posts.specterops.io Open in urlscan Pro
52.4.175.111 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.
Effective URL:
https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1
Submission Tags: falconsandbox
Submission: On July 24 via api (July 24th 2022, 1:00:29 pm UTC) from US — Scanned from DE

Summary HTTP 64 Redirects Links 18 Behaviour Indicators

Summary

This website contacted 7 IPs in 1 countries across 5 domains to perform 64 HTTP transactions. The main IP is 52.4.175.111, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is posts.specterops.io.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on January 5th 2022. Valid for: a year.

This is the only time posts.specterops.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 7	52.4.175.111 52.4.175.111	14618 (AMAZON-AES) (AMAZON-AES)
1 50	2606:4700:7::... 2606:4700:7::a29f:9804	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700:7::... 2606:4700:7::a29f:9904	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2001:4860:480... 2001:4860:4802:34::178	15169 (GOOGLE) (GOOGLE)
1	108.138.17.81 108.138.17.81	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:224... 2600:9000:2240:ee00:19:9934:6a80:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:21f... 2600:9000:21f3:8000:11:f728:3040:93a1	16509 (AMAZON-02) (AMAZON-02)
64	7

7 52.4.175.111 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-4-175-111.compute-1.amazonaws.com

posts.specterops.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

50 2606:4700:7::a29f:9804 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
glyph.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
miro.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-client.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:7::a29f:9904 (United States)

ASN13335 (CLOUDFLARENET, US)

glyph.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.17.81 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-17-81.fra56.r.cloudfront.net

cdn.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2240:ee00:19:9934:6a80:93a1 (United States)

ASN16509 (AMAZON-02, US)

app.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:21f3:8000:11:f728:3040:93a1 (United States)

ASN16509 (AMAZON-02, US)

api2.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
53	medium.com 1 redirects medium.com — Cisco Umbrella Rank: 9316 glyph.medium.com — Cisco Umbrella Rank: 18821 miro.medium.com — Cisco Umbrella Rank: 13881 cdn-client.medium.com — Cisco Umbrella Rank: 19250	3 MB
7	specterops.io 1 redirects posts.specterops.io	17 KB
3	branch.io cdn.branch.io — Cisco Umbrella Rank: 994 api2.branch.io — Cisco Umbrella Rank: 638	24 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 52	20 KB
1	app.link app.link — Cisco Umbrella Rank: 1598	593 B
64	5

	Domain	Requested by
39	cdn-client.medium.com	posts.specterops.io
9	miro.medium.com	posts.specterops.io
7	posts.specterops.io	1 redirects cdn-client.medium.com
4	glyph.medium.com	posts.specterops.io glyph.medium.com
2	api2.branch.io	cdn-client.medium.com
2	www.google-analytics.com	posts.specterops.io cdn-client.medium.com
1	app.link	cdn.branch.io
1	cdn.branch.io	posts.specterops.io
1	medium.com	1 redirects
64	9

This site contains links to these domains. Also see Links.

Domain
medium.com
rsci.app.link
humanparts.medium.com
stuff.life
policy.medium.com

Subject Issuer	Validity	Valid
posts.specterops.io Sectigo RSA Domain Validation Secure Server CA	`2022-01-05` - `2023-01-05`	a year	crt.sh
medium.com Cloudflare Inc ECC CA-3	`2022-06-26` - `2022-09-24`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-07-04` - `2022-09-26`	3 months	crt.sh
*.branch.io DigiCert TLS RSA SHA256 2020 CA1	`2021-10-27` - `2022-11-27`	a year	crt.sh
appipv4.link Amazon	`2022-05-25` - `2023-06-23`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1
Frame ID: D9B1B0CEE8C37D27521A4B57B2CE03DB
Requests: 64 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Medium

Page URL History Show full URLs

https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992. HTTP 307
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fposts.specterops.io%2Flateral-mo... HTTP 302
https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1 Page URL

Detected technologies

Medium (Blogs) Expand

Overall confidence: 100%
Detected patterns

medium\.com

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Page Statistics

64
Requests

100 %
HTTPS

71 %
IPv6

5
Domains

9
Subdomains

7
IPs

1
Countries

2688 kB
Transfer

4643 kB
Size

10
Cookies

18 Outgoing links

These are links going to different origins than the main page.

URL: https://medium.com/

Search URL Search Domain Scan URL

URL: https://rsci.app.link/s1cSf8zJT3?~feature=LoOpenInAppButton&~channel=ShowPostUnderCollection&~stage=mobileNavBar
Title: Open in app

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fposts.specterops.io%2Flateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.&source=post_page--------------------------nav_reg-----------
Title: Sign In

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Flateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.&source=post_page--------------------------nav_reg-----------
Title: Get started

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fme%2Fnotifications&source=--------------------------notifications_sidenav-----------
Title: Notifications

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fme%2Flists&source=--------------------------lists_sidenav-----------
Title: Lists

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fme%2Fstories%2Fdrafts&source=--------------------------stories_sidenav-----------
Title: Stories

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fnew-story&source=--------------------------new_post_sidenav-----------
Title: Write

Search URL Search Domain Scan URL

URL: https://medium.com/p/52e72e10614

Search URL Search Domain Scan URL

URL: https://medium.com/@danielleaamorgan

Search URL Search Domain Scan URL

URL: https://humanparts.medium.com/
Title: in Human Parts

Search URL Search Domain Scan URL

URL: https://medium.com/p/596d1a826429

Search URL Search Domain Scan URL

URL: https://medium.com/@MerzaOmar

Search URL Search Domain Scan URL

URL: https://medium.com/p/3f942a018492

Search URL Search Domain Scan URL

URL: https://medium.com/@anthonyted

Search URL Search Domain Scan URL

URL: https://stuff.life/
Title: in Stuff Dot Life

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-privacy-policy-f03bf92035c9
Title: Privacy Policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992. HTTP 307
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fposts.specterops.io%2Flateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992. HTTP 302
https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

64 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

404

Primary Request lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992. Show response
posts.specterops.io/
Redirect Chain

https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fposts.specterops.io%2Flateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.
https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

63 KB
15 KB

378ms
377ms

Document
text/html

52.4.175.111
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.4.175.111 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-4-175-111.compute-1.amazonaws.com

Software

nginx /

Resource Hash

586556851428572de493df9de25f44cf8274dd38728dd255a462bc7df60ef64e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://medium.com

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: frame-ancestors 'self' https://medium.com
content-type: text/html; charset=utf-8
date: Sun, 24 Jul 2022 13:00:23 GMT
etag: W/"fc42-3jddI6pt+rJYRPLZRv32llBozRA"
medium-fulfilled-by: valencia/main-20220722-091414-13f9c99823, lite/main-20220722-131520-9791b04c49, rito/main-20220722-122947-1af69eadb6, tutu/main-20220722-175611-cca60c5a2c
medium-missing-time: 174
sepia-upstream: medium
server: nginx
vary: Accept-Encoding
x-envoy-upstream-service-time: 128
x-request-received-at: 1658667624066

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache, no-store, max-age=0, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 72fcd6a8b9536983-FRA
content-length: 0
content-security-policy: default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://medium.com https://*.medium.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
content-type: text/plain;charset=UTF-8
date: Sun, 24 Jul 2022 13:00:23 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: Thu, 09 Sep 1999 09:09:09 GMT
link: <https://medium.com/humans.txt>; rel="humans"
location: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1
medium-fulfilled-by: edgy/8.3.0, valencia/main-20220722-091414-13f9c99823
pragma: no-cache
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
worker-missing-cookies: 1
x-content-type-options: nosniff
x-envoy-upstream-service-time: 26
x-frame-options: sameorigin
x-obvious-info: 20220722-1757-root,cca60c5a
x-obvious-tid: 1658667623874:cdf4282e2118
x-opentracing: {"ot-tracer-spanid":"3c9e9f912d6e3e3b","ot-tracer-traceid":"fd7256cfa683612","ot-tracer-sampled":"true"}
x-powered-by: Medium
x-ua-compatible: IE=edge, Chrome=1
x-xss-protection: 1; mode=block

