posts.specterops.io Open in urlscan Pro
52.5.181.79 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
Effective URL:
https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
Submission: On April 24 via api (April 24th 2022, 4:44:17 pm UTC) from BE — Scanned from DE

Summary HTTP 130 Redirects Links 62 Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 5 domains to perform 130 HTTP transactions. The main IP is 52.5.181.79, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is posts.specterops.io.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on January 5th 2022. Valid for: a year.

This is the only time posts.specterops.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 15	52.5.181.79 52.5.181.79	14618 (AMAZON-AES) (AMAZON-AES)
1 108	2606:4700:7::... 2606:4700:7::a29f:9904	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:812::200e	15169 (GOOGLE) (GOOGLE)
1	13.225.80.6 13.225.80.6	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:236... 2600:9000:2363:4000:19:9934:6a80:93a1	16509 (AMAZON-02) (AMAZON-02)
4	2600:9000:20e... 2600:9000:20e8:7800:11:f728:3040:93a1	16509 (AMAZON-02) (AMAZON-02)
130	6

15 52.5.181.79 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-5-181-79.compute-1.amazonaws.com

posts.specterops.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

108 2606:4700:7::a29f:9904 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
glyph.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
miro.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-client.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.80.6 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-80-6.fra2.r.cloudfront.net

cdn.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2363:4000:19:9934:6a80:93a1 (United States)

ASN16509 (AMAZON-02, US)

app.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:20e8:7800:11:f728:3040:93a1 (United States)

ASN16509 (AMAZON-02, US)

api2.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
108	medium.com 1 redirects medium.com — Cisco Umbrella Rank: 8708 glyph.medium.com — Cisco Umbrella Rank: 18608 miro.medium.com — Cisco Umbrella Rank: 11771 cdn-client.medium.com — Cisco Umbrella Rank: 19709	1 MB
15	specterops.io 1 redirects posts.specterops.io	47 KB
5	branch.io cdn.branch.io — Cisco Umbrella Rank: 966 api2.branch.io — Cisco Umbrella Rank: 598	26 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 35	20 KB
1	app.link app.link — Cisco Umbrella Rank: 1626	566 B
130	5

	Domain	Requested by
50	cdn-client.medium.com	posts.specterops.io cdn-client.medium.com
48	miro.medium.com	posts.specterops.io
15	posts.specterops.io	1 redirects cdn-client.medium.com
9	glyph.medium.com	posts.specterops.io glyph.medium.com
4	api2.branch.io	cdn-client.medium.com
3	www.google-analytics.com	posts.specterops.io cdn-client.medium.com
1	app.link	cdn.branch.io
1	cdn.branch.io	posts.specterops.io
1	medium.com	1 redirects
130	9

This site contains links to these domains. Also see Links.

Domain
medium.com
rsci.app.link
policy.medium.com
github.com
social.technet.microsoft.com
jpcertcc.github.io
amzurtech.medium.com
dwibedyabhishek1.medium.com
python.plainenglish.io
ninza7.medium.com
cloudmersive.medium.com
sargalias.medium.com
tysonvsjoneslivestreamtv.medium.com
justinkek.medium.com
beverlycc.medium.com
david-allen-burgess.medium.com
zarkones.medium.com
help.medium.com
medium.statuspage.io
about.medium.com
blog.medium.com
knowable.fyi

Subject Issuer	Validity	Valid
posts.specterops.io Sectigo RSA Domain Validation Secure Server CA	`2022-01-05` - `2023-01-05`	a year	crt.sh
medium.com Cloudflare Inc ECC CA-3	`2022-02-26` - `2022-05-27`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
*.branch.io DigiCert TLS RSA SHA256 2020 CA1	`2021-10-27` - `2022-11-27`	a year	crt.sh
appipv4.link Amazon	`2021-06-24` - `2022-07-23`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
Frame ID: 1FD967C688713C9691E6AD127A71FB85
Requests: 130 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Revisiting Remote Desktop Lateral Movement | by Steven F | Posts By SpecterOps Team Members

Page URL History Show full URLs

https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3 HTTP 307
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fposts.specterops.io%2Frevisiting... HTTP 302
https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef Page URL

Detected technologies

Medium (Blogs) Expand

Overall confidence: 100%
Detected patterns

medium\.com

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Page Statistics

130
Requests

100 %
HTTPS

67 %
IPv6

5
Domains

9
Subdomains

6
IPs

2
Countries

1407 kB
Transfer

3688 kB
Size

11
Cookies

62 Outgoing links

These are links going to different origins than the main page.

URL: https://medium.com/

Search URL Search Domain Scan URL

URL: https://rsci.app.link/?$canonical_url=https%3A%2F%2Fmedium.com/p/8fb905cb46c3&~feature=LoOpenInAppButton&~channel=ShowPostUnderCollection&~stage=mobileNavBar
Title: Open in app

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fposts.specterops.io%2Frevisiting-remote-desktop-lateral-movement-8fb905cb46c3&source=post_page--------------------------nav_reg-----------
Title: Sign In

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Frevisiting-remote-desktop-lateral-movement-8fb905cb46c3&source=post_page--------------------------nav_reg-----------
Title: Get started

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fme%2Fnotifications&source=--------------------------notifications_sidenav-----------
Title: Notifications

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fme%2Flists&source=--------------------------lists_sidenav-----------
Title: Lists

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fme%2Fstories%2Fdrafts&source=--------------------------stories_sidenav-----------
Title: Stories

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fnew-story&source=--------------------------new_post_sidenav-----------
Title: Write

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-rules-30e5502c4eb4?source=responses-----8fb905cb46c3--------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Frevisiting-remote-desktop-lateral-movement-8fb905cb46c3&source=-----8fb905cb46c3---------------------respond_sidebar-----------
Title: What are your thoughts?

Search URL Search Domain Scan URL

URL: https://medium.com/@0xthirteen?source=post_page-----8fb905cb46c3--------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fuser%2F2562fc45d9a9&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Frevisiting-remote-desktop-lateral-movement-8fb905cb46c3&user=Steven+F&userId=2562fc45d9a9&source=post_page-2562fc45d9a9----8fb905cb46c3---------------------follow_byline-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F8fb905cb46c3&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Frevisiting-remote-desktop-lateral-movement-8fb905cb46c3&source=--------------------------bookmark_header-----------

Search URL Search Domain Scan URL

URL: https://github.com/0xthirteen/SharpRDP
Title: SharpRDP

Search URL Search Domain Scan URL

URL: https://social.technet.microsoft.com/wiki/contents/articles/32905.remote-desktop-services-enable-restricted-admin-mode.aspx
Title: Restricted admin mode

Search URL Search Domain Scan URL

URL: https://github.com/0xthirteen/CleanRunMRU
Title: CleanRunMRU

Search URL Search Domain Scan URL

URL: https://jpcertcc.github.io/ToolAnalysisResultSheet/details/mstsc.htm
Title: information regarding RDP detection and forensic evidence

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fspecter-ops-posts%2F8fb905cb46c3&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Frevisiting-remote-desktop-lateral-movement-8fb905cb46c3&user=Steven+F&userId=2562fc45d9a9&source=-----8fb905cb46c3---------------------clap_footer-----------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fcollection%2Fspecter-ops-posts%2F8fb905cb46c3&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Frevisiting-remote-desktop-lateral-movement-8fb905cb46c3&collection=Posts+By+SpecterOps+Team+Members&collectionId=f05f8696e3cc&source=post_page-----8fb905cb46c3---------------------follow_footer-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/data-recovery-technology/3-handy-ways-to-recover-your-outlook-data-from-a-corrupt-backup-file-9d167ca930a3?source=post_internal_links---------0----------------------------
Title: DataNumen, Inc.indata-recovery-technology3 Handy Ways to Recover Your Outlook Data from a Corrupt Backup File

Search URL Search Domain Scan URL

URL: https://medium.com/@DataNumen?source=post_internal_links---------0----------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/data-recovery-technology?source=post_internal_links---------0----------------------------
Title: data-recovery-technology

Search URL Search Domain Scan URL

URL: https://amzurtech.medium.com/how-to-control-the-cost-of-mobile-app-development-in-2021-bf8e20c2700?source=post_internal_links---------1----------------------------
Title: Amzur Technologies, Inc.How to optimize the cost of mobile app development in 2021

Search URL Search Domain Scan URL

URL: https://amzurtech.medium.com/?source=post_internal_links---------1----------------------------

Search URL Search Domain Scan URL

URL: https://dwibedyabhishek1.medium.com/managing-aws-console-from-command-line-interface-cli-b55eb4dcad97?source=post_internal_links---------2----------------------------
Title: Abhishek DwibedyManaging AWS Console From Command Line Interface(CLI)

Search URL Search Domain Scan URL

URL: https://dwibedyabhishek1.medium.com/?source=post_internal_links---------2----------------------------

Search URL Search Domain Scan URL

URL: https://python.plainenglish.io/how-to-write-a-python-function-and-call-it-da2553cd354?source=post_internal_links---------3----------------------------
Title: Rohit Kumar ThakurinPython in Plain EnglishHow to Write and Call a Python Function

Search URL Search Domain Scan URL

URL: https://ninza7.medium.com/?source=post_internal_links---------3----------------------------

Search URL Search Domain Scan URL

URL: https://python.plainenglish.io/?source=post_internal_links---------3----------------------------
Title: Python in Plain English

Search URL Search Domain Scan URL

URL: https://cloudmersive.medium.com/how-to-parse-an-unstructured-international-address-in-python-using-nlp-7de2908d0b8a?source=post_internal_links---------4----------------------------
Title: CloudmersiveHow to parse an Unstructured International Address in Python using NLP

Search URL Search Domain Scan URL

URL: https://cloudmersive.medium.com/?source=post_internal_links---------4----------------------------

Search URL Search Domain Scan URL

URL: https://sargalias.medium.com/the-top-5-css-gotchas-and-a-few-bonus-d39755c79527?source=post_internal_links---------5----------------------------
Title: Spyros ArgaliasThe Top 5 CSS Gotchas, and a few bonus…

Search URL Search Domain Scan URL

URL: https://sargalias.medium.com/?source=post_internal_links---------5----------------------------

Search URL Search Domain Scan URL

URL: https://tysonvsjoneslivestreamtv.medium.com/this-morning-i-was-on-the-floor-about-to-meditate-and-30-minutes-later-b285c8792bc5?source=post_internal_links---------6----------------------------
Title: TysonvsjoneslivestreamThis morning, I was on the floor about to meditate and, 30 minutes later

Search URL Search Domain Scan URL

URL: https://tysonvsjoneslivestreamtv.medium.com/?source=post_internal_links---------6----------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/geekculture/how-to-create-a-custom-staggered-animation-with-flutter-13803dea5659?source=post_internal_links---------7----------------------------
Title: Justin KekinGeek CultureHow to Create a Custom Staggered Animation with Flutter

Search URL Search Domain Scan URL

URL: https://justinkek.medium.com/?source=post_internal_links---------7----------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/geekculture?source=post_internal_links---------7----------------------------
Title: Geek Culture

Search URL Search Domain Scan URL

URL: https://medium.com/@0xthirteen

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fuser%2F2562fc45d9a9&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Frevisiting-remote-desktop-lateral-movement-8fb905cb46c3&user=Steven+F&userId=2562fc45d9a9&source=post_page-2562fc45d9a9-------------------------follow_profile-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=%2F_%2Fapi%2Fusers%2F2562fc45d9a9%2Flazily-enable-writer-subscription&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Frevisiting-remote-desktop-lateral-movement-8fb905cb46c3&user=Steven+F&userId=2562fc45d9a9&source=--------------------------subscribe_user-----------

Search URL Search Domain Scan URL

URL: https://beverlycc.medium.com/speculations-03-qwerty-923497909258?source=read_next_recirc---------0---------------------42d8958a_07ef_4c52_9a8d_47f8ec79cda1-------
Title: Beverly ChanSpeculations 03: QWERTY

Search URL Search Domain Scan URL

URL: https://beverlycc.medium.com/?source=read_next_recirc---------0---------------------42d8958a_07ef_4c52_9a8d_47f8ec79cda1-------

Search URL Search Domain Scan URL

URL: https://medium.com/gitguardian/investigating-prioritizing-and-remediating-thousands-of-hardcoded-secrets-incidents-cc032ccd710c?source=read_next_recirc---------1---------------------42d8958a_07ef_4c52_9a8d_47f8ec79cda1-------
Title: Ziad GhallebinGitGuardianInvestigating, prioritizing, and remediating thousands of hardcoded secrets incidents

Search URL Search Domain Scan URL

URL: https://medium.com/@gh.ziad94?source=read_next_recirc---------1---------------------42d8958a_07ef_4c52_9a8d_47f8ec79cda1-------

Search URL Search Domain Scan URL

URL: https://medium.com/gitguardian?source=read_next_recirc---------1---------------------42d8958a_07ef_4c52_9a8d_47f8ec79cda1-------
Title: GitGuardian

Search URL Search Domain Scan URL

URL: https://medium.com/telecom-expert/more-proactive-sims-f8da2ef8b189?source=read_next_recirc---------2---------------------42d8958a_07ef_4c52_9a8d_47f8ec79cda1-------
Title: David Allen BurgessinTelecom ExpertsMore Proactive SIMs

Search URL Search Domain Scan URL

URL: https://david-allen-burgess.medium.com/?source=read_next_recirc---------2---------------------42d8958a_07ef_4c52_9a8d_47f8ec79cda1-------

Search URL Search Domain Scan URL

URL: https://medium.com/telecom-expert?source=read_next_recirc---------2---------------------42d8958a_07ef_4c52_9a8d_47f8ec79cda1-------
Title: Telecom Experts

Search URL Search Domain Scan URL

URL: https://zarkones.medium.com/how-to-setup-xena-botnet-3e4014f72867?source=read_next_recirc---------3---------------------42d8958a_07ef_4c52_9a8d_47f8ec79cda1-------
Title: Zarkones XenaHow To Setup XENA Botnet

Search URL Search Domain Scan URL

URL: https://zarkones.medium.com/?source=read_next_recirc---------3---------------------42d8958a_07ef_4c52_9a8d_47f8ec79cda1-------

Search URL Search Domain Scan URL

URL: https://help.medium.com/hc/en-us
Title: Help

Search URL Search Domain Scan URL

URL: https://medium.statuspage.io/
Title: Status

Search URL Search Domain Scan URL

URL: https://about.medium.com/creators/
Title: Writers

Search URL Search Domain Scan URL

URL: https://blog.medium.com/
Title: Blog

Search URL Search Domain Scan URL

URL: https://medium.com/jobs-at-medium/work-at-medium-959d1a85284e
Title: Careers

