posts.specterops.io Open in urlscan Pro
52.4.38.70 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Effective URL:
https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
Submission: On February 26 via api (February 26th 2022, 7:25:45 pm UTC) from BE — Scanned from DE

Summary HTTP 94 Redirects Links 64 Behaviour Indicators

Summary

This website contacted 7 IPs in 2 countries across 5 domains to perform 94 HTTP transactions. The main IP is 52.4.38.70, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is posts.specterops.io.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on January 5th 2022. Valid for: a year.

This is the only time posts.specterops.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 12	52.4.38.70 52.4.38.70	14618 (AMAZON-AES) (AMAZON-AES)
1 14	2606:4700:7::... 2606:4700:7::a29f:9804	13335 (CLOUDFLAR...) (CLOUDFLARENET)
61	2606:4700:7::... 2606:4700:7::a29f:9904	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
1	143.204.98.52 143.204.98.52	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:215... 2600:9000:2156:d800:19:9934:6a80:93a1	16509 (AMAZON-02) (AMAZON-02)
4	2600:9000:215... 2600:9000:2156:7e00:11:f728:3040:93a1	16509 (AMAZON-02) (AMAZON-02)
94	7

12 52.4.38.70 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-4-38-70.compute-1.amazonaws.com

posts.specterops.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2606:4700:7::a29f:9804 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
glyph.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
miro.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-client.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

61 2606:4700:7::a29f:9904 (United States)

ASN13335 (CLOUDFLARENET, US)

glyph.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
miro.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-client.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.52 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-52.fra50.r.cloudfront.net

cdn.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:d800:19:9934:6a80:93a1 (United States)

ASN16509 (AMAZON-02, US)

app.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:2156:7e00:11:f728:3040:93a1 (United States)

ASN16509 (AMAZON-02, US)

api2.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
75	medium.com 1 redirects medium.com — Cisco Umbrella Rank: 8719 glyph.medium.com — Cisco Umbrella Rank: 18230 miro.medium.com — Cisco Umbrella Rank: 11300 cdn-client.medium.com — Cisco Umbrella Rank: 19185	1 MB
12	specterops.io 1 redirects posts.specterops.io	56 KB
5	branch.io cdn.branch.io — Cisco Umbrella Rank: 899 api2.branch.io — Cisco Umbrella Rank: 590	26 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 31	20 KB
1	app.link app.link — Cisco Umbrella Rank: 1592	562 B
94	5

	Domain	Requested by
47	cdn-client.medium.com	posts.specterops.io cdn-client.medium.com
19	miro.medium.com	posts.specterops.io
12	posts.specterops.io	1 redirects cdn-client.medium.com
8	glyph.medium.com	posts.specterops.io glyph.medium.com
4	api2.branch.io	cdn-client.medium.com
3	www.google-analytics.com	posts.specterops.io cdn-client.medium.com
1	app.link	cdn.branch.io
1	cdn.branch.io	posts.specterops.io
1	medium.com	1 redirects
94	9

This site contains links to these domains. Also see Links.

Domain
medium.com
rsci.app.link
www.specterops.io
policy.medium.com
mattifestation.medium.com
docs.microsoft.com
www.youtube.com
technet.microsoft.com
www.bleepingcomputer.com
unmitigatedrisk.com
www.download.windowsupdate.com
gist.github.com
msdn.microsoft.com
specterops.io
waynemgreene.medium.com
amarnathnachimuthu.medium.com
frank-andrade.medium.com
altexsoft.medium.com
outsystems.medium.com
seattlewebsitedevelopers.medium.com
towardsdatascience.com
help.medium.com
itunes.apple.com
play.google.com

Subject Issuer	Validity	Valid
posts.specterops.io Sectigo RSA Domain Validation Secure Server CA	`2022-01-05` - `2023-01-05`	a year	crt.sh
medium.com Cloudflare Inc ECC CA-3	`2022-02-26` - `2022-05-27`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.branch.io DigiCert TLS RSA SHA256 2020 CA1	`2021-10-27` - `2022-11-27`	a year	crt.sh
appipv4.link Amazon	`2021-06-24` - `2022-07-23`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
Frame ID: 270B90DC73FB70B7DADEBE2E386455DF
Requests: 94 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Code Signing Certificate Cloning Attacks and Defenses | by Matt Graeber | Posts By SpecterOps Team Members

Page URL History Show full URLs

https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec HTTP 307
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fposts.specterops.io%2Fcode-signi... HTTP 302
https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205... Page URL

Detected technologies

Medium (Blogs) Expand

Overall confidence: 100%
Detected patterns

medium\.com

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Page Statistics

94
Requests

100 %
HTTPS

71 %
IPv6

5
Domains

9
Subdomains

7
IPs

2
Countries

1161 kB
Transfer

3534 kB
Size

13
Cookies

64 Outgoing links

These are links going to different origins than the main page.

URL: https://medium.com/?source=post_page-----6f98657fc6ec-----------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&source=post_page-----6f98657fc6ec---------------------nav_reg--------------
Title: Sign in

Search URL Search Domain Scan URL

URL: https://rsci.app.link/?%24canonical_url=https%3A%2F%2Fmedium.com%2Fp%2F6f98657fc6ec&%7Efeature=LoOpenInAppButton&%7Echannel=ShowPostUnderCollection&%7Estage=mobileNavBar&source=post_page-----6f98657fc6ec-----------------------------------
Title: Open in app

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&source=post_page-----6f98657fc6ec---------------------nav_reg--------------
Title: Get started

Search URL Search Domain Scan URL

URL: https://www.specterops.io/?source=post_page-----6f98657fc6ec-----------------------------------
Title: specterops.io

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-rules-30e5502c4eb4?source=responses-----6f98657fc6ec-----------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&source=responses-----6f98657fc6ec---------------------respond_sidebar--------------
Title: What are your thoughts?