GET
H2 200 unbound.css
glyph.medium.com/css/ 12 KB
1 KB 63ms
53ms Stylesheet
text/css 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/css/unbound.css

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9f2c1f3ed67f960d3ba0f120c688de9a9ac07db0a32ef8ad2eec65e703fe62f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2242
x-envoy-upstream-service-time: 2
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: text/css
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=7200
access-control-allow-credentials: true
cf-ray: 72fcd6ac5e546983-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sun, 24 Jul 2022 15:00:24 GMT

GET
H2 400 1*8rgW0Qvy2bSGSBMlORMhQA.png
miro.medium.com/max/0/ 0
0 198ms
189ms Image
text/plain 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://miro.medium.com/max/0/1*8rgW0Qvy2bSGSBMlORMhQA.png
Requested by: Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

GET
H2 200 1*ErUzRtpA1KJr93I-T5kCpQ@2x.jpeg
miro.medium.com/fit/c/80/80/ 3 KB
3 KB 52ms
50ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/80/80/1*ErUzRtpA1KJr93I-T5kCpQ@2x.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eb204887ddb35d03f8430bd913fa28bfb2e5f5535de5123a8514203d6cce7629

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 134145
x-envoy-upstream-service-time: 44
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2890
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 72fcd6ac7e886983-FRA
expires: Tue, 23 Aug 2022 13:00:24 GMT

GET
H2 200 1*HJS2Dolxg5B0n7u1oJ213w.jpeg
miro.medium.com/fit/c/80/80/ 3 KB
3 KB 53ms
52ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/80/80/1*HJS2Dolxg5B0n7u1oJ213w.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ce4427bfbac3014cefafb8dc32b0bde12d8e1aea983f1f95e5e795417731b9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 135041
x-envoy-upstream-service-time: 41
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2978
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 72fcd6ac7e8b6983-FRA
expires: Tue, 23 Aug 2022 13:00:24 GMT

GET
H2 200 1*AuwihOv-G6udHbXes_-rhA.jpeg
miro.medium.com/fit/c/80/80/ 3 KB
3 KB 62ms
61ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/80/80/1*AuwihOv-G6udHbXes_-rhA.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a117758fa6c72e27ea67353419e32a6833fe5f1051426159d25926b3970cc2d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 135041
x-envoy-upstream-service-time: 75
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2628
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 72fcd6ac7e8d6983-FRA
expires: Tue, 23 Aug 2022 13:00:24 GMT

GET
H2 200 manifest.88e21c49.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
5 KB 64ms
54ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/manifest.88e21c49.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3069d7e3e4825c130ad313535269bc60d2c1b0b9a561c37ae6900886a078d924

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 170766
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 831XH8ZDE6G4ZBS3
x-amz-id-2: 2Ks256gF7NcfjzDqIiUgdo84cJNTww3W7s8kST8vhnBmVmBcfn0qbJkIoBU6bx3PfFCzvnISxVE=
last-modified: Fri, 22 Jul 2022 13:24:30 GMT
server: cloudflare
etag: W/"4983ce2851780408c1084243875b5c4c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: LLH4vSLjPlZQ38ick2KJf0YIzqWu72.X
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 72fcd6ac7e916983-FRA
expires: Mon, 24 Jul 2023 13:00:24 GMT

GET
H2 200 5095.36bab7b6.js Show response
cdn-client.medium.com/lite/static/js/ 720 KB
224 KB 134ms
124ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5095.36bab7b6.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6491ee287d59d8f3a8cf4e26c7fb796630b3c2b677b31c9a45e1c37210eeacfc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 173548
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: E5930M7755XFTE4S
x-amz-id-2: KrA3x5uZ/xojw/tuTOMTf/5lT3JnrirkNV3W8GpFT/sYe3SxuKop6E3gXpm40NsdDa65x60Llcs=
last-modified: Fri, 08 Jul 2022 09:59:59 GMT
server: cloudflare
etag: W/"b1eb8340ab6fb377c8f423eb3a893567"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: WCanG65e2UeBKnT5HddljeAtZxcf29NA
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 72fcd6ac7e8f6983-FRA
expires: Mon, 24 Jul 2023 13:00:24 GMT

GET
H2 200 main.a2cb94d6.js Show response
cdn-client.medium.com/lite/static/js/ 729 KB
176 KB 70ms
60ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/main.a2cb94d6.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b3327939cab9bc903f09b47fc1f5ac71f3f92653b033efc8db0d21057aee16cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 243600
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: W7688XF9FB10DEYQ
x-amz-id-2: ECv7veceJ/w0vnzv3c3PIJCAD6OV18/07vA1yA0LqTR9cXgAhz4BYuiW5rJUt2k2YgxzdKxcPNM=
last-modified: Thu, 21 Jul 2022 17:07:04 GMT
server: cloudflare
etag: W/"3418837db4c56c986449fdd52fdd4ad9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: k_aqD5vQNVGZE.N6R_YArIvMXaUwRJ6G
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 72fcd6ac7e906983-FRA
expires: Mon, 24 Jul 2023 13:00:24 GMT

GET
H2 200 instrumentation.d4892e93.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 3 KB
2 KB 134ms
124ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/instrumentation.d4892e93.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8c4eb367086e5f555599ef54c0e862a4f4b13e7bbb6161d859d1bc8a82fa9813

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1096721
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 2R4VYQDMXXZBT37Z
x-amz-id-2: unNu4ubM7VT2JbFvJQ1MXAag2BZqoB8SbP5yjgkjPFWxUL6TSJOdrglouvrmS40SnaWtkbn+8FE=
last-modified: Fri, 01 Jul 2022 00:11:22 GMT
server: cloudflare
etag: W/"e88ebc420a64202472eb95f862dbaa1b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: PqdKEjQEBl6639b0HbvHFMWJurUzoji2
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 72fcd6ac9ecd6983-FRA
expires: Mon, 24 Jul 2023 13:00:24 GMT

GET
H2 200 8732.9d4e0df2.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 65 KB
19 KB 63ms
53ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8732.9d4e0df2.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

008b735b5e27e2ddea50ac42eeaef63fae74d969ff15e3144c7b9f7c927baffd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 847398
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: VKC99QTCBK1JJRSK
x-amz-id-2: q5KO0l+kDDFVGCiz9TdU1XKQr813wXW0hWzBb+kJKHGPuS2cbr/qlFqjRQD4lviAyLSsWb0H0qU=
last-modified: Tue, 28 Jun 2022 21:50:52 GMT
server: cloudflare
etag: W/"6282534288238b33d8aa9c488837d8c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: NxzGjDoZXtQ2GwkHKvwxxgw5Nexyfnov
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 72fcd6ac7e926983-FRA
expires: Mon, 24 Jul 2023 13:00:24 GMT

GET
H2 200 2837.ce7e5a4c.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 16 KB
6 KB 133ms
123ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2837.ce7e5a4c.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60d4189e8ccbe7992c0c6d663d5cadfbf8caf5fb98568c9e36e327b22db7fc70

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 914727
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: VRBF0S2TWTY03YZ6
x-amz-id-2: 5mbTEBGz9qvEtGtzK42Nhe/dqzJ9VhmPvjj06MPGjj6HiVnCDkcSMPYbExqgXqkq6dQuqZW9Jzs=
last-modified: Wed, 29 Jun 2022 22:03:05 GMT
server: cloudflare
etag: W/"11fa9a050a3c09ba8e63ae9c7c4ac401"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: EMPPfvJiL.Tu7UDvhc8x9rYn1dlWsXb9
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 72fcd6ac7e8e6983-FRA
expires: Mon, 24 Jul 2023 13:00:24 GMT

GET
H2 200 AppLayout.93467155.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 110 KB
22 KB 110ms
106ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/AppLayout.93467155.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f372cf966e769956932569ffa2d125dade50463164f145f7b9d69e83ce1d9b07