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-privacy-policy-f03bf92035c9
Title: Privacy

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-terms-of-service-9db0094a1e0f
Title: Terms

Search URL Search Domain Scan URL

URL: https://medium.com/about?autoplay=1
Title: About

Search URL Search Domain Scan URL

URL: https://knowable.fyi/
Title: Knowable

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3 HTTP 307
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fposts.specterops.io%2Frevisiting-remote-desktop-lateral-movement-8fb905cb46c3 HTTP 302
https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

130 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request revisiting-remote-desktop-lateral-movement-8fb905cb46c3 Show response
posts.specterops.io/
Redirect Chain

https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fposts.specterops.io%2Frevisiting-remote-desktop-lateral-movement-8fb905cb46c3
https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

182 KB
41 KB

799ms
799ms

Document
text/html

52.5.181.79
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.181.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-181-79.compute-1.amazonaws.com

Software

nginx /

Resource Hash

83944c8fb47ac644883671e91b2cada01319f83fe563043fe25f20e0fba5c779

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://medium.com

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: frame-ancestors 'self' https://medium.com
content-type: text/html; charset=utf-8
date: Sun, 24 Apr 2022 16:44:10 GMT
etag: W/"2d862-Yb2U+mE2P0D2cNcBv5EEbU5HoLo"
medium-fulfilled-by: valencia/main-20220422-165907-7310052fbd, lite/main-20220422-205901-123e6f15e2, rito/main-20220420-162416-61c3e089e7, tutu/main-20220422-175648-d1cf9a3057
medium-missing-time: 257
sepia-upstream: medium
server: nginx
vary: Accept-Encoding
x-envoy-upstream-service-time: 698
x-request-received-at: 1650818649773

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache, no-store, max-age=0, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 70104d4f3c8d5b98-FRA
content-length: 0
content-security-policy: default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://medium.com https://*.medium.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
content-type: text/plain;charset=UTF-8
date: Sun, 24 Apr 2022 16:44:09 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: Thu, 09 Sep 1999 09:09:09 GMT
link: <https://medium.com/humans.txt>; rel="humans"
location: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
medium-fulfilled-by: edgy/8.3.0, valencia/main-20220422-165907-7310052fbd
pragma: no-cache
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
worker-missing-cookies: 2
x-content-type-options: nosniff
x-envoy-upstream-service-time: 50
x-frame-options: sameorigin
x-obvious-info: 20220422-1758-root,d1cf9a30
x-obvious-tid: 1650818649591:4592a40571b2
x-opentracing: {"ot-tracer-spanid":"261199c7396cf517","ot-tracer-traceid":"622deaf453ea55ba","ot-tracer-sampled":"true"}
x-powered-by: Medium
x-ua-compatible: IE=edge, Chrome=1
x-xss-protection: 1; mode=block

GET
H2 200 unbound.css
glyph.medium.com/css/ 12 KB
1 KB 40ms
29ms Stylesheet
text/css 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/css/unbound.css

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9f2c1f3ed67f960d3ba0f120c688de9a9ac07db0a32ef8ad2eec65e703fe62f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1321
x-envoy-upstream-service-time: 27
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: text/css
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=7200
access-control-allow-credentials: true
cf-ray: 70104d55ef4c5b98-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sun, 24 Apr 2022 18:44:10 GMT

GET
H2 200 1*D-FDlfkqivRBQZoESrwtqw.png
miro.medium.com/fit/c/64/64/ 2 KB
3 KB 35ms
26ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/64/64/1*D-FDlfkqivRBQZoESrwtqw.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8bbe6871b13980a0c8d28ad8267ab8827abb9a9eb1f80691d0e91ffb57a8a51b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 473494
x-envoy-upstream-service-time: 37
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2399
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220303-000533-8c0cdff0ab
accept-ranges: bytes
cf-ray: 70104d564fff5b98-FRA
expires: Tue, 24 May 2022 16:44:10 GMT

GET
H2 200 0*o11ibKUgsfShMjYZ
miro.medium.com/fit/c/96/96/ 4 KB
4 KB 142ms
133ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/96/96/0*o11ibKUgsfShMjYZ

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

314bffb6775b5ff58f70ef245efa91a21bb64fd25521c30f796fdf3c7b72b98d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 38
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4009
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70104d5648025b98-FRA
expires: Tue, 24 May 2022 16:44:10 GMT

GET
H2 200 0*k2C00xhHdxKGGv3n
miro.medium.com/max/1400/ 87 KB
88 KB 234ms
225ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/1400/0*k2C00xhHdxKGGv3n

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ba84748a9b5757f54b19992eb51d80e89836489a7957a504d280ff19de446d98

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 85
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 89370
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70104d564ff95b98-FRA
expires: Tue, 24 May 2022 16:44:10 GMT

GET
H2 200 0*SuttuI_3vMjYEgXq
miro.medium.com/max/1400/ 126 KB
127 KB 144ms
136ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/1400/0*SuttuI_3vMjYEgXq

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0ef80b61e1a966ee6dd55d6245a58a609b78eff54c48b2cec57d364dd2dfacb6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 106
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 129357
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70104d564ffd5b98-FRA
expires: Tue, 24 May 2022 16:44:10 GMT

GET
H2 200 1*dmbNkD5D-u45r44go_cf0g.png
miro.medium.com/fit/c/40/40/ 570 B
677 B 38ms
31ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/1*dmbNkD5D-u45r44go_cf0g.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6fce0922ef388ad6f81ae62add760596c852b7c66503f3183cce6943ec5d4f5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 161432
x-envoy-upstream-service-time: 29
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 570
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 70104d564ffb5b98-FRA
expires: Tue, 24 May 2022 16:44:10 GMT

GET
H2 200 0*funYCBH8ZLu6MSOA.png
miro.medium.com/focal/112/112/50/50/ 19 KB
19 KB 122ms
115ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/0*funYCBH8ZLu6MSOA.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e9aa297f08feb693c61ad78a788ac152996238fc29d638650aa8b2bda70c064f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 38
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 18964
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70104d564ffa5b98-FRA
expires: Tue, 24 May 2022 16:44:10 GMT

GET
H3 200 1*OhkxLCD1h_TSBTPOP75Rrg.png
miro.medium.com/fit/c/40/40/ 1 KB
2 KB 64ms
50ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/1*OhkxLCD1h_TSBTPOP75Rrg.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9690d5bc2630c21a2b59021a1495c72a0393f450de96fa9c495ab7daac68cab3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 79702
x-envoy-upstream-service-time: 45
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1492
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70104d568b495c62-FRA
expires: Tue, 24 May 2022 16:44:10 GMT

GET
H3 200 0*2eLT5gtF_KWAOWDJ.jpg
miro.medium.com/focal/112/112/50/50/ 5 KB
5 KB 192ms
178ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/0*2eLT5gtF_KWAOWDJ.jpg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6d0392b6fc378f712b2d248eaf3d65fd8ec64194ce2c1690b32cf6017d36a0f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 44
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4967
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70104d568b475c62-FRA
expires: Tue, 24 May 2022 16:44:10 GMT

GET
H3 200 0*Uw3fhYnqOQUckfNr
miro.medium.com/fit/c/40/40/ 2 KB
2 KB 70ms
57ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/0*Uw3fhYnqOQUckfNr

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

014d4c7f34c92a0c51c0fe4c395257e0e4e5d7a1cae86ffae95366e5d74c9902

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 20891
x-envoy-upstream-service-time: 35
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1687
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70104d568b455c62-FRA
expires: Tue, 24 May 2022 16:44:10 GMT

GET
H3 200 0*qRuNqaPIwhZX8VwV
miro.medium.com/focal/112/112/50/50/ 2 KB
2 KB 191ms
177ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/0*qRuNqaPIwhZX8VwV

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1af895ac2e2cc3be64838f39999031dd5c24e71cb21b347f895c3b9a408b2b77

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 83
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1892
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70104d568b435c62-FRA
expires: Tue, 24 May 2022 16:44:10 GMT

GET
H3 200 1*Ud-Mz31o0jymGcyxb-h9fg.png
miro.medium.com/fit/c/40/40/ 2 KB
3 KB 62ms
50ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/1*Ud-Mz31o0jymGcyxb-h9fg.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6a59140956a8d1c73faa373177081d22efab75978a99cfe5f25a9dea1645faf8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 23504
x-envoy-upstream-service-time: 173
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2390
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70104d568b2c5c62-FRA
expires: Tue, 24 May 2022 16:44:10 GMT

GET
H3 200 1*uBtxrj-S5TSb9QlA9GC9Hg.png
miro.medium.com/focal/112/112/50/50/ 6 KB
7 KB 48ms
35ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/1*uBtxrj-S5TSb9QlA9GC9Hg.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b321bda8dc4e5245a74c21f8c2525cc85494b09844372f5805eaa46b4bb4590b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 6916
x-envoy-upstream-service-time: 39
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6529
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70104d568b2d5c62-FRA
expires: Tue, 24 May 2022 16:44:10 GMT

GET
H3 200 1*3v0ktJZ-a-uV7KOqs9vF6Q.png
miro.medium.com/fit/c/40/40/ 613 B
1020 B 63ms
50ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/1*3v0ktJZ-a-uV7KOqs9vF6Q.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e14b232f43866f3a15ba2335e04b1e0964d3b42edaffd115f1e7a1deec1ad122

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 490162
x-envoy-upstream-service-time: 39
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 613
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 70104d568b305c62-FRA
expires: Tue, 24 May 2022 16:44:10 GMT

GET
H3 200 1*FvKkCmvRbz2I_-A63PkVAA.jpeg
miro.medium.com/focal/112/112/50/50/ 4 KB
5 KB 193ms
180ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/1*FvKkCmvRbz2I_-A63PkVAA.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9c85a3a7964a438b73eb389d4db0b3d0c3f8fe14cf55aed11eaed21334b5469a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 48
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4516
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70104d568b335c62-FRA
expires: Tue, 24 May 2022 16:44:10 GMT

GET
H3 200 0*HLYpVTCwkw28aG-J.
miro.medium.com/fit/c/40/40/ 1 KB
2 KB 63ms
50ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/0*HLYpVTCwkw28aG-J.

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

242e60243ac7ce532b33b89902c33af723f7ecc954cd2cbac13a68434a599be1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 542365
x-envoy-upstream-service-time: 45
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1434
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70104d568b375c62-FRA
expires: Tue, 24 May 2022 16:44:10 GMT

GET
H3 200 0*6zHm9Xvv2-Mk16aw
miro.medium.com/focal/112/112/50/50/ 4 KB
5 KB 193ms
180ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/0*6zHm9Xvv2-Mk16aw

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2f9e0b7530752bf0fc36ca6edcf577a733e66607ce130a1e3ef785dc69ed1657

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 76
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4288
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70104d568b395c62-FRA
expires: Tue, 24 May 2022 16:44:10 GMT

GET
H3 200 1*jfE28M-bdq3M0NssXEFf5A.jpeg
miro.medium.com/fit/c/40/40/ 2 KB
2 KB 64ms
51ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/1*jfE28M-bdq3M0NssXEFf5A.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b373f50586a2241385ba8478d1b664bd8b30399d80cde74ecff4a94363117268

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 40856
x-envoy-upstream-service-time: 83
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1661
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70104d568b4a5c62-FRA
expires: Tue, 24 May 2022 16:44:10 GMT

GET
H3 200 1*g4HX3lGJhhvXcethuYQ3fQ.gif
miro.medium.com/freeze/focal/112/112/50/50/ 789 B
1 KB 183ms
169ms Image
image/gif 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/freeze/focal/112/112/50/50/1*g4HX3lGJhhvXcethuYQ3fQ.gif

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

579b32b4ab57ca2037c4c1ce0f8d9e1e9f24ade9aa267e78fe00afb519b8f0ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 46
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 789
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/gif
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70104d568b4b5c62-FRA
expires: Tue, 24 May 2022 16:44:10 GMT

GET
H3 200 0*o11ibKUgsfShMjYZ
miro.medium.com/fit/c/176/176/ 8 KB
8 KB 192ms
178ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/176/176/0*o11ibKUgsfShMjYZ

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c32aff93dddd5b714ce4192a5180455b682961a306d2a880a4a420826157794a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 48
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 8212
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70104d568b4e5c62-FRA
expires: Tue, 24 May 2022 16:44:10 GMT

GET
H3 200 1*lgzd8uaVC9kPSPblONEoiQ.jpeg
miro.medium.com/fit/c/40/40/ 1 KB
2 KB 411ms
398ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/1*lgzd8uaVC9kPSPblONEoiQ.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e9073d7523e1218c2c456095f0a899badeca563641e7bccf93ff3df0f7dd1afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 47
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1434
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70104d568b4f5c62-FRA
expires: Tue, 24 May 2022 16:44:11 GMT

GET
H3 200 1*Ep5kKJag6JEyemtyYFGO9A.png
miro.medium.com/focal/112/112/50/50/ 22 KB
22 KB 193ms
179ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/1*Ep5kKJag6JEyemtyYFGO9A.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

52b724e8c08586b36b649517fae8132a8e374ef49fe6ad018e0ed807db9235dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 45
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 22635
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70104d568b505c62-FRA
expires: Tue, 24 May 2022 16:44:10 GMT

GET
H3 200 2*RaresSjZlyaur6QF_UWGew.jpeg
miro.medium.com/fit/c/40/40/ 1 KB
2 KB 64ms
50ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/2*RaresSjZlyaur6QF_UWGew.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

089bc26b6ce2d59656666b9437968dca5c763cddc695cfe1850ab4c609511dbf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 5592
x-envoy-upstream-service-time: 25
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1457
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70104d568b535c62-FRA
expires: Tue, 24 May 2022 16:44:10 GMT

GET
H3 200 0*JBqZtxUM88_58wK_.jpg
miro.medium.com/focal/112/112/50/50/ 4 KB
4 KB 48ms
35ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/0*JBqZtxUM88_58wK_.jpg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f734153204010c6d8653cd9c96f140536bcf9f6661f107832a9f6ba464c95deb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 5592
x-envoy-upstream-service-time: 70
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3640
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70104d568b3b5c62-FRA
expires: Tue, 24 May 2022 16:44:10 GMT

GET
H3 200 1*9vbms7n4gmYFKurrWMOukQ.jpeg
miro.medium.com/fit/c/40/40/ 1 KB
2 KB 48ms
36ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/1*9vbms7n4gmYFKurrWMOukQ.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a3fcacafda6fff63c09dc96bb91351afb4cf867bc44e2aa58bc179552a1acb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 188354
x-envoy-upstream-service-time: 48
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1430
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70104d568b3f5c62-FRA
expires: Tue, 24 May 2022 16:44:10 GMT

