS RSA SHA256 2020 CA1	`2021-10-27` - `2022-11-27`	a year	crt.sh
appipv4.link Amazon	`2021-06-24` - `2022-07-23`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
Frame ID: 8B2FBA012C080904AC48CF837EFA039D
Requests: 147 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Code Signing Certificate Cloning Attacks and Defenses | by Matt Graeber | Posts By SpecterOps Team Members

Page URL History Show full URLs

https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec HTTP 307
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fposts.specterops.io%2Fcode-signi... HTTP 302
https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3... Page URL

Detected technologies

Medium (Blogs) Expand

Overall confidence: 100%
Detected patterns

medium\.com

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Page Statistics

147
Requests

100 %
HTTPS

71 %
IPv6

5
Domains

9
Subdomains

7
IPs

2
Countries

1735 kB
Transfer

4063 kB
Size

11
Cookies

86 Outgoing links

These are links going to different origins than the main page.

URL: https://medium.com/

Search URL Search Domain Scan URL

URL: https://rsci.app.link/?$canonical_url=https%3A%2F%2Fmedium.com/p/6f98657fc6ec&~feature=LoOpenInAppButton&~channel=ShowPostUnderCollection&~stage=mobileNavBar
Title: Open in app

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&source=post_page--------------------------nav_reg-----------
Title: Sign In

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&source=post_page--------------------------nav_reg-----------
Title: Get started

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fme%2Fnotifications&source=--------------------------notifications_sidenav-----------
Title: Notifications

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fme%2Flists&source=--------------------------lists_sidenav-----------
Title: Lists

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fme%2Fstories%2Fdrafts&source=--------------------------stories_sidenav-----------
Title: Stories

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fnew-story&source=--------------------------new_post_sidenav-----------
Title: Write

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-rules-30e5502c4eb4?source=responses-----6f98657fc6ec--------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&source=-----6f98657fc6ec---------------------respond_sidebar-----------
Title: What are your thoughts?

Search URL Search Domain Scan URL

URL: https://mattifestation.medium.com/?source=post_page-----6f98657fc6ec--------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fuser%2Fe8e64b89121&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&user=Matt+Graeber&userId=e8e64b89121&source=post_page-e8e64b89121----6f98657fc6ec---------------------follow_byline-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F6f98657fc6ec&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&source=--------------------------bookmark_header-----------

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/sysinternals/
Title: Sysinternals

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns
Title: Autoruns

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=AEmuhCwFL5I
Title: can be abused

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/powershell/module/pkiclient/new-selfsignedcertificate?view=win10-ps
Title: New-SelfSignedCertificate

Search URL Search Domain Scan URL

URL: https://technet.microsoft.com/en-us/library/cc783813(v=ws.10).aspx
Title: online

Search URL Search Domain Scan URL

URL: https://technet.microsoft.com/en-us/library/cc754841(v=ws.11).aspx
Title: via Group Policy

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/security/popular-usb-audio-driver-ships-with-root-certificate-big-security-no-no/
Title: Savitech audio driver

Search URL Search Domain Scan URL

URL: https://technet.microsoft.com/en-us/library/cc751157.aspx
Title: trusted by Microsoft

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/sysinternals/downloads/sigcheck
Title: sigcheck

Search URL Search Domain Scan URL

URL: http://unmitigatedrisk.com/?p=259
Title: authroot.stl

Search URL Search Domain Scan URL

URL: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Title: this link

Search URL Search Domain Scan URL

URL: https://gist.github.com/mattifestation/c712e525109f786fbaf6ed576b8d2832
Title: crude parser

Search URL Search Domain Scan URL

URL: https://msdn.microsoft.com/en-us/library/windows/desktop/aa377163(v=vs.85).aspx
Title: CertVerifyCertificateChainPolicy

Search URL Search Domain Scan URL

URL: https://specterops.io/assets/resources/SpecterOps_Subverting_Trust_in_Windows.pdf
Title: hijack Subject Interface Packages

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fspecter-ops-posts%2F6f98657fc6ec&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&user=Matt+Graeber&userId=e8e64b89121&source=-----6f98657fc6ec---------------------clap_footer-----------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fcollection%2Fspecter-ops-posts%2F6f98657fc6ec&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&collection=Posts+By+SpecterOps+Team+Members&collectionId=f05f8696e3cc&source=post_page-----6f98657fc6ec---------------------follow_footer-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://cyb3rward0g.medium.com/?source=post_page-----6f98657fc6ec----0----------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/tag/big-data?source=post_page-----6f98657fc6ec---------------big_data-----------------
Title: Big Data

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2Fa642c6b170d6&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fready-to-hunt-first-show-me-your-data-a642c6b170d6&source=-----6f98657fc6ec----0-----------------bookmark_preview-----------

Search URL Search Domain Scan URL

URL: https://medium.com/new-story?source=post_page_footer_cta_write-------------------------------------
Title: Write on Medium

Search URL Search Domain Scan URL

URL: https://medium.com/@bluescreenofjeff?source=post_page-----6f98657fc6ec----1----------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/tag/security?source=post_page-----6f98657fc6ec---------------security-----------------
Title: Security

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F767d4289af43&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fdesigning-effective-covert-red-team-attack-infrastructure-767d4289af43&source=-----6f98657fc6ec----1-----------------bookmark_preview-----------

Search URL Search Domain Scan URL

URL: https://mattifestation.medium.com/?source=post_page-----6f98657fc6ec----2----------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/tag/device-guard?source=post_page-----6f98657fc6ec---------------device_guard-----------------
Title: Device Guard

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2Ffd1a281b35a8&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fadventures-in-extremely-strict-device-guard-policy-configuration-part-1-device-drivers-fd1a281b35a8&source=-----6f98657fc6ec----2-----------------bookmark_preview-----------

Search URL Search Domain Scan URL

URL: https://harmj0y.medium.com/?source=post_page-----6f98657fc6ec----3----------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/tag/powerview?source=post_page-----6f98657fc6ec---------------powerview-----------------
Title: Powerview

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2Fe8d408c15c95&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fthe-powerview-powerusage-series-4-e8d408c15c95&source=-----6f98657fc6ec----3-----------------bookmark_preview-----------

Search URL Search Domain Scan URL

URL: https://medium.com/@enigma0x3?source=post_page-----6f98657fc6ec----4----------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/tag/dcom?source=post_page-----6f98657fc6ec---------------dcom-----------------
Title: Dcom

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2Fa88a81df27eb&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Flateral-movement-using-outlooks-createobject-method-and-dotnettojscript-a88a81df27eb&source=-----6f98657fc6ec----4-----------------bookmark_preview-----------

Search URL Search Domain Scan URL

URL: https://abhiroopbasak.medium.com/voice-controlled-system-assistant-3980ee2efd14?source=post_internal_links---------0----------------------------
Title: Abhiroop BasVoice controlled System Assistant

Search URL Search Domain Scan URL

URL: https://abhiroopbasak.medium.com/?source=post_internal_links---------0----------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/@palakj095/integrating-prometheus-and-grafana-using-kubernetes-385dde89d7f1?source=post_internal_links---------1----------------------------
Title: Palak JainIntegrating Prometheus and Grafana using Kubernetes

Search URL Search Domain Scan URL

URL: https://medium.com/@palakj095?source=post_internal_links---------1----------------------------

Search URL Search Domain Scan URL

URL: https://blog.tidalmigrations.com/build-an-application-database-for-cloud-migrations-63b0a02dee78?source=post_internal_links---------2----------------------------
Title: David ColebatchinTidal MigrationsBuild An Application Database For Cloud Migrations

Search URL Search Domain Scan URL

URL: https://medium.com/@dcolebatch?source=post_internal_links---------2----------------------------

Search URL Search Domain Scan URL

URL: https://blog.tidalmigrations.com/?source=post_internal_links---------2----------------------------
Title: Tidal Migrations

Search URL Search Domain Scan URL

URL: https://medium.com/@partha.pratimnayak/what-is-application-binary-interface-804d4a71eb38?source=post_internal_links---------3----------------------------
Title: Partha Pratim NayakWhat is Application Binary Interface ?

Search URL Search Domain Scan URL

URL: https://medium.com/@partha.pratimnayak?source=post_internal_links---------3----------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/@kanchan.tewary/my-learnings-on-software-architecture-part-1-282d893b1d49?source=post_internal_links---------4----------------------------
Title: Kanchan TewaryMy learnings on Software Architecture — Part 1

Search URL Search Domain Scan URL

URL: https://medium.com/@kanchan.tewary?source=post_internal_links---------4----------------------------

Search URL Search Domain Scan URL

URL: https://dragonmaster.medium.com/overview-of-dragonmaster-breeding-system-a64f749f2d46?source=post_internal_links---------5----------------------------
Title: DragonMasterOverview of DragonMaster Breeding System

Search URL Search Domain Scan URL

URL: https://dragonmaster.medium.com/?source=post_internal_links---------5----------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/@dfeldman24/docketeer-5-0-is-here-youre-whalecome-6f9d72ec3b58?source=post_internal_links---------6----------------------------
Title: Dylan FeldmanDocketeer 5.0 is here! You’re WHALEcome!

Search URL Search Domain Scan URL

URL: https://medium.com/@dfeldman24?source=post_internal_links---------6----------------------------

Search URL Search Domain Scan URL

URL: https://nbadr-souk.medium.com/ever-since-i-was-a-little-boy-i-have-only-ever-wanted-to-be-a-doctor-e4fe6153c47d?source=post_internal_links---------7----------------------------
Title: Nbadr SoukEver since I was a little boy, I have only ever wanted to be a Doctor.

Search URL Search Domain Scan URL

URL: https://nbadr-souk.medium.com/?source=post_internal_links---------7----------------------------

Search URL Search Domain Scan URL

URL: https://mattifestation.medium.com/

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fuser%2Fe8e64b89121&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&user=Matt+Graeber&userId=e8e64b89121&source=post_page-e8e64b89121-------------------------follow_profile-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=%2F_%2Fapi%2Fsubscriptions%2Fnewsletters%2F7db304d15601&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&newsletterV3=e8e64b89121&newsletterV3Id=7db304d15601&user=Matt+Graeber&userId=e8e64b89121&source=--------------------------subscribe_user-----------

Search URL Search Domain Scan URL

URL: https://readme.security/brazen-lapsus-ransomware-group-menaces-big-tech-e14c24cd1a35?source=read_next_recirc---------0---------------------d3e42e3c_0443_4aeb_98e2_1d9464abfaa7-------
Title: Kim CrawleyinREADME_‘Brazen’ Lapsus$ ransomware group menaces Big Tech

Search URL Search Domain Scan URL

URL: https://medium.com/@kim_crawley?source=read_next_recirc---------0---------------------d3e42e3c_0443_4aeb_98e2_1d9464abfaa7-------

Search URL Search Domain Scan URL

URL: https://readme.security/?source=read_next_recirc---------0---------------------d3e42e3c_0443_4aeb_98e2_1d9464abfaa7-------
Title: README_

Search URL Search Domain Scan URL

URL: https://medium.com/@LambdaMamba/using-xdotool-and-shell-scripts-to-automate-keystrokes-and-randomise-gathertown-avatar-movements-5ce4eb80a406?source=read_next_recirc---------1---------------------d3e42e3c_0443_4aeb_98e2_1d9464abfaa7-------
Title: LenaUsing xdotool and shell scripts to automate keystrokes and randomise GatherTown avatar movements

Search URL Search Domain Scan URL

URL: https://medium.com/@LambdaMamba?source=read_next_recirc---------1---------------------d3e42e3c_0443_4aeb_98e2_1d9464abfaa7-------

Search URL Search Domain Scan URL

URL: https://medium.com/@Alasaki/the-simple-white-collar-things-about-cybersecurity-part-i-90d3a9ba0c41?source=read_next_recirc---------2---------------------d3e42e3c_0443_4aeb_98e2_1d9464abfaa7-------
Title: AlasakiThe Simple & White-collar things about CyberSecurity / Part I “Simple and White-collar" explains…

Search URL Search Domain Scan URL

URL: https://medium.com/@Alasaki?source=read_next_recirc---------2---------------------d3e42e3c_0443_4aeb_98e2_1d9464abfaa7-------

Search URL Search Domain Scan URL

URL: https://medium.com/help-14/add-amd-cpu-gpu-nvme-temperature-monitoring-to-proxmox-7-a95147df71cd?source=read_next_recirc---------3---------------------d3e42e3c_0443_4aeb_98e2_1d9464abfaa7-------
Title: Phan NhâninHelp-14Add AMD CPU, GPU, Nvme temperature monitoring to Proxmox 7

Search URL Search Domain Scan URL

URL: https://medium.com/@help14?source=read_next_recirc---------3---------------------d3e42e3c_0443_4aeb_98e2_1d9464abfaa7-------

Search URL Search Domain Scan URL

URL: https://medium.com/help-14?source=read_next_recirc---------3---------------------d3e42e3c_0443_4aeb_98e2_1d9464abfaa7-------
Title: Help-14

Search URL Search Domain Scan URL

URL: https://help.medium.com/hc/en-us
Title: Help

Search URL Search Domain Scan URL

URL: https://medium.statuspage.io/
Title: Status

Search URL Search Domain Scan URL

URL: https://about.medium.com/creators/
Title: Writers

Search URL Search Domain Scan URL

URL: https://blog.medium.com/
Title: Blog

Search URL Search Domain Scan URL

URL: https://medium.com/jobs-at-medium/work-at-medium-959d1a85284e
Title: Careers

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-privacy-policy-f03bf92035c9
Title: Privacy

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-terms-of-service-9db0094a1e0f
Title: Terms

Search URL Search Domain Scan URL

URL: https://medium.com/about?autoplay=1
Title: About

Search URL Search Domain Scan URL

URL: https://knowable.fyi/
Title: Knowable

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec HTTP 307
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec HTTP 302
https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

147 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec Show response
posts.specterops.io/
Redirect Chain

https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

222 KB
51 KB

729ms
728ms

Document
text/html

52.5.181.79
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.181.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-181-79.compute-1.amazonaws.com

Software

nginx /

Resource Hash

5818744c14c943139ed11f4ac5b7fca280caf1d74b0ca0eadefae51f2a1bb6ca

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://medium.com

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: frame-ancestors 'self' https://medium.com
content-type: text/html; charset=utf-8
date: Thu, 28 Apr 2022 16:19:19 GMT
etag: W/"379fe-X1zRKZji3kDu64JwCt4c44UqgAY"
medium-fulfilled-by: valencia/main-20220427-204309-b6dfbe6d15, lite/main-20220428-151821-d0ed95e7ef, rito/main-20220428-005220-94f743d870, tutu/main-20220428-094113-c52c7c5789
medium-missing-time: 257
sepia-upstream: medium
server: nginx
vary: Accept-Encoding
x-envoy-upstream-service-time: 626
x-request-received-at: 1651162758974

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache, no-store, max-age=0, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 70311e6a1e9d9207-FRA
content-length: 0
content-security-policy: default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://medium.com https://*.medium.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
content-type: text/plain;charset=UTF-8
date: Thu, 28 Apr 2022 16:19:18 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: Thu, 09 Sep 1999 09:09:09 GMT
link: <https://medium.com/humans.txt>; rel="humans"
location: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
medium-fulfilled-by: edgy/8.3.0, valencia/main-20220427-204309-b6dfbe6d15
pragma: no-cache
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
worker-missing-cookies: 1
x-content-type-options: nosniff
x-envoy-upstream-service-time: 28
x-frame-options: sameorigin
x-obvious-info: 20220428-0942-root,c52c7c57
x-obvious-tid: 1651162758804:282ed6aea942
x-opentracing: {"ot-tracer-spanid":"0938159f1227e468","ot-tracer-traceid":"3c298a12555a31c0","ot-tracer-sampled":"true"}
x-powered-by: Medium
x-ua-compatible: IE=edge, Chrome=1
x-xss-protection: 1; mode=block

GET
H2 200 unbound.css
glyph.medium.com/css/ 12 KB
1 KB 26ms
25ms Stylesheet
text/css 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/css/unbound.css