Search URL Search Domain Scan URL

URL: https://mattifestation.medium.com/?source=post_page-----6f98657fc6ec-----------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fuser%2Fe8e64b89121%2F6f98657fc6ec&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&user=Matt+Graeber&userId=e8e64b89121&source=post_page-e8e64b89121----6f98657fc6ec---------------------follow_byline--------------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=%2F_%2Fapi%2Fsubscriptions%2Fnewsletters%2F7db304d15601&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&newsletterV3=e8e64b89121&newsletterV3Id=7db304d15601&user=Matt+Graeber&userId=e8e64b89121&source=post_page-----6f98657fc6ec---------------------subscribe_user--------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F6f98657fc6ec&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&source=post_actions_header--------------------------bookmark_preview--------------

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/sysinternals/
Title: Sysinternals

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns
Title: Autoruns

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=AEmuhCwFL5I
Title: can be abused

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/powershell/module/pkiclient/new-selfsignedcertificate?view=win10-ps
Title: New-SelfSignedCertificate

Search URL Search Domain Scan URL

URL: https://technet.microsoft.com/en-us/library/cc783813(v=ws.10).aspx
Title: online

Search URL Search Domain Scan URL

URL: https://technet.microsoft.com/en-us/library/cc754841(v=ws.11).aspx
Title: via Group Policy

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/security/popular-usb-audio-driver-ships-with-root-certificate-big-security-no-no/
Title: Savitech audio driver

Search URL Search Domain Scan URL

URL: https://technet.microsoft.com/en-us/library/cc751157.aspx
Title: trusted by Microsoft

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/sysinternals/downloads/sigcheck
Title: sigcheck

Search URL Search Domain Scan URL

URL: http://unmitigatedrisk.com/?p=259
Title: authroot.stl

Search URL Search Domain Scan URL

URL: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Title: this link

Search URL Search Domain Scan URL

URL: https://gist.github.com/mattifestation/c712e525109f786fbaf6ed576b8d2832
Title: crude parser

Search URL Search Domain Scan URL

URL: https://msdn.microsoft.com/en-us/library/windows/desktop/aa377163(v=vs.85).aspx
Title: CertVerifyCertificateChainPolicy

Search URL Search Domain Scan URL

URL: https://specterops.io/assets/resources/SpecterOps_Subverting_Trust_in_Windows.pdf
Title: hijack Subject Interface Packages

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fcollection%2Fspecter-ops-posts%2F6f98657fc6ec&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&collection=Posts+By+SpecterOps+Team+Members&collectionId=f05f8696e3cc&source=post_sidebar--------------------------follow_sidebar--------------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fspecter-ops-posts%2F6f98657fc6ec&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&user=Matt+Graeber&userId=e8e64b89121&source=post_sidebar-----6f98657fc6ec---------------------clap_sidebar--------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F6f98657fc6ec&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&source=post_sidebar-----6f98657fc6ec---------------------bookmark_sidebar--------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fspecter-ops-posts%2F6f98657fc6ec&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&user=Matt+Graeber&userId=e8e64b89121&source=post_actions_footer-----6f98657fc6ec---------------------clap_footer--------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F6f98657fc6ec&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&source=post_actions_footer--------------------------bookmark_footer--------------

Search URL Search Domain Scan URL

URL: https://mattifestation.medium.com/?source=follow_footer-----6f98657fc6ec-----------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fuser%2Fe8e64b89121%2F6f98657fc6ec&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&user=Matt+Graeber&userId=e8e64b89121&source=follow_footer-e8e64b89121----6f98657fc6ec---------------------follow_footer--------------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=%2F_%2Fapi%2Fsubscriptions%2Fnewsletters%2F7db304d15601&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&newsletterV3=e8e64b89121&newsletterV3Id=7db304d15601&user=Matt+Graeber&userId=e8e64b89121&source=follow_footer-----6f98657fc6ec---------------------subscribe_user--------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fcollection%2Fspecter-ops-posts%2F6f98657fc6ec&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&collection=Posts+By+SpecterOps+Team+Members&collectionId=f05f8696e3cc&source=follow_footer-----6f98657fc6ec---------------------follow_footer--------------
Title: Follow

Search URL Search Domain Scan URL

URL: https://waynemgreene.medium.com/wont-get-fooled-again-a-story-of-productization-a9131f217c63?source=post_internal_links---------0-------------------------------
Title: Won’t Get Fooled Again — A Story of Productization

Search URL Search Domain Scan URL

URL: https://waynemgreene.medium.com/?source=post_internal_links---------0-------------------------------
Title: Wayne Greene

Search URL Search Domain Scan URL

URL: https://amarnathnachimuthu.medium.com/standalone-kubernetes-cluster-setup-in-windows-10-fc87bf99266d?source=post_internal_links---------1-------------------------------
Title: Standalone Kubernetes cluster setup in Windows 10

Search URL Search Domain Scan URL

URL: https://amarnathnachimuthu.medium.com/?source=post_internal_links---------1-------------------------------
Title: Amarnath Nachimuthu

Search URL Search Domain Scan URL

URL: https://medium.com/geekculture/a-complete-12-week-course-to-learn-web-scraping-in-python-for-free-659ed05deb00?source=post_internal_links---------2-------------------------------
Title: A Complete 12-Week Course to Learn Web Scraping in Python for Free

Search URL Search Domain Scan URL

URL: https://frank-andrade.medium.com/?source=post_internal_links---------2-------------------------------
Title: Frank Andrade

Search URL Search Domain Scan URL

URL: https://medium.com/geekculture?source=post_internal_links---------2-------------------------------
Title: Geek Culture

Search URL Search Domain Scan URL

URL: https://medium.com/hackernoon/the-good-and-the-bad-of-java-programming-eeaee8918ea?source=post_internal_links---------3-------------------------------
Title: The Good and the Bad of Java Programming

Search URL Search Domain Scan URL

URL: https://altexsoft.medium.com/?source=post_internal_links---------3-------------------------------
Title: AltexSoft Inc

Search URL Search Domain Scan URL

URL: https://medium.com/hackernoon?source=post_internal_links---------3-------------------------------
Title: HackerNoon.com