GET
H3 200 1*C5lb7jEZgGmlx9qP_heTFw.jpeg
miro.medium.com/focal/112/112/50/50/ 5 KB
5 KB 63ms
51ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/1*C5lb7jEZgGmlx9qP_heTFw.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0f4dc6dd36a4ae092e32a5c609246219937a469b9f7f5ecb52ce77ba22996045

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 91709
x-envoy-upstream-service-time: 37
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4942
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70104d568b425c62-FRA
expires: Tue, 24 May 2022 16:44:10 GMT

GET
H3 200 1*ecP1reCgkzkxz77n2nlnmQ.jpeg
miro.medium.com/fit/c/40/40/ 1 KB
2 KB 199ms
186ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/1*ecP1reCgkzkxz77n2nlnmQ.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

270b707f109100191ee4b6052c79a1c66ce66fb0f8a83a92e72177ed544fb108

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 113
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1356
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70104d568b565c62-FRA
expires: Tue, 24 May 2022 16:44:10 GMT

GET
H3 200 sohne-400-normal.woff
glyph.medium.com/font/b492c44/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 19 KB
19 KB 60ms
49ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/b492c44/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b0f424bafe993b016ea96973894f95dfc4290608478a2d7d3fdd080d9b0a60d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 6420297
x-envoy-upstream-service-time: 32
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 70104d5658c09a0b-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H3 200 sohne-500-normal.woff
glyph.medium.com/font/df9ba7f/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 18 KB
19 KB 43ms
33ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/df9ba7f/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-500-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

65f0c65b5db3aa0568c7986479a4a3e909a05a84fb34ced48d70a2d628dd1444

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 4776007
x-envoy-upstream-service-time: 31
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 70104d5658c29a0b-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H3 200 sohne-700-normal.woff
glyph.medium.com/font/cf896f3/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 19 KB
19 KB 50ms
41ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/cf896f3/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-700-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78661d3e6871b6e5c37f3113d811cb3dfc69546449e3b2c28095b6e7f28d9a7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 5068651
x-envoy-upstream-service-time: 16
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 70104d5658c49a0b-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H3 200 charter-400-normal.woff
glyph.medium.com/font/be78681/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 15 KB
16 KB 38ms
28ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/be78681/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/charter-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3231d9c5077d6423b7ab05c50dbb1c953d5213c24ac287793b8217985743321

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 5068651
x-envoy-upstream-service-time: 20
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 70104d5658c59a0b-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H3 200 charter-700-normal.woff
glyph.medium.com/font/f50d520/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 15 KB
16 KB 49ms
40ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/f50d520/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/charter-700-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c4ce1a0eb9bac0aa8342c79eb85406443b8eb32db4c4532ec5cfc107f5226b3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 5105717
x-envoy-upstream-service-time: 31
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 70104d5658c69a0b-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H3 200 charter-400-italic.woff
glyph.medium.com/font/81d2bf1/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 16 KB
17 KB 51ms
42ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/81d2bf1/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/charter-400-italic.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ec7121b47a89c0f8c46fc497009d41ebd3f25601b5485753d11bc366050a8e0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 7812763
x-envoy-upstream-service-time: 39
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 70104d5658c79a0b-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H3 200 charter-700-italic.woff
glyph.medium.com/font/77a0c0c/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 16 KB
17 KB 57ms
47ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/77a0c0c/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/charter-700-italic.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4fe9ef0ee727afa5d449bcd76ebe42bdcb04b448a1c6d2d7dccfb6c08efbfb61

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 5105636
x-envoy-upstream-service-time: 28
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 70104d5658c99a0b-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H2 200 manifest.b06b69eb.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
5 KB 49ms
32ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/manifest.b06b69eb.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3f6641604da96a97d08c137adde1e15d355fc90c7b18ccc7893ac260dbb20337

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 156403
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: QB3SNY55F0GJP9KC
x-amz-id-2: 9/PBkEq+TkwtoEra4H0eT3FkYzgaeUwXHGEmfaFj89vhjokTHUg6XP49o3g4MlkGtzRbq/Pj+Ho=
last-modified: Fri, 22 Apr 2022 17:29:09 GMT
server: cloudflare
etag: W/"6dc88618bfc712b8ef612b90f0e37666"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: EDGHrTd32iE6ilhcwdA2DPXBLcJ.q1pE
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d56f91e5b98-FRA
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H2 200 2432.d8441b61.js Show response
cdn-client.medium.com/lite/static/js/ 693 KB
214 KB 54ms
39ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a132b202e134fc5a2a9179cf72ece97a614f94ba00bce8af1778633d2337557b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 539669
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH8BMWK1N5ERYNB
x-amz-id-2: jAy3kdCgwBfIv7KBM+U07XOSCfobzL3CnmV/bwHExnUTLRSF3QxV5TpAtpSfQIF9+XWEOrbc7Xc=
last-modified: Thu, 14 Apr 2022 09:35:47 GMT
server: cloudflare
etag: W/"4ea04e083777417655bdfab94e3b1988"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: d4yOD0d3viUzyB5H2ftJictqMsEU7ccN
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d56f9255b98-FRA
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H2 200 main.2a0353f2.js Show response
cdn-client.medium.com/lite/static/js/ 721 KB
175 KB 53ms
38ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/main.2a0353f2.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

85b5c086363264e36c43d428b736ef267fb310f119a626ff2a87ed226dd09fdf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 328813
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: XZXEQM315GJYGX94
x-amz-id-2: VWiWT5z9v0zSUo+6ZYAgHfSw7Xj8/ltqSzVQZBevQK+fuAEXCmjBUUBPS42cA6ZAtbJuUCaP5NI=
last-modified: Wed, 20 Apr 2022 20:53:40 GMT
server: cloudflare
etag: W/"5ed915f68568741e5af7548f969774d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: MqhEbCzLFU03AxU_ADaaa0aQu3ygv80U
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d56f9265b98-FRA
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H2 200 5573.159bf40f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 62 KB
16 KB 78ms
63ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5573.159bf40f.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e94f5c9ab17624e0617356aa0ce9b87c16a4a62e48ff8ccaabe6963072b76ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 803554
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: W5EH3ZWGCATAJ0JK
x-amz-id-2: uquA+D1mKTUgmaodaYFoBDYRFjBCghvQCPgGBuwnPNqPSgEh4m7aoHPDNWRkrQ4qGn6JNGvqqTU=
last-modified: Mon, 24 May 2021 10:33:47 GMT
server: cloudflare
etag: W/"285e9d718f6e570e00b30e966996ec1c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: HmLCtdjGYWgk2SnFK4M0oX_6tJ50SNp9
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d56f9205b98-FRA
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H2 200 instrumentation.3c974b48.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 3 KB
2 KB 81ms
66ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/instrumentation.3c974b48.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e5c7d6eec6793799ee5594da6b8f51b2f2e5b49d6744ffca0e250613481ab452

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 768325
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNHC8B1TRZR74CBF
x-amz-id-2: z3WhWz+YlBJc2hPnc0ARhb27k1kgSjFT/omm5ncUygZ+Qwpg6JZUV6n4y0L6MjdGIun1sEhSbss=
last-modified: Thu, 14 Apr 2022 09:07:11 GMT
server: cloudflare
etag: W/"ff66ec13bbcc5b73c4019bb39bd044bb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: qjF6fisK9JJ5aoxqQKyOQ9uuWcg0f8QA
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d56f9295b98-FRA
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H2 200 407.bc239897.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 21 KB
8 KB 51ms
36ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/407.bc239897.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

57d7e335635b2bbec137dff9afc1d284e8efcff1cc28cd2ac92edc8ccddc3749

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 768325
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNHFBM4SFEDKW4XV
x-amz-id-2: fJ+MDNRq2AsSO8E4R0uzQUZCJCS/I01UR4pzp879vBoGbMZ6IHI8cgB5YdD3jUSL17qHZ/lHxS8=
last-modified: Thu, 14 Apr 2022 09:06:27 GMT
server: cloudflare
etag: W/"34675f828a974dbf83babace038c3f15"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: sGsjD3uwddUrPGuYfsZf8a24w0k_0NA3
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d56f9275b98-FRA
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H3 200 9216.3db13475.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 13 KB
6 KB 61ms
59ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9216.3db13475.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a8021cf2dae7f4997b2c1a72ffe82fe2ad7fd4299ccfd7279c8fb8892ef0c495

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 768325
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH296CRQQDYB2V8
x-amz-id-2: mY6rALMQB4cP9fqaURW2Y07YZHRs8vI5IdWzNsYIPZHORAoA+OOSU49hBGVHiRclmeqYQ3m8v58=
last-modified: Thu, 14 Apr 2022 09:06:35 GMT
server: cloudflare
etag: W/"5b419d65f14cdfdf454bd2f33e125a38"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: heA.L9U6.758IbuJl9cz9qkk4zZnDDyl
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d573cae5c62-FRA
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H3 200 AppLayout.787d6c25.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 108 KB
21 KB 61ms
59ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/AppLayout.787d6c25.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5431a574b9b9ce877ceac8b50e723dee871e664b10a1e4e626c025bb7b7c8cd5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 178773
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 1B8ZA6N1X6MSVZBE
x-amz-id-2: o0a1ed82vEU6gRJZydL+ZmGFIWWirUXSGbIpTnFg/yWYZ06ukvxy9hS3P7Fr/eg0nT49QsJucUw=
last-modified: Thu, 21 Apr 2022 17:40:00 GMT
server: cloudflare
etag: W/"7dc0d1c37a6a1bf81c8539bda5b18e9b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: nx099.52bj013DZXwMImKf3pOVURt9Mx
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d573cbc5c62-FRA
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H3 200 reporting.f90575a9.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 1 KB
1 KB 79ms
76ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/reporting.f90575a9.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9abe5f8b85053850abb6e03c4fde96e2a2ea3f1d9220fdd307f18d5c371d50cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 768325
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: ZTNFQ3DE11YMHABW
x-amz-id-2: MaoH80zs6gT3mZ9kscdnCoX3sGPVpE7mKymkioceeAFcF5EY9v+ywF0g+A/3xSr64Ws1eTUy2wE=
last-modified: Thu, 14 Apr 2022 09:07:31 GMT
server: cloudflare
etag: W/"635d49707990cdd4f3c1ad13b0d0eafa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: OrnP3Wx_LBAu5tvJHOBGMuYc5kyast0a
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d573cc05c62-FRA
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H3 200 3402.43690127.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 5 KB
2 KB 79ms
77ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3402.43690127.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

16b223867849c67d463897ff4aa970bc9eb172b5ce0089c824bf15b9279a4d65

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 768325
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: HAAG24G2J6Z2R75J
x-amz-id-2: jJHkPZz4jKyAsNP2i/dv6IaWMQwqhAapRtXjUBSK8q3UBd/y+/If7ERC72s6fXSiDmDrpgBjRnE=
last-modified: Thu, 14 Apr 2022 09:06:26 GMT
server: cloudflare
etag: W/"ca4b6f5071c04a623a9bc72ced0f2727"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: L_jxD7YdqC4D7M.9gF7agHoI1l8zYyGo
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d573cc15c62-FRA
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H3 200 1752.a348f767.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 23 KB
11 KB 80ms
77ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1752.a348f767.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

961f2b3e92eba06b032c090511ab8fb8b65ff7f0b471c7bd22817061288f8368

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 457349
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: KZ14F4DJ39Z3KD31
x-amz-id-2: EH9a3SVQgwGg+xgKP+wLoMBxv4vi3bqNF1lLFBsPfty2oXINnyDdoXCZNr63aUDBWO4Du/Lj2Tk=
last-modified: Tue, 25 May 2021 18:36:29 GMT
server: cloudflare
etag: W/"7741f0aa651938c2144d2a015cea95e3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: tE2Oq32GJtDB6jVcHF3DcPbZYJQJcUaP
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d573cc35c62-FRA
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H3 200 7794.9590314e.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
4 KB 80ms
78ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7794.9590314e.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a68bdc22aa6d2deedff5c4999e3618222cf20b0902530b7f924b9e2a4300e40

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 768325
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: ZZ2GZ8XPEV2XSK8Q
x-amz-id-2: ZlnxwgkjMnGtnnoC7ojH0QwhC0XfdFWPNT0tzpzMx7ygzdLPg6cqgl3wZCpV+Z2ow4dAGrEJyes=
last-modified: Tue, 25 May 2021 18:36:34 GMT
server: cloudflare
etag: W/"fdb51abd005c8009b18f0a8ff313072f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: edEnQQoOPA8J97QSUBTjXG.e16leDLA5
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d573cc65c62-FRA
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H3 200 8316.18f2a6aa.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 6 KB
3 KB 81ms
78ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8316.18f2a6aa.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

83ba7707bfe79a63651504c93f7a572d83f1effea66a3e9429a4b10f26c38899

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 768325
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNHD5SFN5Y8TW45S
x-amz-id-2: hFIjAklPE8uAiFD3F+iWoIjr1hZAL+bvgJNwZvAJEZUDnYTo6ZgZ84z2QdIcyEiccMTz7/tDkuo=
last-modified: Thu, 14 Apr 2022 09:06:33 GMT
server: cloudflare
etag: W/"9fa67454adaeb385a3a70077ff7b7df1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: QUYK47Sx_vLYH.MHyrUF8Ib7srVpusAN
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d573cc95c62-FRA
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H3 200 2405.89e8736f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
3 KB 81ms
78ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2405.89e8736f.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f5fa5d264f847e3bcd45c3aedbf330f93c59e6fe473ef54ff9f6aa59c3afffa0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 768325
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH2TE2SJTAHKM5Z
x-amz-id-2: XhOOvodMaGPRX1ojQDX2fJ825yiUBac3LNf3jZg8okPfD032sOJYW39eboPyYoY017frR5Y++MU=
last-modified: Thu, 14 Apr 2022 09:06:25 GMT
server: cloudflare
etag: W/"d00a20bd58905eea8d54536e9f107647"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: rVT8_6QruDr0MpUrMx5.bmLv9Vum6pG1
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d573cca5c62-FRA
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H3 200 5221.34ffa266.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 22 KB
7 KB 81ms
78ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5221.34ffa266.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84c8712c34fb797bd6aa911669003ec9e520a69251be5f691384ce75b74c5dfa