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 188520
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: FV0T0GH8B6RXS3RG
x-amz-id-2: Pyqfg+0bEJZvEDEODbS4dU0okQMtK9rTf3f+fA7WpHEyv/llsfALU/5JsU11EfNNOXL5XKe20o4=
last-modified: Fri, 22 Jul 2022 08:26:43 GMT
server: cloudflare
etag: W/"73144ecab773af2c2d4e836e72572c06"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: VkLT9jKGwLC_kAcVbe5U3RxWeGX.C9Hu
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 72fcd6acdf6a6983-FRA
expires: Mon, 24 Jul 2023 13:00:24 GMT

GET
H2 200 reporting.bbdcaa9d.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 1 KB
918 B 108ms
104ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/reporting.bbdcaa9d.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a96cae42b1009fa744e6e9d4149f69da1ad14892d80a57ca04f6b0e3f1d9e46

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1096721
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 2R4YTKBCDDS6HF3J
x-amz-id-2: hpLJFwZLVe3kLMmVyN1xu6SbW8NO3o//weOaZ5BXpjjUY6yHS7cvPj69YBWyN1dhbN/YbQe1UB4=
last-modified: Fri, 01 Jul 2022 00:11:40 GMT
server: cloudflare
etag: W/"72bc359fe3377069bd162b3be6ed3d05"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: hDbV.8OiTMB.Vn8rqDBCJ.dxBb4bMoaR
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 72fcd6acdf706983-FRA
expires: Mon, 24 Jul 2023 13:00:24 GMT

GET
H2 200 4270.c0f5b685.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 5 KB
1 KB 109ms
105ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4270.c0f5b685.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d787d15d3e723baa0a7493cbb2e220bd72a640111eca49229ab21aa82a3c0fb8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 398161
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: C2ZN163S1S828YMM
x-amz-id-2: lN1VMVaeaxRA6JY7+jojWRuyaU3UMOhyF07ltDGS+YyWWVSyvqeb9ASTn/Hr82e9/OYyZQ+ZxgQ=
last-modified: Wed, 08 Jun 2022 01:57:01 GMT
server: cloudflare
etag: W/"ecb15ff3b96846c74bbdba0df72c6c69"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: KSkooLLVUmAEyr4Mvb9mqebbFmTOLR9I
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 72fcd6acdf716983-FRA
expires: Mon, 24 Jul 2023 13:00:24 GMT

GET
H2 200 1752.a348f767.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 23 KB
10 KB 108ms
104ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1752.a348f767.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

961f2b3e92eba06b032c090511ab8fb8b65ff7f0b471c7bd22817061288f8368

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1048713
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: KZ14F4DJ39Z3KD31
x-amz-id-2: EH9a3SVQgwGg+xgKP+wLoMBxv4vi3bqNF1lLFBsPfty2oXINnyDdoXCZNr63aUDBWO4Du/Lj2Tk=
last-modified: Tue, 25 May 2021 18:36:29 GMT
server: cloudflare
etag: W/"7741f0aa651938c2144d2a015cea95e3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: tE2Oq32GJtDB6jVcHF3DcPbZYJQJcUaP
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 72fcd6acdf736983-FRA
expires: Mon, 24 Jul 2023 13:00:24 GMT

GET
H2 200 7794.9590314e.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
4 KB 107ms
103ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7794.9590314e.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a68bdc22aa6d2deedff5c4999e3618222cf20b0902530b7f924b9e2a4300e40

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 150087
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: ZZ2GZ8XPEV2XSK8Q
x-amz-id-2: ZlnxwgkjMnGtnnoC7ojH0QwhC0XfdFWPNT0tzpzMx7ygzdLPg6cqgl3wZCpV+Z2ow4dAGrEJyes=
last-modified: Tue, 25 May 2021 18:36:34 GMT
server: cloudflare
etag: W/"fdb51abd005c8009b18f0a8ff313072f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: edEnQQoOPA8J97QSUBTjXG.e16leDLA5
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 72fcd6acdf756983-FRA
expires: Mon, 24 Jul 2023 13:00:24 GMT

GET
H2 200 8316.18f2a6aa.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 6 KB
3 KB 110ms
106ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8316.18f2a6aa.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

83ba7707bfe79a63651504c93f7a572d83f1effea66a3e9429a4b10f26c38899

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 150087
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNHD5SFN5Y8TW45S
x-amz-id-2: hFIjAklPE8uAiFD3F+iWoIjr1hZAL+bvgJNwZvAJEZUDnYTo6ZgZ84z2QdIcyEiccMTz7/tDkuo=
last-modified: Thu, 14 Apr 2022 09:06:33 GMT
server: cloudflare
etag: W/"9fa67454adaeb385a3a70077ff7b7df1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: QUYK47Sx_vLYH.MHyrUF8Ib7srVpusAN
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 72fcd6acdf766983-FRA
expires: Mon, 24 Jul 2023 13:00:24 GMT

GET
H2 200 5221.7f146039.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 23 KB
6 KB 107ms
103ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5221.7f146039.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e5afd531c75a0a2e8347ac7b37183204c1fdb0c223ec6414d7da42f1bd233dca

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 954469
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: YJ8Q6RTJJ6MPS08Y
x-amz-id-2: 2Uk4T9AGUQIM8pwhusrHzZbxRFdktBbApZQv4JMnFFSM5ZVHGPV66yScLgk69SuhmFeouYtDh30=
last-modified: Tue, 12 Jul 2022 14:18:42 GMT
server: cloudflare
etag: W/"c3174357ebcb0719db18b72713fb4742"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: CK.rZJ8h7QPbhgsKdQ0Yuh47meRqX.X7
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 72fcd6acdf776983-FRA
expires: Mon, 24 Jul 2023 13:00:24 GMT

GET
H2 200 4330.505d9b82.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 23 KB
8 KB 107ms
103ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4330.505d9b82.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5ad10c973f7f20d9919fe89e9efb6b8f505a89b9324d59b33d0179b0f3600760

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 343584
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: RSWBVK6GPH7WA1WS
x-amz-id-2: OZ6e2z5QUZWezMFWsn4G+FZ0nMtzylweSBD/sLDbg9kYe3R0SabqK+UA4Zsd0PYKM5GXh/ku8WA=
last-modified: Wed, 06 Jul 2022 07:53:37 GMT
server: cloudflare
etag: W/"89633caba427b7d20e544297bda66dab"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: gQEbNSFB2YYpg7DkC97.n6gYODZl5Nfz
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 72fcd6acdf786983-FRA
expires: Mon, 24 Jul 2023 13:00:24 GMT

GET
H2 200 2981.a73a3afe.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 8 KB
3 KB 108ms
105ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2981.a73a3afe.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3702ff0b9d7faec5b8b436090a0fc3c50dd19271a9029a357e97a506ff6b693f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 398259
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: Z26ET87R4XW28Q9M
x-amz-id-2: 9eoknKo44+MmwsD4z2lzMt1cMs8HrtsWWvaR4bdgPX4QJu6+rg3POSvKSbbM3cqlGfwpcOZ0bxw=
last-modified: Mon, 16 May 2022 03:47:31 GMT
server: cloudflare
etag: W/"9b962a6c3fe514da0f70551af2c6c736"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 8hJRWUosDYWSeoajDVAe78qP2kpfwfbB
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 72fcd6acdf7a6983-FRA
expires: Mon, 24 Jul 2023 13:00:24 GMT

GET
H2 200 3115.5f1b0b71.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 149 KB
39 KB 111ms
107ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3115.5f1b0b71.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a1a3279b27d6e37c575299107afe1bc6a5ba3119a5d3acec333bf65277bcc84f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 845915
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 118SNW98WDMVCPW0
x-amz-id-2: 8K1nBJCq5eHC/ZtWZ8zIl+MDPX8MDO9GdMo1jZ3hsb7sn5wQOrOKYFWIDqRuiLAF1O6lroqnPFE=
last-modified: Thu, 30 Jun 2022 09:32:07 GMT
server: cloudflare
etag: W/"cb4622c26825353a5bff51d8bcfb15d5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: P6WcmN.3JTY3_B_DHVBSO7M_dpi1Zwc0
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 72fcd6acdf7c6983-FRA
expires: Mon, 24 Jul 2023 13:00:24 GMT

GET
H2 200 4869.15af887a.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
4 KB 111ms
107ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4869.15af887a.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78bedd375082bded00712183c8e141c4d65dfcffb8b4bd369e3081e1027a1338