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9f2c1f3ed67f960d3ba0f120c688de9a9ac07db0a32ef8ad2eec65e703fe62f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1494
x-envoy-upstream-service-time: 27
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: text/css
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=7200
access-control-allow-credentials: true
cf-ray: 70311e6fbe249207-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Thu, 28 Apr 2022 18:19:19 GMT

GET
H2 200 1*D-FDlfkqivRBQZoESrwtqw.png
miro.medium.com/fit/c/64/64/ 2 KB
2 KB 46ms
24ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/64/64/1*D-FDlfkqivRBQZoESrwtqw.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8bbe6871b13980a0c8d28ad8267ab8827abb9a9eb1f80691d0e91ffb57a8a51b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 382712
x-envoy-upstream-service-time: 37
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2399
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220303-000533-8c0cdff0ab
accept-ranges: bytes
cf-ray: 70311e705f0a9207-FRA
expires: Sat, 28 May 2022 16:19:19 GMT

GET
H2 200 1*rzDEywT-rGMVud0vq03qfw.jpeg
miro.medium.com/fit/c/96/96/ 7 KB
7 KB 42ms
20ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/96/96/1*rzDEywT-rGMVud0vq03qfw.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

27638e3a4e36b6a4a403e0fad7c322855c9a7559a585475e7f1347a109790503

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 79056
x-envoy-upstream-service-time: 64
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 7062
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 70311e705f0f9207-FRA
expires: Sat, 28 May 2022 16:19:19 GMT

GET
H3 200 sohne-400-normal.woff
glyph.medium.com/font/b492c44/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 19 KB
19 KB 49ms
30ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/b492c44/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b0f424bafe993b016ea96973894f95dfc4290608478a2d7d3fdd080d9b0a60d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 6684754
x-envoy-upstream-service-time: 32
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 70311e705c9f9b8c-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Fri, 28 Apr 2023 16:19:19 GMT

GET
H3 200 sohne-700-normal.woff
glyph.medium.com/font/cf896f3/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 19 KB
19 KB 52ms
37ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/cf896f3/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-700-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78661d3e6871b6e5c37f3113d811cb3dfc69546449e3b2c28095b6e7f28d9a7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 5097853
x-envoy-upstream-service-time: 16
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 70311e705ca69b8c-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Fri, 28 Apr 2023 16:19:19 GMT

GET
H3 200 charter-400-normal.woff
glyph.medium.com/font/be78681/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 15 KB
16 KB 38ms
23ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/be78681/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/charter-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3231d9c5077d6423b7ab05c50dbb1c953d5213c24ac287793b8217985743321

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 5097746
x-envoy-upstream-service-time: 20
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 70311e705ca59b8c-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Fri, 28 Apr 2023 16:19:19 GMT

GET
H3 200 charter-400-italic.woff
glyph.medium.com/font/81d2bf1/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 16 KB
17 KB 45ms
31ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/81d2bf1/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/charter-400-italic.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ec7121b47a89c0f8c46fc497009d41ebd3f25601b5485753d11bc366050a8e0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 8065171
x-envoy-upstream-service-time: 39
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 70311e705ca49b8c-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Fri, 28 Apr 2023 16:19:19 GMT

GET
H3 200 1*Pe1OeWP-UySRMW4aWa4jJQ.png
miro.medium.com/max/1400/ 36 KB
36 KB 205ms
189ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/1400/1*Pe1OeWP-UySRMW4aWa4jJQ.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a9d4d3245169f56ad9bc167adec56c07184e6deef4256da99d14f7ed48dbdd4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 48
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 36474
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70311e70b94090be-FRA
expires: Sat, 28 May 2022 16:19:19 GMT

GET
H3 200 1*fLrpueTtcZk_Gx5qOIxvsA.png
miro.medium.com/max/1400/ 229 KB
229 KB 198ms
192ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/1400/1*fLrpueTtcZk_Gx5qOIxvsA.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

33ca0a574612f3d1c32cbfa41440556463cadae2608bc6ecc90726275771bdc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 115
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 234084
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70311e70b94190be-FRA
expires: Sat, 28 May 2022 16:19:19 GMT

GET
H3 200 1*3toLhPm3VGMpDEl36JE3dg.png
miro.medium.com/max/1400/ 130 KB
130 KB 159ms
154ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/1400/1*3toLhPm3VGMpDEl36JE3dg.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3140d725f076fec762b22640c8a80c4f96fc5345e5d2081858f540c9395be220

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 83
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 133094
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70311e70b95690be-FRA
expires: Sat, 28 May 2022 16:19:19 GMT

GET
H3 200 0*LVG6JHuxeJ6Or_DV
miro.medium.com/fit/c/40/40/ 1 KB
2 KB 55ms
50ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/0*LVG6JHuxeJ6Or_DV

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d175ce97e64726a0fadce66ff2bc60084b3034f1730e15607e26b5698cd2706c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 95178
x-envoy-upstream-service-time: 55
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1378
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70311e70b95990be-FRA
expires: Sat, 28 May 2022 16:19:19 GMT

GET
H3 200 1*KPIgTc7JTmibbcQrLI0UWg.png
miro.medium.com/focal/112/112/50/50/ 25 KB
26 KB 131ms
127ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/1*KPIgTc7JTmibbcQrLI0UWg.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2bff2df357980e33efb5b0f859fec7a80d73fa6cac20bbd440cd75f342e2494b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 70
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 25744
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70311e70b95890be-FRA
expires: Sat, 28 May 2022 16:19:19 GMT

GET
H3 200 1*m7Rqq2o_got30UCjtiTFlA.jpeg
miro.medium.com/fit/c/40/40/ 2 KB
2 KB 53ms
50ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/1*m7Rqq2o_got30UCjtiTFlA.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5af3b0610a3719435e2763f9231d524a8b50c9aee754620023c0cf78b798a11d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 296312
x-envoy-upstream-service-time: 54
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1846
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70311e70b93f90be-FRA
expires: Sat, 28 May 2022 16:19:19 GMT

GET
H3 200 1*zvVER17jOl4C8IFkn6vPjg.png
miro.medium.com/focal/112/112/50/50/ 10 KB
11 KB 198ms
195ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/1*zvVER17jOl4C8IFkn6vPjg.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef8f4aee34fa7038a1c6b1e9c6180f2afa3f7835b5f143ad2057becbe80f050d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 50
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 10490
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70311e70b94790be-FRA
expires: Sat, 28 May 2022 16:19:19 GMT

GET
H3 200 0*OIl7haFPnS_RW96Q.jpg
miro.medium.com/fit/c/40/40/ 1 KB
2 KB 155ms
152ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/0*OIl7haFPnS_RW96Q.jpg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a71288f8dba65161c018b6eb371830ff1ada96b923d5bfade377c5e512019937

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 45
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1486
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70311e70b94990be-FRA
expires: Sat, 28 May 2022 16:19:19 GMT

GET
H3 200 0*PltQcGOhWt1vg9Zo
miro.medium.com/focal/112/112/50/50/ 5 KB
6 KB 149ms
145ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/0*PltQcGOhWt1vg9Zo

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f540d9b26272a4b8254a125e443083aec49a6c3011d2abe5240721db9fa6efa6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 44
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5553
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70311e70b94b90be-FRA
expires: Sat, 28 May 2022 16:19:19 GMT

GET
H3 200 0*seZ6t9F8VMLvDct0.
miro.medium.com/fit/c/40/40/ 829 B
1 KB 53ms
50ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/0*seZ6t9F8VMLvDct0.

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3eaebe5f536bfbb28fbae6e2166835aa8309585d65755caf3a5cf61eefd92419

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 197449
x-envoy-upstream-service-time: 71
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 829
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70311e70b94e90be-FRA
expires: Sat, 28 May 2022 16:19:19 GMT

GET
H3 200 1*KHI8WfoFIamQZXt_gruMEA.jpeg
miro.medium.com/focal/112/112/50/50/ 3 KB
3 KB 129ms
126ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/1*KHI8WfoFIamQZXt_gruMEA.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c57f1e6815ae405a121ffd7f8f95751e58332e59922410a340fc06362298a95e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 51
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2742
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70311e70b95190be-FRA
expires: Sat, 28 May 2022 16:19:19 GMT

GET
H3 200 1*EdEdgfuyYWOEGnra3ee-Kg.png
miro.medium.com/fit/c/40/40/ 4 KB
4 KB 45ms
42ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/1*EdEdgfuyYWOEGnra3ee-Kg.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0592f3bd8730a4dbe1206e384e58d50b182eff1eaad7175c994ef7cc892aa86c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 182912
x-envoy-upstream-service-time: 64
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3690
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70311e70b95490be-FRA
expires: Sat, 28 May 2022 16:19:19 GMT

GET
H3 200 1*5FcRAq30xRv80jU4YFCkKg.png
miro.medium.com/fit/c/40/40/ 4 KB
5 KB 45ms
42ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/1*5FcRAq30xRv80jU4YFCkKg.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

96351f687d83658c542daccfb141815e9868549cc351c07df0c1e5638c995e30

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 180167
x-envoy-upstream-service-time: 63
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4473
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70311e70b95390be-FRA
expires: Sat, 28 May 2022 16:19:19 GMT

GET
H3 200 1*6GmAwVExKGplFccMGa0Opw.jpeg
miro.medium.com/focal/112/112/50/50/ 6 KB
7 KB 193ms
191ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/1*6GmAwVExKGplFccMGa0Opw.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d8d555e598b6c3379670fbf6487dd62ed2836b4548aba48cea7740e1a92225e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 43
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6256
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70311e70b94390be-FRA
expires: Sat, 28 May 2022 16:19:19 GMT

GET
H3 200 1*5EO6n7GmOEaCGGkZX32cpA.png
miro.medium.com/fit/c/40/40/ 3 KB
4 KB 153ms
151ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/1*5EO6n7GmOEaCGGkZX32cpA.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5f0986d3eb60dff32625590d7afe198f58097a2cba4cafa4b6ef3493611bd4c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 48
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3417
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70311e70b94490be-FRA
expires: Sat, 28 May 2022 16:19:19 GMT

GET
H3 200 0*N95F5E8JhsRVHuFK
miro.medium.com/focal/112/112/50/50/ 7 KB
8 KB 152ms
148ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/0*N95F5E8JhsRVHuFK

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

604614725ba559b65c9972170eb26d7b3d04798fd8258cf2693ab89de4c04913

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 44
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 7676
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70311e70b95a90be-FRA
expires: Sat, 28 May 2022 16:19:19 GMT

GET
H3 200 1*dmbNkD5D-u45r44go_cf0g.png
miro.medium.com/fit/c/40/40/ 570 B
977 B 50ms
47ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/1*dmbNkD5D-u45r44go_cf0g.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6fce0922ef388ad6f81ae62add760596c852b7c66503f3183cce6943ec5d4f5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 502429
x-envoy-upstream-service-time: 24
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 570
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 70311e70b95d90be-FRA
expires: Sat, 28 May 2022 16:19:19 GMT

GET
H3 200 1*rzDEywT-rGMVud0vq03qfw.jpeg
miro.medium.com/fit/c/176/176/ 23 KB
24 KB 42ms
39ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/176/176/1*rzDEywT-rGMVud0vq03qfw.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c3996ced907a09be9c8cbac17bde56953fa8f5000dc8759ac8b692ab8e2c2c7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 191739
x-envoy-upstream-service-time: 38
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 23726
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220309-195817-93688b9a29
accept-ranges: bytes
cf-ray: 70311e70b95e90be-FRA
expires: Sat, 28 May 2022 16:19:19 GMT

GET
H3 200 1*1s8u5mRRp_LKJaU-914smQ.png
miro.medium.com/fit/c/40/40/ 3 KB
3 KB 50ms
47ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/1*1s8u5mRRp_LKJaU-914smQ.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2883a64885d29668e74bc28295c13eee8b4a0c38ad72c06a93453fb043884f0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 120650
x-envoy-upstream-service-time: 46
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2626
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220303-000533-8c0cdff0ab
accept-ranges: bytes
cf-ray: 70311e70b95f90be-FRA
expires: Sat, 28 May 2022 16:19:19 GMT

GET
H3 200 1*B-Pw4y2eVGt_qh8FXXbkjw.png
miro.medium.com/focal/112/112/50/50/ 19 KB
19 KB 29ms
26ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/1*B-Pw4y2eVGt_qh8FXXbkjw.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5b692ebbd2a07ccce946b4b61496a5d320dfa18ed765fd851cf610ea2475dd46

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 334700
x-envoy-upstream-service-time: 38
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 19178
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70311e70b96090be-FRA
expires: Sat, 28 May 2022 16:19:19 GMT

GET
H3 200 1*ga_SYXVovihwpfF163xClQ.png
miro.medium.com/fit/c/40/40/ 2 KB
2 KB 50ms
47ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/1*ga_SYXVovihwpfF163xClQ.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

acd05e1f5d57b091c1d2f9734e10e7458339186bb91d5ed6221e007333548f69

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 195098
x-envoy-upstream-service-time: 93
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1567
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70311e70b96290be-FRA
expires: Sat, 28 May 2022 16:19:19 GMT

GET
H3 200 0*iKhA_SZFGAAxTDb6.png
miro.medium.com/focal/112/112/50/50/ 6 KB
6 KB 50ms
47ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/0*iKhA_SZFGAAxTDb6.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0ac92997377d847ced26c4b5abade246db936d4eeda0ec17137970dfd1c4a123

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 267020
x-envoy-upstream-service-time: 161
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5700
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70311e70b96590be-FRA
expires: Sat, 28 May 2022 16:19:19 GMT

GET
H3 200 1*OM3Rodth3Q1gLybH4popPQ.jpeg
miro.medium.com/fit/c/40/40/ 2 KB
2 KB 50ms
48ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/1*OM3Rodth3Q1gLybH4popPQ.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e6dcfe1e0724a6c3d6e25d4e73070415756baf82943270d4bde766e17c7ebdd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 124943
x-envoy-upstream-service-time: 37
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1870
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70311e70b96690be-FRA
expires: Sat, 28 May 2022 16:19:19 GMT

GET
H3 200 1*cRKhjXi_LM89mSERTP4T0Q.jpeg
miro.medium.com/focal/112/112/50/50/ 5 KB
6 KB 50ms
48ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/1*cRKhjXi_LM89mSERTP4T0Q.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

93544c14794161ecbe2b12a72beb1bc7f97710eb48cbd3655dc2c9d852467ac4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 124943
x-envoy-upstream-service-time: 38
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5303
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70311e70b96890be-FRA
expires: Sat, 28 May 2022 16:19:19 GMT

GET
H3 200 0*kxbFPvFlzfKfA9PT.
miro.medium.com/fit/c/40/40/ 1 KB
2 KB 56ms
54ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/0*kxbFPvFlzfKfA9PT.