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 421297
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 08RXN5AT4P0Z7F9B
x-amz-id-2: tLYaODXU9X9VUTHpdwSCH5CxpUTWPQ68GS6SCT0SS8YRXUJibCY7fUb8Y+O5YX70VNkwAGZoL8E=
last-modified: Tue, 19 Apr 2022 12:20:31 GMT
server: cloudflare
etag: W/"eeb4b81d48196cc201b9110e489df684"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: uuG1XkdRA7leWUOvRsLV2BtMqyR4pccL
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d573ccb5c62-FRA
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H3 200 7927.2808b7fb.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 22 KB
8 KB 81ms
79ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7927.2808b7fb.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2f6c2c34730d1750fbeeafda24dea309bda720a0ba14518453b2314f778eda6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 768325
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH1PP72JD7ZC4KX
x-amz-id-2: jL0uI8uuyrXYLFGE/1W82XjY6t/xLL2r94yNzdWzltKFy2xq+wPzVhtLYW216v/Z0kMGAC/0fqE=
last-modified: Thu, 14 Apr 2022 09:06:33 GMT
server: cloudflare
etag: W/"40219a5e404b723e34b385d93749eb93"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: IxrJR.aQAJezcuYFrtyltHojOozyWQpH
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d573ccd5c62-FRA
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H3 200 786.03a36ffb.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 4 KB
1 KB 82ms
79ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/786.03a36ffb.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

631d2367c0fa2447811a1ce22c115bc828e6655cfedfc3ba4457ad8694cfd8ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 768325
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH6RV2AGRQ0H7A1
x-amz-id-2: GBzNzo/Yy4mLB5vDNQiiJZbJaFjzBRUpqk2qrtjNnJICjvhRI7l2CFpbT6MC/aYuo49KWxbvf2w=
last-modified: Thu, 14 Apr 2022 09:06:33 GMT
server: cloudflare
etag: W/"2851e5a2798ff3cbdd1138972426933b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 3Dc.8odO3AGlGT8yk7bJev0oeYPYJNZI
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d573cd05c62-FRA
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H3 200 5472.5f6d4371.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 11 KB
1 KB 82ms
79ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5472.5f6d4371.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ee6184aa8ad5fa680d2808790bb04a001d8369d143b313da43af3794ab7ea3e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 768325
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH8PTMK5AP330DM
x-amz-id-2: xGpOOu8UZAzsu1YWUtNuDaspxj3NnwdsbLl4CFr6mQNnuC5VgdmPYNonihLFzHPh0iUQuVnGPss=
last-modified: Thu, 14 Apr 2022 09:06:30 GMT
server: cloudflare
etag: W/"6adb8844d763f7d58b6ed49ab89899c7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: M9BL7xv54wPjdaXSST5ko_cL9x0mMNwi
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d573cd35c62-FRA
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H3 200 2981.a5db1477.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 8 KB
4 KB 82ms
79ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2981.a5db1477.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a50c182c3abff5281695952c4a4e15735b198053c6ffca9e67d44a2aa8a4696

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 768325
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNHD79BG7TYX8FQF
x-amz-id-2: i+703M4auI2KWsJr44vB1PX2t1YW8SvqTOaxNZoY6ZxLgCuFeMfj8xYi9lUJuKDlA8520qipoBs=
last-modified: Thu, 14 Apr 2022 09:06:26 GMT
server: cloudflare
etag: W/"2195fa1153170d02f4e8ffe85e34c5b2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 0P7ivI0fxCKSZ0gTEie59OTCIkM7d5eE
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d573cd55c62-FRA
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H3 200 5260.626b1a4f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 150 KB
39 KB 84ms
81ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5260.626b1a4f.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a81b674bedff3bff07f4f79c82d99f7fb4abc4d051725c3d370506bbfc002540

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 768325
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH0NGF7PM5XVM3Q
x-amz-id-2: tUN9V2+xFd4zjSA+ZMII7pflnNw+pyPpiJtuuyR339PAg2pEfEqGPZ4lYH2M6DDxdgzZ7ePoFLk=
last-modified: Thu, 14 Apr 2022 09:06:29 GMT
server: cloudflare
etag: W/"d54dc2b69a8408e4b05103b956019a69"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: XEFVan_esU9zit2XEfJ9ZVMckrSpVrqN
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d573cfe5c62-FRA
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H3 200 4869.8291240f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 17 KB
6 KB 85ms
82ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4869.8291240f.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

30e1a6bf4b5c74a541f197d4846a74c778b971d7781e4ed884f5998a286abb4c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 343112
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 3HPAXY3S3JM1JGCQ
x-amz-id-2: A3bDweDeALOAwdmNjqSg8sEMgaNUyinZ8xtk3NU2+2AcwtKBdqVfqEWzbE18m/GbxTGkvG1TEAk=
last-modified: Tue, 19 Apr 2022 23:16:55 GMT
server: cloudflare
etag: W/"e1379e21a2011f93b063d7428e86c291"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 1CO4NnJt45enFnCCLjZNoxupEP..cDwh
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d573cff5c62-FRA
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H3 200 7404.531e1078.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 22 KB
6 KB 86ms
83ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7404.531e1078.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c108d23203210bd05eccb17b3a0da55998114923136898a4974cf79937a22151

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 768325
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNHDT3YVNV2XZQR3
x-amz-id-2: ehb63TOKN9TCs4vED9kKrnIK1apetD/y1LRT0EQpAmVWRDsyHECuGlRbMconLTqH7hRan/2uM24=
last-modified: Thu, 14 Apr 2022 09:06:32 GMT
server: cloudflare
etag: W/"d0bc3d4525fce31951de95b94e99e4fc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 4NZHYH9C2mIIj60xQabg5TkAEssLTQTj
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d573d005c62-FRA
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H3 200 455.ec8cb7d4.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 20 KB
6 KB 87ms
83ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/455.ec8cb7d4.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd3ce9949e8a59979315dcb0dc1cfaba2f38485f563c680c429956e3925a91fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 768325
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH1JRTJCQ4DS00V
x-amz-id-2: L/1jSUcYBuV76+1i+x4A1KmldHfKb16mMmdqv24PxOXu0srcb4rfvNvw4Y5AJEAWq9knqHifjtE=
last-modified: Thu, 14 Apr 2022 09:06:28 GMT
server: cloudflare
etag: W/"ac369a12224df79664f79fbb0cb6f5c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 9maM_TgDrwji3EW4E8KJPZFyo3qSMcol
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d573d025c62-FRA
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H3 200 7070.088d513c.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 18 KB
6 KB 87ms
83ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7070.088d513c.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9b01204c367b33010f85cfd42e023acd087dd548f8dfa8e68b18cacb45e1f876

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 768325
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH32NHX2PK3308V
x-amz-id-2: zsvx/2w1ItKRz24BnsDl2fEJq4IZfPeeSEGQvT066vYkRPZNDOGz5UOf42N7pg1czdlQpuPnmjk=
last-modified: Thu, 14 Apr 2022 09:06:31 GMT
server: cloudflare
etag: W/"4d8fdc449efd237280288bbf688558f2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: K0muy9JORxUH6p6bJfgV09ZGno7nymcE
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d573d035c62-FRA
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H3 200 7217.3953b0f0.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
4 KB 88ms
84ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7217.3953b0f0.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e44b89888ba69b9a2e0fbf4cf2e26389f9ecf2711df12d0d286dbbebc1281b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 768325
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNHBYVEYW8BWXXNQ
x-amz-id-2: P0LsJ8j9mlyYmTP45azx+eH4U8lLRKb1lUbqryQn4YVtC5ILscAPJR9rhFMHGH+DeUDK/Eis60c=
last-modified: Thu, 14 Apr 2022 09:06:32 GMT
server: cloudflare
etag: W/"58720bdd388e0656b76f62b4a5ff5342"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: OZwFHpgdUD2sKDAtk4gZmMMvNPTrJlRt
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d573d045c62-FRA
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H3 200 8491.a2b7fab7.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 40 KB
12 KB 88ms
84ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8491.a2b7fab7.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

38111edac6045a680d3d8f2f7d638f024047b53fcc055dc11250d40dd98ee2d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 768325
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH6SVKHC1BPPRR3
x-amz-id-2: 36Hrc4Echk9c0rXd/ZzV2AvDGV98iS/Rer07bucHbq7lb1+RCcRBOopXJ7HxCt0ZJwpVnBB5rWo=
last-modified: Thu, 14 Apr 2022 09:06:34 GMT
server: cloudflare
etag: W/"5d01285ddf2c787bd518a32b366af371"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: Jsy2Lxh1msL6Y.ooRtLzR4d6vHqwlQ3F
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d573d055c62-FRA
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H3 200 9211.b7a00c16.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 13 KB
5 KB 88ms
84ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9211.b7a00c16.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c98433e98decfbc9278b45b95d83623746fcdb2662870afdbc0d9cd6d84caf54

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 768325
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH4W640C9XF6RJN
x-amz-id-2: DRUt8mSyKes8nCq/psp4HGMhhDPpua9crWNc+2eEgEb5nqFc75RzvIl1M2mhUnBmuNlGMDhfBlA=
last-modified: Thu, 14 Apr 2022 09:06:35 GMT
server: cloudflare
etag: W/"577263f7900d50e63a75a1f0f05dbbe5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: VWEllxqkFrnSXO387u0TA6YYdC3U.pgv
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d573d065c62-FRA
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H3 200 6562.6c3f9802.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
3 KB 89ms
84ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6562.6c3f9802.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

68d0a56f118231878b6efb098e52c15c24d01bb1d8ad2f4d6d4237bc4dfc3f3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 351207
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: P1M42AW9QBTBBTZQ
x-amz-id-2: XdlBeJW5OdzmY786nhuIdMkGi2IaxnEmlov0XClJV207SbauWrBY1qFK0AgNP/3pD/YaEE3wnLk=
last-modified: Fri, 15 Apr 2022 15:45:14 GMT
server: cloudflare
etag: W/"1ca654d2edbbd07104403857df5f81b4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: AASPv5ptCk06M_vQZi9Up905TWUR.1Rn
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d573d1b5c62-FRA
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H3 200 7215.d799b2b5.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 37 KB
12 KB 89ms
85ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7215.d799b2b5.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ca1be7fb0f10c09765a6b7bbe5cacd522ef68ca9656954e2ab93ebfbeadd5d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 768325
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH6ASKCBHWEH6YT
x-amz-id-2: thX0A0WpRM7CNFcf0QiWHYAuHXq2b/71GV+8DWH0JZPx+pWB1sXCstFGQZINVjbMbe+ngkvwu0I=
last-modified: Thu, 14 Apr 2022 09:06:32 GMT
server: cloudflare
etag: W/"3c526ca7c5fee7883f16deb523109c91"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 8XpJXp74sBSDTltKZ7Iy4ZGcwhFWJyxk
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d573d1e5c62-FRA
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H3 200 864.41fe9c86.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 16 KB
5 KB 89ms
85ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/864.41fe9c86.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5f8e45dd2eada0aa7f9746e369496a99ed0d1bc70ec364dc99066674373224f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 768325
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: ZTNAF09XCK1FJT5C
x-amz-id-2: dTTttVwlA3PTaKgrh4eq3rmxgPAxiCJymvctDY+V9ov9AlhKhryMTs6tH98N8ocHdHR28jk/7A0=
last-modified: Thu, 14 Apr 2022 09:06:34 GMT
server: cloudflare
etag: W/"fff5133a06973c44d03a9975ebc499f7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 35onYHaq2EFcCuHneGFmh1Rlc_q4dy_H
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d573d1f5c62-FRA
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H3 200 4351.0369de5f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 13 KB
5 KB 92ms
87ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4351.0369de5f.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

823af0ed59d37ff692a804950379a09490c6418e7b18629616ab9b6bc3b7d9ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 768325
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNHCBPE4W0A996V8
x-amz-id-2: ikWd7+eLYjwl8TmJwUxM03Dido2xgcO6wFP9ksGOFjfI4XE/6rk8TJPre7k1fc9qIg18H/76XN0=
last-modified: Thu, 14 Apr 2022 09:06:27 GMT
server: cloudflare
etag: W/"706de7bad195044244572950d562e14d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: LnE7PgGhZCmzrDthwn8d8CF.czjYz2iU
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d573d205c62-FRA
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H3 200 82.83ce6d83.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
5 KB 90ms
85ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/82.83ce6d83.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78a688bf794d2b0344741a5bd24831d2527d999e5395b8f19055b0b82805373d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 768325
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNHDCBR3B6ZMNA8X
x-amz-id-2: qJC1bfUmqAsLIIwNe7N7rxiKFcgwA3LbPEVSUrfDXggaxU5TzfiCXUlaRZhTzGUJfS/J8TMbnsU=
last-modified: Thu, 14 Apr 2022 09:06:33 GMT
server: cloudflare
etag: W/"14e1c3bb89a150e9af8b6e481200d7f9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: pPofGSIVAl0KmPhGyMZSP9BXsaGh4qy_
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d573d215c62-FRA
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H3 200 108.03b9652e.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 100 KB
18 KB 92ms
88ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/108.03b9652e.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55a9dfcc7fb458905a960b1d44c73ef9fd59c959393f31d0e5ecdf99e137a849

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 768325
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH7CFHB8RDR73VJ
x-amz-id-2: kYoF14l5ZxbPwO0NZ+X7+shscUQBWUmUeGhVd5s+iLTzZpfb0QCDxLnTpatDgpMPWsaCDdUegaI=
last-modified: Fri, 15 Apr 2022 08:10:20 GMT
server: cloudflare
etag: W/"7c2ea1f36d696b74936232f1e88900d4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: G2eY.NzI3u6RxUOwjwtpIZlWWV4tJwUj
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d573d235c62-FRA
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H3 200 5281.652a7988.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
3 KB 93ms
88ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5281.652a7988.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2efe526dc817b96a4822fdfbee06c9100af12e59e1e3a20932e6745c35e09988

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 768325
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNHA6FG3QS6BVZBR
x-amz-id-2: bKpvQT0l0R+9iZqrjI+NXH9ySdz2IFP+YXfDKuy5s72Zk70knnO/JKoSdTDbKkL+TCOkHk72s6s=
last-modified: Thu, 14 Apr 2022 09:06:29 GMT
server: cloudflare
etag: W/"04b131139a2938b205f512652ec29a97"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 33irNxWTdFjop9o1_s8tyzZ.0zoR_rMU
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d573d245c62-FRA
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H3 200 4483.0101c012.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 38 KB
11 KB 94ms
89ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4483.0101c012.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