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 398259
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: BVXG0076RV4B9JAP
x-amz-id-2: uKH8UQbmWp1mPmCPTJvTtTv1kuEn3ARbt5hpFXJtd9Q7grMGajh8gSczyhsbEk9PSu4/TmP63i8=
last-modified: Tue, 21 Jun 2022 18:46:21 GMT
server: cloudflare
etag: W/"461c7bfcd82063a67a77f584159505ce"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: zsasPIPj4VNjHd6lWz1Ablp9oC5jhxmA
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 72fcd6acdf7e6983-FRA
expires: Mon, 24 Jul 2023 13:00:24 GMT

GET
H2 200 5472.5f6d4371.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 11 KB
1 KB 119ms
115ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5472.5f6d4371.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ee6184aa8ad5fa680d2808790bb04a001d8369d143b313da43af3794ab7ea3e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 150087
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH8PTMK5AP330DM
x-amz-id-2: xGpOOu8UZAzsu1YWUtNuDaspxj3NnwdsbLl4CFr6mQNnuC5VgdmPYNonihLFzHPh0iUQuVnGPss=
last-modified: Thu, 14 Apr 2022 09:06:30 GMT
server: cloudflare
etag: W/"6adb8844d763f7d58b6ed49ab89899c7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: M9BL7xv54wPjdaXSST5ko_cL9x0mMNwi
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 72fcd6acdf7f6983-FRA
expires: Mon, 24 Jul 2023 13:00:24 GMT

GET
H2 200 9401.492bc814.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 22 KB
6 KB 113ms
109ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9401.492bc814.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ba5bf3fa263482c7fb5667136879875ef46b6bda007664510797fddc88b1244d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 398259
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: BVXT7BCCKH158FM3
x-amz-id-2: fmyPMPKPQeWvDtiHrQgX5CGXZTku+5n0vOfhSaA2QdzDZmCmY1RbWsXR1l8WR2n7FzWl5DH3jRU=
last-modified: Tue, 21 Jun 2022 18:46:28 GMT
server: cloudflare
etag: W/"1ddc9c0c19f0fe0be7a7d8a22ff4b327"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: o7qB8yuUJ2.ySHF37F8FxNhTjXdITIXy
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 72fcd6acdf806983-FRA
expires: Mon, 24 Jul 2023 13:00:24 GMT

GET
H2 200 2307.e2eee8fb.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 43 KB
12 KB 114ms
110ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2307.e2eee8fb.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a0ab426387b4578de5273a69f300167c07ceef4d6fd614061f82e744912caf3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1103759
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: C161FKXC1QHNCGJ5
x-amz-id-2: VDHgfeX3rOnFPcDMyWQmOisa1RU2GseRafJzK1phkL0TbrZgYDmVx6uwAFSigxUD2XCvUAKuZ7s=
last-modified: Mon, 11 Jul 2022 17:54:24 GMT
server: cloudflare
etag: W/"7d0f7b40aa739665bb020b5a1565de04"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: qIXQQpBSzO.nx9tUzBqTqIUMorGPbz14
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 72fcd6acdf816983-FRA
expires: Mon, 24 Jul 2023 13:00:24 GMT

GET
H2 200 9442.5291e270.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 21 KB
6 KB 108ms
104ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9442.5291e270.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

344df165dff1ae918acd3a503ff235364e3e2588b76ac6ac7afe9b28a347d661

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 343584
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 8NAYDQE9MQK743Q9
x-amz-id-2: Q+YMUo3f6jyml7SXk6SmWMrC+AY114aKXRjQlxqfefqQ7aN4c6PDcZ7B2XOvKqS3AdCjuSFaiK8=
last-modified: Wed, 06 Jul 2022 07:53:44 GMT
server: cloudflare
etag: W/"3edcd4d9e5942e997e7195e591b148c6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: pCL2A.BoWSvPuskvdf9gJgCn0qWM.lXJ
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 72fcd6acdf826983-FRA
expires: Mon, 24 Jul 2023 13:00:24 GMT

GET
H2 200 7070.4ba587c4.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 18 KB
6 KB 111ms
107ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7070.4ba587c4.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

05050a7f9156fca338fdf18683aba2fc6810ae354eae1c647bd786c05c7fa369

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 914365
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: VRBCPMJBPG92T288
x-amz-id-2: Nq8zLg44/1nh7KpJFbh9SoI54n8gmcYTDENnt5yMPN05j0QYhTHEUpNZHmn/zCpVrWrB1yk08nE=
last-modified: Wed, 29 Jun 2022 22:03:10 GMT
server: cloudflare
etag: W/"fd36f064abbbaf7b29c9f3a8e4011812"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: SwMGig1K1198JJuUScFH8NXAGwDIOmeE
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 72fcd6acff846983-FRA
expires: Mon, 24 Jul 2023 13:00:24 GMT

GET
H2 200 4483.1c9f35b8.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 24 KB
6 KB 109ms
106ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4483.1c9f35b8.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7f0b26d4ff0023bc2419013c30d370f1d8428589d68da382a4eb03891afb442

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 343584
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 8NAGGZVRG5ZFEEYV
x-amz-id-2: olgOIO1N5830KcfqedCM9dGK0Q+zfvbTgpvFGkXBTXkK1XYRQDNSonQUMgD5qqvt4gh9LRd+030=
last-modified: Wed, 06 Jul 2022 07:53:38 GMT
server: cloudflare
etag: W/"0079f6edb2fae3e8d88f3aa8abe364fe"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: QknjJ5JcoAnmRMofe6Cwcqv9fPfumgpd
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 72fcd6acff876983-FRA
expires: Mon, 24 Jul 2023 13:00:24 GMT

GET
H2 200 210.f2d589d2.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 32 KB
11 KB 111ms
108ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/210.f2d589d2.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fc4e14de11834a07a456fe0d9fb8aafa563947eb506bfeff5a5e6549d91948df

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 914641
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: VRB62HQF9KZWZDNS
x-amz-id-2: 9xy6z54+hwogO0SXBWj9eBNu/rPHcLWhZ+qzFF3+A9yqmlTxsqrx9zk4O12IQOcIM76g/vqZfoM=
last-modified: Wed, 29 Jun 2022 22:03:04 GMT
server: cloudflare
etag: W/"9a35f014802f77682c7a5dea172b39f0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: NufGT1xWWTJHfKM35WiTPKCz6YBkLYaA
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 72fcd6acff886983-FRA
expires: Mon, 24 Jul 2023 13:00:24 GMT

GET
H2 200 864.90f4e209.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 15 KB
4 KB 110ms
106ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/864.90f4e209.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bd6d2a879a0ba0c99773081ba0defb110ec663be8d32d8c9c9d1f1d0880869ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 431900
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: HF7KABSK1W2WE7D8
x-amz-id-2: MNRUM96EdWAPorjAZQIXPeiKWtWprW7GPHBaGJi1Pa2Hh/DthlcZIeSyDQtLymEbROCnz9UCYww=
last-modified: Tue, 12 Jul 2022 16:34:28 GMT
server: cloudflare
etag: W/"1094f518e10b5abda59899f3aa133c53"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 7H_.nG2vI.NvlQs3bQoN7V.F4qLVnzfa
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 72fcd6acff8a6983-FRA
expires: Mon, 24 Jul 2023 13:00:24 GMT

GET
H2 200 9841.1bb423da.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
4 KB 111ms
108ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9841.1bb423da.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8b5255e96502b2b45b78b0e006ddd885fbbfdec57eda875d73c57c213ebe031c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 343583
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 8NAXTKXVT5YRHG8C
x-amz-id-2: 6RKhOlsS35C1DjFeoOeZMOD90SHxxnChKIQkQecxgi1FNFcL9Jw/77BJ3rP6obK3+XmQcVD4AV8=
last-modified: Wed, 06 Jul 2022 07:53:45 GMT
server: cloudflare
etag: W/"a438d4b84fc984bedab39eff52de7d1b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 1xI7YK_MjEYp2K.Qr19IRQM3SL0GPfHl
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 72fcd6acff8b6983-FRA
expires: Mon, 24 Jul 2023 13:00:24 GMT