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8b09fd1303911ca1b5f0c59e116552da12794b786d886511b19d4639e261a4b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 400101
x-envoy-upstream-service-time: 40
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1510
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70311e70b96990be-FRA
expires: Sat, 28 May 2022 16:19:19 GMT

GET
H3 200 1*FUSYZTFrRKI5qQ2rkswK2Q.png
miro.medium.com/focal/112/112/50/50/ 6 KB
7 KB 56ms
54ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/1*FUSYZTFrRKI5qQ2rkswK2Q.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c34459607aa351a73c48388b66f41506adfdaf9c8bf8e4d66f3aa5c7fa08f5c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 515903
x-envoy-upstream-service-time: 280
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6579
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70311e70b96a90be-FRA
expires: Sat, 28 May 2022 16:19:19 GMT

GET
H3 200 sohne-500-normal.woff
glyph.medium.com/font/df9ba7f/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 18 KB
19 KB 33ms
33ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/df9ba7f/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-500-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

65f0c65b5db3aa0568c7986479a4a3e909a05a84fb34ced48d70a2d628dd1444

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 5103596
x-envoy-upstream-service-time: 31
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 70311e70cda89b8c-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Fri, 28 Apr 2023 16:19:19 GMT

GET
H3 200 sohne-400-normal.woff
glyph.medium.com/font/b492c44/3k-4f_4h-52_54-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 28 KB
28 KB 45ms
35ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/b492c44/3k-4f_4h-52_54-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/sohne-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c4e595378a4c2585a1eb91b7f65ed0526940ed8fd37a31810cd1e2eb2920b12

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 8065301
x-envoy-upstream-service-time: 44
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 70311e710e729b8c-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Fri, 28 Apr 2023 16:19:19 GMT

GET
H2 200 manifest.dd37fc77.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
5 KB 59ms
29ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/manifest.dd37fc77.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b9daf5a728f928555eb20e694ddff4db66781c1827c2b63e85acee6c17d65ade

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2684
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 0B50APDEMCRNF1BM
x-amz-id-2: 2R3OQg756f4rSrzWdllzGVllQo/+fbBr/bXQVoxz3RJBFs53n/HPjWHuxUA0UTb9EasVk9t/Lo4=
last-modified: Thu, 28 Apr 2022 15:02:07 GMT
server: cloudflare
etag: W/"28f051b1b7465a6dcb5eab4d2bc4456a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: vPbWDtbMGpu7dhT.Ca37e0iWSa0WRf1s
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e7168819207-FRA
expires: Fri, 28 Apr 2023 16:19:19 GMT

GET
H2 200 2432.d8441b61.js Show response
cdn-client.medium.com/lite/static/js/ 693 KB
214 KB 67ms
47ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a132b202e134fc5a2a9179cf72ece97a614f94ba00bce8af1778633d2337557b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 851067
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH8BMWK1N5ERYNB
x-amz-id-2: jAy3kdCgwBfIv7KBM+U07XOSCfobzL3CnmV/bwHExnUTLRSF3QxV5TpAtpSfQIF9+XWEOrbc7Xc=
last-modified: Thu, 14 Apr 2022 09:35:47 GMT
server: cloudflare
etag: W/"4ea04e083777417655bdfab94e3b1988"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: d4yOD0d3viUzyB5H2ftJictqMsEU7ccN
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e7168859207-FRA
expires: Fri, 28 Apr 2023 16:19:19 GMT

GET
H2 200 main.cbc0916a.js Show response
cdn-client.medium.com/lite/static/js/ 722 KB
175 KB 55ms
38ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/main.cbc0916a.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

59f9c620fd549b7cad9aeb058289a8b6697d5a7b15e9d20b9443ea42af37b589

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 172063
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: D0CNWB6F1VFQTXEX
x-amz-id-2: IHrX9arVZ+agLlpiUhGqIjEyiZaCkK33J8S1/fscK9t0j22AgfRjQRGcFneD3KzXVmmexgo+NY0=
last-modified: Tue, 26 Apr 2022 16:18:56 GMT
server: cloudflare
etag: W/"eb850d7e9e54b2416dc1dfc364fd20fb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: B5o7O2p9YB_TVY5f2cJ9TBQosnZKtNw.
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e7168889207-FRA
expires: Fri, 28 Apr 2023 16:19:19 GMT

GET
H2 200 5573.159bf40f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 62 KB
16 KB 54ms
37ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5573.159bf40f.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e94f5c9ab17624e0617356aa0ce9b87c16a4a62e48ff8ccaabe6963072b76ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1111800
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: W5EH3ZWGCATAJ0JK
x-amz-id-2: uquA+D1mKTUgmaodaYFoBDYRFjBCghvQCPgGBuwnPNqPSgEh4m7aoHPDNWRkrQ4qGn6JNGvqqTU=
last-modified: Mon, 24 May 2021 10:33:47 GMT
server: cloudflare
etag: W/"285e9d718f6e570e00b30e966996ec1c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: HmLCtdjGYWgk2SnFK4M0oX_6tJ50SNp9
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e7168849207-FRA
expires: Fri, 28 Apr 2023 16:19:19 GMT

GET
H2 200 instrumentation.3c974b48.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 3 KB
2 KB 40ms
23ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/instrumentation.3c974b48.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e5c7d6eec6793799ee5594da6b8f51b2f2e5b49d6744ffca0e250613481ab452

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1111800
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNHC8B1TRZR74CBF
x-amz-id-2: z3WhWz+YlBJc2hPnc0ARhb27k1kgSjFT/omm5ncUygZ+Qwpg6JZUV6n4y0L6MjdGIun1sEhSbss=
last-modified: Thu, 14 Apr 2022 09:07:11 GMT
server: cloudflare
etag: W/"ff66ec13bbcc5b73c4019bb39bd044bb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: qjF6fisK9JJ5aoxqQKyOQ9uuWcg0f8QA
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e7168839207-FRA
expires: Fri, 28 Apr 2023 16:19:19 GMT

GET
H2 200 407.bc239897.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 21 KB
8 KB 65ms
48ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/407.bc239897.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

57d7e335635b2bbec137dff9afc1d284e8efcff1cc28cd2ac92edc8ccddc3749

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1111800
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNHFBM4SFEDKW4XV
x-amz-id-2: fJ+MDNRq2AsSO8E4R0uzQUZCJCS/I01UR4pzp879vBoGbMZ6IHI8cgB5YdD3jUSL17qHZ/lHxS8=
last-modified: Thu, 14 Apr 2022 09:06:27 GMT
server: cloudflare
etag: W/"34675f828a974dbf83babace038c3f15"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: sGsjD3uwddUrPGuYfsZf8a24w0k_0NA3
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e7168879207-FRA
expires: Fri, 28 Apr 2023 16:19:19 GMT

GET
H3 200 9216.3db13475.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 13 KB
6 KB 74ms
35ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9216.3db13475.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a8021cf2dae7f4997b2c1a72ffe82fe2ad7fd4299ccfd7279c8fb8892ef0c495

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1112599
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH296CRQQDYB2V8
x-amz-id-2: mY6rALMQB4cP9fqaURW2Y07YZHRs8vI5IdWzNsYIPZHORAoA+OOSU49hBGVHiRclmeqYQ3m8v58=
last-modified: Thu, 14 Apr 2022 09:06:35 GMT
server: cloudflare
etag: W/"5b419d65f14cdfdf454bd2f33e125a38"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: heA.L9U6.758IbuJl9cz9qkk4zZnDDyl
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e71cb1f90be-FRA
expires: Fri, 28 Apr 2023 16:19:19 GMT

GET
H3 200 AppLayout.b2d8b6c1.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 108 KB
21 KB 75ms
37ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/AppLayout.b2d8b6c1.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a1a461b24ba0cc63ee4fe2776b070adbc033c1a2e440beed12ea55bb4d20413

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 172381
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: D0CJY7EGRVSK59SG
x-amz-id-2: eVnzEAOT6QNLOe80nqzsoSVRQdEgrh70fcAIjGW8iD/C8+n5ar0+w4jtSifeSM7MTtQ0k5vBaz8=
last-modified: Tue, 26 Apr 2022 16:06:25 GMT
server: cloudflare
etag: W/"f51f1655cde7c7f83283478814e42648"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: BtvpozebyVsIaAbftqY_J7U6M_K1wel4
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e71cb2290be-FRA
expires: Fri, 28 Apr 2023 16:19:19 GMT

GET
H3 200 reporting.f90575a9.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 1 KB
1 KB 112ms
73ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/reporting.f90575a9.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9abe5f8b85053850abb6e03c4fde96e2a2ea3f1d9220fdd307f18d5c371d50cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1112599
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: ZTNFQ3DE11YMHABW
x-amz-id-2: MaoH80zs6gT3mZ9kscdnCoX3sGPVpE7mKymkioceeAFcF5EY9v+ywF0g+A/3xSr64Ws1eTUy2wE=
last-modified: Thu, 14 Apr 2022 09:07:31 GMT
server: cloudflare
etag: W/"635d49707990cdd4f3c1ad13b0d0eafa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: OrnP3Wx_LBAu5tvJHOBGMuYc5kyast0a
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e71cb2490be-FRA
expires: Fri, 28 Apr 2023 16:19:19 GMT

GET
H3 200 3402.43690127.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 5 KB
2 KB 114ms
75ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3402.43690127.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

16b223867849c67d463897ff4aa970bc9eb172b5ce0089c824bf15b9279a4d65

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1111832
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: HAAG24G2J6Z2R75J
x-amz-id-2: jJHkPZz4jKyAsNP2i/dv6IaWMQwqhAapRtXjUBSK8q3UBd/y+/If7ERC72s6fXSiDmDrpgBjRnE=
last-modified: Thu, 14 Apr 2022 09:06:26 GMT
server: cloudflare
etag: W/"ca4b6f5071c04a623a9bc72ced0f2727"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: L_jxD7YdqC4D7M.9gF7agHoI1l8zYyGo
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e71cb2690be-FRA
expires: Fri, 28 Apr 2023 16:19:20 GMT

GET
H3 200 1752.a348f767.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 23 KB
11 KB 75ms
30ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1752.a348f767.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

961f2b3e92eba06b032c090511ab8fb8b65ff7f0b471c7bd22817061288f8368

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 259433
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: KZ14F4DJ39Z3KD31
x-amz-id-2: EH9a3SVQgwGg+xgKP+wLoMBxv4vi3bqNF1lLFBsPfty2oXINnyDdoXCZNr63aUDBWO4Du/Lj2Tk=
last-modified: Tue, 25 May 2021 18:36:29 GMT
server: cloudflare
etag: W/"7741f0aa651938c2144d2a015cea95e3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: tE2Oq32GJtDB6jVcHF3DcPbZYJQJcUaP
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e71db3090be-FRA
expires: Fri, 28 Apr 2023 16:19:19 GMT

GET
H3 200 7794.9590314e.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
4 KB 89ms
44ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7794.9590314e.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a68bdc22aa6d2deedff5c4999e3618222cf20b0902530b7f924b9e2a4300e40

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1112599
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: ZZ2GZ8XPEV2XSK8Q
x-amz-id-2: ZlnxwgkjMnGtnnoC7ojH0QwhC0XfdFWPNT0tzpzMx7ygzdLPg6cqgl3wZCpV+Z2ow4dAGrEJyes=
last-modified: Tue, 25 May 2021 18:36:34 GMT
server: cloudflare
etag: W/"fdb51abd005c8009b18f0a8ff313072f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: edEnQQoOPA8J97QSUBTjXG.e16leDLA5
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e71db3290be-FRA
expires: Fri, 28 Apr 2023 16:19:19 GMT

GET
H3 200 8316.18f2a6aa.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 6 KB
3 KB 89ms
44ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8316.18f2a6aa.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

83ba7707bfe79a63651504c93f7a572d83f1effea66a3e9429a4b10f26c38899

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1112599
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNHD5SFN5Y8TW45S
x-amz-id-2: hFIjAklPE8uAiFD3F+iWoIjr1hZAL+bvgJNwZvAJEZUDnYTo6ZgZ84z2QdIcyEiccMTz7/tDkuo=
last-modified: Thu, 14 Apr 2022 09:06:33 GMT
server: cloudflare
etag: W/"9fa67454adaeb385a3a70077ff7b7df1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: QUYK47Sx_vLYH.MHyrUF8Ib7srVpusAN
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e71db3390be-FRA
expires: Fri, 28 Apr 2023 16:19:19 GMT

GET
H3 200 2405.89e8736f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
3 KB 74ms
29ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2405.89e8736f.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f5fa5d264f847e3bcd45c3aedbf330f93c59e6fe473ef54ff9f6aa59c3afffa0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1112599
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH2TE2SJTAHKM5Z
x-amz-id-2: XhOOvodMaGPRX1ojQDX2fJ825yiUBac3LNf3jZg8okPfD032sOJYW39eboPyYoY017frR5Y++MU=
last-modified: Thu, 14 Apr 2022 09:06:25 GMT
server: cloudflare
etag: W/"d00a20bd58905eea8d54536e9f107647"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: rVT8_6QruDr0MpUrMx5.bmLv9Vum6pG1
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e71db3590be-FRA
expires: Fri, 28 Apr 2023 16:19:19 GMT

GET
H3 200 5221.181764f4.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 22 KB
7 KB 81ms
36ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5221.181764f4.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aac225fb0961062b19f4f980fb4424f22652ba2d24a50bc4190ad57476f0a11f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 174054
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: RRS7QBM6HPC96YM9
x-amz-id-2: XgOi2uZuYrZcl1w+yiTU4jreTzbYzXKLWoLLSzKPFvdYPDKUy7J35kPs2NoW5uLtmqjFNHwr+FY=
last-modified: Fri, 22 Apr 2022 12:21:15 GMT
server: cloudflare
etag: W/"9c10954e9712c77358a76e4b78269985"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: joRvdL39s_Auomhf12LS6FRNT_1Mfret
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e71db3890be-FRA
expires: Fri, 28 Apr 2023 16:19:19 GMT

GET
H3 200 7927.2808b7fb.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 22 KB
8 KB 79ms
34ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7927.2808b7fb.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2f6c2c34730d1750fbeeafda24dea309bda720a0ba14518453b2314f778eda6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1112599
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH1PP72JD7ZC4KX
x-amz-id-2: jL0uI8uuyrXYLFGE/1W82XjY6t/xLL2r94yNzdWzltKFy2xq+wPzVhtLYW216v/Z0kMGAC/0fqE=
last-modified: Thu, 14 Apr 2022 09:06:33 GMT
server: cloudflare
etag: W/"40219a5e404b723e34b385d93749eb93"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: IxrJR.aQAJezcuYFrtyltHojOozyWQpH
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e71db3990be-FRA
expires: Fri, 28 Apr 2023 16:19:19 GMT

GET
H3 200 786.03a36ffb.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 4 KB
1 KB 89ms
44ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/786.03a36ffb.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

631d2367c0fa2447811a1ce22c115bc828e6655cfedfc3ba4457ad8694cfd8ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1112599
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH6RV2AGRQ0H7A1
x-amz-id-2: GBzNzo/Yy4mLB5vDNQiiJZbJaFjzBRUpqk2qrtjNnJICjvhRI7l2CFpbT6MC/aYuo49KWxbvf2w=
last-modified: Thu, 14 Apr 2022 09:06:33 GMT
server: cloudflare
etag: W/"2851e5a2798ff3cbdd1138972426933b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 3Dc.8odO3AGlGT8yk7bJev0oeYPYJNZI
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e71db3d90be-FRA
expires: Fri, 28 Apr 2023 16:19:19 GMT

GET
H3 200 5472.5f6d4371.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 11 KB
1 KB 121ms
76ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5472.5f6d4371.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ee6184aa8ad5fa680d2808790bb04a001d8369d143b313da43af3794ab7ea3e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1112599
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH8PTMK5AP330DM
x-amz-id-2: xGpOOu8UZAzsu1YWUtNuDaspxj3NnwdsbLl4CFr6mQNnuC5VgdmPYNonihLFzHPh0iUQuVnGPss=
last-modified: Thu, 14 Apr 2022 09:06:30 GMT
server: cloudflare
etag: W/"6adb8844d763f7d58b6ed49ab89899c7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: M9BL7xv54wPjdaXSST5ko_cL9x0mMNwi
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e71db3e90be-FRA
expires: Fri, 28 Apr 2023 16:19:19 GMT

GET
H3 200 2981.a5db1477.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 8 KB
4 KB 74ms
28ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2981.a5db1477.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a50c182c3abff5281695952c4a4e15735b198053c6ffca9e67d44a2aa8a4696

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1112599
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNHD79BG7TYX8FQF
x-amz-id-2: i+703M4auI2KWsJr44vB1PX2t1YW8SvqTOaxNZoY6ZxLgCuFeMfj8xYi9lUJuKDlA8520qipoBs=
last-modified: Thu, 14 Apr 2022 09:06:26 GMT
server: cloudflare
etag: W/"2195fa1153170d02f4e8ffe85e34c5b2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 0P7ivI0fxCKSZ0gTEie59OTCIkM7d5eE
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e71db4090be-FRA
expires: Fri, 28 Apr 2023 16:19:19 GMT

GET
H3 200 5260.626b1a4f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 150 KB
39 KB 125ms
80ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5260.626b1a4f.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a81b674bedff3bff07f4f79c82d99f7fb4abc4d051725c3d370506bbfc002540

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1112600
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH0NGF7PM5XVM3Q
x-amz-id-2: tUN9V2+xFd4zjSA+ZMII7pflnNw+pyPpiJtuuyR339PAg2pEfEqGPZ4lYH2M6DDxdgzZ7ePoFLk=
last-modified: Thu, 14 Apr 2022 09:06:29 GMT
server: cloudflare
etag: W/"d54dc2b69a8408e4b05103b956019a69"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: XEFVan_esU9zit2XEfJ9ZVMckrSpVrqN
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e71db4190be-FRA
expires: Fri, 28 Apr 2023 16:19:20 GMT