07918926d32c0d5d21c288246436f1cc382a3b9adf3aa176a4b8c0816af62223

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 768325
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH1YTQ6E6M920R7
x-amz-id-2: dYayIGduzTq4ZA4PK7fr/S4vhbNG20MqIBzVL0gN9baEYSZSgb+ekkXPwUV+BVhNUH2dpYE9jQc=
last-modified: Thu, 14 Apr 2022 09:06:27 GMT
server: cloudflare
etag: W/"561e556084890738e5ab71de9801ee5d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: hRmNv03McdnjlIEbnQRlszZjFIUcsYjR
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d573d255c62-FRA
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H3 200 5436.0d53f129.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 46 KB
11 KB 94ms
90ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5436.0d53f129.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d88e666415b3c9cedc3c62c9ad58aee468a4699fd80aaa29f7b91fa8b1ce64bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 768325
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH4MYCK2FPKY1XS
x-amz-id-2: sru++1AI0HptsQztpqru/K++fYXVLAZZ/7/eDbyVI0+59CDZiVxpYV/wR3/15Jdi+OcQk2tDFM4=
last-modified: Thu, 14 Apr 2022 09:06:30 GMT
server: cloudflare
etag: W/"45848e842e41350ef22d108dc3a90d17"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: BM0lF1rKwhOhO_nsVQJcPDzOU1bfIpap
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d573d265c62-FRA
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H3 200 3043.34648c6a.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 16 KB
4 KB 95ms
90ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3043.34648c6a.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

41234e184791c80f9a83742fa6c197d988d2565c6608e0ee4e3373e93e31445b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 958011
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 41JJSBHRFDQ8PDRD
x-amz-id-2: XSga7+dFr1nQbg0udnpaD+ZembEzEPdu+SftY2Oh1KKvw1c9bKoMx1JiDFAD6dkwWt7KaglqoQE=
last-modified: Wed, 13 Apr 2022 09:57:05 GMT
server: cloudflare
etag: W/"57e7dd326c1b4d24e44ed9b8655754f5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: qLLyYE6QMBOdC61niRO7qEtzgOLMz.Fw
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d573d285c62-FRA
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H3 200 8849.e115d3a3.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
4 KB 95ms
90ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8849.e115d3a3.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

10e46dff53123335dce3e87dfc8251b15ed13b86826aa3118739b1243ed6d52c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 768325
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: HAATHP1X27M9HZPW
x-amz-id-2: 683N1h/tXCINTqDwy3VcGYllMGCVmR7O99borv9elo47JM5seRVfVFqZ/3Ntjb+Snb+lPFzB4UA=
last-modified: Thu, 14 Apr 2022 09:06:34 GMT
server: cloudflare
etag: W/"d163a762211dc93b003999a47cafe931"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: ugBxVtgkTa8ZpfcJJs1c.657kjvR0RNP
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d573d295c62-FRA
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H3 200 PostPage.MainContent.87a16840.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 149 KB
35 KB 95ms
90ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/PostPage.MainContent.87a16840.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f8b83a9b6c0b9885f1bbc658ed35a02f4249d18a7139ef598865d7fe1929b3dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 421297
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 08RXRBK3A9JB3K4K
x-amz-id-2: oq1KC1Hxbtyj0PWYqIS0qnjPRjmQAbi2gt2aUmwNf9L9Gi1OFISwvg4BtORKY9mm1BuhBzd9bJc=
last-modified: Mon, 18 Apr 2022 18:58:28 GMT
server: cloudflare
etag: W/"3c4f455ef87c509bc2e585d546d1ba8b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: _7JSubchvF8jN34xOkbX8sL89Occb9rv
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d573d2a5c62-FRA
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H3 200 9855.9e69fa39.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 17 KB
6 KB 96ms
91ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9855.9e69fa39.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b8abac313c0dae8e2709ed36c1c1676d1a8a86c8e3a3965a179442e669c25afa

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 768325
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH7H59J7QC6V68X
x-amz-id-2: gyS8ldjT8aws/lMw9VGPbkNS48v4x0dQz9XhRbQlSgj4SBP/PTxNceMrNo1pV1Nwwd1aERiim2E=
last-modified: Fri, 15 Apr 2022 18:26:13 GMT
server: cloudflare
etag: W/"01bbdff36d0c4903b3d076b034dbd253"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: koXbgREQZJn8hxN5mgAbbW0MQggqXgDa
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d573d2c5c62-FRA
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H3 200 6867.bcfa4e6c.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
3 KB 96ms
91ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6867.bcfa4e6c.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

045676d2831ed605d4edf201f9b8e3bc4fc46e4d488d9e677b6fa83043de6720

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 768325
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH7YTTQSSZG18XS
x-amz-id-2: XKHuYZfu5msrcHtwsAJFK4PajzVv2H7yH2KREVMevuFRrEo3FhDJ5YzD9YCBOURVowD9fmNpvk0=
last-modified: Thu, 14 Apr 2022 09:06:31 GMT
server: cloudflare
etag: W/"c35955eb45367a3c5a61cb3e5279c051"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: T1iOWUKz_Z7hLHCKM26CR_AUg99Ys3ui
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d573d2d5c62-FRA
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H3 200 8267.bd6c7fcc.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 14 KB
5 KB 96ms
91ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8267.bd6c7fcc.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0e862a957a95b167600d06cd2c964ac06266092937f8ca2f587d302221e07736

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 768325
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH9TT2FRDHEJAJN
x-amz-id-2: CzZXWd4XJhBL5DlE2SA+PFp4LcvTYJPcsYcI34zw48MscRCdM4Mw+AsEGsodT9ffByISg9U31vw=
last-modified: Thu, 14 Apr 2022 09:06:33 GMT
server: cloudflare
etag: W/"6398675540e0c71d315b2ef2e05ed6fc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: fgCIJoEUvzHhaObJL5yEPMH3fkD2i4oj
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d573d2e5c62-FRA
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H3 200 PostPage.RightColumnContent.525c2d1b.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 29 KB
8 KB 97ms
91ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/PostPage.RightColumnContent.525c2d1b.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6515e1b20043c4803151cb909ad2b8123e47c9e92c7067d7c8df5a9172d80847

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 768325
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH1M7QMKR4PXV8S
x-amz-id-2: YsioLejBayHERSwtCh+B7t58fwo2Zi9LfbGgzInIrAa93yLVOLogn4qHRw6QhND5yl1PhFX90qg=
last-modified: Fri, 15 Apr 2022 08:10:45 GMT
server: cloudflare
etag: W/"a9c35206b49a53286cb65dececc301ef"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: dN4n2MJ9aZr5EpgkfNUiRA0BgPPcRPKs
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d573d305c62-FRA
expires: Mon, 24 Apr 2023 16:44:10 GMT

GET
H3 200 4792.14f7a597.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 92 KB
24 KB 29ms
29ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4792.14f7a597.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.b06b69eb.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

037c0651d9c9b72d1c9a88010e2530907e7fbca66d4f1c97bceea1393f1e7c3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 768325
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: HAAK2JN6DE2M03W6
x-amz-id-2: Ypea0MIYkuTkpRkidUVMlfjFOekUzA45uC+Vg260xcsMfq7uG8JtKFIS4kZQE6pRewZ1DuqXM8M=
last-modified: Thu, 14 Apr 2022 09:06:28 GMT
server: cloudflare
etag: W/"68d93728be9339fe82bac120d5ca3d8d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: G5oQk1h_lSKJ4xkTzMHQRHB7mff9ylPH
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d5bbdc05c62-FRA
expires: Mon, 24 Apr 2023 16:44:11 GMT

GET
H3 200 7084.b2e2a6eb.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 68 KB
19 KB 32ms
31ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7084.b2e2a6eb.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.b06b69eb.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5f9800223ce8f0691ee91d0721640086a5022d8c27d9497adbef62b5b76678aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 768325
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: HAAQ1BHG1Q16PVH1
x-amz-id-2: rpTC/g1yauiB3ex3gZ+cTKDlgxEFf7nDWcxwzgh1Yqr5GFF4SJIy94jJA7RtkinTdZa5o0XjG1A=
last-modified: Thu, 14 Apr 2022 09:06:31 GMT
server: cloudflare
etag: W/"73521766007a340f43277ee2bb9cef8e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: cfpB7exect7gEoieK.cn9tDJbfHjhHR.
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d5bbdc45c62-FRA
expires: Mon, 24 Apr 2023 16:44:11 GMT

GET
H3 200 8537.29ab83f7.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 7 KB
3 KB 26ms
25ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8537.29ab83f7.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.b06b69eb.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5679f29ecd4ef217d09efc2f24975ae464eaacb7f2a5d0c6d8f8826da7ec021b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 768325
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: HAANM2B6MZQ1F68J
x-amz-id-2: 84d2zFKasory9ZlNDSGTzv3EI87GPZohOsS6HQXKDHJfZxnTUM7J1mJ4vUF7Ru6V2JeVI0zORIo=
last-modified: Thu, 14 Apr 2022 09:06:34 GMT
server: cloudflare
etag: W/"e184386ab56bc2c712b8e6fbc4f83a8f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: Qk_8LgS9pAqsMKxCAf8ZI8XsRNIYBH9A
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d5bbdc85c62-FRA
expires: Mon, 24 Apr 2023 16:44:11 GMT

GET
H3 200 3551.69fe8b4c.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 22 KB
8 KB 32ms
32ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3551.69fe8b4c.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.b06b69eb.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e4cb950f759cf04de04b107cf1a1d3d7beb457c57abbb06ba0e53353d6854435

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 768325
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: HAAMWT2XVG25CV99
x-amz-id-2: O92GO+f5wp4MZTPejDTn027EcUMgktwemYti2/OluHYSoWgSQr9BjKB8dPZlk2XUWR7lcrHbwk0=
last-modified: Thu, 14 Apr 2022 09:06:26 GMT
server: cloudflare
etag: W/"bbfd20f6707f94928e866764ecff85e8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: ayC7oy9vYwAPAudL09GUE6theIm7Cjz_
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d5bbdcb5c62-FRA
expires: Mon, 24 Apr 2023 16:44:11 GMT

GET
H3 200 9104.d15c7fd3.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 93 KB
27 KB 32ms
32ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9104.d15c7fd3.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.b06b69eb.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f6da58ca59f2d4d96243cad2a0e35cdef45ded2eaa9f2288080cbb8f1a6b2e82

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 178773
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: QEQG1NQ8J5CB39CW
x-amz-id-2: g5IYOXQ9mUKoAEomLHx2Hx3CTMEbyMdOVut6d64NtPVU9YZCmoP6u5c9ErbYOUXj8WIA4/rrbYk=
last-modified: Fri, 22 Apr 2022 08:22:49 GMT
server: cloudflare
etag: W/"2f090aef0d5d462631bb3c8eb2c005b4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: lp88Tinxiq7hM9Uc.oqB0CgCT8vY1VHj
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d5bbdce5c62-FRA
expires: Mon, 24 Apr 2023 16:44:11 GMT

GET
H3 200 ThreadedResponsesSidebar.5bca90ec.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 11 KB
5 KB 26ms
26ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/ThreadedResponsesSidebar.5bca90ec.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.b06b69eb.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e46ae7646156ceff7f10d7adf0ce70c42fe739a24a769c52b7377f7985d56ecb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 768325
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: HAAPMGZVJHNV5J09
x-amz-id-2: eF4yArygea9fVOUXGzbQQJNVcfA3odVWQVHCxt5IMmeKzyNRm4Msc5B29hxHg3vP7Uq2gsNocLY=
last-modified: Thu, 14 Apr 2022 09:07:04 GMT
server: cloudflare
etag: W/"6cb059260c23a64ab427e5204bbbf3f8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: cZnuP3jpIHqMOMoLkKnEZh4blbs.yVCq
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d5bbdd05c62-FRA
expires: Mon, 24 Apr 2023 16:44:11 GMT

GET
H3 200 1*dmbNkD5D-u45r44go_cf0g.png
miro.medium.com/fit/c/24/24/ 383 B
790 B 31ms
30ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/24/24/1*dmbNkD5D-u45r44go_cf0g.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c7472f7ddd48154cafa5966a38a523318a4c9463190594712195bfaba962220a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 162174
x-envoy-upstream-service-time: 25
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 383
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 70104d5d68de5c62-FRA
expires: Tue, 24 May 2022 16:44:11 GMT

GET
H3 200 1*dmbNkD5D-u45r44go_cf0g.png
miro.medium.com/fit/c/20/20/ 310 B
717 B 25ms
25ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*dmbNkD5D-u45r44go_cf0g.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c2294c42a99ae9402581e67fe5c0262d7ebf4cc7f45bfe9fd2f00862e304f4a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 102678
x-envoy-upstream-service-time: 137
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 310
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 70104d5d68e05c62-FRA
expires: Tue, 24 May 2022 16:44:11 GMT

GET
H3 200 0*funYCBH8ZLu6MSOA.png
miro.medium.com/focal/56/56/50/50/ 6 KB
6 KB 119ms
119ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/0*funYCBH8ZLu6MSOA.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7dc1ac3963739085f30313b6294292f19b68bb076beba9642d2652b276967549

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 74
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5772
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70104d5d68e15c62-FRA
expires: Tue, 24 May 2022 16:44:11 GMT

GET
H3 200 1*OhkxLCD1h_TSBTPOP75Rrg.png
miro.medium.com/fit/c/20/20/ 540 B
946 B 24ms
23ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*OhkxLCD1h_TSBTPOP75Rrg.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2a6c287292c89e788fe136d073d55950c4345786d7f590262fb0f61372e920c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 69213
x-envoy-upstream-service-time: 71
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 540
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70104d5d68e35c62-FRA
expires: Tue, 24 May 2022 16:44:11 GMT

GET
H3 200 0*2eLT5gtF_KWAOWDJ.jpg
miro.medium.com/focal/56/56/50/50/ 2 KB
2 KB 121ms
120ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/0*2eLT5gtF_KWAOWDJ.jpg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7cecbc0454ccefb6b943e7855674145b4b0bb7c7687d6caa53969ecb0fedb8aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 39
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2071
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70104d5d68e55c62-FRA
expires: Tue, 24 May 2022 16:44:11 GMT

GET
H3 200 0*Uw3fhYnqOQUckfNr
miro.medium.com/fit/c/20/20/ 1011 B
1 KB 149ms
148ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/0*Uw3fhYnqOQUckfNr

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7b243c310368ac236c9e0156e67ffd2a570d2159d41b4bea8d118f78becb922d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 80
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1011
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70104d5d68e75c62-FRA
expires: Tue, 24 May 2022 16:44:11 GMT

GET
H3 200 0*qRuNqaPIwhZX8VwV
miro.medium.com/focal/56/56/50/50/ 1 KB
2 KB 124ms
123ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/0*qRuNqaPIwhZX8VwV

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d7aca262af2707ffcedd0661f2d29ed60ce73979fcc14b7f954ea77959d4ab00

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 37
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1254
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70104d5d68e85c62-FRA
expires: Tue, 24 May 2022 16:44:11 GMT

GET
H3 200 1*Ud-Mz31o0jymGcyxb-h9fg.png
miro.medium.com/fit/c/20/20/ 780 B
1 KB 27ms
26ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*Ud-Mz31o0jymGcyxb-h9fg.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dadf143c638e50c0789b00847977d5e774b178b8852e7babcfe6ebc265f6c97

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 20415
x-envoy-upstream-service-time: 214
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 780
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70104d5d68eb5c62-FRA
expires: Tue, 24 May 2022 16:44:11 GMT

GET
H3 200 1*uBtxrj-S5TSb9QlA9GC9Hg.png
miro.medium.com/focal/56/56/50/50/ 3 KB
3 KB 123ms
122ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/1*uBtxrj-S5TSb9QlA9GC9Hg.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cc9b3941e4c4b9915a3c8ca5e163a47c1626f479eaa81957999c9c82cb67e2dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 66
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2667
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70104d5d68ed5c62-FRA
expires: Tue, 24 May 2022 16:44:11 GMT

GET
H3 200 1*3v0ktJZ-a-uV7KOqs9vF6Q.png
miro.medium.com/fit/c/20/20/ 256 B
663 B 25ms
24ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*3v0ktJZ-a-uV7KOqs9vF6Q.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7f3afe001413f291b7af730bb71a8899ff5bdee07b171ea0f04156c79e6d844e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 303772
x-envoy-upstream-service-time: 63
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 256
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70104d5d68f45c62-FRA
expires: Tue, 24 May 2022 16:44:11 GMT

GET
H3 200 1*FvKkCmvRbz2I_-A63PkVAA.jpeg
miro.medium.com/focal/56/56/50/50/ 2 KB
2 KB 125ms
124ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/1*FvKkCmvRbz2I_-A63PkVAA.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e31f148f139d49c028556ba274f680cc2a6d1f96fe89541fc2849ed96d419e16

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 59
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2097
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70104d5d68f85c62-FRA
expires: Tue, 24 May 2022 16:44:11 GMT

GET
H3 200 0*HLYpVTCwkw28aG-J.
miro.medium.com/fit/c/20/20/ 1 KB
1 KB 26ms
24ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/0*HLYpVTCwkw28aG-J.