Search URL Search Domain Scan URL

URL: https://medium.com/graffity-technologies/how-we-reduce-60-cost-for-ml-cluster-with-k8s-60317eae5c9b?source=post_internal_links---------4-------------------------------
Title: How we reduce 60% cost for ML cluster with K8s

Search URL Search Domain Scan URL

URL: https://medium.com/@bankbiz?source=post_internal_links---------4-------------------------------
Title: Thaworn Kangwansinghanat

Search URL Search Domain Scan URL

URL: https://medium.com/graffity-technologies?source=post_internal_links---------4-------------------------------
Title: Graffity Technologies

Search URL Search Domain Scan URL

URL: https://medium.com/outsystems-engineering/inside-outsystems-engineering-sandra-rodrigues-quality-practice-lead-795f930e3edf?source=post_internal_links---------5-------------------------------
Title: Inside OutSystems Engineering — Sandra Rodrigues, Quality Practice Lead

Search URL Search Domain Scan URL

URL: https://outsystems.medium.com/?source=post_internal_links---------5-------------------------------
Title: OutSystems Content

Search URL Search Domain Scan URL

URL: https://medium.com/outsystems-engineering?source=post_internal_links---------5-------------------------------
Title: OutSystems Engineering

Search URL Search Domain Scan URL

URL: https://seattlewebsitedevelopers.medium.com/how-apex-is-tied-with-salesforce-750b9e006fa4?source=post_internal_links---------6-------------------------------
Title: How Apex is tied with Salesforce

Search URL Search Domain Scan URL

URL: https://seattlewebsitedevelopers.medium.com/?source=post_internal_links---------6-------------------------------
Title: Website Developer

Search URL Search Domain Scan URL

URL: https://towardsdatascience.com/image-object-detection-with-tensorflow-js-b8861119ed46?source=post_internal_links---------7-------------------------------
Title: Image Object detection with Tensorflow-js 🤔

Search URL Search Domain Scan URL

URL: https://medium.com/@ideepak.jsd?source=post_internal_links---------7-------------------------------
Title: Deepak Gupta

Search URL Search Domain Scan URL

URL: https://towardsdatascience.com/?source=post_internal_links---------7-------------------------------
Title: Towards Data Science

Search URL Search Domain Scan URL

URL: https://medium.com/about?autoplay=1&source=post_page-----6f98657fc6ec-----------------------------------
Title: Learn more.

Search URL Search Domain Scan URL

URL: https://medium.com/topics?source=post_page-----6f98657fc6ec-----------------------------------
Title: Make Medium yours.

Search URL Search Domain Scan URL

URL: https://medium.com/creator-tools?source=post_page-----6f98657fc6ec-----------------------------------
Title: Write a story on Medium.

Search URL Search Domain Scan URL

URL: https://medium.com/new-story?source=post_page-----6f98657fc6ec-----------------------------------
Title: Write

Search URL Search Domain Scan URL

URL: https://help.medium.com/hc/en-us?source=post_page-----6f98657fc6ec-----------------------------------
Title: Help

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-terms-of-service-9db0094a1e0f?source=post_page-----6f98657fc6ec-----------------------------------
Title: Legal

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/app/medium-everyones-stories/id828256236?pt=698524&mt=8&ct=post_page&source=post_page-----6f98657fc6ec-----------------------------------

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.medium.reader&source=post_page-----6f98657fc6ec-----------------------------------

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-privacy-policy-f03bf92035c9
Title: Privacy Policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec HTTP 307
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec HTTP 302
https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

94 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec Show response
posts.specterops.io/
Redirect Chain

https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

218 KB
50 KB

1159ms
1159ms

Document
text/html

52.4.38.70
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.4.38.70 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-4-38-70.compute-1.amazonaws.com

Software

nginx /

Resource Hash

dc9ebdefdfbc0d05894e56098b72c9abe00b9441ac48f6ac29a25d38975ff3a3

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://medium.com

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

server: nginx
date: Sat, 26 Feb 2022 19:25:38 GMT
content-type: text/html; charset=utf-8
sepia-upstream: medium
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: frame-ancestors 'self' https://medium.com
etag: W/"3696a-HMgxz4/bR9uvohFBtQ+clumOum4"
medium-fulfilled-by: valencia/main-20220225-231219-be8e9ca42c, lite/main-20220225-225933-b51771cb7e, rito/main-20220225-091616-7bd16ef09e, tutu/main-20220225-195659-a6df74685a
medium-missing-time: 951
vary: Accept-Encoding
x-envoy-upstream-service-time: 1047
x-request-received-at: 1645903537106

Redirect headers

date: Sat, 26 Feb 2022 19:25:37 GMT
content-type: text/plain;charset=UTF-8
content-length: 0
location: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
cf-ray: 6e3b8f70dd615c62-FRA
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Thu, 09 Sep 1999 09:09:09 GMT
link: <https://medium.com/humans.txt>; rel="humans"
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: DYNAMIC
content-security-policy: default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://medium.com https://*.medium.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
medium-fulfilled-by: edgy/8.2.0, valencia/main-20220225-231219-be8e9ca42c
pragma: no-cache
worker-missing-cookies: 2
x-content-type-options: nosniff
x-envoy-upstream-service-time: 60
x-frame-options: sameorigin
x-obvious-info: 20220225-1958-root,a6df7468
x-obvious-tid: 1645903536901:982c9fd6a57
x-opentracing: {"ot-tracer-spanid":"55fc53585edf49ca","ot-tracer-traceid":"f56aaf2a3987364","ot-tracer-sampled":"true"}
x-powered-by: Medium
x-ua-compatible: IE=edge, Chrome=1
x-xss-protection: 1; mode=block
vary: Accept-Encoding
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 unbound.css
glyph.medium.com/css/ 12 KB
1 KB 74ms
62ms Stylesheet
text/css 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/css/unbound.css

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9f2c1f3ed67f960d3ba0f120c688de9a9ac07db0a32ef8ad2eec65e703fe62f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 817
x-envoy-upstream-service-time: 27
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: text/css
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=7200
access-control-allow-credentials: true
cf-ray: 6e3b8f79dfd75c62-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sat, 26 Feb 2022 21:25:38 GMT