GET
H2 200 220.e37b7d47.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 27 KB
6 KB 110ms
107ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/220.e37b7d47.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d1e39a93ddf1bd3dde5198c2f6cee9be8bdff83edd90d6a998476f2d14e6279d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1103759
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: C16DF5MZPJ371TZX
x-amz-id-2: CdHhDTn/5IMX+LgrCcOy60/5AykTARS4NuJO7HHErObT0fnbQvVAcuSQ5aYiJsB5IWMOct1KzKs=
last-modified: Mon, 11 Jul 2022 17:54:24 GMT
server: cloudflare
etag: W/"7b3af361e65de73670b4d1fda71a3f8c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: crhKDBo.ym3m1b3zXoXLk_jDpgMbY.ns
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 72fcd6acff8f6983-FRA
expires: Mon, 24 Jul 2023 13:00:24 GMT

GET
H2 200 82.c66fe3fb.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
5 KB 109ms
105ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/82.c66fe3fb.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0aaca48ade11e94f65e9d76e28aa2f572a13cfdba59bce39a754ea21a3fe1542

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 914860
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: VRB60B1BY1HR9773
x-amz-id-2: nh3CrdUOuiPjCylKHXfVhQOQckQZ9BsrRW2JMceQYe37kV0OTghYtpow0TSSGl1MC0ceoYfu/Vc=
last-modified: Wed, 29 Jun 2022 22:03:13 GMT
server: cloudflare
etag: W/"a134c14aea4858c6cd5c1e3cc629c861"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: Iun.AJkdoNitdqdP8jL0nZaR0a6lpWHw
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 72fcd6acff906983-FRA
expires: Mon, 24 Jul 2023 13:00:24 GMT

GET
H2 200 9304.c7b56506.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 18 KB
2 KB 112ms
109ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9304.c7b56506.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b2908f766175014953bd1beec53113aec865e70bfe0791bf9491f114390a703d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1038061
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: BYPW3CCN99V10D60
x-amz-id-2: AUkOwHBBliHxbVFIw0g+SRchmdcZd2AdhEmVDKnnvBEA3QiYfY+T+efKh8LYzuBgS4HWcxhD2z4=
last-modified: Mon, 27 Jun 2022 19:51:07 GMT
server: cloudflare
etag: W/"e1d132fccc80dcbbe1bc0d478d06f5ee"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: TG5KHLL7Lc.pRTw6mS0vwhcvYtqnDVEA
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 72fcd6acff916983-FRA
expires: Mon, 24 Jul 2023 13:00:24 GMT

GET
H2 200 5281.652a7988.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
3 KB 112ms
108ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5281.652a7988.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2efe526dc817b96a4822fdfbee06c9100af12e59e1e3a20932e6745c35e09988

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 150087
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNHA6FG3QS6BVZBR
x-amz-id-2: bKpvQT0l0R+9iZqrjI+NXH9ySdz2IFP+YXfDKuy5s72Zk70knnO/JKoSdTDbKkL+TCOkHk72s6s=
last-modified: Thu, 14 Apr 2022 09:06:29 GMT
server: cloudflare
etag: W/"04b131139a2938b205f512652ec29a97"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 33irNxWTdFjop9o1_s8tyzZ.0zoR_rMU
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 72fcd6acff926983-FRA
expires: Mon, 24 Jul 2023 13:00:24 GMT

GET
H2 200 8051.dd3484e6.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 59 KB
14 KB 115ms
111ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8051.dd3484e6.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25d29a69b66e91f371030a516b6b1fa1caa78f70c2887a625d575f56b2cdc67b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 914639
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: VRBBDWF0NHXXK990
x-amz-id-2: 4Ue2apXIAUlPioCahhUqE8U9kx2QZZefhV8EmouPvFMedFv7FI9he2EqKaPTM3hb+EAXoVI87h0=
last-modified: Wed, 29 Jun 2022 22:03:12 GMT
server: cloudflare
etag: W/"d53a3fd17f434413644b2b67ee53fbfd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 2s4xEOuajDMPGywc9IK99lMHkvPfTjSJ
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 72fcd6acff946983-FRA
expires: Mon, 24 Jul 2023 13:00:24 GMT

GET
H2 200 743.4eec99d9.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 37 KB
10 KB 108ms
105ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/743.4eec99d9.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0015cf89ada547fea81a9d249ba2e2ecf9fb0071a09c4af2fb5c4238222f76d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 188520
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 3KMZ13G23AARV1V6
x-amz-id-2: 3Y54fjHbV1JNJPSfNKOBC83N+YcDosiIrwV7o9ZCpWxNQc2Nl0CCead1pJTXLZRVu9DbDh0bh40=
last-modified: Fri, 22 Jul 2022 08:26:38 GMT
server: cloudflare
etag: W/"cfa753e40c8d689031f27a968751b3fa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: NG.RK_YDvI4t.CgP1vArZryII.ZFHuH4
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 72fcd6acff956983-FRA
expires: Mon, 24 Jul 2023 13:00:24 GMT

GET
H2 200 3525.ac4c45b8.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 21 KB
5 KB 114ms
111ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3525.ac4c45b8.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

02667867126146d3803a2471808f05b7863565b372d3ca21093303e6099da91b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1103758
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: C16C4P27226FEANK
x-amz-id-2: ddZ6Wyt2oLwvWXNmUTMZ2snTnz3vRlDpvAVFy812QLvZiWdQyfdnzejL3L/VMPiUAUQmtfeQqpc=
last-modified: Mon, 11 Jul 2022 17:54:26 GMT
server: cloudflare
etag: W/"051307223c908a7a1276fe17d8841eee"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: kJTyKjOs6_anD5SYsvYX3fauxskAV5pp
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 72fcd6acff966983-FRA
expires: Mon, 24 Jul 2023 13:00:24 GMT

GET
H2 200 5063.a25c2ed4.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 21 KB
7 KB 112ms
109ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5063.a25c2ed4.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e47505f3896c47a15a7d79085040ceb297818ed49234e8c54d6746ed728ed564

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 343584
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: RSW186T4CE6T28K5
x-amz-id-2: ezIBVlpXIrsd5uTcIemHTHizGW2ZF+0lIDu8w0jbrNWWfdp1qUqu6QQp9YyLieDsXak8CijMSEs=
last-modified: Wed, 06 Jul 2022 07:53:38 GMT
server: cloudflare
etag: W/"c26b7578cdb05b752a842da6d43c92d3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: k_uA1iNEdGhJ9bFQ2ocXFtJehc1DCDxp
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 72fcd6acff976983-FRA
expires: Mon, 24 Jul 2023 13:00:24 GMT

GET
H2 200 PostPage.MainContent.4a6b5344.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 117 KB
27 KB 111ms
108ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/PostPage.MainContent.4a6b5344.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b3f4c0497f87ffa29dfcdff6672f842738157cfd0de17aa52fdd44b983f2d54f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 188520
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 3KMWHPW5K3Y8P913
x-amz-id-2: +uaKFW3GQtIXf9WTK+LS+XepkcAT597xd6kzMCZ2mrCkX2uSo45zB834pkj3lfXB8ApksVGRflc=
last-modified: Fri, 22 Jul 2022 08:26:56 GMT
server: cloudflare
etag: W/"6a0f985a3e5597d04f687b13db2590a3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: Kt719A6d0avTIUbhCLR8wk5UczrOj2Oe
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 72fcd6acff996983-FRA
expires: Mon, 24 Jul 2023 13:00:24 GMT

GET
H2 200 3702.3ff2b606.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 22 KB
8 KB 114ms
110ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3702.3ff2b606.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

15cce4cc8cdeaa9836fcf9825207713015717d70868975b58be1615133b52126

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 529987
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: B1Q5NDM63MNC88JC
x-amz-id-2: Q+1+COTyZju4mqsZ4nKF6MWx+SiKjRsAQbNj5oPfgOokqgAqJfmcOMlJa+onVRzTuQNc4RzJhn4=
last-modified: Mon, 18 Jul 2022 09:34:00 GMT
server: cloudflare
etag: W/"57a9218efa22d551026f7c293fd5ed34"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: TdyjRsWI2ioeXLAMn0Qu9ciypaoaFQT0
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 72fcd6acff9c6983-FRA
expires: Mon, 24 Jul 2023 13:00:24 GMT