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e63478f8570615ddb8b60a003172417b06b0c41095a1547d68f99f7e978226ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2195
x-envoy-upstream-service-time: 58
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1033
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70104d5d68fa5c62-FRA
expires: Tue, 24 May 2022 16:44:11 GMT

GET
H3 200 0*6zHm9Xvv2-Mk16aw
miro.medium.com/focal/56/56/50/50/ 2 KB
2 KB 122ms
120ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/0*6zHm9Xvv2-Mk16aw

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f971121e33137fadaffc6af055b1c7bfc5029282d408fbdeec05ec54a4183be5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 53
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1922
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70104d5d68fb5c62-FRA
expires: Tue, 24 May 2022 16:44:11 GMT

GET
H3 200 1*jfE28M-bdq3M0NssXEFf5A.jpeg
miro.medium.com/fit/c/20/20/ 1 KB
1 KB 144ms
142ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*jfE28M-bdq3M0NssXEFf5A.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

66706ccfc96b02938665a6f1cf55d834146b25e7074ddc13ce1690438a254419

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 83
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1066
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70104d5d68fd5c62-FRA
expires: Tue, 24 May 2022 16:44:11 GMT

GET
H3 200 1*g4HX3lGJhhvXcethuYQ3fQ.gif
miro.medium.com/freeze/focal/56/56/50/50/ 657 B
1 KB 130ms
129ms Image
image/gif 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/freeze/focal/56/56/50/50/1*g4HX3lGJhhvXcethuYQ3fQ.gif

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c46d79750c4f38ceab20ad7f9b3971a0d20301af94b5b0268708d8f93c138e93

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 45
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 657
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/gif
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70104d5d68ff5c62-FRA
expires: Tue, 24 May 2022 16:44:11 GMT

GET
H3 200 1*lgzd8uaVC9kPSPblONEoiQ.jpeg
miro.medium.com/fit/c/20/20/ 974 B
1 KB 117ms
116ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*lgzd8uaVC9kPSPblONEoiQ.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f0205dc64948b458e93fa7fd762b93fad08a841c9e1865c659e3f44e52b17bc4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 69
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 974
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70104d5d69005c62-FRA
expires: Tue, 24 May 2022 16:44:11 GMT

GET
H3 200 1*Ep5kKJag6JEyemtyYFGO9A.png
miro.medium.com/focal/56/56/50/50/ 6 KB
7 KB 124ms
123ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/1*Ep5kKJag6JEyemtyYFGO9A.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0444a292e5617a3bc31414d691f00a3f3b1c8b413a3d97a133c686e12fc00a56

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 36
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6510
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70104d5d69015c62-FRA
expires: Tue, 24 May 2022 16:44:11 GMT

GET
H3 200 2*RaresSjZlyaur6QF_UWGew.jpeg
miro.medium.com/fit/c/20/20/ 967 B
1 KB 25ms
23ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/2*RaresSjZlyaur6QF_UWGew.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0352192b40314e1e6e58e40e662e634e6d4ac6b04639be6695d87f809dc81796

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 5576
x-envoy-upstream-service-time: 49
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 967
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70104d5d69035c62-FRA
expires: Tue, 24 May 2022 16:44:11 GMT

GET
H3 200 0*JBqZtxUM88_58wK_.jpg
miro.medium.com/focal/56/56/50/50/ 1 KB
2 KB 27ms
26ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/0*JBqZtxUM88_58wK_.jpg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2a75a9015bd3eeabc7da9a5114494940fe7d96551cdaa47eec60950b0f658824

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 5576
x-envoy-upstream-service-time: 381
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1498
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70104d5d69045c62-FRA
expires: Tue, 24 May 2022 16:44:11 GMT

GET
H3 200 1*9vbms7n4gmYFKurrWMOukQ.jpeg
miro.medium.com/fit/c/20/20/ 989 B
1 KB 27ms
26ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*9vbms7n4gmYFKurrWMOukQ.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d7c73e5b5ada98711f2bf2ef8e6b72351d096e2fe1eb351552d7a943e782abdd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 111774
x-envoy-upstream-service-time: 39
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 989
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70104d5d69065c62-FRA
expires: Tue, 24 May 2022 16:44:11 GMT

GET
H3 200 1*C5lb7jEZgGmlx9qP_heTFw.jpeg
miro.medium.com/focal/56/56/50/50/ 2 KB
2 KB 35ms
34ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/1*C5lb7jEZgGmlx9qP_heTFw.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6eb93d3025d34d98e78e47ba638c576e124df0b58bc9d6ea0c043af5c1fb3952

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 32325
x-envoy-upstream-service-time: 65
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2125
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 70104d5d69075c62-FRA
expires: Tue, 24 May 2022 16:44:11 GMT

GET
H3 200 1*ecP1reCgkzkxz77n2nlnmQ.jpeg
miro.medium.com/fit/c/20/20/ 923 B
1 KB 119ms
118ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*ecP1reCgkzkxz77n2nlnmQ.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fef3c29a1b31cdb67a1dcb1c37b2c240e38f52afc05bee70387378c20282b355

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 43
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 923
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 70104d5d69095c62-FRA
expires: Tue, 24 May 2022 16:44:11 GMT

POST
H2 200 graphql Show response
posts.specterops.io/_/ 143 B
436 B 116ms
115ms Fetch
application/json 52.5.181.79
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.181.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-181-79.compute-1.amazonaws.com

Software

nginx /

Resource Hash

cb8572fcfda3475d1c47408af104f3579de9a9e43a12ec99f59ec9f227fefdfd

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 2287a2655104ec9f
Medium-Frontend-Path: /revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
Graphql-Operation: VisitorQuery
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
Medium-Frontend-App: lite/main-20220422-205901-123e6f15e2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
apollographql-client-version: main-20220422-205901-123e6f15e2
ot-tracer-spanid: 727e0ed222bee99f

Response headers

date: Sun, 24 Apr 2022 16:44:12 GMT
sepia-upstream: medium
server: nginx
etag: W/"8f-14rwkO/Rncw0KHwB9f9ceFqrmuc"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220422-165907-7310052fbd, rito/main-20220420-162416-61c3e089e7
x-envoy-upstream-service-time: 15
content-length: 143
x-xss-protection: 0
x-request-received-at: 1650818652062

POST
H2 200 graphql Show response
posts.specterops.io/_/ 108 B
429 B 150ms
150ms Fetch
application/json 52.5.181.79
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.181.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-181-79.compute-1.amazonaws.com

Software

nginx /

Resource Hash

02e9e1939e214dfa38c8eab94afca48043e7f00c46e95908662548a7d19819e1

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 2287a2655104ec9f
Medium-Frontend-Path: /revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
Graphql-Operation: PostPageMeterQuery
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
Medium-Frontend-App: lite/main-20220422-205901-123e6f15e2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
apollographql-client-version: main-20220422-205901-123e6f15e2
ot-tracer-spanid: 727e0ed222bee99f

Response headers

date: Sun, 24 Apr 2022 16:44:12 GMT
sepia-upstream: medium
server: nginx
etag: W/"6c-I3CG28DxUiEEF9QH3iLEotaTHR8"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220422-165907-7310052fbd, rito/main-20220420-162416-61c3e089e7, tutu/main-20220422-175648-d1cf9a3057
x-envoy-upstream-service-time: 48
content-length: 108
x-xss-protection: 0
x-request-received-at: 1650818652058

POST
H2 200 graphql Show response
posts.specterops.io/_/ 840 B
1 KB 166ms
166ms Fetch
application/json 52.5.181.79
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.181.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-181-79.compute-1.amazonaws.com

Software

nginx /

Resource Hash

ab9243510534b488df1392c597ccb049f06da76acbda8608d63eb39a5579f665

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 2287a2655104ec9f
Medium-Frontend-Path: /revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
Graphql-Operation: UserViewerEdge
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
Medium-Frontend-App: lite/main-20220422-205901-123e6f15e2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
apollographql-client-version: main-20220422-205901-123e6f15e2
ot-tracer-spanid: 727e0ed222bee99f

Response headers

date: Sun, 24 Apr 2022 16:44:12 GMT
sepia-upstream: medium
server: nginx
etag: W/"348-Rh3BxErVaQPelFqsd4K0IizBufQ"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220422-165907-7310052fbd, rito/main-20220420-162416-61c3e089e7, tutu/main-20220422-175648-d1cf9a3057
x-envoy-upstream-service-time: 65
content-length: 840
x-xss-protection: 0
x-request-received-at: 1650818652058

POST
H2 200 graphql Show response
posts.specterops.io/_/ 33 B
354 B 122ms
122ms Fetch
application/json 52.5.181.79
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.181.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-181-79.compute-1.amazonaws.com

Software

nginx /

Resource Hash

9790eec43905d6a645d41949887aa4d48fc32862b5739da194744e59d9843ce6

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 2287a2655104ec9f
Medium-Frontend-Path: /revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
Graphql-Operation: NewsletterV3ViewerEdge
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
Medium-Frontend-App: lite/main-20220422-205901-123e6f15e2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
apollographql-client-version: main-20220422-205901-123e6f15e2
ot-tracer-spanid: 727e0ed222bee99f

Response headers

date: Sun, 24 Apr 2022 16:44:12 GMT
sepia-upstream: medium
server: nginx
etag: W/"21-wYWzkSPGnZEMaisoTvxqzNqNGzY"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220422-165907-7310052fbd, rito/main-20220420-162416-61c3e089e7, tutu/main-20220422-175648-d1cf9a3057
x-envoy-upstream-service-time: 22
content-length: 33
x-xss-protection: 0
x-request-received-at: 1650818652059

POST
H2 200 graphql Show response
posts.specterops.io/_/ 268 B
589 B 251ms
250ms Fetch
application/json 52.5.181.79
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.181.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-181-79.compute-1.amazonaws.com

Software

nginx /

Resource Hash

6b8ede5fb9ef5848fa606172f7ae9a8d6919ecfb83fc4df2de23feed90540340

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 2287a2655104ec9f
Medium-Frontend-Path: /revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
Graphql-Operation: PostViewerEdgeQuery
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
Medium-Frontend-App: lite/main-20220422-205901-123e6f15e2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
apollographql-client-version: main-20220422-205901-123e6f15e2
ot-tracer-spanid: 727e0ed222bee99f

Response headers

date: Sun, 24 Apr 2022 16:44:12 GMT
sepia-upstream: medium
server: nginx
etag: W/"10c-3tpQPE2e9A/IXauIteZd+MHo42Y"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220422-165907-7310052fbd, rito/main-20220420-162416-61c3e089e7, tutu/main-20220422-175648-d1cf9a3057
x-envoy-upstream-service-time: 59
content-length: 268
x-xss-protection: 0
x-request-received-at: 1650818652150

POST
H2 200 graphql Show response
posts.specterops.io/_/ 103 B
397 B 227ms
227ms Fetch
application/json 52.5.181.79
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.181.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-181-79.compute-1.amazonaws.com

Software

nginx /

Resource Hash

3225bfe93c9c4a01969ea775dea21115e6c99cdb8e166fa3276ecdea02dcf5fb

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 2287a2655104ec9f
Medium-Frontend-Path: /revisiting-remote-desktop-lateral-movement-8fb905cb46c3
Graphql-Operation: MaybeTextToSpeechQuery
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
Medium-Frontend-App: lite/main-20220422-205901-123e6f15e2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
apollographql-client-version: main-20220422-205901-123e6f15e2
ot-tracer-spanid: 727e0ed222bee99f

Response headers

date: Sun, 24 Apr 2022 16:44:12 GMT
sepia-upstream: medium
server: nginx
etag: W/"67-edfMalc743LTsLB0Y0+oaTw5E3E"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220422-165907-7310052fbd, rito/main-20220420-162416-61c3e089e7
x-envoy-upstream-service-time: 33
content-length: 103
x-xss-protection: 0
x-request-received-at: 1650818652165

POST
H2 200 graphql Show response
posts.specterops.io/_/ 96 B
418 B 235ms
235ms Fetch
application/json 52.5.181.79
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.181.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-181-79.compute-1.amazonaws.com

Software

nginx /

Resource Hash

46a7bd21b15c1ca7c8608cf1a756f52c52c978a9570e2170ce06156c80d2b76b

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 2287a2655104ec9f
Medium-Frontend-Path: /revisiting-remote-desktop-lateral-movement-8fb905cb46c3
Graphql-Operation: InteractivePostBodyQuery
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
Medium-Frontend-App: lite/main-20220422-205901-123e6f15e2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
apollographql-client-version: main-20220422-205901-123e6f15e2
ot-tracer-spanid: 727e0ed222bee99f