GET
H2 200 1*aa0HsXZL43r95TuTJlJNPw.png
miro.medium.com/max/304/ 7 KB
7 KB 159ms
148ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/304/1*aa0HsXZL43r95TuTJlJNPw.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3b1c3db72fa6da00fe30f190a2b8ac5bb0bc1f8a1aa12b79d64a35c678b62b51

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 79
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6883
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 6e3b8f79dfdb5c62-FRA
expires: Mon, 28 Mar 2022 19:25:38 GMT

GET
H2 200 1*rzDEywT-rGMVud0vq03qfw.jpeg
miro.medium.com/fit/c/96/96/ 7 KB
7 KB 160ms
150ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/96/96/1*rzDEywT-rGMVud0vq03qfw.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

27638e3a4e36b6a4a403e0fad7c322855c9a7559a585475e7f1347a109790503

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 64
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 7062
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 6e3b8f79dfd85c62-FRA
expires: Mon, 28 Mar 2022 19:25:38 GMT

GET
H3 200 sohne-400-normal.woff
glyph.medium.com/font/b492c44/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 19 KB
19 KB 78ms
52ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/b492c44/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b0f424bafe993b016ea96973894f95dfc4290608478a2d7d3fdd080d9b0a60d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1427822
x-envoy-upstream-service-time: 32
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 6e3b8f7a7f05921f-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H3 200 fell-400-normal.woff
glyph.medium.com/font/78ce731/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 24 KB
25 KB 59ms
33ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/78ce731/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/fell-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0791e414e986ffa3f6e135050df4933777c28ca6756119550d97a4aaa7d704af

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1384269
x-envoy-upstream-service-time: 263
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 6e3b8f7a7f0b921f-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H2 200 1*Pe1OeWP-UySRMW4aWa4jJQ.png
miro.medium.com/max/60/ 2 KB
2 KB 150ms
149ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*Pe1OeWP-UySRMW4aWa4jJQ.png?q=20

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3a2bf63254d3d3acbae07d320a8d3adc053e503a15fc2bee743bc36fd433a83

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 47
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1630
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 6e3b8f7a69165c62-FRA
expires: Mon, 28 Mar 2022 19:25:38 GMT

GET
H2 200 1*fLrpueTtcZk_Gx5qOIxvsA.png
miro.medium.com/max/60/ 2 KB
2 KB 151ms
150ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*fLrpueTtcZk_Gx5qOIxvsA.png?q=20

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3a292c657fdde02baff56bbd86da419f3d22e0be137888d1094176efa5cb010a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 36
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1604
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 6e3b8f7a79185c62-FRA
expires: Mon, 28 Mar 2022 19:25:38 GMT

GET
H2 200 1*3toLhPm3VGMpDEl36JE3dg.png
miro.medium.com/max/34/ 2 KB
2 KB 148ms
147ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/34/1*3toLhPm3VGMpDEl36JE3dg.png?q=20

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c60e90d4c6c570d781b8c9e2c20dd37ce9c41281e15ec22aae10699620ab0898

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 44
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1785
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 6e3b8f7a791d5c62-FRA
expires: Mon, 28 Mar 2022 19:25:38 GMT

GET
H2 200 1*rzDEywT-rGMVud0vq03qfw.jpeg
miro.medium.com/fit/c/160/160/ 16 KB
17 KB 439ms
438ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/160/160/1*rzDEywT-rGMVud0vq03qfw.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f69d9f12637469fe5d3814942b650313f8e5bc84b961d5a812c5ddbb69c8c078

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 71
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 16818
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 6e3b8f7a79215c62-FRA
expires: Mon, 28 Mar 2022 19:25:38 GMT

GET
H3 200 1*D-FDlfkqivRBQZoESrwtqw.png
miro.medium.com/fit/c/160/160/ 6 KB
7 KB 212ms
189ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/160/160/1*D-FDlfkqivRBQZoESrwtqw.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df55e1647aaa31dc1a9879bb336faa6f878d2af6aec095a3b0dff0bdd909218f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 45
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6539
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 6e3b8f7afc079213-FRA
expires: Mon, 28 Mar 2022 19:25:38 GMT

GET
H3 200 1*rzDEywT-rGMVud0vq03qfw.jpeg
miro.medium.com/fit/c/80/80/ 5 KB
5 KB 212ms
189ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/80/80/1*rzDEywT-rGMVud0vq03qfw.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

33e2f340aa38d101f7d1bd12b168f1b1fdb78b0083765a43c0600ce6518c04a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 26
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5069
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 6e3b8f7afbff9213-FRA
expires: Mon, 28 Mar 2022 19:25:38 GMT

GET
H3 200 1*D-FDlfkqivRBQZoESrwtqw.png
miro.medium.com/fit/c/80/80/ 3 KB
3 KB 195ms
172ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/80/80/1*D-FDlfkqivRBQZoESrwtqw.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

386ff0e96e4564b30a3ba03e97878f71c9deccf8829ccfe73f80657a951aa572

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 47
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2735
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 6e3b8f7afc029213-FRA
expires: Mon, 28 Mar 2022 19:25:38 GMT

GET
H3 200 0*BEKsB5m77c06DVzc.
miro.medium.com/max/60/ 995 B
1 KB 249ms
227ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/0*BEKsB5m77c06DVzc.?q=20

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

955c4c507d0997bbc74c266102fa2ed1a6fce7e9db160164d85fc0191d2858ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
x-envoy-upstream-service-time: 42
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 995
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 6e3b8f7afbda9213-FRA
expires: Mon, 28 Mar 2022 19:25:38 GMT

GET
H3 200 1*4K-UKZCmDk8gkso6ILOIbQ.jpeg
miro.medium.com/max/60/ 732 B
1 KB 274ms
252ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*4K-UKZCmDk8gkso6ILOIbQ.jpeg?q=20