GET
H3 200 4869.8291240f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 17 KB
6 KB 79ms
34ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4869.8291240f.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

30e1a6bf4b5c74a541f197d4846a74c778b971d7781e4ed884f5998a286abb4c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 686933
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 3HPAXY3S3JM1JGCQ
x-amz-id-2: A3bDweDeALOAwdmNjqSg8sEMgaNUyinZ8xtk3NU2+2AcwtKBdqVfqEWzbE18m/GbxTGkvG1TEAk=
last-modified: Tue, 19 Apr 2022 23:16:55 GMT
server: cloudflare
etag: W/"e1379e21a2011f93b063d7428e86c291"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 1CO4NnJt45enFnCCLjZNoxupEP..cDwh
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e71db4290be-FRA
expires: Fri, 28 Apr 2023 16:19:19 GMT

GET
H3 200 7404.531e1078.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 22 KB
6 KB 89ms
44ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7404.531e1078.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c108d23203210bd05eccb17b3a0da55998114923136898a4974cf79937a22151

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1112599
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNHDT3YVNV2XZQR3
x-amz-id-2: ehb63TOKN9TCs4vED9kKrnIK1apetD/y1LRT0EQpAmVWRDsyHECuGlRbMconLTqH7hRan/2uM24=
last-modified: Thu, 14 Apr 2022 09:06:32 GMT
server: cloudflare
etag: W/"d0bc3d4525fce31951de95b94e99e4fc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 4NZHYH9C2mIIj60xQabg5TkAEssLTQTj
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e71db4390be-FRA
expires: Fri, 28 Apr 2023 16:19:19 GMT

GET
H3 200 455.ec8cb7d4.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 20 KB
6 KB 111ms
66ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/455.ec8cb7d4.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd3ce9949e8a59979315dcb0dc1cfaba2f38485f563c680c429956e3925a91fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1112599
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH1JRTJCQ4DS00V
x-amz-id-2: L/1jSUcYBuV76+1i+x4A1KmldHfKb16mMmdqv24PxOXu0srcb4rfvNvw4Y5AJEAWq9knqHifjtE=
last-modified: Thu, 14 Apr 2022 09:06:28 GMT
server: cloudflare
etag: W/"ac369a12224df79664f79fbb0cb6f5c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 9maM_TgDrwji3EW4E8KJPZFyo3qSMcol
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e71db4590be-FRA
expires: Fri, 28 Apr 2023 16:19:19 GMT

GET
H3 200 7070.088d513c.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 18 KB
6 KB 90ms
44ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7070.088d513c.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9b01204c367b33010f85cfd42e023acd087dd548f8dfa8e68b18cacb45e1f876

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1112599
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH32NHX2PK3308V
x-amz-id-2: zsvx/2w1ItKRz24BnsDl2fEJq4IZfPeeSEGQvT066vYkRPZNDOGz5UOf42N7pg1czdlQpuPnmjk=
last-modified: Thu, 14 Apr 2022 09:06:31 GMT
server: cloudflare
etag: W/"4d8fdc449efd237280288bbf688558f2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: K0muy9JORxUH6p6bJfgV09ZGno7nymcE
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e71db4690be-FRA
expires: Fri, 28 Apr 2023 16:19:19 GMT

GET
H3 200 7217.3953b0f0.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
4 KB 97ms
52ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7217.3953b0f0.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e44b89888ba69b9a2e0fbf4cf2e26389f9ecf2711df12d0d286dbbebc1281b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1112599
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNHBYVEYW8BWXXNQ
x-amz-id-2: P0LsJ8j9mlyYmTP45azx+eH4U8lLRKb1lUbqryQn4YVtC5ILscAPJR9rhFMHGH+DeUDK/Eis60c=
last-modified: Thu, 14 Apr 2022 09:06:32 GMT
server: cloudflare
etag: W/"58720bdd388e0656b76f62b4a5ff5342"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: OZwFHpgdUD2sKDAtk4gZmMMvNPTrJlRt
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e71db4790be-FRA
expires: Fri, 28 Apr 2023 16:19:19 GMT

GET
H3 200 8491.a2b7fab7.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 40 KB
12 KB 85ms
39ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8491.a2b7fab7.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

38111edac6045a680d3d8f2f7d638f024047b53fcc055dc11250d40dd98ee2d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1112599
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH6SVKHC1BPPRR3
x-amz-id-2: 36Hrc4Echk9c0rXd/ZzV2AvDGV98iS/Rer07bucHbq7lb1+RCcRBOopXJ7HxCt0ZJwpVnBB5rWo=
last-modified: Thu, 14 Apr 2022 09:06:34 GMT
server: cloudflare
etag: W/"5d01285ddf2c787bd518a32b366af371"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: Jsy2Lxh1msL6Y.ooRtLzR4d6vHqwlQ3F
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e71db4890be-FRA
expires: Fri, 28 Apr 2023 16:19:19 GMT

GET
H3 200 9211.b7a00c16.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 13 KB
5 KB 97ms
51ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9211.b7a00c16.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c98433e98decfbc9278b45b95d83623746fcdb2662870afdbc0d9cd6d84caf54

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1112599
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH4W640C9XF6RJN
x-amz-id-2: DRUt8mSyKes8nCq/psp4HGMhhDPpua9crWNc+2eEgEb5nqFc75RzvIl1M2mhUnBmuNlGMDhfBlA=
last-modified: Thu, 14 Apr 2022 09:06:35 GMT
server: cloudflare
etag: W/"577263f7900d50e63a75a1f0f05dbbe5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: VWEllxqkFrnSXO387u0TA6YYdC3U.pgv
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e71db4a90be-FRA
expires: Fri, 28 Apr 2023 16:19:19 GMT

GET
H3 200 6562.6c3f9802.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
3 KB 133ms
87ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6562.6c3f9802.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

68d0a56f118231878b6efb098e52c15c24d01bb1d8ad2f4d6d4237bc4dfc3f3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 695220
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: P1M42AW9QBTBBTZQ
x-amz-id-2: XdlBeJW5OdzmY786nhuIdMkGi2IaxnEmlov0XClJV207SbauWrBY1qFK0AgNP/3pD/YaEE3wnLk=
last-modified: Fri, 15 Apr 2022 15:45:14 GMT
server: cloudflare
etag: W/"1ca654d2edbbd07104403857df5f81b4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: AASPv5ptCk06M_vQZi9Up905TWUR.1Rn
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e71db4b90be-FRA
expires: Fri, 28 Apr 2023 16:19:20 GMT

GET
H3 200 7215.d799b2b5.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 37 KB
12 KB 128ms
82ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7215.d799b2b5.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ca1be7fb0f10c09765a6b7bbe5cacd522ef68ca9656954e2ab93ebfbeadd5d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1112600
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH6ASKCBHWEH6YT
x-amz-id-2: thX0A0WpRM7CNFcf0QiWHYAuHXq2b/71GV+8DWH0JZPx+pWB1sXCstFGQZINVjbMbe+ngkvwu0I=
last-modified: Thu, 14 Apr 2022 09:06:32 GMT
server: cloudflare
etag: W/"3c526ca7c5fee7883f16deb523109c91"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 8XpJXp74sBSDTltKZ7Iy4ZGcwhFWJyxk
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e71db4c90be-FRA
expires: Fri, 28 Apr 2023 16:19:20 GMT

GET
H3 200 864.41fe9c86.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 16 KB
5 KB 112ms
66ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/864.41fe9c86.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5f8e45dd2eada0aa7f9746e369496a99ed0d1bc70ec364dc99066674373224f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1112599
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: ZTNAF09XCK1FJT5C
x-amz-id-2: dTTttVwlA3PTaKgrh4eq3rmxgPAxiCJymvctDY+V9ov9AlhKhryMTs6tH98N8ocHdHR28jk/7A0=
last-modified: Thu, 14 Apr 2022 09:06:34 GMT
server: cloudflare
etag: W/"fff5133a06973c44d03a9975ebc499f7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 35onYHaq2EFcCuHneGFmh1Rlc_q4dy_H
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e71db4d90be-FRA
expires: Fri, 28 Apr 2023 16:19:19 GMT

GET
H3 200 4351.0369de5f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 13 KB
5 KB 80ms
34ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4351.0369de5f.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

823af0ed59d37ff692a804950379a09490c6418e7b18629616ab9b6bc3b7d9ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1112599
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNHCBPE4W0A996V8
x-amz-id-2: ikWd7+eLYjwl8TmJwUxM03Dido2xgcO6wFP9ksGOFjfI4XE/6rk8TJPre7k1fc9qIg18H/76XN0=
last-modified: Thu, 14 Apr 2022 09:06:27 GMT
server: cloudflare
etag: W/"706de7bad195044244572950d562e14d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: LnE7PgGhZCmzrDthwn8d8CF.czjYz2iU
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e71db4e90be-FRA
expires: Fri, 28 Apr 2023 16:19:19 GMT

GET
H3 200 82.83ce6d83.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
5 KB 79ms
29ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/82.83ce6d83.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78a688bf794d2b0344741a5bd24831d2527d999e5395b8f19055b0b82805373d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1112599
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNHDCBR3B6ZMNA8X
x-amz-id-2: qJC1bfUmqAsLIIwNe7N7rxiKFcgwA3LbPEVSUrfDXggaxU5TzfiCXUlaRZhTzGUJfS/J8TMbnsU=
last-modified: Thu, 14 Apr 2022 09:06:33 GMT
server: cloudflare
etag: W/"14e1c3bb89a150e9af8b6e481200d7f9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: pPofGSIVAl0KmPhGyMZSP9BXsaGh4qy_
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e71db4f90be-FRA
expires: Fri, 28 Apr 2023 16:19:19 GMT

GET
H3 200 108.03b9652e.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 100 KB
18 KB 84ms
33ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/108.03b9652e.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55a9dfcc7fb458905a960b1d44c73ef9fd59c959393f31d0e5ecdf99e137a849

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1112599
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH7CFHB8RDR73VJ
x-amz-id-2: kYoF14l5ZxbPwO0NZ+X7+shscUQBWUmUeGhVd5s+iLTzZpfb0QCDxLnTpatDgpMPWsaCDdUegaI=
last-modified: Fri, 15 Apr 2022 08:10:20 GMT
server: cloudflare
etag: W/"7c2ea1f36d696b74936232f1e88900d4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: G2eY.NzI3u6RxUOwjwtpIZlWWV4tJwUj
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e71db5090be-FRA
expires: Fri, 28 Apr 2023 16:19:19 GMT

GET
H3 200 5281.652a7988.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
3 KB 121ms
70ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5281.652a7988.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2efe526dc817b96a4822fdfbee06c9100af12e59e1e3a20932e6745c35e09988

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1112600
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNHA6FG3QS6BVZBR
x-amz-id-2: bKpvQT0l0R+9iZqrjI+NXH9ySdz2IFP+YXfDKuy5s72Zk70knnO/JKoSdTDbKkL+TCOkHk72s6s=
last-modified: Thu, 14 Apr 2022 09:06:29 GMT
server: cloudflare
etag: W/"04b131139a2938b205f512652ec29a97"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 33irNxWTdFjop9o1_s8tyzZ.0zoR_rMU
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e71db5190be-FRA
expires: Fri, 28 Apr 2023 16:19:20 GMT

GET
H3 200 4483.0101c012.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 38 KB
11 KB 124ms
73ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4483.0101c012.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

07918926d32c0d5d21c288246436f1cc382a3b9adf3aa176a4b8c0816af62223

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1112600
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH1YTQ6E6M920R7
x-amz-id-2: dYayIGduzTq4ZA4PK7fr/S4vhbNG20MqIBzVL0gN9baEYSZSgb+ekkXPwUV+BVhNUH2dpYE9jQc=
last-modified: Thu, 14 Apr 2022 09:06:27 GMT
server: cloudflare
etag: W/"561e556084890738e5ab71de9801ee5d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: hRmNv03McdnjlIEbnQRlszZjFIUcsYjR
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e71db5290be-FRA
expires: Fri, 28 Apr 2023 16:19:20 GMT

GET
H3 200 5436.0d53f129.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 46 KB
11 KB 85ms
34ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5436.0d53f129.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d88e666415b3c9cedc3c62c9ad58aee468a4699fd80aaa29f7b91fa8b1ce64bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1112599
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH4MYCK2FPKY1XS
x-amz-id-2: sru++1AI0HptsQztpqru/K++fYXVLAZZ/7/eDbyVI0+59CDZiVxpYV/wR3/15Jdi+OcQk2tDFM4=
last-modified: Thu, 14 Apr 2022 09:06:30 GMT
server: cloudflare
etag: W/"45848e842e41350ef22d108dc3a90d17"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: BM0lF1rKwhOhO_nsVQJcPDzOU1bfIpap
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e71db5390be-FRA
expires: Fri, 28 Apr 2023 16:19:19 GMT

GET
H3 200 3043.34648c6a.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 16 KB
4 KB 108ms
58ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3043.34648c6a.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

41234e184791c80f9a83742fa6c197d988d2565c6608e0ee4e3373e93e31445b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 92566
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 41JJSBHRFDQ8PDRD
x-amz-id-2: XSga7+dFr1nQbg0udnpaD+ZembEzEPdu+SftY2Oh1KKvw1c9bKoMx1JiDFAD6dkwWt7KaglqoQE=
last-modified: Wed, 13 Apr 2022 09:57:05 GMT
server: cloudflare
etag: W/"57e7dd326c1b4d24e44ed9b8655754f5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: qLLyYE6QMBOdC61niRO7qEtzgOLMz.Fw
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e71db5490be-FRA
expires: Fri, 28 Apr 2023 16:19:19 GMT

GET
H3 200 8849.e115d3a3.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
4 KB 128ms
79ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8849.e115d3a3.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

10e46dff53123335dce3e87dfc8251b15ed13b86826aa3118739b1243ed6d52c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1112600
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: HAATHP1X27M9HZPW
x-amz-id-2: 683N1h/tXCINTqDwy3VcGYllMGCVmR7O99borv9elo47JM5seRVfVFqZ/3Ntjb+Snb+lPFzB4UA=
last-modified: Thu, 14 Apr 2022 09:06:34 GMT
server: cloudflare
etag: W/"d163a762211dc93b003999a47cafe931"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: ugBxVtgkTa8ZpfcJJs1c.657kjvR0RNP
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e71db5590be-FRA
expires: Fri, 28 Apr 2023 16:19:20 GMT

GET
H3 200 PostPage.MainContent.746baab2.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 150 KB
35 KB 128ms
78ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/PostPage.MainContent.746baab2.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4661091d9b1f846c0e69bba025b291631c4e162976d188532e8e5cc89ddf412d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 174055
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: RRS29QRHTYSXWNYJ
x-amz-id-2: Z1hq2yfR2eYXdzSLxEXOCQLWinwkXfjpeP8VMvHUPc07u9oKsV+kokC9MP9MkY77g6x8+95bpoc=
last-modified: Tue, 26 Apr 2022 08:36:36 GMT
server: cloudflare
etag: W/"482096cc742e3451b25a953b11824774"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: FghxYxHrK_kUN_.keORPBsil2pVrB7sb
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e71db5690be-FRA
expires: Fri, 28 Apr 2023 16:19:20 GMT

GET
H3 200 9855.9e69fa39.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 17 KB
6 KB 111ms
61ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9855.9e69fa39.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b8abac313c0dae8e2709ed36c1c1676d1a8a86c8e3a3965a179442e669c25afa

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1112599
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH7H59J7QC6V68X
x-amz-id-2: gyS8ldjT8aws/lMw9VGPbkNS48v4x0dQz9XhRbQlSgj4SBP/PTxNceMrNo1pV1Nwwd1aERiim2E=
last-modified: Fri, 15 Apr 2022 18:26:13 GMT
server: cloudflare
etag: W/"01bbdff36d0c4903b3d076b034dbd253"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: koXbgREQZJn8hxN5mgAbbW0MQggqXgDa
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e71db5790be-FRA
expires: Fri, 28 Apr 2023 16:19:20 GMT