Response headers

date: Sun, 24 Apr 2022 16:44:12 GMT
sepia-upstream: medium
server: nginx
etag: W/"60-UHyxTOX1DmbeWKvA7GYCTKc+X7M"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220422-165907-7310052fbd, rito/main-20220420-162416-61c3e089e7, tutu/main-20220422-175648-d1cf9a3057
x-envoy-upstream-service-time: 46
content-length: 96
x-xss-protection: 0
x-request-received-at: 1650818652149

GET
H3 200 responses.editor.857df5ad.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
4 KB 36ms
36ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/responses.editor.857df5ad.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.b06b69eb.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c91ebb44296a087c6734815b767b2631cf21cbb446757abe01d92ebb97323a4a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 768325
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 887XZEAFQ44HRT6J
x-amz-id-2: flfXVoow0Wmc3WN/tyqoDVzkRf7DYQv4tJYETVVuuy28XaXVMqn40KHtB0lK5e8LRimUG5SDIZo=
last-modified: Thu, 14 Apr 2022 09:07:31 GMT
server: cloudflare
etag: W/"195376c9eb500dd7a4c4583562103d50"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: n9gS1uYafrO67iJ9cRLDZTxo6qKQufkF
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 70104d5f5ccd5c62-FRA
expires: Mon, 24 Apr 2023 16:44:12 GMT

GET
H3 200 sohne-400-italic.woff
glyph.medium.com/font/3887986/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 19 KB
20 KB 33ms
33ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/3887986/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-400-italic.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d4997e3de54c0bc7f4b845fb053c714d48c52eed08a18f7555b2abc003e1990

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 5101603
x-envoy-upstream-service-time: 33
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 70104d5f5d749a0b-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Mon, 24 Apr 2023 16:44:12 GMT

POST
H2 200 graphql Show response
posts.specterops.io/_/ 3 KB
1 KB 215ms
215ms Fetch
application/json 52.5.181.79
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.181.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-181-79.compute-1.amazonaws.com

Software

nginx /

Resource Hash

e0173e1b4fb75a2caacace68713a01cafd40c3c93e163593cc0560b7fabf3ca0

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 2287a2655104ec9f
Medium-Frontend-Path: /revisiting-remote-desktop-lateral-movement-8fb905cb46c3
Graphql-Operation: PagedThreadedPostResponsesQuery
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
Medium-Frontend-App: lite/main-20220422-205901-123e6f15e2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
apollographql-client-version: main-20220422-205901-123e6f15e2
ot-tracer-spanid: 727e0ed222bee99f

Response headers

date: Sun, 24 Apr 2022 16:44:12 GMT
content-encoding: gzip
sepia-upstream: medium
server: nginx
etag: W/"a3f-resYWWL7A/xWdSnhPGaC3ExcUvI"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220422-165907-7310052fbd, rito/main-20220420-162416-61c3e089e7, tutu/main-20220422-175648-d1cf9a3057
x-envoy-upstream-service-time: 106
x-xss-protection: 0
x-request-received-at: 1650818652153

POST
H2 200 /
posts.specterops.io/_/clientele/reports/performance/ 0
0 104ms
104ms Fetch
application/octet-stream 52.5.181.79
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://posts.specterops.io/_/clientele/reports/performance/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.2a0353f2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.5.181.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-5-181-79.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 24 Apr 2022 16:44:12 GMT
medium-fulfilled-by: valencia/main-20220422-165907-7310052fbd, clientele/main-20220415-143145-f9ab5ad4ad
x-envoy-upstream-service-time: 5
sepia-upstream: medium
server: nginx
content-length: 0
content-type: application/octet-stream

POST
H2 200 /
posts.specterops.io/_/clientele/reports/performance/ 0
0 106ms
106ms Fetch
application/octet-stream 52.5.181.79
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://posts.specterops.io/_/clientele/reports/performance/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.2a0353f2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.5.181.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-5-181-79.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 24 Apr 2022 16:44:12 GMT
medium-fulfilled-by: valencia/main-20220422-165907-7310052fbd, clientele/main-20220415-143145-f9ab5ad4ad
x-envoy-upstream-service-time: 5
sepia-upstream: medium
server: nginx
content-length: 0
content-type: application/octet-stream

POST
H2 200 /
posts.specterops.io/_/clientele/reports/performance/ 0
0 107ms
106ms Fetch
application/octet-stream 52.5.181.79
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://posts.specterops.io/_/clientele/reports/performance/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.2a0353f2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.5.181.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-5-181-79.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 24 Apr 2022 16:44:12 GMT
medium-fulfilled-by: valencia/main-20220422-165907-7310052fbd, clientele/main-20220415-143145-f9ab5ad4ad
x-envoy-upstream-service-time: 5
sepia-upstream: medium
server: nginx
content-length: 0
content-type: application/octet-stream

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 62ms
24ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 4162
date: Sun, 24 Apr 2022 15:34:50 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Sun, 24 Apr 2022 17:34:50 GMT

GET
H2 200 branch-latest.min.js Show response
cdn.branch.io/ 79 KB
24 KB 39ms
9ms Script
text/javascript 13.225.80.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.branch.io/branch-latest.min.js
Requested by: Host: posts.specterops.io
URL: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3?gi=7decdbd78cef
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.80.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-80-6.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 93019ef931f847b3f88047feb3c87914c648839920dfd0482fe4d640a106372e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-amz-version-id: dPcbo._dc8laXt1CGk.P2lrH66o74Yit
content-encoding: gzip
last-modified: Thu, 14 Oct 2021 16:27:46 GMT
server: AmazonS3
age: 90
etag: "49d34b8e058b253d35893807b3bac09d"
x-cache: Hit from cloudfront
content-type: text/javascript
via: 1.1 21a3da42c823b5a4a2d9c4c63248bbd6.cloudfront.net (CloudFront)
cache-control: max-age=300
date: Sun, 24 Apr 2022 16:42:43 GMT
x-amz-cf-pop: FRA2-C2
content-length: 23872
x-amz-cf-id: ohYkzDt2RS6B31JcqDCZoNDJ3zBehS7djeL_qJ9az4TQ5BbxDdN8aQ==

GET
H2 200 _r Show response
app.link/ 91 B
566 B 502ms
168ms Script
text/javascript 2600:9000:2363:4000:19:9934:6a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.link/_r?sdk=web2.59.0&branch_key=key_live_ofxXr2qTrrU9NqURK8ZwEhknBxiI6KBm&callback=branch_callback__0

Requested by

Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2363:4000:19:9934:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

openresty / Express

Resource Hash

cb838a23297787415887bbef8f8ac2a6854b728975414e79a37fe403d2b1ee29

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sun, 24 Apr 2022 16:44:13 GMT
via: 1.1 61ef32a4a99ff5a643cb4feaafaac43a.cloudfront.net (CloudFront)
x-content-type-options: nosniff
server: openresty
x-amz-cf-pop: LAX53-P2
x-powered-by: Express
x-cache: Miss from cloudfront
content-type: text/javascript; charset=utf-8
content-length: 91
etag: W/"5b-RWO1m9Z+BFk7iHp1eDmOJeKfR0w"
x-amz-cf-id: OO8DVcC9Qwj40PgTTc2A5J8JSiE3296Wh5VlHrY9pW1e0m3-WgtK8w==

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 49ms
21ms XHR
text/plain 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=339793518&t=pageview&_s=1&dl=https%3A%2F%2Fposts.specterops.io%2Frevisiting-remote-desktop-lateral-movement-8fb905cb46c3&ul=en-us&de=UTF-8&dt=Revisiting%20Remote%20Desktop%20Lateral%20Movement%20%7C%20by%20Steven%20F%20%7C%20Posts%20By%20SpecterOps%20Team%20Members&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=804257234&gjid=838749972&cid=2066492504.1650818653&tid=UA-24232453-2&_gid=1483354973.1650818653&_r=1&_slc=1&z=1296061829

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 24 Apr 2022 16:44:13 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://posts.specterops.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 46ms
22ms XHR
text/plain 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=339793518&t=pageview&_s=1&dl=https%3A%2F%2Fposts.specterops.io%2Frevisiting-remote-desktop-lateral-movement-8fb905cb46c3&ul=en-us&de=UTF-8&dt=Revisiting%20Remote%20Desktop%20Lateral%20Movement%20%7C%20by%20Steven%20F%20%7C%20Posts%20By%20SpecterOps%20Team%20Members&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEDAAEABAAAAAC~&jid=868976369&gjid=1233905283&cid=2066492504.1650818653&tid=UA-102239211-2&_gid=1483354973.1650818653&_r=1&_slc=1&z=756591980

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 24 Apr 2022 16:44:13 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://posts.specterops.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 400 graphql Show response
posts.specterops.io/_/ 138 B
450 B 202ms
201ms Fetch
text/html 52.5.181.79
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.181.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-181-79.compute-1.amazonaws.com

Software

nginx /

Resource Hash

dc0a4948011b3bf48695d6b088a8ad2a65b902eee0dfa2bff5ec3b7d77e9941c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 2287a2655104ec9f
Medium-Frontend-Path: /revisiting-remote-desktop-lateral-movement-8fb905cb46c3
Graphql-Operation: PostNextFiveStoriesCollection
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
Medium-Frontend-App: lite/main-20220422-205901-123e6f15e2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
apollographql-client-version: main-20220422-205901-123e6f15e2
ot-tracer-spanid: 727e0ed222bee99f

Response headers

content-security-policy: default-src 'none'
x-content-type-options: nosniff
sepia-upstream: medium
server: nginx
date: Sun, 24 Apr 2022 16:44:13 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220422-165907-7310052fbd, rito/main-20220420-162416-61c3e089e7
x-envoy-upstream-service-time: 7
content-length: 138
x-xss-protection: 0
x-request-received-at: 1650818653301

POST
H2 200 open Show response
api2.branch.io/v1/ 316 B
632 B 2743ms
2622ms XHR
application/json 2600:9000:20e8:7800:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/open
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20e8:7800:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8e31f5d41e2247dfda432cbe02226cf42f4977343aee75fe2fd628846af8faf9

Request headers

Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sun, 24 Apr 2022 16:44:16 GMT
via: 1.1 df2b5b3f847bbe9ad7f475c0831bcc3a.cloudfront.net (CloudFront)
x-amz-cf-pop: TXL52-C1
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache
x-branch-request-id: dd4e106a87b443c6887dfbf4ac9907c6-2022042416
content-length: 316
x-amz-cf-id: F5XSd-oAy5hAYyS4iW-WwMCOWMqrYynWkMi_ZdeTEWCr8guG7pTHfA==

POST
H2 200 profile Show response
api2.branch.io/v1/ 183 B
566 B 210ms
210ms XHR
application/json 2600:9000:20e8:7800:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/profile

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20e8:7800:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ Express

Resource Hash

830697d861d8ae58e0154747bae6a3e0dac8374dba171be2a5cea51ea4209edc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sun, 24 Apr 2022 16:44:16 GMT
via: 1.1 df2b5b3f847bbe9ad7f475c0831bcc3a.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: TXL52-C1
x-powered-by: Express
etag: W/"b7-cpzzC3k6OSxa6trrzz0UBuhARPE"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: 40eff09707fc47fa90964f282f99e033-2022042416
content-length: 183
x-amz-cf-id: a3rTjx3SUFeMFvTg2B-Ien0DNRWEgvVIg55pKqsp38DFBktheWqmVw==

POST
H2 200 batch Show response
posts.specterops.io/_/ 17 B
173 B 256ms
255ms Fetch
application/json 52.5.181.79
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://posts.specterops.io/_/batch
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.2a0353f2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.5.181.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-5-181-79.compute-1.amazonaws.com
Software: nginx /
Resource Hash: f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4

Request headers

Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
x-xsrf-token: 1
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
content-type: application/json

Response headers

date: Sun, 24 Apr 2022 16:44:16 GMT
medium-fulfilled-by: valencia/main-20220422-165907-7310052fbd
x-envoy-upstream-service-time: 153
sepia-upstream: medium
server: nginx
content-length: 17
content-type: application/json

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
389 B 206ms
206ms XHR
application/json 2600:9000:20e8:7800:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/pageview
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20e8:7800:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: / Express
Resource Hash: a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Request headers

Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sun, 24 Apr 2022 16:44:16 GMT
via: 1.1 df2b5b3f847bbe9ad7f475c0831bcc3a.cloudfront.net (CloudFront)
x-amz-cf-pop: TXL52-C1
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: ea59c0999b3f406f9dbe953c7ae27388-2022042416
content-length: 28
x-amz-cf-id: M1b2Ax5y4sZIgcgy5nzJnC3Djx7nuFk0GGFw829q_2gLoI8GPJQvLA==

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
388 B 499ms
498ms XHR
application/json 2600:9000:20e8:7800:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/pageview
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20e8:7800:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: / Express
Resource Hash: a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Request headers

Referer: https://posts.specterops.io/revisiting-remote-desktop-lateral-movement-8fb905cb46c3
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sun, 24 Apr 2022 16:44:17 GMT
via: 1.1 df2b5b3f847bbe9ad7f475c0831bcc3a.cloudfront.net (CloudFront)
x-amz-cf-pop: TXL52-C1
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: 4a5d7124bd8d4b68ba7e952e13d342f4-2022042416
content-length: 28
x-amz-cf-id: y2a60mnlorw7GLaqVmr_rc-DgxaPQ3b6Nyjx-O17t4SXxO6teSiQRQ==

Verdicts & Comments Add Verdict or Comment

24 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.medium.com/	1970-01-20 11:19:14	Name: uid Value: lo_1edd2a3055a0
.medium.com/	1970-01-20 11:19:14	Name: sid Value: 1%3A57J7ANMGv7COml6P8e0yiM18vatqquEIAfmKKOqZ1fyMhZSZV%2F0WDCz%2BEsH4axuE
.medium.com/	1969-12-31 23:59:59	Name: __cfruid Value: c266a9127965b6806ae4ac29f5353ba169085c4c-1650818649
posts.specterops.io/	1970-01-20 11:19:14	Name: uid Value: lo_1edd2a3055a0
posts.specterops.io/	1970-01-20 11:19:14	Name: sid Value: 1:C2oF+r1oGGD6XDP1kAo+TiQY2HIjxOuZ4E8Lz9WPkN721R9hFl0rEq0I4uZvOXtF
posts.specterops.io/	1970-01-20 02:33:39	Name: _dd_s Value: rum=0&expire=1650819551480
.specterops.io/	1970-01-20 20:04:50	Name: _ga Value: GA1.2.2066492504.1650818653
.specterops.io/	1970-01-20 02:35:05	Name: _gid Value: GA1.2.1483354973.1650818653
.specterops.io/	1970-01-20 02:33:38	Name: _gat Value: 1
.specterops.io/	1970-01-20 02:33:38	Name: _gat_tracker0 Value: 1
.app.link/	1970-01-20 11:19:14	Name: _s Value: UoF1X04jX4gQSRB9btQpAZkASq306xfx7LYrVfDB%2FT7WsxnNIRVXh%2BEfDFERwrzw