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99e6fb690c810d23951fa198757f91db0eac07e3408fde00f845f388cdea391f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
x-envoy-upstream-service-time: 69
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 732
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 6e3b8f7afbe29213-FRA
expires: Mon, 28 Mar 2022 19:25:38 GMT

GET
H3 200 0*9salxiRnu9XcJ4Zm
miro.medium.com/max/60/ 912 B
1 KB 416ms
394ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/0*9salxiRnu9XcJ4Zm?q=20

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

693b35e271c7e7eb914b40b90d09b33832dbc6bc4646ae4d73ab77560a488fdf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
x-envoy-upstream-service-time: 54
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 912
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 6e3b8f7afbe69213-FRA
expires: Mon, 28 Mar 2022 19:25:38 GMT

GET
H3 200 0*xZjmVmGGQ-S7ZjCx.jpg
miro.medium.com/max/60/ 774 B
1 KB 413ms
391ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/0*xZjmVmGGQ-S7ZjCx.jpg?q=20

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

719e1399331154251e2969f34dfb87134297dc8994ad1ccddf983926f8b51f24

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
x-envoy-upstream-service-time: 45
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 774
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 6e3b8f7afbe89213-FRA
expires: Mon, 28 Mar 2022 19:25:38 GMT

GET
H3 200 1*NbhXsGerY0EBitDyPadzRg.png
miro.medium.com/max/60/ 1 KB
2 KB 244ms
222ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*NbhXsGerY0EBitDyPadzRg.png?q=20

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f05f9b2f0eebaffe717b4edc93f24e451c578cc9be3772fcf36164115f51eef

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
x-envoy-upstream-service-time: 52
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1150
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 6e3b8f7afbec9213-FRA
expires: Mon, 28 Mar 2022 19:25:38 GMT

GET
H3 200 1*3gKzG2qIgErL5Dy4eUC7RQ.png
miro.medium.com/max/60/ 3 KB
3 KB 395ms
373ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*3gKzG2qIgErL5Dy4eUC7RQ.png?q=20

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea5a82869f3f7fa681f1e7cb1e505542f3a9d193071a8ec9f263ad7866d899f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
x-envoy-upstream-service-time: 30
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3126
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 6e3b8f7afbf09213-FRA
expires: Mon, 28 Mar 2022 19:25:38 GMT

GET
H3 200 0*8zQkgkszXsEG89Ya
miro.medium.com/max/60/ 841 B
1 KB 197ms
175ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/0*8zQkgkszXsEG89Ya?q=20

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8d429990f40a7dcf438332eac5daa70b877f5eed73fa5e06ead5aceb8c3262ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 52
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 841
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 6e3b8f7afbf69213-FRA
expires: Mon, 28 Mar 2022 19:25:38 GMT

GET
H3 200 1*_goV6BV1jk2gdkPf9MlAXg.png
miro.medium.com/max/60/ 904 B
1 KB 361ms
339ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*_goV6BV1jk2gdkPf9MlAXg.png?q=20

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

10935457085f3bae0103273242eed0cd1b866e1cffae36822cbfe06dec22a5ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 40
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 904
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 6e3b8f7afbf99213-FRA
expires: Mon, 28 Mar 2022 19:25:38 GMT

GET
H3 200 sohne-500-normal.woff
glyph.medium.com/font/df9ba7f/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 18 KB
19 KB 82ms
81ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/df9ba7f/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-500-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

65f0c65b5db3aa0568c7986479a4a3e909a05a84fb34ced48d70a2d628dd1444

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1426819
x-envoy-upstream-service-time: 31
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 6e3b8f7a7f17921f-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H3 200 charter-400-normal.woff
glyph.medium.com/font/be78681/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 15 KB
16 KB 65ms
65ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/be78681/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/charter-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3231d9c5077d6423b7ab05c50dbb1c953d5213c24ac287793b8217985743321

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1428583
x-envoy-upstream-service-time: 20
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 6e3b8f7a7f1b921f-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H3 200 charter-400-italic.woff
glyph.medium.com/font/81d2bf1/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 16 KB
17 KB 66ms
65ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/81d2bf1/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/charter-400-italic.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ec7121b47a89c0f8c46fc497009d41ebd3f25601b5485753d11bc366050a8e0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1384277
x-envoy-upstream-service-time: 52
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 6e3b8f7a7f1c921f-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H3 200 sohne-500-normal.woff
glyph.medium.com/font/df9ba7f/3k-4f_4h-52_54-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 27 KB
28 KB 38ms
38ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/df9ba7f/3k-4f_4h-52_54-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/sohne-500-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

37359d2c6eb82ca5b4a6c0567aa5d0d22d0d4d85a9aa5950490f330253795d44

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1423130
x-envoy-upstream-service-time: 93
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 6e3b8f7acfb2921f-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H2 200 manifest.dc3e6a1a.js Show response
cdn-client.medium.com/lite/static/js/ 19 KB
9 KB 56ms
44ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/manifest.dc3e6a1a.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

911980866403ae7df85da8c4597dfbaede8964bccc0aebc54786d797aa4a1e45

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 72331
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 0GY11V7SSQ7N6P7T
x-amz-id-2: RQOE3P5oa6CrzVD5sCEupX60nXYsOHr8aUg5THJNjW+AV3F325MTw7XfPGeonLKYstG5HruFV7I=
last-modified: Fri, 25 Feb 2022 21:47:23 GMT
server: cloudflare
etag: W/"4abff9230a091e0dc717d5ed324e217c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: NgsgngsMbN0Tnuunln_Lj9a6yvEmI8jf
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7b2a685c62-FRA
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H2 200 13730.c507718c.js Show response
cdn-client.medium.com/lite/static/js/ 714 KB
219 KB 64ms
52ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/13730.c507718c.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7f14214332f60b0f9f112dcd6a531a01a6043eae086690f468f1bf7967bca32c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 153489
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 3WSZSHYJ1RHX0A0K
x-amz-id-2: iyuDrHPnIYWkh61DAEsUIpKsf/cKnS4z7VbOgg5uPsmpxBFORXmLCrDu644oJfOzxxd9AMPi6zQ=
last-modified: Thu, 20 Jan 2022 04:46:33 GMT
server: cloudflare
etag: W/"0aee3cb2705cd653501471eccf590e98"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: kbnZpdfREM.fpJ2W0thWChHjJJaJDODn
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7b2a635c62-FRA
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H2 200 main.00045fc8.js Show response
cdn-client.medium.com/lite/static/js/ 800 KB
194 KB 71ms
60ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/main.00045fc8.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