GET
H2 200 2021.29306ca6.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
3 KB 114ms
111ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2021.29306ca6.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f028d33cd63dd991ff2c511d2d8ad691d1fcf6c1cb32c1311402154219025030

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 845915
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 118MBRBSZGHYY4J6
x-amz-id-2: YHUmXRSYeGPfoXHzqtAPwNXBt3Sf2n/MqqVJCF53q1nN4pkVBT92zMCwcd5ukEpOr70PV4391gs=
last-modified: Thu, 30 Jun 2022 09:32:05 GMT
server: cloudflare
etag: W/"14920f91a13df6801974043cd17a10cf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: Li9.AhWuLguuyIoDBCHo86WWvmZn2_EQ
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 72fcd6acff9d6983-FRA
expires: Mon, 24 Jul 2023 13:00:24 GMT

GET
H2 200 9291.1fdf5692.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 20 KB
5 KB 112ms
109ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9291.1fdf5692.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e96e66cb658833ab9d0d9953b84ae629dab879569953299a8b5676764f3cbfd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 762944
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 9W66A52SDWY4WXT8
x-amz-id-2: nPoKHMM3J4/fRAcLv8PvxqtaF8P5ZkcmOTQmQtltuwkHspxc07mANOthI1LMtlJ9ks1XAELlqrM=
last-modified: Fri, 01 Jul 2022 14:10:25 GMT
server: cloudflare
etag: W/"fbeb276bd588ec63abba58c9eb2fc8af"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: GbGRjlqWdaGAjiB85bYa5AZOUAvWmm7z
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 72fcd6acff9f6983-FRA
expires: Mon, 24 Jul 2023 13:00:24 GMT

GET
H2 200 PostPage.RightColumnContent.908f540b.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 38 KB
11 KB 110ms
107ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/PostPage.RightColumnContent.908f540b.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9303433542f941a1079cfcfa4b7bd3206fb3cd45e77440f832075ce63d262bcc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 845915
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 118PE1HZPF1R9F3H
x-amz-id-2: BgeLpjmfWefE3SEvqJN7ULtPCrMwYElkK7K4y4PoZIr5oiIdQE56jc0l/PHNK6yGeMJV2Y+uWPY=
last-modified: Thu, 30 Jun 2022 09:32:32 GMT
server: cloudflare
etag: W/"90960747cda8a4bffb21564a77057d6d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: TevxoljJ.zsVMkJ7xZr5o0_mWnjI3NyG
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 72fcd6acffa06983-FRA
expires: Mon, 24 Jul 2023 13:00:24 GMT

GET
H2 200 1*6XM15VaWbf7HK1HmiRkv1Q.png
miro.medium.com/max/1534/ 916 KB
918 KB 83ms
83ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/1534/1*6XM15VaWbf7HK1HmiRkv1Q.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

57cca6a573f50ef861f32cf6ac1c2f9e622b72396edc71ee6ec320eb0852ced0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 130623
x-envoy-upstream-service-time: 103
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 938357
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 72fcd6acbf0a6983-FRA
expires: Tue, 23 Aug 2022 13:00:24 GMT

GET
H2 200 1*WPMRCdxJhe4cvefeJ5FbmQ.jpeg
miro.medium.com/max/1534/ 236 KB
236 KB 79ms
77ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/1534/1*WPMRCdxJhe4cvefeJ5FbmQ.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f49dd05c9e66318b4c49435f7d061daf1d4cd1241fcb312d738a35e223773d12

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 130623
x-envoy-upstream-service-time: 179
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 241602
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 72fcd6accf276983-FRA
expires: Tue, 23 Aug 2022 13:00:24 GMT

GET
H2 200 1*tKP4kGZhSa-H0wroJxY3fQ.jpeg
miro.medium.com/max/1534/ 439 KB
440 KB 78ms
77ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/1534/1*tKP4kGZhSa-H0wroJxY3fQ.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

76ab71ee0832196f5a54cd924b4473fed49378abf993060767ff831a286aafed

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 134144
x-envoy-upstream-service-time: 105
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 449950
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 72fcd6accf2c6983-FRA
expires: Tue, 23 Aug 2022 13:00:24 GMT

GET
H3 200 gt-super-400-normal.woff
glyph.medium.com/font/4a44748/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 13 KB
13 KB 140ms
97ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/4a44748/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/gt-super-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

40c05a07ac09c244b63a1755d524e094c32a18072335fb6cfc7f13da9cfe3eb9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 12954664
x-envoy-upstream-service-time: 16
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 72fcd6ad0e4c6987-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Mon, 24 Jul 2023 13:00:24 GMT

GET
H3 200 sohne-500-normal.woff
glyph.medium.com/font/df9ba7f/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 18 KB
19 KB 97ms
53ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/df9ba7f/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-500-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

65f0c65b5db3aa0568c7986479a4a3e909a05a84fb34ced48d70a2d628dd1444

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 12624981
x-envoy-upstream-service-time: 31
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 72fcd6ad0e4f6987-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Mon, 24 Jul 2023 13:00:24 GMT

GET
H3 200 sohne-400-normal.woff
glyph.medium.com/font/b492c44/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 19 KB
19 KB 140ms
97ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/b492c44/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b0f424bafe993b016ea96973894f95dfc4290608478a2d7d3fdd080d9b0a60d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 14269271
x-envoy-upstream-service-time: 32
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 72fcd6ad0e4d6987-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Mon, 24 Jul 2023 13:00:24 GMT

GET
H3 200 1*dmbNkD5D-u45r44go_cf0g.png
miro.medium.com/fit/c/24/24/ 383 B
825 B 54ms
54ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/24/24/1*dmbNkD5D-u45r44go_cf0g.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c7472f7ddd48154cafa5966a38a523318a4c9463190594712195bfaba962220a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:25 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 141030
x-envoy-upstream-service-time: 42
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 383
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 72fcd6b1092f91d5-FRA
expires: Tue, 23 Aug 2022 13:00:25 GMT

GET
H3 200 1*8rgW0Qvy2bSGSBMlORMhQA.png
miro.medium.com/proxy/ 274 KB
275 KB 57ms
56ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/proxy/1*8rgW0Qvy2bSGSBMlORMhQA.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

646d8cb64a720e7a4867157e23cd3dd5f55cfe3c4fa33998a48821a4a8277363

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:25 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 99895
x-envoy-upstream-service-time: 89
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 280968
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 72fcd6b1093091d5-FRA
expires: Tue, 23 Aug 2022 13:00:25 GMT

POST
H2 200 graphql Show response
posts.specterops.io/_/ 143 B
437 B 137ms
137ms Fetch
application/json 52.4.175.111
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/5095.36bab7b6.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.4.175.111 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-4-175-111.compute-1.amazonaws.com

Software

nginx /

Resource Hash

85bb85425ce8802117e8258762a353c3314c51f591878d644c057b01d1d47826

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 2060bd15247507c9
medium-frontend-path: /lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.
graphql-operation: VisitorQuery
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.
medium-frontend-app: lite/main-20220722-131520-9791b04c49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
apollographql-client-version: main-20220722-131520-9791b04c49
ot-tracer-spanid: 5376b57f31df97c6

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
sepia-upstream: medium
server: nginx
etag: W/"8f-zfXXhuddfwxJbIKAts2w1rs3rpM"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220722-091414-13f9c99823, rito/main-20220722-122947-1af69eadb6
x-envoy-upstream-service-time: 11
content-length: 143
x-xss-protection: 0
x-request-received-at: 1658667625224

POST
H2 200 graphql Show response
posts.specterops.io/_/ 108 B
428 B 161ms
161ms Fetch
application/json 52.4.175.111
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/5095.36bab7b6.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.4.175.111 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-4-175-111.compute-1.amazonaws.com