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://posts.specterops.io/_/graphql Message: Failed to load resource: the server responded with a status of 400 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' https://medium.com

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api2.branch.io
app.link
cdn-client.medium.com
cdn.branch.io
glyph.medium.com
medium.com
miro.medium.com
posts.specterops.io
www.google-analytics.com
13.225.80.6
2600:9000:20e8:7800:11:f728:3040:93a1
2600:9000:2363:4000:19:9934:6a80:93a1
2606:4700:7::a29f:9904
2a00:1450:4001:812::200e
52.5.181.79
014d4c7f34c92a0c51c0fe4c395257e0e4e5d7a1cae86ffae95366e5d74c9902
02e9e1939e214dfa38c8eab94afca48043e7f00c46e95908662548a7d19819e1
0352192b40314e1e6e58e40e662e634e6d4ac6b04639be6695d87f809dc81796
037c0651d9c9b72d1c9a88010e2530907e7fbca66d4f1c97bceea1393f1e7c3d
0444a292e5617a3bc31414d691f00a3f3b1c8b413a3d97a133c686e12fc00a56
045676d2831ed605d4edf201f9b8e3bc4fc46e4d488d9e677b6fa83043de6720
07918926d32c0d5d21c288246436f1cc382a3b9adf3aa176a4b8c0816af62223
089bc26b6ce2d59656666b9437968dca5c763cddc695cfe1850ab4c609511dbf
0a68bdc22aa6d2deedff5c4999e3618222cf20b0902530b7f924b9e2a4300e40
0e862a957a95b167600d06cd2c964ac06266092937f8ca2f587d302221e07736
0ef80b61e1a966ee6dd55d6245a58a609b78eff54c48b2cec57d364dd2dfacb6
0f4dc6dd36a4ae092e32a5c609246219937a469b9f7f5ecb52ce77ba22996045
10e46dff53123335dce3e87dfc8251b15ed13b86826aa3118739b1243ed6d52c
16b223867849c67d463897ff4aa970bc9eb172b5ce0089c824bf15b9279a4d65
1af895ac2e2cc3be64838f39999031dd5c24e71cb21b347f895c3b9a408b2b77
242e60243ac7ce532b33b89902c33af723f7ecc954cd2cbac13a68434a599be1
270b707f109100191ee4b6052c79a1c66ce66fb0f8a83a92e72177ed544fb108
2a6c287292c89e788fe136d073d55950c4345786d7f590262fb0f61372e920c6
2a75a9015bd3eeabc7da9a5114494940fe7d96551cdaa47eec60950b0f658824
2efe526dc817b96a4822fdfbee06c9100af12e59e1e3a20932e6745c35e09988
2f6c2c34730d1750fbeeafda24dea309bda720a0ba14518453b2314f778eda6c
2f9e0b7530752bf0fc36ca6edcf577a733e66607ce130a1e3ef785dc69ed1657
30e1a6bf4b5c74a541f197d4846a74c778b971d7781e4ed884f5998a286abb4c
314bffb6775b5ff58f70ef245efa91a21bb64fd25521c30f796fdf3c7b72b98d
3225bfe93c9c4a01969ea775dea21115e6c99cdb8e166fa3276ecdea02dcf5fb
38111edac6045a680d3d8f2f7d638f024047b53fcc055dc11250d40dd98ee2d1
3ca1be7fb0f10c09765a6b7bbe5cacd522ef68ca9656954e2ab93ebfbeadd5d5
3d4997e3de54c0bc7f4b845fb053c714d48c52eed08a18f7555b2abc003e1990
3dadf143c638e50c0789b00847977d5e774b178b8852e7babcfe6ebc265f6c97
3f6641604da96a97d08c137adde1e15d355fc90c7b18ccc7893ac260dbb20337
41234e184791c80f9a83742fa6c197d988d2565c6608e0ee4e3373e93e31445b
46a7bd21b15c1ca7c8608cf1a756f52c52c978a9570e2170ce06156c80d2b76b
4fe9ef0ee727afa5d449bcd76ebe42bdcb04b448a1c6d2d7dccfb6c08efbfb61
52b724e8c08586b36b649517fae8132a8e374ef49fe6ad018e0ed807db9235dd
5431a574b9b9ce877ceac8b50e723dee871e664b10a1e4e626c025bb7b7c8cd5
55a9dfcc7fb458905a960b1d44c73ef9fd59c959393f31d0e5ecdf99e137a849
5679f29ecd4ef217d09efc2f24975ae464eaacb7f2a5d0c6d8f8826da7ec021b
579b32b4ab57ca2037c4c1ce0f8d9e1e9f24ade9aa267e78fe00afb519b8f0ab
57d7e335635b2bbec137dff9afc1d284e8efcff1cc28cd2ac92edc8ccddc3749
5a3fcacafda6fff63c09dc96bb91351afb4cf867bc44e2aa58bc179552a1acb7
5a50c182c3abff5281695952c4a4e15735b198053c6ffca9e67d44a2aa8a4696
5f8e45dd2eada0aa7f9746e369496a99ed0d1bc70ec364dc99066674373224f7
5f9800223ce8f0691ee91d0721640086a5022d8c27d9497adbef62b5b76678aa
631d2367c0fa2447811a1ce22c115bc828e6655cfedfc3ba4457ad8694cfd8ea
6515e1b20043c4803151cb909ad2b8123e47c9e92c7067d7c8df5a9172d80847
65f0c65b5db3aa0568c7986479a4a3e909a05a84fb34ced48d70a2d628dd1444
66706ccfc96b02938665a6f1cf55d834146b25e7074ddc13ce1690438a254419
68d0a56f118231878b6efb098e52c15c24d01bb1d8ad2f4d6d4237bc4dfc3f3b
6a59140956a8d1c73faa373177081d22efab75978a99cfe5f25a9dea1645faf8
6b8ede5fb9ef5848fa606172f7ae9a8d6919ecfb83fc4df2de23feed90540340
6d0392b6fc378f712b2d248eaf3d65fd8ec64194ce2c1690b32cf6017d36a0f5
6eb93d3025d34d98e78e47ba638c576e124df0b58bc9d6ea0c043af5c1fb3952
6fce0922ef388ad6f81ae62add760596c852b7c66503f3183cce6943ec5d4f5e
78661d3e6871b6e5c37f3113d811cb3dfc69546449e3b2c28095b6e7f28d9a7d
78a688bf794d2b0344741a5bd24831d2527d999e5395b8f19055b0b82805373d
7b243c310368ac236c9e0156e67ffd2a570d2159d41b4bea8d118f78becb922d
7cecbc0454ccefb6b943e7855674145b4b0bb7c7687d6caa53969ecb0fedb8aa
7dc1ac3963739085f30313b6294292f19b68bb076beba9642d2652b276967549
7e44b89888ba69b9a2e0fbf4cf2e26389f9ecf2711df12d0d286dbbebc1281b4
7f3afe001413f291b7af730bb71a8899ff5bdee07b171ea0f04156c79e6d844e
823af0ed59d37ff692a804950379a09490c6418e7b18629616ab9b6bc3b7d9ce
830697d861d8ae58e0154747bae6a3e0dac8374dba171be2a5cea51ea4209edc
83944c8fb47ac644883671e91b2cada01319f83fe563043fe25f20e0fba5c779
83ba7707bfe79a63651504c93f7a572d83f1effea66a3e9429a4b10f26c38899
84c8712c34fb797bd6aa911669003ec9e520a69251be5f691384ce75b74c5dfa
85b5c086363264e36c43d428b736ef267fb310f119a626ff2a87ed226dd09fdf
8bbe6871b13980a0c8d28ad8267ab8827abb9a9eb1f80691d0e91ffb57a8a51b
8e31f5d41e2247dfda432cbe02226cf42f4977343aee75fe2fd628846af8faf9
93019ef931f847b3f88047feb3c87914c648839920dfd0482fe4d640a106372e
961f2b3e92eba06b032c090511ab8fb8b65ff7f0b471c7bd22817061288f8368
9690d5bc2630c21a2b59021a1495c72a0393f450de96fa9c495ab7daac68cab3
9790eec43905d6a645d41949887aa4d48fc32862b5739da194744e59d9843ce6
9abe5f8b85053850abb6e03c4fde96e2a2ea3f1d9220fdd307f18d5c371d50cd
9b01204c367b33010f85cfd42e023acd087dd548f8dfa8e68b18cacb45e1f876
9c85a3a7964a438b73eb389d4db0b3d0c3f8fe14cf55aed11eaed21334b5469a
9f2c1f3ed67f960d3ba0f120c688de9a9ac07db0a32ef8ad2eec65e703fe62f3
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a132b202e134fc5a2a9179cf72ece97a614f94ba00bce8af1778633d2337557b
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a3231d9c5077d6423b7ab05c50dbb1c953d5213c24ac287793b8217985743321
a8021cf2dae7f4997b2c1a72ffe82fe2ad7fd4299ccfd7279c8fb8892ef0c495
a81b674bedff3bff07f4f79c82d99f7fb4abc4d051725c3d370506bbfc002540
a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb
ab9243510534b488df1392c597ccb049f06da76acbda8608d63eb39a5579f665
b0f424bafe993b016ea96973894f95dfc4290608478a2d7d3fdd080d9b0a60d1
b321bda8dc4e5245a74c21f8c2525cc85494b09844372f5805eaa46b4bb4590b
b373f50586a2241385ba8478d1b664bd8b30399d80cde74ecff4a94363117268
b8abac313c0dae8e2709ed36c1c1676d1a8a86c8e3a3965a179442e669c25afa
ba84748a9b5757f54b19992eb51d80e89836489a7957a504d280ff19de446d98
c108d23203210bd05eccb17b3a0da55998114923136898a4974cf79937a22151
c2294c42a99ae9402581e67fe5c0262d7ebf4cc7f45bfe9fd2f00862e304f4a8
c32aff93dddd5b714ce4192a5180455b682961a306d2a880a4a420826157794a
c46d79750c4f38ceab20ad7f9b3971a0d20301af94b5b0268708d8f93c138e93
c4ce1a0eb9bac0aa8342c79eb85406443b8eb32db4c4532ec5cfc107f5226b3c
c7472f7ddd48154cafa5966a38a523318a4c9463190594712195bfaba962220a
c91ebb44296a087c6734815b767b2631cf21cbb446757abe01d92ebb97323a4a
c98433e98decfbc9278b45b95d83623746fcdb2662870afdbc0d9cd6d84caf54
cb838a23297787415887bbef8f8ac2a6854b728975414e79a37fe403d2b1ee29
cb8572fcfda3475d1c47408af104f3579de9a9e43a12ec99f59ec9f227fefdfd
cc9b3941e4c4b9915a3c8ca5e163a47c1626f479eaa81957999c9c82cb67e2dc
d7aca262af2707ffcedd0661f2d29ed60ce73979fcc14b7f954ea77959d4ab00
d7c73e5b5ada98711f2bf2ef8e6b72351d096e2fe1eb351552d7a943e782abdd
d88e666415b3c9cedc3c62c9ad58aee468a4699fd80aaa29f7b91fa8b1ce64bc
dc0a4948011b3bf48695d6b088a8ad2a65b902eee0dfa2bff5ec3b7d77e9941c
e0173e1b4fb75a2caacace68713a01cafd40c3c93e163593cc0560b7fabf3ca0
e14b232f43866f3a15ba2335e04b1e0964d3b42edaffd115f1e7a1deec1ad122
e31f148f139d49c028556ba274f680cc2a6d1f96fe89541fc2849ed96d419e16
e46ae7646156ceff7f10d7adf0ce70c42fe739a24a769c52b7377f7985d56ecb
e4cb950f759cf04de04b107cf1a1d3d7beb457c57abbb06ba0e53353d6854435
e5c7d6eec6793799ee5594da6b8f51b2f2e5b49d6744ffca0e250613481ab452
e63478f8570615ddb8b60a003172417b06b0c41095a1547d68f99f7e978226ef
e9073d7523e1218c2c456095f0a899badeca563641e7bccf93ff3df0f7dd1afd
e94f5c9ab17624e0617356aa0ce9b87c16a4a62e48ff8ccaabe6963072b76ef8
e9aa297f08feb693c61ad78a788ac152996238fc29d638650aa8b2bda70c064f
ec7121b47a89c0f8c46fc497009d41ebd3f25601b5485753d11bc366050a8e0e
ee6184aa8ad5fa680d2808790bb04a001d8369d143b313da43af3794ab7ea3e5
f0205dc64948b458e93fa7fd762b93fad08a841c9e1865c659e3f44e52b17bc4
f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
f5fa5d264f847e3bcd45c3aedbf330f93c59e6fe473ef54ff9f6aa59c3afffa0
f6da58ca59f2d4d96243cad2a0e35cdef45ded2eaa9f2288080cbb8f1a6b2e82
f734153204010c6d8653cd9c96f140536bcf9f6661f107832a9f6ba464c95deb
f8b83a9b6c0b9885f1bbc658ed35a02f4249d18a7139ef598865d7fe1929b3dd
f971121e33137fadaffc6af055b1c7bfc5029282d408fbdeec05ec54a4183be5
fd3ce9949e8a59979315dcb0dc1cfaba2f38485f563c680c429956e3925a91fb
fef3c29a1b31cdb67a1dcb1c37b2c240e38f52afc05bee70387378c20282b355

posts.specterops.io Open in urlscan Pro 52.5.181.79 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

130 Requests

100 %HTTPS

67 %IPv6

5 Domains

9 Subdomains

6 IPs

2 Countries

1407 kBTransfer

3688 kBSize

11 Cookies

62 Outgoing links

Page URL History

Redirected requests

130 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

posts.specterops.io Open in urlscan Pro
52.5.181.79 Public Scan

Screenshot
Live screenshot

Full Image

130
Requests

100 %
HTTPS

67 %
IPv6

5
Domains

9
Subdomains

6
IPs

2
Countries

1407 kB
Transfer

3688 kB
Size

11
Cookies

130 HTTP transactions
0 data transactions