GET
H3 200 6867.bcfa4e6c.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
3 KB 130ms
80ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6867.bcfa4e6c.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

045676d2831ed605d4edf201f9b8e3bc4fc46e4d488d9e677b6fa83043de6720

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1112600
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH7YTTQSSZG18XS
x-amz-id-2: XKHuYZfu5msrcHtwsAJFK4PajzVv2H7yH2KREVMevuFRrEo3FhDJ5YzD9YCBOURVowD9fmNpvk0=
last-modified: Thu, 14 Apr 2022 09:06:31 GMT
server: cloudflare
etag: W/"c35955eb45367a3c5a61cb3e5279c051"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: T1iOWUKz_Z7hLHCKM26CR_AUg99Ys3ui
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e71db5990be-FRA
expires: Fri, 28 Apr 2023 16:19:20 GMT

GET
H3 200 8267.bd6c7fcc.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 14 KB
5 KB 118ms
68ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8267.bd6c7fcc.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0e862a957a95b167600d06cd2c964ac06266092937f8ca2f587d302221e07736

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1112599
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH9TT2FRDHEJAJN
x-amz-id-2: CzZXWd4XJhBL5DlE2SA+PFp4LcvTYJPcsYcI34zw48MscRCdM4Mw+AsEGsodT9ffByISg9U31vw=
last-modified: Thu, 14 Apr 2022 09:06:33 GMT
server: cloudflare
etag: W/"6398675540e0c71d315b2ef2e05ed6fc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: fgCIJoEUvzHhaObJL5yEPMH3fkD2i4oj
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e71db5a90be-FRA
expires: Fri, 28 Apr 2023 16:19:19 GMT

GET
H3 200 PostPage.RightColumnContent.ad17f5ca.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 29 KB
8 KB 107ms
57ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/PostPage.RightColumnContent.ad17f5ca.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

82da7bb07cf25157db0e2a0d86abf66d4657bd3bdbf0df82c806ad37cc2f2670

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 116730
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 4DKKM7ZVSG369GAQ
x-amz-id-2: lIR+N0aJYaAlmKCqrlUVVb3zjRX40givVN9jsZnW2KkwygcVqZbdjek2Byn4mj2yXCo4Se8lYxs=
last-modified: Tue, 26 Apr 2022 15:19:16 GMT
server: cloudflare
etag: W/"0be1fc1197eeff20c2723d32d395567a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: zc8_aQub6ydNnaRxC11_RVPjqI2Awjw.
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e71db5b90be-FRA
expires: Fri, 28 Apr 2023 16:19:19 GMT

GET
H3 200 4792.14f7a597.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 92 KB
24 KB 26ms
26ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4792.14f7a597.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.dd37fc77.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

037c0651d9c9b72d1c9a88010e2530907e7fbca66d4f1c97bceea1393f1e7c3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1112600
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: HAAK2JN6DE2M03W6
x-amz-id-2: Ypea0MIYkuTkpRkidUVMlfjFOekUzA45uC+Vg260xcsMfq7uG8JtKFIS4kZQE6pRewZ1DuqXM8M=
last-modified: Thu, 14 Apr 2022 09:06:28 GMT
server: cloudflare
etag: W/"68d93728be9339fe82bac120d5ca3d8d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: G5oQk1h_lSKJ4xkTzMHQRHB7mff9ylPH
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e78dc8f90be-FRA
expires: Fri, 28 Apr 2023 16:19:21 GMT

GET
H3 200 7084.b2e2a6eb.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 68 KB
19 KB 34ms
33ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7084.b2e2a6eb.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.dd37fc77.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5f9800223ce8f0691ee91d0721640086a5022d8c27d9497adbef62b5b76678aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1112600
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: HAAQ1BHG1Q16PVH1
x-amz-id-2: rpTC/g1yauiB3ex3gZ+cTKDlgxEFf7nDWcxwzgh1Yqr5GFF4SJIy94jJA7RtkinTdZa5o0XjG1A=
last-modified: Thu, 14 Apr 2022 09:06:31 GMT
server: cloudflare
etag: W/"73521766007a340f43277ee2bb9cef8e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: cfpB7exect7gEoieK.cn9tDJbfHjhHR.
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e78dc9190be-FRA
expires: Fri, 28 Apr 2023 16:19:21 GMT

GET
H3 200 8537.29ab83f7.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 7 KB
3 KB 29ms
28ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8537.29ab83f7.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.dd37fc77.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5679f29ecd4ef217d09efc2f24975ae464eaacb7f2a5d0c6d8f8826da7ec021b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1112600
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: HAANM2B6MZQ1F68J
x-amz-id-2: 84d2zFKasory9ZlNDSGTzv3EI87GPZohOsS6HQXKDHJfZxnTUM7J1mJ4vUF7Ru6V2JeVI0zORIo=
last-modified: Thu, 14 Apr 2022 09:06:34 GMT
server: cloudflare
etag: W/"e184386ab56bc2c712b8e6fbc4f83a8f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: Qk_8LgS9pAqsMKxCAf8ZI8XsRNIYBH9A
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e78dc9290be-FRA
expires: Fri, 28 Apr 2023 16:19:21 GMT

GET
H3 200 3551.69fe8b4c.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 22 KB
8 KB 27ms
26ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3551.69fe8b4c.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.dd37fc77.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e4cb950f759cf04de04b107cf1a1d3d7beb457c57abbb06ba0e53353d6854435

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1112600
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: HAAMWT2XVG25CV99
x-amz-id-2: O92GO+f5wp4MZTPejDTn027EcUMgktwemYti2/OluHYSoWgSQr9BjKB8dPZlk2XUWR7lcrHbwk0=
last-modified: Thu, 14 Apr 2022 09:06:26 GMT
server: cloudflare
etag: W/"bbfd20f6707f94928e866764ecff85e8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: ayC7oy9vYwAPAudL09GUE6theIm7Cjz_
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e78dc9390be-FRA
expires: Fri, 28 Apr 2023 16:19:21 GMT

GET
H3 200 9104.d15c7fd3.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 93 KB
27 KB 34ms
34ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9104.d15c7fd3.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.dd37fc77.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f6da58ca59f2d4d96243cad2a0e35cdef45ded2eaa9f2288080cbb8f1a6b2e82

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 522864
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: QEQG1NQ8J5CB39CW
x-amz-id-2: g5IYOXQ9mUKoAEomLHx2Hx3CTMEbyMdOVut6d64NtPVU9YZCmoP6u5c9ErbYOUXj8WIA4/rrbYk=
last-modified: Fri, 22 Apr 2022 08:22:49 GMT
server: cloudflare
etag: W/"2f090aef0d5d462631bb3c8eb2c005b4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: lp88Tinxiq7hM9Uc.oqB0CgCT8vY1VHj
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e78dc9690be-FRA
expires: Fri, 28 Apr 2023 16:19:21 GMT

GET
H3 200 ThreadedResponsesSidebar.5bca90ec.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 11 KB
5 KB 24ms
23ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/ThreadedResponsesSidebar.5bca90ec.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.dd37fc77.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e46ae7646156ceff7f10d7adf0ce70c42fe739a24a769c52b7377f7985d56ecb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1112600
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: HAAPMGZVJHNV5J09
x-amz-id-2: eF4yArygea9fVOUXGzbQQJNVcfA3odVWQVHCxt5IMmeKzyNRm4Msc5B29hxHg3vP7Uq2gsNocLY=
last-modified: Thu, 14 Apr 2022 09:07:04 GMT
server: cloudflare
etag: W/"6cb059260c23a64ab427e5204bbbf3f8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: cZnuP3jpIHqMOMoLkKnEZh4blbs.yVCq
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e78dc9790be-FRA
expires: Fri, 28 Apr 2023 16:19:21 GMT

GET
H3 200 1*dmbNkD5D-u45r44go_cf0g.png
miro.medium.com/fit/c/24/24/ 383 B
790 B 31ms
30ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/24/24/1*dmbNkD5D-u45r44go_cf0g.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c7472f7ddd48154cafa5966a38a523318a4c9463190594712195bfaba962220a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:21 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 507907
x-envoy-upstream-service-time: 25
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 383
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 70311e7b5fa390be-FRA
expires: Sat, 28 May 2022 16:19:21 GMT

GET
H3 200 0*LVG6JHuxeJ6Or_DV
miro.medium.com/fit/c/20/20/ 937 B
1 KB 38ms
37ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/0*LVG6JHuxeJ6Or_DV

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

297efdea55aac6170ceabca646faaad1ddeffa5bef0bfd3e8892eb591c5a48fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:21 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 279010
x-envoy-upstream-service-time: 42
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 937
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70311e7b5fa690be-FRA
expires: Sat, 28 May 2022 16:19:21 GMT

GET
H3 200 1*KPIgTc7JTmibbcQrLI0UWg.png
miro.medium.com/focal/56/56/50/50/ 7 KB
8 KB 42ms
40ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/1*KPIgTc7JTmibbcQrLI0UWg.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ffd3548b9fc7e8be7ce004c689822c8354d40c079b663f650e4ca85e2e653b51

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:21 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26801
x-envoy-upstream-service-time: 46
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 7407
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70311e7b5faa90be-FRA
expires: Sat, 28 May 2022 16:19:21 GMT

GET
H3 200 1*m7Rqq2o_got30UCjtiTFlA.jpeg
miro.medium.com/fit/c/20/20/ 1 KB
2 KB 38ms
35ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*m7Rqq2o_got30UCjtiTFlA.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b9820025a9a24a2998f81b1f2325b0202d1ace18300a3790f53a16eb0e8f8055

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:21 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 296313
x-envoy-upstream-service-time: 70
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1120
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70311e7b5fad90be-FRA
expires: Sat, 28 May 2022 16:19:21 GMT

GET
H3 200 1*zvVER17jOl4C8IFkn6vPjg.png
miro.medium.com/focal/56/56/50/50/ 4 KB
4 KB 39ms
36ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/1*zvVER17jOl4C8IFkn6vPjg.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5bd06b6f8cab88cf3abc63213b80abfb82bc75b4ebd1de5edc580376c30eabb0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:21 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26801
x-envoy-upstream-service-time: 106
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3803
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70311e7b5fb590be-FRA
expires: Sat, 28 May 2022 16:19:21 GMT

GET
H3 200 0*OIl7haFPnS_RW96Q.jpg
miro.medium.com/fit/c/20/20/ 981 B
1 KB 39ms
36ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/0*OIl7haFPnS_RW96Q.jpg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d5237d56cf31daf9b9699d94d48ca06ad4489c39438873ebb9ff8d6a4544f55e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:21 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 186180
x-envoy-upstream-service-time: 44
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 981
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70311e7b5fb890be-FRA
expires: Sat, 28 May 2022 16:19:21 GMT

GET
H3 200 0*PltQcGOhWt1vg9Zo
miro.medium.com/focal/56/56/50/50/ 2 KB
3 KB 46ms
43ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/0*PltQcGOhWt1vg9Zo

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf3ce53902633ea7400edbec925760975e2be20b51f1510dc84a6b73995375ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:21 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26801
x-envoy-upstream-service-time: 87
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2372
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70311e7b5fbc90be-FRA
expires: Sat, 28 May 2022 16:19:21 GMT

GET
H3 200 0*seZ6t9F8VMLvDct0.
miro.medium.com/fit/c/20/20/ 381 B
788 B 42ms
38ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/0*seZ6t9F8VMLvDct0.

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

365891e8c8f946151fb14671ecc351b5e1aa636e5f9f449963b061d61933a649

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:21 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 183825
x-envoy-upstream-service-time: 100
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 381
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70311e7b5fbe90be-FRA
expires: Sat, 28 May 2022 16:19:21 GMT

GET
H3 200 1*KHI8WfoFIamQZXt_gruMEA.jpeg
miro.medium.com/focal/56/56/50/50/ 1 KB
2 KB 57ms
54ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/1*KHI8WfoFIamQZXt_gruMEA.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ddd3ced151f662541a5ff273a9affc7d74b436d7f5267916b78a1fccdb8abce

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:21 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26801
x-envoy-upstream-service-time: 123
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1283
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70311e7b5fbf90be-FRA
expires: Sat, 28 May 2022 16:19:21 GMT

GET
H3 200 1*EdEdgfuyYWOEGnra3ee-Kg.png
miro.medium.com/fit/c/20/20/ 1 KB
2 KB 37ms
34ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*EdEdgfuyYWOEGnra3ee-Kg.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d9479360f8559ce31c9a5f05c23e4cd629a999a39d23cc719ab589c4608321fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:21 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 408120
x-envoy-upstream-service-time: 44
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1147
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70311e7b5fc090be-FRA
expires: Sat, 28 May 2022 16:19:21 GMT

GET
H3 200 1*5FcRAq30xRv80jU4YFCkKg.png
miro.medium.com/fit/c/20/20/ 1 KB
2 KB 42ms
38ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*5FcRAq30xRv80jU4YFCkKg.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

76fbf84a0eeb33e93bc85006f654cb8108381f8b6397546d8fb61779e4ecbbb2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:21 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 91726
x-envoy-upstream-service-time: 50
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1350
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70311e7b5fc290be-FRA
expires: Sat, 28 May 2022 16:19:21 GMT

GET
H3 200 1*6GmAwVExKGplFccMGa0Opw.jpeg
miro.medium.com/focal/56/56/50/50/ 3 KB
3 KB 46ms
43ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/1*6GmAwVExKGplFccMGa0Opw.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3f588f65fa9d42e089a85fe38d68565e75e49c552e5d61bb0930966412e80e87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:21 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 91726
x-envoy-upstream-service-time: 49
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2718
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70311e7b5fc590be-FRA
expires: Sat, 28 May 2022 16:19:21 GMT

GET
H3 200 1*5EO6n7GmOEaCGGkZX32cpA.png
miro.medium.com/fit/c/20/20/ 1 KB
1 KB 47ms
44ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*5EO6n7GmOEaCGGkZX32cpA.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2d413f7c717e400a416f9402e2b55825cb3cf8ea33ab92bb22a9b2863df170fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:21 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26801
x-envoy-upstream-service-time: 46
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1057
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70311e7b5fc890be-FRA
expires: Sat, 28 May 2022 16:19:21 GMT

GET
H3 200 0*N95F5E8JhsRVHuFK
miro.medium.com/focal/56/56/50/50/ 3 KB
3 KB 47ms
43ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/0*N95F5E8JhsRVHuFK

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

94f8e8e0aa1aac174c84e5efdfd707c5aae4dadd258815082ed0ef38693c7eb0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:21 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26801
x-envoy-upstream-service-time: 50
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2685
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70311e7b5fcb90be-FRA
expires: Sat, 28 May 2022 16:19:21 GMT

GET
H3 200 1*dmbNkD5D-u45r44go_cf0g.png
miro.medium.com/fit/c/20/20/ 310 B
717 B 41ms
38ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*dmbNkD5D-u45r44go_cf0g.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c2294c42a99ae9402581e67fe5c0262d7ebf4cc7f45bfe9fd2f00862e304f4a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:21 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 455500
x-envoy-upstream-service-time: 137
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 310
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 70311e7b5fcd90be-FRA
expires: Sat, 28 May 2022 16:19:21 GMT

GET
H3 200 1*1s8u5mRRp_LKJaU-914smQ.png
miro.medium.com/fit/c/20/20/ 933 B
1 KB 46ms
43ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*1s8u5mRRp_LKJaU-914smQ.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff38cc7c9ef5848c3747901472f5e715291739ab7f783957a461245ace8e50da

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:21 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 411222
x-envoy-upstream-service-time: 35
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 933
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 70311e7b5fce90be-FRA
expires: Sat, 28 May 2022 16:19:21 GMT

GET
H3 200 1*B-Pw4y2eVGt_qh8FXXbkjw.png
miro.medium.com/focal/56/56/50/50/ 5 KB
5 KB 143ms
140ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/1*B-Pw4y2eVGt_qh8FXXbkjw.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e8d94015584451e53a7af2a22061d1d398542135d919aaf35c1462d6114fa4e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:21 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 55
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5074
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70311e7b5fd090be-FRA
expires: Sat, 28 May 2022 16:19:21 GMT

GET
H3 200 1*ga_SYXVovihwpfF163xClQ.png
miro.medium.com/fit/c/20/20/ 990 B
1 KB 134ms
132ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*ga_SYXVovihwpfF163xClQ.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

37d8dc8a29741fb20164a3ca49ccffc25462cc984bb8bf2b8764a0b2ea9d0755

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:21 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 121
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 990
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70311e7b5fd390be-FRA
expires: Sat, 28 May 2022 16:19:21 GMT

GET
H3 200 0*iKhA_SZFGAAxTDb6.png
miro.medium.com/focal/56/56/50/50/ 2 KB
2 KB 40ms
38ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/0*iKhA_SZFGAAxTDb6.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf1c312ec858f116c00fe298ef779aba5da52298bfe3d983e477feff6ad37e9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:21 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 208158
x-envoy-upstream-service-time: 63
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2033
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70311e7b5fda90be-FRA
expires: Sat, 28 May 2022 16:19:21 GMT

GET
H3 200 1*OM3Rodth3Q1gLybH4popPQ.jpeg
miro.medium.com/fit/c/20/20/ 1 KB
1 KB 139ms
136ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*OM3Rodth3Q1gLybH4popPQ.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be34f359874bd5b55bef0388081adea917473c5cccf055d04eedcec25ae40330

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:21 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 907
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1101
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70311e7b5fdc90be-FRA
expires: Sat, 28 May 2022 16:19:21 GMT

GET
H3 200 1*cRKhjXi_LM89mSERTP4T0Q.jpeg
miro.medium.com/focal/56/56/50/50/ 2 KB
3 KB 139ms
137ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/1*cRKhjXi_LM89mSERTP4T0Q.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f61b32f71cf7fb3c8973ae95a5b0b159861db04085689a8e70de8e8adc22c5f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:21 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 39
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2257
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70311e7b5fdd90be-FRA
expires: Sat, 28 May 2022 16:19:21 GMT

GET
H3 200 0*kxbFPvFlzfKfA9PT.
miro.medium.com/fit/c/20/20/ 989 B
1 KB 45ms
42ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/0*kxbFPvFlzfKfA9PT.