Software

nginx /

Resource Hash

02e9e1939e214dfa38c8eab94afca48043e7f00c46e95908662548a7d19819e1

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
medium-frontend-route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 2060bd15247507c9
medium-frontend-path: /lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.
graphql-operation: PostPageMeterQuery
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.
medium-frontend-app: lite/main-20220722-131520-9791b04c49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
apollographql-client-version: main-20220722-131520-9791b04c49
ot-tracer-spanid: 5376b57f31df97c6

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
sepia-upstream: medium
server: nginx
etag: W/"6c-I3CG28DxUiEEF9QH3iLEotaTHR8"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220722-091414-13f9c99823, rito/main-20220722-122947-1af69eadb6, tutu/main-20220722-175611-cca60c5a2c
x-envoy-upstream-service-time: 35
content-length: 108
x-xss-protection: 0
x-request-received-at: 1658667625225

POST
H2 200 /
posts.specterops.io/_/clientele/reports/performance/ 0
0 135ms
134ms Fetch
application/octet-stream 52.4.175.111
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://posts.specterops.io/_/clientele/reports/performance/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.a2cb94d6.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.4.175.111 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-4-175-111.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.
Medium-Clientele-Client: lite
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 24 Jul 2022 13:00:24 GMT
medium-fulfilled-by: valencia/main-20220722-091414-13f9c99823, clientele/main-20220617-183152-4ab8c56101
x-envoy-upstream-service-time: 5
sepia-upstream: medium
server: nginx
content-length: 0
content-type: application/octet-stream

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 120ms
37ms Script
text/javascript 2001:4860:4802:34::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 7105
date: Sun, 24 Jul 2022 11:02:00 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Sun, 24 Jul 2022 13:02:00 GMT

GET
H2 200 branch-latest.min.js Show response
cdn.branch.io/ 76 KB
23 KB 131ms
44ms Script
text/javascript 108.138.17.81
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.branch.io/branch-latest.min.js
Requested by: Host: posts.specterops.io
URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.17.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-17-81.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4da44a477817e0f69202f906a2f2c7b6f20a61dd6219f60d1a84143d8a9c5916

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

x-amz-version-id: 3fanVx1GT8N8VPdFpaVetfknl_yorJlH
content-encoding: gzip
last-modified: Thu, 14 Jul 2022 21:43:50 GMT
server: AmazonS3
age: 7
etag: "8957cb48dc20586931302bb54fbaa61a"
x-cache: Hit from cloudfront
content-type: text/javascript
via: 1.1 3199fed6c4260c9448326645d333530a.cloudfront.net (CloudFront)
cache-control: max-age=300
date: Sun, 24 Jul 2022 13:00:19 GMT
x-amz-cf-pop: FRA56-P7
content-length: 23099
x-amz-cf-id: 0r89cQ-sTpHqxHJ8QhguMlPhLjPfV6V_JEzNJFpdSPjOcyNtCCiTcw==

POST
H2 200 /
posts.specterops.io/_/clientele/reports/performance/ 0
0 131ms
131ms Fetch
application/octet-stream 52.4.175.111
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://posts.specterops.io/_/clientele/reports/performance/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.a2cb94d6.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.4.175.111 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-4-175-111.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.
Medium-Clientele-Client: lite
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 24 Jul 2022 13:00:25 GMT
medium-fulfilled-by: valencia/main-20220722-091414-13f9c99823, clientele/main-20220617-183152-4ab8c56101
x-envoy-upstream-service-time: 5
sepia-upstream: medium
server: nginx
content-length: 0
content-type: application/octet-stream

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 122ms
45ms XHR
text/plain 2001:4860:4802:34::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1927994939&t=pageview&_s=1&dl=https%3A%2F%2Fposts.specterops.io%2Flateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.&ul=en-us&de=UTF-8&dt=Medium&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=480814661&gjid=641566865&cid=1264291260.1658667626&tid=UA-24232453-2&_gid=1145301601.1658667626&_r=1&_slc=1&z=1236869226

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/5095.36bab7b6.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 24 Jul 2022 13:00:25 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://posts.specterops.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 _r Show response
app.link/ 91 B
593 B 277ms
189ms Script
text/javascript 2600:9000:2240:ee00:19:9934:6a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.link/_r?sdk=web2.63.0&branch_key=key_live_ofxXr2qTrrU9NqURK8ZwEhknBxiI6KBm&callback=branch_callback__0

Requested by

Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2240:ee00:19:9934:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

openresty /

Resource Hash

681ea4c73c2b884fa055fe6174890b2d04bc1f565b9838a25b95d7684e9e08a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 24 Jul 2022 13:00:25 GMT
via: 1.1 a49c26e403f2dac09629dceb6dac5740.cloudfront.net (CloudFront)
x-content-type-options: nosniff
server: openresty
x-amz-cf-pop: FRA60-P1
etag: W/"5b-fguFUBLVK/QEyh5umPBmwIeQX4s"
strict-transport-security: max-age=31536000; includeSubDomains
x-cache: Miss from cloudfront
content-type: text/javascript; charset=utf-8
content-length: 91
x-amz-cf-id: v2JWQ6SX_Fl8CT1S3y3Kpl1SVteLpP3czPNJ1INFggina8YN6h-KWw==

POST
H2 200 open Show response
api2.branch.io/v1/ 316 B
677 B 287ms
203ms XHR
application/json 2600:9000:21f3:8000:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/open

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/5095.36bab7b6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21f3:8000:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a6e42bc19bc11a71abc25fd42d86afc00a56b7a1e3d79bddd19ff6ccf9063f4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://posts.specterops.io/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sun, 24 Jul 2022 13:00:25 GMT
via: 1.1 7158aa4ac648947d564b98d9769b5b2a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
strict-transport-security: max-age=31536000; includeSubDomains
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache
x-branch-request-id: 58d1f714940b433eadd85962d4da5759-2022072413
content-length: 316
x-amz-cf-id: Uo-E-RPxSDyqjEer_Qvqdu21ZNi4TCyAafzVlRHRVYtBs_DkSXQu3A==

POST
H2 200 /
posts.specterops.io/_/clientele/reports/performance/ 0
0 133ms
133ms Fetch
application/octet-stream 52.4.175.111
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://posts.specterops.io/_/clientele/reports/performance/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.a2cb94d6.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.4.175.111 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-4-175-111.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.
Medium-Clientele-Client: lite
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 24 Jul 2022 13:00:25 GMT
medium-fulfilled-by: valencia/main-20220722-091414-13f9c99823, clientele/main-20220617-183152-4ab8c56101
x-envoy-upstream-service-time: 5
sepia-upstream: medium
server: nginx
content-length: 0
content-type: application/octet-stream

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
433 B 207ms
207ms XHR
application/json 2600:9000:21f3:8000:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/pageview

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/5095.36bab7b6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21f3:8000:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ Express

Resource Hash

a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://posts.specterops.io/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sun, 24 Jul 2022 13:00:26 GMT
via: 1.1 7158aa4ac648947d564b98d9769b5b2a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
strict-transport-security: max-age=31536000; includeSubDomains
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: 983a3af401464243a84c02b7cd82f40c-2022072413
content-length: 28
x-amz-cf-id: ww1QMOobvYoYupIigmphaso9Xs1lUOruusPBrXEuEOSgjFZlwz4GSw==

Verdicts & Comments Add Verdict or Comment

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.medium.com/	1970-01-20 13:30:03	Name: sid Value: 1:nsdDYzh7Bj6FBwNMHhMCB7qzOjJOvpJXbkA0csJpr5Jf7iwyHzhQFZ/z+5GyDIYN
.medium.com/	1970-01-20 13:30:03	Name: uid Value: lo_4ea2902c9fb5
.medium.com/	1969-12-31 23:59:59	Name: __cfruid Value: e3228e9e7e4eedf236b0acf3b6ffe7048cf6da79-1658667623
posts.specterops.io/	1970-01-20 13:30:03	Name: sid Value: 1:C2oF+r1oGGD6XDP1kAo+Tsfx30BbMrQGUch1Y8zOoKx7h1inJcnf2lsB3/xQQbCj
posts.specterops.io/	1970-01-20 13:30:03	Name: uid Value: lo_4ea2902c9fb5
posts.specterops.io/	1970-01-20 04:44:28	Name: _dd_s Value: rum=0&expire=1658668525015
.specterops.io/	1970-01-20 22:15:39	Name: _ga Value: GA1.2.1264291260.1658667626
.specterops.io/	1970-01-20 04:45:54	Name: _gid Value: GA1.2.1145301601.1658667626
.specterops.io/	1970-01-20 04:44:27	Name: _gat Value: 1
.app.link/	1970-01-20 13:30:03	Name: _s Value: 6iztXRobPYoHh%2BKqmRKmOHuWHv%2FZdp24lQyqV0EZCFerSzMqWCnB03AN1NUoH60J