434e394b3a3721595fdb41f40aee3ff23c11a4ebb1074de44cd6a7b0c27b5cd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 72331
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 0GYB6J3FHHDE9FKE
x-amz-id-2: Z3dz+V1r7VaNtDB+HRvDXQfoyNqemiFVDu39g36ALZ8DMlRZds7DP4JpUnNpYBOHeNkwRdOw81M=
last-modified: Fri, 25 Feb 2022 23:08:31 GMT
server: cloudflare
etag: W/"7cc799dca4e34ae3cfa096a532a33e92"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: WDcGYBXybYCG0ol5dKOY5O7tSrXcHAwa
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7b2a6c5c62-FRA
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H2 200 45573.4354ed57.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 62 KB
16 KB 53ms
42ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/45573.4354ed57.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc001c0ba3d95353f2c8d38764e28c442347c6dadddea149097ce0b7699f2f94

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 186578
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 5Y52RH89SSH2XCFV
x-amz-id-2: uSKZPTAjtnaN7avFVqdyaJpMWtAtVhIx8QoDXqGBmPdSSXi2NZwzhPCQhQlStVTpGkpWC3Tl7aM=
last-modified: Mon, 04 Oct 2021 08:07:06 GMT
server: cloudflare
etag: W/"6a81d283b5003925b4a970b292bfcc5b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: V72xGN9kaRcaybYuNsFR7RB7.fBonGvn
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7b2a6d5c62-FRA
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H2 200 instrumentation.4fd6ad3a.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 3 KB
2 KB 46ms
35ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/instrumentation.4fd6ad3a.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef51bb71e5dece4317a836c372a2e0c196b4e8d4467efee685bc72382e1783c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 894371
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: VB7PDT5QR08VSPSE
x-amz-id-2: zNsUQvUKYXw55cObuKCzKDbafTVPQIW1h23phg3Pz0IXv4XqH2ZucdMkR9geo6nkzZKfXTjYzQ8=
last-modified: Tue, 01 Feb 2022 17:30:16 GMT
server: cloudflare
etag: W/"3443941e55d8996263964968767d3c16"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 60JaqiO4mSdPybhjg8I0H.lhb7g.ejvd
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7b2a6f5c62-FRA
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H2 200 reporting.950d4050.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 1 KB
1 KB 56ms
45ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/reporting.950d4050.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d474a8a84592a2d701b5277b3a7df4c6bd910aa3739c5b32937d1a1346ea884

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 190616
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 6ZK6BYSGWZNTET3R
x-amz-id-2: ++5d+UFFLfqXm+yqPQcmYKEh71CE6tx0ywIkNfQe6N1Ul0K3q2cVqYBZTYhYNvzWP4VxqXdoVKo=
last-modified: Tue, 01 Feb 2022 17:30:31 GMT
server: cloudflare
etag: W/"75f9e9ac4f2701ec2301b5f8f3430bf7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: OM8Oov0Yx2_0qaMZVFJXQ2oyltDY.Z4k
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7b2a735c62-FRA
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H3 200 1752.a348f767.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 23 KB
11 KB 66ms
62ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1752.a348f767.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

961f2b3e92eba06b032c090511ab8fb8b65ff7f0b471c7bd22817061288f8368

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 380598
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: KZ14F4DJ39Z3KD31
x-amz-id-2: EH9a3SVQgwGg+xgKP+wLoMBxv4vi3bqNF1lLFBsPfty2oXINnyDdoXCZNr63aUDBWO4Du/Lj2Tk=
last-modified: Tue, 25 May 2021 18:36:29 GMT
server: cloudflare
etag: W/"7741f0aa651938c2144d2a015cea95e3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: tE2Oq32GJtDB6jVcHF3DcPbZYJQJcUaP
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7b5cb99213-FRA
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H3 200 7794.9590314e.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
4 KB 67ms
64ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7794.9590314e.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a68bdc22aa6d2deedff5c4999e3618222cf20b0902530b7f924b9e2a4300e40

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 380598
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: ZZ2GZ8XPEV2XSK8Q
x-amz-id-2: ZlnxwgkjMnGtnnoC7ojH0QwhC0XfdFWPNT0tzpzMx7ygzdLPg6cqgl3wZCpV+Z2ow4dAGrEJyes=
last-modified: Tue, 25 May 2021 18:36:34 GMT
server: cloudflare
etag: W/"fdb51abd005c8009b18f0a8ff313072f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: edEnQQoOPA8J97QSUBTjXG.e16leDLA5
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7b5cbb9213-FRA
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H3 200 48996.0c1a6c43.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 8 KB
4 KB 88ms
85ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/48996.0c1a6c43.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2f15554a0139715f3c8db82a10aa47bbb71e40799928ad3845efeeddf9d37083

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 908266
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: SAJGKEAHZPXYAHBS
x-amz-id-2: 0no4hKMozx7PDITxlCQg+nzd86YFMs27wFw6QxGeN1msudWOXutn+Jtr563mQqKmzOERD43jons=
last-modified: Wed, 02 Feb 2022 01:41:46 GMT
server: cloudflare
etag: W/"815a1178186ed46f1806a17c19f8a772"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: NbSo4Q8Fvy3kLtAUxDcjrV2t8MsEsKgv
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7b5cbe9213-FRA
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H3 200 75221.81c0ae68.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 22 KB
6 KB 90ms
85ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/75221.81c0ae68.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6e9a4246015ad572163a9eae7ddec430a20000cf580b47f21164f8c92fdc1ff0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 341526
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: GKBS4WQTDTSTV7VP
x-amz-id-2: tWEtAMd0ZABwc6Kxqhzm5bIdMmRYySo8PE76VZuCca5vCqQznX+/iuzH+hHnmoMAKF3aUnUTN9M=
last-modified: Tue, 08 Feb 2022 19:46:42 GMT
server: cloudflare
etag: W/"cde92dd78ed9fb234e2347523d00e8e8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 11FBdKt_LmOyPw5e7Bzz19Enz6xSZmnC
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7b5cc39213-FRA
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H3 200 33928.3ab480f1.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 27 KB
8 KB 90ms
86ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/33928.3ab480f1.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