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2b435c71c0438a2629450b9b8487995a230471fbfbefa02729447a6713fb555b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:21 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 270216
x-envoy-upstream-service-time: 52
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 989
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70311e7b5fe090be-FRA
expires: Sat, 28 May 2022 16:19:21 GMT

GET
H3 200 1*FUSYZTFrRKI5qQ2rkswK2Q.png
miro.medium.com/focal/56/56/50/50/ 2 KB
3 KB 47ms
44ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/1*FUSYZTFrRKI5qQ2rkswK2Q.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

971fd245cffa49a911f5261565bdc2d92a2b4519e360f10f6b378caf1b7fbe59

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:21 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 270216
x-envoy-upstream-service-time: 299
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2329
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70311e7b5fe390be-FRA
expires: Sat, 28 May 2022 16:19:21 GMT

POST
H2 200 graphql Show response
posts.specterops.io/_/ 143 B
437 B 119ms
119ms Fetch
application/json 52.5.181.79
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.181.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-181-79.compute-1.amazonaws.com

Software

nginx /

Resource Hash

00dbc3133ab35e207778d152b69be16b8554a1676d9178801e38415b322e74af

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 74430108d6e20178
Medium-Frontend-Path: /code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
Graphql-Operation: VisitorQuery
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Medium-Frontend-App: lite/main-20220428-151821-d0ed95e7ef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
apollographql-client-version: main-20220428-151821-d0ed95e7ef
ot-tracer-spanid: 68ec4ee65f321a77

Response headers

date: Thu, 28 Apr 2022 16:19:21 GMT
sepia-upstream: medium
server: nginx
etag: W/"8f-OIwJhl7r6orrfH2ttu04AQJuiMo"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220427-204309-b6dfbe6d15, rito/main-20220428-005220-94f743d870
x-envoy-upstream-service-time: 15
content-length: 143
x-xss-protection: 0
x-request-received-at: 1651162761958

POST
H2 200 graphql Show response
posts.specterops.io/_/ 108 B
430 B 180ms
180ms Fetch
application/json 52.5.181.79
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.181.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-181-79.compute-1.amazonaws.com

Software

nginx /

Resource Hash

02e9e1939e214dfa38c8eab94afca48043e7f00c46e95908662548a7d19819e1

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 74430108d6e20178
Medium-Frontend-Path: /code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
Graphql-Operation: PostPageMeterQuery
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Medium-Frontend-App: lite/main-20220428-151821-d0ed95e7ef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
apollographql-client-version: main-20220428-151821-d0ed95e7ef
ot-tracer-spanid: 68ec4ee65f321a77

Response headers

date: Thu, 28 Apr 2022 16:19:22 GMT
sepia-upstream: medium
server: nginx
etag: W/"6c-I3CG28DxUiEEF9QH3iLEotaTHR8"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220427-204309-b6dfbe6d15, rito/main-20220428-005220-94f743d870, tutu/main-20220428-094113-c52c7c5789
x-envoy-upstream-service-time: 74
content-length: 108
x-xss-protection: 0
x-request-received-at: 1651162761964

POST
H2 200 graphql Show response
posts.specterops.io/_/ 838 B
1 KB 160ms
160ms Fetch
application/json 52.5.181.79
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.181.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-181-79.compute-1.amazonaws.com

Software

nginx /

Resource Hash

07ed95a8e9a3f79c546d131eb01e3a90f424b35f7b24c57bf5a08f9645180d7b

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 74430108d6e20178
Medium-Frontend-Path: /code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
Graphql-Operation: UserViewerEdge
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Medium-Frontend-App: lite/main-20220428-151821-d0ed95e7ef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
apollographql-client-version: main-20220428-151821-d0ed95e7ef
ot-tracer-spanid: 68ec4ee65f321a77

Response headers

date: Thu, 28 Apr 2022 16:19:22 GMT
sepia-upstream: medium
server: nginx
etag: W/"346-vdctc6QSCpHrRUBsVU02EDZ0GTU"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220427-204309-b6dfbe6d15, rito/main-20220428-005220-94f743d870, tutu/main-20220428-094113-c52c7c5789
x-envoy-upstream-service-time: 54
content-length: 838
x-xss-protection: 0
x-request-received-at: 1651162761962

POST
H2 200 graphql Show response
posts.specterops.io/_/ 210 B
531 B 140ms
140ms Fetch
application/json 52.5.181.79
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.181.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-181-79.compute-1.amazonaws.com

Software

nginx /

Resource Hash

fff9da6e0a5b4cc5f260d63eaf9ee5df52647fbac4fd66df689f548b583fbdcb

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 74430108d6e20178
Medium-Frontend-Path: /code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
Graphql-Operation: NewsletterV3ViewerEdge
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Medium-Frontend-App: lite/main-20220428-151821-d0ed95e7ef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
apollographql-client-version: main-20220428-151821-d0ed95e7ef
ot-tracer-spanid: 68ec4ee65f321a77

Response headers

date: Thu, 28 Apr 2022 16:19:21 GMT
sepia-upstream: medium
server: nginx
etag: W/"d2-conn6p5Ayq9pjEsB6VXHuBLSUJQ"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220427-204309-b6dfbe6d15, rito/main-20220428-005220-94f743d870, tutu/main-20220428-094113-c52c7c5789
x-envoy-upstream-service-time: 37
content-length: 210
x-xss-protection: 0
x-request-received-at: 1651162761961

POST
H2 200 graphql Show response
posts.specterops.io/_/ 268 B
590 B 244ms
244ms Fetch
application/json 52.5.181.79
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.181.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-181-79.compute-1.amazonaws.com

Software

nginx /

Resource Hash

edd4779ba2acbd24cb96809809026e1f28486b21f0a7d8bdcd25fd8cfc0bdee1

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 74430108d6e20178
Medium-Frontend-Path: /code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
Graphql-Operation: PostViewerEdgeQuery
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Medium-Frontend-App: lite/main-20220428-151821-d0ed95e7ef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
apollographql-client-version: main-20220428-151821-d0ed95e7ef
ot-tracer-spanid: 68ec4ee65f321a77

Response headers

date: Thu, 28 Apr 2022 16:19:22 GMT
sepia-upstream: medium
server: nginx
etag: W/"10c-h1Yq+auStauOJ4kbX26tpzIXrVs"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220427-204309-b6dfbe6d15, rito/main-20220428-005220-94f743d870, tutu/main-20220428-094113-c52c7c5789
x-envoy-upstream-service-time: 44
content-length: 268
x-xss-protection: 0
x-request-received-at: 1651162762057

POST
H2 200 graphql Show response
posts.specterops.io/_/ 103 B
397 B 221ms
221ms Fetch
application/json 52.5.181.79
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.181.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-181-79.compute-1.amazonaws.com

Software

nginx /

Resource Hash

aff6e5d1740b33e9611dfd5f8c9aa4bb0842270f37bca94d654ef53ac21e422b

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 74430108d6e20178
Medium-Frontend-Path: /code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Graphql-Operation: MaybeTextToSpeechQuery
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Medium-Frontend-App: lite/main-20220428-151821-d0ed95e7ef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
apollographql-client-version: main-20220428-151821-d0ed95e7ef
ot-tracer-spanid: 68ec4ee65f321a77

Response headers

date: Thu, 28 Apr 2022 16:19:22 GMT
sepia-upstream: medium
server: nginx
etag: W/"67-hwVXqeGehpUH7w76cB3LOBt2Lkg"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220427-204309-b6dfbe6d15, rito/main-20220428-005220-94f743d870
x-envoy-upstream-service-time: 20
content-length: 103
x-xss-protection: 0
x-request-received-at: 1651162762059

POST
H2 200 graphql Show response
posts.specterops.io/_/ 96 B
415 B 258ms
258ms Fetch
application/json 52.5.181.79
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.181.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-181-79.compute-1.amazonaws.com

Software

nginx /

Resource Hash

aaaca262fe6fc64fafe54bd0236329a0ad10abe3ece58da67d89725ebf0589bf

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 74430108d6e20178
Medium-Frontend-Path: /code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Graphql-Operation: InteractivePostBodyQuery
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Medium-Frontend-App: lite/main-20220428-151821-d0ed95e7ef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
apollographql-client-version: main-20220428-151821-d0ed95e7ef
ot-tracer-spanid: 68ec4ee65f321a77

Response headers

date: Thu, 28 Apr 2022 16:19:22 GMT
sepia-upstream: medium
server: nginx
etag: W/"60-Ot8fahRq/24OZZD50baRxE1h1oo"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220427-204309-b6dfbe6d15, rito/main-20220428-005220-94f743d870, tutu/main-20220428-094113-c52c7c5789
x-envoy-upstream-service-time: 60
content-length: 96
x-xss-protection: 0
x-request-received-at: 1651162762057

GET
H3 200 responses.editor.857df5ad.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
4 KB 28ms
28ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/responses.editor.857df5ad.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.dd37fc77.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c91ebb44296a087c6734815b767b2631cf21cbb446757abe01d92ebb97323a4a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1112441
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 887XZEAFQ44HRT6J
x-amz-id-2: flfXVoow0Wmc3WN/tyqoDVzkRf7DYQv4tJYETVVuuy28XaXVMqn40KHtB0lK5e8LRimUG5SDIZo=
last-modified: Thu, 14 Apr 2022 09:07:31 GMT
server: cloudflare
etag: W/"195376c9eb500dd7a4c4583562103d50"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: n9gS1uYafrO67iJ9cRLDZTxo6qKQufkF
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70311e7e4b4390be-FRA
expires: Fri, 28 Apr 2023 16:19:21 GMT

GET
H3 200 sohne-400-italic.woff
glyph.medium.com/font/3887986/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 19 KB
20 KB 27ms
27ms Font
application/font-woff 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/3887986/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-400-italic.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d4997e3de54c0bc7f4b845fb053c714d48c52eed08a18f7555b2abc003e1990

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 5097883
x-envoy-upstream-service-time: 33
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 70311e7e58fc9b8c-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Fri, 28 Apr 2023 16:19:21 GMT

POST
H2 200 graphql Show response
posts.specterops.io/_/ 9 KB
2 KB 225ms
224ms Fetch
application/json 52.5.181.79
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.181.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-181-79.compute-1.amazonaws.com

Software

nginx /

Resource Hash

fc3e1db9c0edba37ccad6c3dce2c5cad53d82300fe0f03e5ace22ae2a5ddf182

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 74430108d6e20178
Medium-Frontend-Path: /code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Graphql-Operation: PagedThreadedPostResponsesQuery
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Medium-Frontend-App: lite/main-20220428-151821-d0ed95e7ef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
apollographql-client-version: main-20220428-151821-d0ed95e7ef
ot-tracer-spanid: 68ec4ee65f321a77

Response headers

date: Thu, 28 Apr 2022 16:19:22 GMT
content-encoding: gzip
sepia-upstream: medium
server: nginx
etag: W/"22bb-X48Jw2V+BLyuePfh+UwaSDX9tKQ"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220427-204309-b6dfbe6d15, rito/main-20220428-005220-94f743d870, tutu/main-20220428-094113-c52c7c5789
x-envoy-upstream-service-time: 119
x-xss-protection: 0
x-request-received-at: 1651162762088

POST
H2 200 /
posts.specterops.io/_/clientele/reports/performance/ 0
0 110ms
110ms Fetch
application/octet-stream 52.5.181.79
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://posts.specterops.io/_/clientele/reports/performance/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.cbc0916a.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.5.181.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-5-181-79.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 28 Apr 2022 16:19:22 GMT
medium-fulfilled-by: valencia/main-20220427-204309-b6dfbe6d15, clientele/main-20220415-143145-f9ab5ad4ad
x-envoy-upstream-service-time: 7
sepia-upstream: medium
server: nginx
content-length: 0
content-type: application/octet-stream

POST
H2 200 /
posts.specterops.io/_/clientele/reports/performance/ 0
0 110ms
109ms Fetch
application/octet-stream 52.5.181.79
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://posts.specterops.io/_/clientele/reports/performance/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.cbc0916a.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.5.181.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-5-181-79.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 28 Apr 2022 16:19:22 GMT
medium-fulfilled-by: valencia/main-20220427-204309-b6dfbe6d15, clientele/main-20220415-143145-f9ab5ad4ad
x-envoy-upstream-service-time: 6
sepia-upstream: medium
server: nginx
content-length: 0
content-type: application/octet-stream

POST
H2 200 /
posts.specterops.io/_/clientele/reports/performance/ 0
0 108ms
108ms Fetch
application/octet-stream 52.5.181.79
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://posts.specterops.io/_/clientele/reports/performance/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.cbc0916a.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.5.181.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-5-181-79.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 28 Apr 2022 16:19:22 GMT
medium-fulfilled-by: valencia/main-20220427-204309-b6dfbe6d15, clientele/main-20220415-143145-f9ab5ad4ad
x-envoy-upstream-service-time: 4
sepia-upstream: medium
server: nginx
content-length: 0
content-type: application/octet-stream

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 59ms
24ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 2672
date: Thu, 28 Apr 2022 15:34:50 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 28 Apr 2022 17:34:50 GMT

GET
H2 200 branch-latest.min.js Show response
cdn.branch.io/ 79 KB
24 KB 34ms
8ms Script
text/javascript 65.9.68.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.branch.io/branch-latest.min.js
Requested by: Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=481ac3fdef53
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.68.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-68-6.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 93019ef931f847b3f88047feb3c87914c648839920dfd0482fe4d640a106372e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-amz-version-id: dPcbo._dc8laXt1CGk.P2lrH66o74Yit
content-encoding: gzip
last-modified: Thu, 14 Oct 2021 16:27:46 GMT
server: AmazonS3
age: 181
etag: "49d34b8e058b253d35893807b3bac09d"
x-cache: Hit from cloudfront
content-type: text/javascript
via: 1.1 1c5b98f7bd5001d6fe1040daa237afc6.cloudfront.net (CloudFront)
cache-control: max-age=300
date: Thu, 28 Apr 2022 16:16:22 GMT
x-amz-cf-pop: FRA56-C1
content-length: 23872
x-amz-cf-id: n4gppaPlZA1r-kqIRUJag8ynr0iubSu_irSEAE9u09MInxgkuEo04w==