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992.?gi=fbd4d3db2ec1 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://miro.medium.com/max/0/18rgW0Qvy2bSGSBMlORMhQA.png Message*: Failed to load resource: the server responded with a status of 400 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' https://medium.com

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api2.branch.io
app.link
cdn-client.medium.com
cdn.branch.io
glyph.medium.com
medium.com
miro.medium.com
posts.specterops.io
www.google-analytics.com
108.138.17.81
2001:4860:4802:34::178
2600:9000:21f3:8000:11:f728:3040:93a1
2600:9000:2240:ee00:19:9934:6a80:93a1
2606:4700:7::a29f:9804
2606:4700:7::a29f:9904
52.4.175.111
0015cf89ada547fea81a9d249ba2e2ecf9fb0071a09c4af2fb5c4238222f76d8
008b735b5e27e2ddea50ac42eeaef63fae74d969ff15e3144c7b9f7c927baffd
02667867126146d3803a2471808f05b7863565b372d3ca21093303e6099da91b
02e9e1939e214dfa38c8eab94afca48043e7f00c46e95908662548a7d19819e1
05050a7f9156fca338fdf18683aba2fc6810ae354eae1c647bd786c05c7fa369
0a68bdc22aa6d2deedff5c4999e3618222cf20b0902530b7f924b9e2a4300e40
0aaca48ade11e94f65e9d76e28aa2f572a13cfdba59bce39a754ea21a3fe1542
15cce4cc8cdeaa9836fcf9825207713015717d70868975b58be1615133b52126
1ce4427bfbac3014cefafb8dc32b0bde12d8e1aea983f1f95e5e795417731b9c
25d29a69b66e91f371030a516b6b1fa1caa78f70c2887a625d575f56b2cdc67b
2efe526dc817b96a4822fdfbee06c9100af12e59e1e3a20932e6745c35e09988
3069d7e3e4825c130ad313535269bc60d2c1b0b9a561c37ae6900886a078d924
344df165dff1ae918acd3a503ff235364e3e2588b76ac6ac7afe9b28a347d661
3702ff0b9d7faec5b8b436090a0fc3c50dd19271a9029a357e97a506ff6b693f
40c05a07ac09c244b63a1755d524e094c32a18072335fb6cfc7f13da9cfe3eb9
4a0ab426387b4578de5273a69f300167c07ceef4d6fd614061f82e744912caf3
4a96cae42b1009fa744e6e9d4149f69da1ad14892d80a57ca04f6b0e3f1d9e46
4da44a477817e0f69202f906a2f2c7b6f20a61dd6219f60d1a84143d8a9c5916
57cca6a573f50ef861f32cf6ac1c2f9e622b72396edc71ee6ec320eb0852ced0
586556851428572de493df9de25f44cf8274dd38728dd255a462bc7df60ef64e
5ad10c973f7f20d9919fe89e9efb6b8f505a89b9324d59b33d0179b0f3600760
60d4189e8ccbe7992c0c6d663d5cadfbf8caf5fb98568c9e36e327b22db7fc70
646d8cb64a720e7a4867157e23cd3dd5f55cfe3c4fa33998a48821a4a8277363
6491ee287d59d8f3a8cf4e26c7fb796630b3c2b677b31c9a45e1c37210eeacfc
65f0c65b5db3aa0568c7986479a4a3e909a05a84fb34ced48d70a2d628dd1444
681ea4c73c2b884fa055fe6174890b2d04bc1f565b9838a25b95d7684e9e08a5
76ab71ee0832196f5a54cd924b4473fed49378abf993060767ff831a286aafed
78bedd375082bded00712183c8e141c4d65dfcffb8b4bd369e3081e1027a1338
83ba7707bfe79a63651504c93f7a572d83f1effea66a3e9429a4b10f26c38899
85bb85425ce8802117e8258762a353c3314c51f591878d644c057b01d1d47826
8b5255e96502b2b45b78b0e006ddd885fbbfdec57eda875d73c57c213ebe031c
8c4eb367086e5f555599ef54c0e862a4f4b13e7bbb6161d859d1bc8a82fa9813
9303433542f941a1079cfcfa4b7bd3206fb3cd45e77440f832075ce63d262bcc
961f2b3e92eba06b032c090511ab8fb8b65ff7f0b471c7bd22817061288f8368
9f2c1f3ed67f960d3ba0f120c688de9a9ac07db0a32ef8ad2eec65e703fe62f3
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a117758fa6c72e27ea67353419e32a6833fe5f1051426159d25926b3970cc2d7
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a1a3279b27d6e37c575299107afe1bc6a5ba3119a5d3acec333bf65277bcc84f
a6e42bc19bc11a71abc25fd42d86afc00a56b7a1e3d79bddd19ff6ccf9063f4f
a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb
b0f424bafe993b016ea96973894f95dfc4290608478a2d7d3fdd080d9b0a60d1
b2908f766175014953bd1beec53113aec865e70bfe0791bf9491f114390a703d
b3327939cab9bc903f09b47fc1f5ac71f3f92653b033efc8db0d21057aee16cd
b3f4c0497f87ffa29dfcdff6672f842738157cfd0de17aa52fdd44b983f2d54f
ba5bf3fa263482c7fb5667136879875ef46b6bda007664510797fddc88b1244d
bd6d2a879a0ba0c99773081ba0defb110ec663be8d32d8c9c9d1f1d0880869ff
c7472f7ddd48154cafa5966a38a523318a4c9463190594712195bfaba962220a
d1e39a93ddf1bd3dde5198c2f6cee9be8bdff83edd90d6a998476f2d14e6279d
d787d15d3e723baa0a7493cbb2e220bd72a640111eca49229ab21aa82a3c0fb8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e47505f3896c47a15a7d79085040ceb297818ed49234e8c54d6746ed728ed564
e5afd531c75a0a2e8347ac7b37183204c1fdb0c223ec6414d7da42f1bd233dca
e7f0b26d4ff0023bc2419013c30d370f1d8428589d68da382a4eb03891afb442
e96e66cb658833ab9d0d9953b84ae629dab879569953299a8b5676764f3cbfd7
eb204887ddb35d03f8430bd913fa28bfb2e5f5535de5123a8514203d6cce7629
ee6184aa8ad5fa680d2808790bb04a001d8369d143b313da43af3794ab7ea3e5
f028d33cd63dd991ff2c511d2d8ad691d1fcf6c1cb32c1311402154219025030
f372cf966e769956932569ffa2d125dade50463164f145f7b9d69e83ce1d9b07
f49dd05c9e66318b4c49435f7d061daf1d4cd1241fcb312d738a35e223773d12
fc4e14de11834a07a456fe0d9fb8aafa563947eb506bfeff5a5e6549d91948df

posts.specterops.io Open in urlscan Pro 52.4.175.111 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

64 Requests

100 %HTTPS

71 %IPv6

5 Domains

9 Subdomains

7 IPs

1 Countries

2688 kBTransfer

4643 kBSize

10 Cookies

18 Outgoing links

Page URL History

Redirected requests

64 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

posts.specterops.io Open in urlscan Pro
52.4.175.111 Public Scan

Screenshot
Live screenshot

Full Image

64
Requests

100 %
HTTPS

71 %
IPv6

5
Domains

9
Subdomains

7
IPs

1
Countries

2688 kB
Transfer

4643 kB
Size

10
Cookies

64 HTTP transactions
0 data transactions