539ae3662e77a9c2f0ae7301ff47ecfb790fec1a013b76e26e3e096f403a2535

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 245698
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: PHKANVR6BZEDAD0K
x-amz-id-2: 40bvTwQQZDngmOlQd7wde/qH5nBmhJ6cinhGoWGwe8gzlV1uosQZ4MbBoJ5RrCSLGhS+QbdT4eU=
last-modified: Wed, 23 Feb 2022 21:14:14 GMT
server: cloudflare
etag: W/"c380e3795120f2b222d902b67372f6ac"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 6hcqiQmxcrgOC7tns4G_GDhxFUFjUT83
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7b5cc99213-FRA
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H3 200 47464.d71003d1.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 54 KB
17 KB 125ms
120ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/47464.d71003d1.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

de0e646d56babcf5004d2a9e8b0134d72056a222a8ce987c456a6b456988db50

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 853122
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 6VQHS2F2M4JP73AB
x-amz-id-2: lx0K+UEln0gYcGt/e5B5aoqBicyPvbwIcesruYoCZInbTa5DOb20SHtpfYoFKATOr6mLEbrHWwY=
last-modified: Wed, 16 Feb 2022 21:03:36 GMT
server: cloudflare
etag: W/"e709d411ad4c4b2e1ea737021d19f4e3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: tSl8WklMeUvgu8WK6qOjMpB6tGfG1uRI
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7b5ccb9213-FRA
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H3 200 95472.20329d15.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
1 KB 125ms
121ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/95472.20329d15.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ddac8b642d7667b3fb9605ac5b043dcf21976aed041ad4d6221f0a0cc10a4376

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 894348
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: VB7JM0MZD9N64C19
x-amz-id-2: 62pM59jlUpmPyB/NNbajRR6XJY8YHDj/vx2TJxtmYdhvjShIP2d0FF/SbMW7rjlXgOjsU6OBoek=
last-modified: Tue, 01 Feb 2022 17:29:46 GMT
server: cloudflare
etag: W/"50de8fb5ce00ed751fbb823a16e97e8c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: XIHWq71pTxwdb1WMRePNF6jkHZia6sWW
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7b5ccd9213-FRA
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H3 200 40043.994e879b.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 90 KB
25 KB 123ms
119ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/40043.994e879b.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4ab8d9caf917b6bec7ca41468d969db0b255f257732475aa890772a079d13239

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1015167
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: WJZJBQ8ZSCPG6XJ0
x-amz-id-2: XNJPQwfKZGAQsNhMsKat3eVhkZZOnSJSVzxwl6fpsizOvrFYzcOR6QbeiZ5uI/kdOroMx9aSr3o=
last-modified: Mon, 14 Feb 2022 21:12:31 GMT
server: cloudflare
etag: W/"f941d5be3e16657b3b3baf0d0f448aa0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 6cYTL0l63acE5m86Ih5KGV53avnJ_yjE
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7b5ccf9213-FRA
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H3 200 27497.109a4f26.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
4 KB 126ms
122ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/27497.109a4f26.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d167bc56af6bc1231a953916dec835db5b2629ff06ef22f5ab25d048c71cc2d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 894347
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: VB7GNHZEWKDX844V
x-amz-id-2: gtH8K0jnInA4DMdxGfjDgsvzblG12rH+v5pe3BPlNnrTY65GxNfKC8TYNr0MagKRNQuPwKlBr7s=
last-modified: Tue, 01 Feb 2022 17:29:37 GMT
server: cloudflare
etag: W/"09cb541730311af021d41a9bd0055be5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: Rms2rJAiJa93ut1LhUvxm_Hbgyc8OqL.
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7b5cd29213-FRA
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H3 200 46929.e058aba2.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 59 KB
14 KB 108ms
104ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/46929.e058aba2.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

acebdf620c7ce3e1d09fc38c4a050da2e12491902f39ba3095961573941ae612

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1015167
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: VB7G1VE7CQSX7AYE
x-amz-id-2: x8NhtgEfvWpBfpgGmiGvjHtplQXR/K7jdFxS17SXM1XZue4Cnkenc8QZC+JekyhhSRBNtpP2fmw=
last-modified: Wed, 02 Feb 2022 10:44:13 GMT
server: cloudflare
etag: W/"691d3cb74fd7c815ad50b815e3b6b292"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: STO1X.UUrkoG8LpRLNk43isLEaHJTnia
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7b5cd59213-FRA
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H3 200 97332.f6bdcfe7.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
4 KB 109ms
104ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/97332.f6bdcfe7.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8fc69ae7fe159390316f74529abefacebc2b59f3648c3af2d6c432a3b78b07c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 894348
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: VB7NYVCYHGZEA3W2
x-amz-id-2: Qh7El7A/VTlqYaQhDF1CyGVO3hG5p/ND4gto1xkG3RBvwrUaaM9lKXpc6sI6QDgjxyMet6fiEng=
last-modified: Wed, 02 Feb 2022 10:44:18 GMT
server: cloudflare
etag: W/"f583c96f48304624328bc3a27d66bc86"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: sNZLvDseKcJ.Ny1CUzNaBouhorI6WZed
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7b5cde9213-FRA
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H3 200 46836.89ad2df0.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 31 KB
11 KB 109ms
105ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/46836.89ad2df0.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