GET
H2 200 _r Show response
app.link/ 91 B
564 B 274ms
185ms Script
text/javascript 2600:9000:21ca:e600:19:9934:6a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.link/_r?sdk=web2.59.0&branch_key=key_live_ofxXr2qTrrU9NqURK8ZwEhknBxiI6KBm&callback=branch_callback__0

Requested by

Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21ca:e600:19:9934:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

openresty / Express

Resource Hash

4c3ce0e2422c7fc6b206500ce67ede1ccebad3af068627c111e8cd77e3e0245e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:23 GMT
via: 1.1 8839897b1ee0fbe9625501238503bf54.cloudfront.net (CloudFront)
x-content-type-options: nosniff
server: openresty
x-amz-cf-pop: DUB2-C1
x-powered-by: Express
x-cache: Miss from cloudfront
content-type: text/javascript; charset=utf-8
content-length: 91
etag: W/"5b-Fnyc3SAEyF6THIKAl/5KNOzlooM"
x-amz-cf-id: 9TRwEUfzIm_ftl-yaFcRyX2cP5KsMfrgE_vLXwcLQYXlyOxz_3fGxA==

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 50ms
21ms XHR
text/plain 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1471396712&t=pageview&_s=1&dl=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&ul=en-us&de=UTF-8&dt=Code%20Signing%20Certificate%20Cloning%20Attacks%20and%20Defenses%20%7C%20by%20Matt%20Graeber%20%7C%20Posts%20By%20SpecterOps%20Team%20Members&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=243926999&gjid=503654030&cid=1531281601.1651162766&tid=UA-24232453-2&_gid=950748874.1651162766&_r=1&_slc=1&z=1670015321

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 28 Apr 2022 16:19:23 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://posts.specterops.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 40ms
22ms XHR
text/plain 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1471396712&t=pageview&_s=1&dl=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&ul=en-us&de=UTF-8&dt=Code%20Signing%20Certificate%20Cloning%20Attacks%20and%20Defenses%20%7C%20by%20Matt%20Graeber%20%7C%20Posts%20By%20SpecterOps%20Team%20Members&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEDAAEABAAAAAC~&jid=105087427&gjid=1006224720&cid=1531281601.1651162766&tid=UA-102239211-2&_gid=950748874.1651162766&_r=1&_slc=1&z=107686694

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 28 Apr 2022 16:19:23 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://posts.specterops.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 graphql Show response
posts.specterops.io/_/ 23 KB
5 KB 385ms
385ms Fetch
application/json 52.5.181.79
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.181.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-181-79.compute-1.amazonaws.com

Software

nginx /

Resource Hash

8d57eab282e2ecdd5c787cbaca84d5728f5f892afb8bcfc995428d13682bb39d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 74430108d6e20178
Medium-Frontend-Path: /code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Graphql-Operation: PostNextFiveStoriesCollection
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Medium-Frontend-App: lite/main-20220428-151821-d0ed95e7ef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
apollographql-client-version: main-20220428-151821-d0ed95e7ef
ot-tracer-spanid: 68ec4ee65f321a77

Response headers

date: Thu, 28 Apr 2022 16:19:23 GMT
content-encoding: gzip
sepia-upstream: medium
server: nginx
etag: W/"5b24-oxEhh+fdLWm8clPFHI7MW/0q7uI"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220427-204309-b6dfbe6d15, rito/main-20220428-005220-94f743d870, tutu/main-20220428-094113-c52c7c5789
x-envoy-upstream-service-time: 179
x-xss-protection: 0
x-request-received-at: 1651162763765

POST
H2 200 open Show response
api2.branch.io/v1/ 316 B
630 B 366ms
191ms XHR
application/json 2600:9000:2260:1200:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/open
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2260:1200:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 30925fe55bf3ee981ee4764c7bbc869e57739d2aa992322b9bfc43f2a6033f4f

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 28 Apr 2022 16:19:24 GMT
via: 1.1 c25b1f7aa410c3a4dd235dd71a0d38e8.cloudfront.net (CloudFront)
x-amz-cf-pop: TXL50-P3
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache
x-branch-request-id: eecb833226154cb2bc13da6a7b3f7925-2022042816
content-length: 316
x-amz-cf-id: fQx1IChg-hOumSQBJU-JrQ8-wod772Du-GJFHLwM1uwRlkfrbXItbA==

GET
H3 200 1*9WbXEpOxOhaMq99CwG1ESQ.png
miro.medium.com/fit/c/24/24/ 1 KB
2 KB 42ms
41ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/24/24/1*9WbXEpOxOhaMq99CwG1ESQ.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6290b43b37dd2590fd9c5d74fbc9faf384eb0e8fe402dfba901dd9c530ab608a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:24 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 297738
x-envoy-upstream-service-time: 63
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1451
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 70311e8c0c8690be-FRA
expires: Sat, 28 May 2022 16:19:24 GMT

GET
H3 200 0*jMWvjIv69DaaUe1g.jpg
miro.medium.com/fit/c/112/112/ 6 KB
6 KB 49ms
49ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/112/112/0*jMWvjIv69DaaUe1g.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

351eda368d41338c4554a8e9ea10ff5bba4b27776438dfb9adb67bee2721de27

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:24 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 117204
x-envoy-upstream-service-time: 46
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5942
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220303-000533-8c0cdff0ab
accept-ranges: bytes
cf-ray: 70311e8c0c8a90be-FRA
expires: Sat, 28 May 2022 16:19:24 GMT

GET
H3 200 0*jMWvjIv69DaaUe1g.jpg
miro.medium.com/fit/c/56/56/ 2 KB
3 KB 54ms
53ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/56/56/0*jMWvjIv69DaaUe1g.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9b0bc94ed45c7af6d0990a8a8b843c9b11fcdde17149849a8c56872b77bb8183

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:24 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 117204
x-envoy-upstream-service-time: 54
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2324
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70311e8c0c8f90be-FRA
expires: Sat, 28 May 2022 16:19:24 GMT

GET
H3 200 1*BfnBBXS_ynr61tIk6gwVFw.png
miro.medium.com/fit/c/24/24/ 1 KB
2 KB 34ms
33ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/24/24/1*BfnBBXS_ynr61tIk6gwVFw.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c4d015fba7da1c2d0896be66eec8d84c1d73231aa050d8da4836a8ad638e259f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:24 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 297738
x-envoy-upstream-service-time: 35
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1240
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220308-111139-470fbc5021
accept-ranges: bytes
cf-ray: 70311e8c0c9190be-FRA
expires: Sat, 28 May 2022 16:19:24 GMT

GET
H3 200 0*V_bbboT69XLRdGeR.png
miro.medium.com/fit/c/112/112/ 6 KB
6 KB 53ms
52ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/112/112/0*V_bbboT69XLRdGeR.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3202f91086df9921bf8e3b1cfe00d430d235195fa3e2404377c2b2f42000cd99

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:24 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 117204
x-envoy-upstream-service-time: 33
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6105
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220322-153408-5d6507f242
accept-ranges: bytes
cf-ray: 70311e8c0c9490be-FRA
expires: Sat, 28 May 2022 16:19:24 GMT

GET
H3 200 0*V_bbboT69XLRdGeR.png
miro.medium.com/fit/c/56/56/ 2 KB
3 KB 31ms
30ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/56/56/0*V_bbboT69XLRdGeR.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3bf61eb35dc28ecc2881cbad93e07b97c42c215cdd03cba5572ffdcd0eab3265

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:24 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 117204
x-envoy-upstream-service-time: 43
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2423
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70311e8c0c9790be-FRA
expires: Sat, 28 May 2022 16:19:24 GMT

GET
H3 200 1*rzDEywT-rGMVud0vq03qfw.jpeg
miro.medium.com/fit/c/24/24/ 999 B
1 KB 39ms
38ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/24/24/1*rzDEywT-rGMVud0vq03qfw.jpeg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3f6728a76d0bd8a4d6527388ed9059f3b56b6fe822ef4219b3417bfc65c3b274

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:24 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 297738
x-envoy-upstream-service-time: 67
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 999
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 70311e8c0c9a90be-FRA
expires: Sat, 28 May 2022 16:19:24 GMT

GET
H3 200 0*sw2zONm9TfgE0c1p.
miro.medium.com/fit/c/112/112/ 13 KB
14 KB 34ms
33ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/112/112/0*sw2zONm9TfgE0c1p.

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4db5b8b0669983fbd58e681e81140d2cb5c7d0763d343016a178e83dc7df1cfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:24 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 117204
x-envoy-upstream-service-time: 85
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13725
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70311e8c0c9c90be-FRA
expires: Sat, 28 May 2022 16:19:24 GMT

GET
H3 200 0*sw2zONm9TfgE0c1p.
miro.medium.com/fit/c/56/56/ 4 KB
5 KB 37ms
35ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/56/56/0*sw2zONm9TfgE0c1p.

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f33ca66db72fb7e064d1c6f1c45c697f45af3263f31baa271d41cb036acd1f1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:24 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 117204
x-envoy-upstream-service-time: 60
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4410
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220303-000533-8c0cdff0ab
accept-ranges: bytes
cf-ray: 70311e8c0c9e90be-FRA
expires: Sat, 28 May 2022 16:19:24 GMT

GET
H3 200 1*idzSM22ouVWVRLUiU5Kpkg.jpeg
miro.medium.com/fit/c/24/24/ 1 KB
1 KB 88ms
87ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/24/24/1*idzSM22ouVWVRLUiU5Kpkg.jpeg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

af345a4f2d59d19e76d1d83ff8b22db4aed9807cc0ed64d85042629a1faf450b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:24 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 26798
x-envoy-upstream-service-time: 62
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1112
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70311e8c0c9f90be-FRA
expires: Sat, 28 May 2022 16:19:24 GMT

GET
H3 200 0*hhBONb3BcEI0uwMf.png
miro.medium.com/fit/c/112/112/ 10 KB
10 KB 30ms
28ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/112/112/0*hhBONb3BcEI0uwMf.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1b0cd6e5a6b5c9d9cac70f67e4f20fbd1ce08368269d1db136dffe52149ea5b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:24 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 117204
x-envoy-upstream-service-time: 37
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 10138
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220322-153408-5d6507f242
accept-ranges: bytes
cf-ray: 70311e8c0ca290be-FRA
expires: Sat, 28 May 2022 16:19:24 GMT

GET
H3 200 0*hhBONb3BcEI0uwMf.png
miro.medium.com/fit/c/56/56/ 3 KB
4 KB 52ms
50ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/56/56/0*hhBONb3BcEI0uwMf.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6dab13fafddfef8d2887754d708471fc16938f98760c809649b374db290e9a1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:24 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 117204
x-envoy-upstream-service-time: 48
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3181
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220308-111139-470fbc5021
accept-ranges: bytes
cf-ray: 70311e8c0ca390be-FRA
expires: Sat, 28 May 2022 16:19:24 GMT

GET
H3 200 0*6mGXmQSDMYyKuVUK.jpg
miro.medium.com/fit/c/24/24/ 976 B
1 KB 30ms
26ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/24/24/0*6mGXmQSDMYyKuVUK.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

12288ca4f5447aeefac3bd194a5f46a43ca8a3745a698d2a46f58662b4444b9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:24 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 82119
x-envoy-upstream-service-time: 31
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 976
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 70311e8c1cac90be-FRA
expires: Sat, 28 May 2022 16:19:24 GMT

GET
H3 200 1*pOhM_LC0IGAN5PP8hMn7Nw.png
miro.medium.com/fit/c/112/112/ 14 KB
14 KB 64ms
60ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/112/112/1*pOhM_LC0IGAN5PP8hMn7Nw.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a70bc682227f91025f7f306869499621b8f350c058c5ae8c070db694532dafd0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:24 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 82119
x-envoy-upstream-service-time: 55
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 14207
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70311e8c1cb090be-FRA
expires: Sat, 28 May 2022 16:19:24 GMT

GET
H3 200 1*pOhM_LC0IGAN5PP8hMn7Nw.png
miro.medium.com/fit/c/56/56/ 5 KB
5 KB 36ms
32ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/56/56/1*pOhM_LC0IGAN5PP8hMn7Nw.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5e47fef36b8d94cbbd62a52420658b571bdf1603cffe87edd00a276d4d6928f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 16:19:24 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 82119
x-envoy-upstream-service-time: 40
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4662
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70311e8c1cb390be-FRA
expires: Sat, 28 May 2022 16:19:24 GMT

POST
H2 200 profile Show response
api2.branch.io/v1/ 183 B
567 B 359ms
358ms XHR
application/json 2600:9000:2260:1200:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/profile

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2260:1200:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ Express

Resource Hash

44dbe667f7b2f0b9f01b1cdaddbc83e91a3c98d103250d2ef8ec3dd9d34543cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 28 Apr 2022 16:19:24 GMT
via: 1.1 c25b1f7aa410c3a4dd235dd71a0d38e8.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: TXL50-P3
x-powered-by: Express
etag: W/"b7-FZfz9PO1d+GQQPHmhdsz58dWNKw"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: fc5335aeaa164516893ada9cc44ad5cf-2022042816
content-length: 183
x-amz-cf-id: oldgjxGawHj-Pucum0Vuw1CFgHGfO0gLM2MjwHlueZMIBt6lFMlETA==

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
388 B 362ms
362ms XHR
application/json 2600:9000:2260:1200:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/pageview
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2260:1200:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: / Express
Resource Hash: a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 28 Apr 2022 16:19:24 GMT
via: 1.1 c25b1f7aa410c3a4dd235dd71a0d38e8.cloudfront.net (CloudFront)
x-amz-cf-pop: TXL50-P3
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: ddfb85b6736e40c1ae7b6c9b0bba4c1e-2022042816
content-length: 28
x-amz-cf-id: zvJc8aFppd_gqLIFJqfQIP_lRxUqz46De0VnE2pUvngp68SfoYdtlA==

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
389 B 356ms
356ms XHR
application/json 2600:9000:2260:1200:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/pageview
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2260:1200:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: / Express
Resource Hash: a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 28 Apr 2022 16:19:25 GMT
via: 1.1 c25b1f7aa410c3a4dd235dd71a0d38e8.cloudfront.net (CloudFront)
x-amz-cf-pop: TXL50-P3
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: 6418df67ab694637bfd2539a1d99f5c7-2022042816
content-length: 28
x-amz-cf-id: zx7yj6-IttBdbkXWUDuKhYklZFmp3hX2DhoVW5gi_kOZJ-eV_n00Uw==

POST
H2 200 batch Show response
posts.specterops.io/_/ 17 B
173 B 250ms
249ms Fetch
application/json 52.5.181.79
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://posts.specterops.io/_/batch
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.cbc0916a.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.5.181.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-5-181-79.compute-1.amazonaws.com
Software: nginx /
Resource Hash: f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
x-xsrf-token: 1
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
content-type: application/json

Response headers

date: Thu, 28 Apr 2022 16:19:26 GMT
medium-fulfilled-by: valencia/main-20220427-204309-b6dfbe6d15
x-envoy-upstream-service-time: 146
sepia-upstream: medium
server: nginx
content-length: 17
content-type: application/json

Verdicts & Comments Add Verdict or Comment

24 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.medium.com/	1970-01-20 11:24:58	Name: sid Value: 1:rEvcNNTLgOMTIcXfLsxJlkwixVBT0geP8B+iFPbo/KEh3VTPlvDp7+16r7xQYL67
.medium.com/	1970-01-20 11:24:58	Name: uid Value: lo_79ce5a5db86a
.medium.com/	1969-12-31 23:59:59	Name: __cfruid Value: 9904ec73b9071895936c12457bba696c57d16aae-1651162758
posts.specterops.io/	1970-01-20 11:24:58	Name: uid Value: lo_79ce5a5db86a
posts.specterops.io/	1970-01-20 11:24:58	Name: sid Value: 1:C2oF+r1oGGD6XDP1kAo+TkQlOm95HmHN0F95yPsWHgf9p98lS2DYTSr3jAIgLwL6
posts.specterops.io/	1970-01-20 02:39:23	Name: _dd_s Value: rum=0&expire=1651163663272
.specterops.io/	1970-01-20 20:10:34	Name: _ga Value: GA1.2.1531281601.1651162766
.specterops.io/	1970-01-20 02:40:49	Name: _gid Value: GA1.2.950748874.1651162766
.specterops.io/	1970-01-20 02:39:22	Name: _gat Value: 1
.specterops.io/	1970-01-20 02:39:22	Name: _gat_tracker0 Value: 1
.app.link/	1970-01-20 11:24:58	Name: _s Value: YtdfxXPgKIS2L6ph6rjdeLOqDBw9uHfYNPHTSWxGUHiGuiLLRqfjt6AWt6JS9MlM

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' https://medium.com

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api2.branch.io
app.link
cdn-client.medium.com
cdn.branch.io
glyph.medium.com
medium.com
miro.medium.com
posts.specterops.io
www.google-analytics.com
2600:9000:21ca:e600:19:9934:6a80:93a1
2600:9000:2260:1200:11:f728:3040:93a1
2606:4700:7::a29f:9804
2606:4700:7::a29f:9904
2a00:1450:4001:812::200e
52.5.181.79
65.9.68.6
00dbc3133ab35e207778d152b69be16b8554a1676d9178801e38415b322e74af
02e9e1939e214dfa38c8eab94afca48043e7f00c46e95908662548a7d19819e1
037c0651d9c9b72d1c9a88010e2530907e7fbca66d4f1c97bceea1393f1e7c3d
045676d2831ed605d4edf201f9b8e3bc4fc46e4d488d9e677b6fa83043de6720
0592f3bd8730a4dbe1206e384e58d50b182eff1eaad7175c994ef7cc892aa86c
07918926d32c0d5d21c288246436f1cc382a3b9adf3aa176a4b8c0816af62223
07ed95a8e9a3f79c546d131eb01e3a90f424b35f7b24c57bf5a08f9645180d7b
0a68bdc22aa6d2deedff5c4999e3618222cf20b0902530b7f924b9e2a4300e40
0ac92997377d847ced26c4b5abade246db936d4eeda0ec17137970dfd1c4a123
0c4e595378a4c2585a1eb91b7f65ed0526940ed8fd37a31810cd1e2eb2920b12
0e862a957a95b167600d06cd2c964ac06266092937f8ca2f587d302221e07736
10e46dff53123335dce3e87dfc8251b15ed13b86826aa3118739b1243ed6d52c
12288ca4f5447aeefac3bd194a5f46a43ca8a3745a698d2a46f58662b4444b9b
16b223867849c67d463897ff4aa970bc9eb172b5ce0089c824bf15b9279a4d65
1b0cd6e5a6b5c9d9cac70f67e4f20fbd1ce08368269d1db136dffe52149ea5b3
27638e3a4e36b6a4a403e0fad7c322855c9a7559a585475e7f1347a109790503
2883a64885d29668e74bc28295c13eee8b4a0c38ad72c06a93453fb043884f0a
297efdea55aac6170ceabca646faaad1ddeffa5bef0bfd3e8892eb591c5a48fc
2b435c71c0438a2629450b9b8487995a230471fbfbefa02729447a6713fb555b
2bff2df357980e33efb5b0f859fec7a80d73fa6cac20bbd440cd75f342e2494b
2d413f7c717e400a416f9402e2b55825cb3cf8ea33ab92bb22a9b2863df170fe
2ddd3ced151f662541a5ff273a9affc7d74b436d7f5267916b78a1fccdb8abce
2efe526dc817b96a4822fdfbee06c9100af12e59e1e3a20932e6745c35e09988
2f6c2c34730d1750fbeeafda24dea309bda720a0ba14518453b2314f778eda6c
30925fe55bf3ee981ee4764c7bbc869e57739d2aa992322b9bfc43f2a6033f4f
30e1a6bf4b5c74a541f197d4846a74c778b971d7781e4ed884f5998a286abb4c
3140d725f076fec762b22640c8a80c4f96fc5345e5d2081858f540c9395be220
3202f91086df9921bf8e3b1cfe00d430d235195fa3e2404377c2b2f42000cd99
33ca0a574612f3d1c32cbfa41440556463cadae2608bc6ecc90726275771bdc7
351eda368d41338c4554a8e9ea10ff5bba4b27776438dfb9adb67bee2721de27
365891e8c8f946151fb14671ecc351b5e1aa636e5f9f449963b061d61933a649
37d8dc8a29741fb20164a3ca49ccffc25462cc984bb8bf2b8764a0b2ea9d0755
38111edac6045a680d3d8f2f7d638f024047b53fcc055dc11250d40dd98ee2d1
3bf61eb35dc28ecc2881cbad93e07b97c42c215cdd03cba5572ffdcd0eab3265
3ca1be7fb0f10c09765a6b7bbe5cacd522ef68ca9656954e2ab93ebfbeadd5d5
3d4997e3de54c0bc7f4b845fb053c714d48c52eed08a18f7555b2abc003e1990
3eaebe5f536bfbb28fbae6e2166835aa8309585d65755caf3a5cf61eefd92419
3f588f65fa9d42e089a85fe38d68565e75e49c552e5d61bb0930966412e80e87
3f6728a76d0bd8a4d6527388ed9059f3b56b6fe822ef4219b3417bfc65c3b274
41234e184791c80f9a83742fa6c197d988d2565c6608e0ee4e3373e93e31445b
44dbe667f7b2f0b9f01b1cdaddbc83e91a3c98d103250d2ef8ec3dd9d34543cc
4661091d9b1f846c0e69bba025b291631c4e162976d188532e8e5cc89ddf412d
4a1a461b24ba0cc63ee4fe2776b070adbc033c1a2e440beed12ea55bb4d20413
4c3ce0e2422c7fc6b206500ce67ede1ccebad3af068627c111e8cd77e3e0245e
4db5b8b0669983fbd58e681e81140d2cb5c7d0763d343016a178e83dc7df1cfd
55a9dfcc7fb458905a960b1d44c73ef9fd59c959393f31d0e5ecdf99e137a849
5679f29ecd4ef217d09efc2f24975ae464eaacb7f2a5d0c6d8f8826da7ec021b
57d7e335635b2bbec137dff9afc1d284e8efcff1cc28cd2ac92edc8ccddc3749
5818744c14c943139ed11f4ac5b7fca280caf1d74b0ca0eadefae51f2a1bb6ca
59f9c620fd549b7cad9aeb058289a8b6697d5a7b15e9d20b9443ea42af37b589
5a50c182c3abff5281695952c4a4e15735b198053c6ffca9e67d44a2aa8a4696
5af3b0610a3719435e2763f9231d524a8b50c9aee754620023c0cf78b798a11d
5b692ebbd2a07ccce946b4b61496a5d320dfa18ed765fd851cf610ea2475dd46
5bd06b6f8cab88cf3abc63213b80abfb82bc75b4ebd1de5edc580376c30eabb0
5e47fef36b8d94cbbd62a52420658b571bdf1603cffe87edd00a276d4d6928f3
5f0986d3eb60dff32625590d7afe198f58097a2cba4cafa4b6ef3493611bd4c1
5f8e45dd2eada0aa7f9746e369496a99ed0d1bc70ec364dc99066674373224f7
5f9800223ce8f0691ee91d0721640086a5022d8c27d9497adbef62b5b76678aa
604614725ba559b65c9972170eb26d7b3d04798fd8258cf2693ab89de4c04913
6290b43b37dd2590fd9c5d74fbc9faf384eb0e8fe402dfba901dd9c530ab608a
631d2367c0fa2447811a1ce22c115bc828e6655cfedfc3ba4457ad8694cfd8ea
65f0c65b5db3aa0568c7986479a4a3e909a05a84fb34ced48d70a2d628dd1444
68d0a56f118231878b6efb098e52c15c24d01bb1d8ad2f4d6d4237bc4dfc3f3b
6dab13fafddfef8d2887754d708471fc16938f98760c809649b374db290e9a1a
6fce0922ef388ad6f81ae62add760596c852b7c66503f3183cce6943ec5d4f5e
76fbf84a0eeb33e93bc85006f654cb8108381f8b6397546d8fb61779e4ecbbb2
78661d3e6871b6e5c37f3113d811cb3dfc69546449e3b2c28095b6e7f28d9a7d
78a688bf794d2b0344741a5bd24831d2527d999e5395b8f19055b0b82805373d
7a9d4d3245169f56ad9bc167adec56c07184e6deef4256da99d14f7ed48dbdd4
7e44b89888ba69b9a2e0fbf4cf2e26389f9ecf2711df12d0d286dbbebc1281b4
7e6dcfe1e0724a6c3d6e25d4e73070415756baf82943270d4bde766e17c7ebdd
823af0ed59d37ff692a804950379a09490c6418e7b18629616ab9b6bc3b7d9ce
82da7bb07cf25157db0e2a0d86abf66d4657bd3bdbf0df82c806ad37cc2f2670
83ba7707bfe79a63651504c93f7a572d83f1effea66a3e9429a4b10f26c38899
8b09fd1303911ca1b5f0c59e116552da12794b786d886511b19d4639e261a4b2
8bbe6871b13980a0c8d28ad8267ab8827abb9a9eb1f80691d0e91ffb57a8a51b
8d57eab282e2ecdd5c787cbaca84d5728f5f892afb8bcfc995428d13682bb39d
93019ef931f847b3f88047feb3c87914c648839920dfd0482fe4d640a106372e
93544c14794161ecbe2b12a72beb1bc7f97710eb48cbd3655dc2c9d852467ac4
94f8e8e0aa1aac174c84e5efdfd707c5aae4dadd258815082ed0ef38693c7eb0
961f2b3e92eba06b032c090511ab8fb8b65ff7f0b471c7bd22817061288f8368
96351f687d83658c542daccfb141815e9868549cc351c07df0c1e5638c995e30
971fd245cffa49a911f5261565bdc2d92a2b4519e360f10f6b378caf1b7fbe59
9abe5f8b85053850abb6e03c4fde96e2a2ea3f1d9220fdd307f18d5c371d50cd
9b01204c367b33010f85cfd42e023acd087dd548f8dfa8e68b18cacb45e1f876
9b0bc94ed45c7af6d0990a8a8b843c9b11fcdde17149849a8c56872b77bb8183
9f2c1f3ed67f960d3ba0f120c688de9a9ac07db0a32ef8ad2eec65e703fe62f3
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a132b202e134fc5a2a9179cf72ece97a614f94ba00bce8af1778633d2337557b
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a3231d9c5077d6423b7ab05c50dbb1c953d5213c24ac287793b8217985743321
a70bc682227f91025f7f306869499621b8f350c058c5ae8c070db694532dafd0
a71288f8dba65161c018b6eb371830ff1ada96b923d5bfade377c5e512019937
a8021cf2dae7f4997b2c1a72ffe82fe2ad7fd4299ccfd7279c8fb8892ef0c495
a81b674bedff3bff07f4f79c82d99f7fb4abc4d051725c3d370506bbfc002540
a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb
aaaca262fe6fc64fafe54bd0236329a0ad10abe3ece58da67d89725ebf0589bf
aac225fb0961062b19f4f980fb4424f22652ba2d24a50bc4190ad57476f0a11f
acd05e1f5d57b091c1d2f9734e10e7458339186bb91d5ed6221e007333548f69
af345a4f2d59d19e76d1d83ff8b22db4aed9807cc0ed64d85042629a1faf450b
aff6e5d1740b33e9611dfd5f8c9aa4bb0842270f37bca94d654ef53ac21e422b
b0f424bafe993b016ea96973894f95dfc4290608478a2d7d3fdd080d9b0a60d1
b8abac313c0dae8e2709ed36c1c1676d1a8a86c8e3a3965a179442e669c25afa
b9820025a9a24a2998f81b1f2325b0202d1ace18300a3790f53a16eb0e8f8055
b9daf5a728f928555eb20e694ddff4db66781c1827c2b63e85acee6c17d65ade
be34f359874bd5b55bef0388081adea917473c5cccf055d04eedcec25ae40330
c108d23203210bd05eccb17b3a0da55998114923136898a4974cf79937a22151
c2294c42a99ae9402581e67fe5c0262d7ebf4cc7f45bfe9fd2f00862e304f4a8
c34459607aa351a73c48388b66f41506adfdaf9c8bf8e4d66f3aa5c7fa08f5c1
c3996ced907a09be9c8cbac17bde56953fa8f5000dc8759ac8b692ab8e2c2c7a
c4d015fba7da1c2d0896be66eec8d84c1d73231aa050d8da4836a8ad638e259f
c57f1e6815ae405a121ffd7f8f95751e58332e59922410a340fc06362298a95e
c7472f7ddd48154cafa5966a38a523318a4c9463190594712195bfaba962220a
c91ebb44296a087c6734815b767b2631cf21cbb446757abe01d92ebb97323a4a
c98433e98decfbc9278b45b95d83623746fcdb2662870afdbc0d9cd6d84caf54
cf1c312ec858f116c00fe298ef779aba5da52298bfe3d983e477feff6ad37e9f
cf3ce53902633ea7400edbec925760975e2be20b51f1510dc84a6b73995375ce
d175ce97e64726a0fadce66ff2bc60084b3034f1730e15607e26b5698cd2706c
d5237d56cf31daf9b9699d94d48ca06ad4489c39438873ebb9ff8d6a4544f55e
d88e666415b3c9cedc3c62c9ad58aee468a4699fd80aaa29f7b91fa8b1ce64bc
d8d555e598b6c3379670fbf6487dd62ed2836b4548aba48cea7740e1a92225e0
d9479360f8559ce31c9a5f05c23e4cd629a999a39d23cc719ab589c4608321fa
e46ae7646156ceff7f10d7adf0ce70c42fe739a24a769c52b7377f7985d56ecb
e4cb950f759cf04de04b107cf1a1d3d7beb457c57abbb06ba0e53353d6854435
e5c7d6eec6793799ee5594da6b8f51b2f2e5b49d6744ffca0e250613481ab452
e8d94015584451e53a7af2a22061d1d398542135d919aaf35c1462d6114fa4e0
e94f5c9ab17624e0617356aa0ce9b87c16a4a62e48ff8ccaabe6963072b76ef8
ec7121b47a89c0f8c46fc497009d41ebd3f25601b5485753d11bc366050a8e0e
edd4779ba2acbd24cb96809809026e1f28486b21f0a7d8bdcd25fd8cfc0bdee1
ee6184aa8ad5fa680d2808790bb04a001d8369d143b313da43af3794ab7ea3e5
ef8f4aee34fa7038a1c6b1e9c6180f2afa3f7835b5f143ad2057becbe80f050d
f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
f33ca66db72fb7e064d1c6f1c45c697f45af3263f31baa271d41cb036acd1f1e
f540d9b26272a4b8254a125e443083aec49a6c3011d2abe5240721db9fa6efa6
f5fa5d264f847e3bcd45c3aedbf330f93c59e6fe473ef54ff9f6aa59c3afffa0
f61b32f71cf7fb3c8973ae95a5b0b159861db04085689a8e70de8e8adc22c5f9
f6da58ca59f2d4d96243cad2a0e35cdef45ded2eaa9f2288080cbb8f1a6b2e82
fc3e1db9c0edba37ccad6c3dce2c5cad53d82300fe0f03e5ace22ae2a5ddf182
fd3ce9949e8a59979315dcb0dc1cfaba2f38485f563c680c429956e3925a91fb
ff38cc7c9ef5848c3747901472f5e715291739ab7f783957a461245ace8e50da
ffd3548b9fc7e8be7ce004c689822c8354d40c079b663f650e4ca85e2e653b51
fff9da6e0a5b4cc5f260d63eaf9ee5df52647fbac4fd66df689f548b583fbdcb

posts.specterops.io Open in urlscan Pro 52.5.181.79 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

147 Requests

100 %HTTPS

71 %IPv6

5 Domains

9 Subdomains

7 IPs

2 Countries

1735 kBTransfer

4063 kBSize

11 Cookies

86 Outgoing links

Page URL History

Redirected requests

147 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

posts.specterops.io Open in urlscan Pro
52.5.181.79 Public Scan

Screenshot
Live screenshot

Full Image

147
Requests

100 %
HTTPS

71 %
IPv6

5
Domains

9
Subdomains

7
IPs

2
Countries

1735 kB
Transfer

4063 kB
Size

11
Cookies

147 HTTP transactions
0 data transactions