018b5b257410f8d487cbce3c542d9063154574d83aa25bbef18844c901f18ff1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1015167
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: WJZX2AEEPN2DZDPF
x-amz-id-2: iexI+jqdFMGiPWKd6wDxXgKE5FUk4Yv579tdWUM+PNHmUeHvi6yvAMibSbN+16enooSE6LLOybk=
last-modified: Mon, 14 Feb 2022 21:12:32 GMT
server: cloudflare
etag: W/"8baef05cb4a344576e3b6b145e3ae07f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: Xt_0C2AEJXyoTfEjFi1S9o6l3L2gk027
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7b5ce29213-FRA
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H3 200 7321.5802990d.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
3 KB 140ms
135ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7321.5802990d.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b3dd41522bb086c85f01424492e7d11c0319c80cc6283c7c45876ab1d624b91

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 942256
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 4H8DGANE0PY8MNRA
x-amz-id-2: yn+Ut4E0SvtULSJQaiTD901GE7YI03VdKbjatZEeHC0OoQAZG1S51pH8SQM2IKztgnjO2Jk3Kj8=
last-modified: Tue, 15 Feb 2022 20:11:06 GMT
server: cloudflare
etag: W/"4705c67dd1bec5cc159a87ec4046f07d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: qyyfZUH_ObFugZvifl18ckVjSPG0zQBC
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7b5ce39213-FRA
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H3 200 70449.7324b5e0.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 21 KB
7 KB 106ms
102ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/70449.7324b5e0.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

149e94404b0e86f4cbc2d7b2477449154e79db509d3028eb42ee02708182b563

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 894346
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: VB7RWXCKXS5AC78D
x-amz-id-2: 734Zf8tawcdfCvxk/fX95AJwoIf9e3HHNXrQg+DJfChWobwiFXHR+KNVB4qA1d9G2HoXVVnCcK0=
last-modified: Tue, 01 Feb 2022 17:29:43 GMT
server: cloudflare
etag: W/"edce21b8c81c138da61ad6da9209e63f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: PuuneUvRhKmn7LjA90uzKubrncKWxe_K
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7b5ce99213-FRA
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H3 200 88246.a4eb47a9.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 19 KB
7 KB 141ms
136ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/88246.a4eb47a9.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

20d1f56ba11ce04885ba77d1cec9d314748d73ce7de160765fe166b469b457b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1015167
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: WJZSXJ7MY9K9EPG3
x-amz-id-2: ZaH6dYwN7hL7P2Y2XJfBA/hyqy3iRpd9sCK0LnrRxkLn/7Fjrw/oDyWfaS8MdQawiFi1HcfOZ+g=
last-modified: Mon, 14 Feb 2022 21:12:36 GMT
server: cloudflare
etag: W/"b40d9595a79bb6f49ec678d1f89b6ec1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: DO88ywKPGfSmFjctz4d1K4kyz2sAkH7k
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7b5cef9213-FRA
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H3 200 15248.7ffa2c38.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
5 KB 141ms
136ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/15248.7ffa2c38.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f3ba599ad93b5212865f9e979087631b68ea83b8753eac06c720e40e72a41bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 86771
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 01T94W0QZ9YHNBYD
x-amz-id-2: shpnqJpvsiszsHjbJg+OEomMmFz7G33D8IjKgrmmtW1ZiF6qFH+TeLv3puMH8X2aVsgmjN4ZI8I=
last-modified: Thu, 24 Feb 2022 22:33:38 GMT
server: cloudflare
etag: W/"022382bd0068f02662f5b1857ac649af"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: bLsPyBpKvjzF7gUEfjQBIN2BwnG2TyFf
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7b5cf39213-FRA
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H3 200 28491.0ecc77e2.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 38 KB
11 KB 142ms
137ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/28491.0ecc77e2.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

17bc9b92ebab80637567c7dfd6bcdfe3498462acc7d12ea5331260c2dd404e9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 245698
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: PHKDHH9WG7ZYE2CA
x-amz-id-2: B7k8z+UAAlZ4zV+yJf6el4Qx9urX3zno4psJN8HTnczq3YuCl3vLbQKFvdkpFWWp3TMTYlfZeVw=
last-modified: Wed, 23 Feb 2022 21:14:13 GMT
server: cloudflare
etag: W/"ec7cbde031e0269a2c8a0f7530ac7c7e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: ufJEPoS8qtJN2qxdsZb4EZIMt12eUTjK
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7b5cf89213-FRA
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H3 200 10887.8c699586.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 8 KB
1 KB 142ms
137ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/10887.8c699586.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

98727c089d2e24cb009cc4092221e17553101321174b8d7aaa876f41d734d222

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 894346
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: VB7W307Y5D9S0TDH
x-amz-id-2: dwM4kcVp2jNxyHKHIFjGYCrw9/HBXhTl5sfVpyBni5oVj1GLGGMJuVgQTQM2ieT+lwNjK6JLi7w=
last-modified: Tue, 01 Feb 2022 17:29:34 GMT
server: cloudflare
etag: W/"44876b2cdd4aab0cf37e7a28d620d27d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: IJ8XYJF4L5U54WrmuDLiYXBnJzQZvPGB
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7b5d009213-FRA
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H3 200 21205.3b8682cc.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
4 KB 143ms
137ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/21205.3b8682cc.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

650023eeeb84a95eabf337fdd5491023a315c1487adf8ed1d398dcacace69f12

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1015167
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: WJZPCYRF7YAXGESN
x-amz-id-2: z26zmXYkZV7x8b8pcnI9p3q2eUkPNS16RAi/CHU+T2m62A3jWaGU0s5PHlXeqo42+2d5zq8SsQc=
last-modified: Mon, 14 Feb 2022 21:12:29 GMT
server: cloudflare
etag: W/"947eac1d7945e418bbbaed4855dc3d57"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: pDzd4J8bJlxWAAl_6zJaoxtF1c_wbkNF
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7b5d069213-FRA
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H3 200 37346.c744a48a.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 24 KB
6 KB 145ms
139ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/37346.c744a48a.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae6394942d1cb24bfc33ef79109b1bd5f85638ce8764fc7b82df1ec1c5288a17

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 894346
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: VB7YH1V46FCZW8BV
x-amz-id-2: SFsy+8jiiqCEWuH72Kb0ItbKk3XiETC3DgZ2tG8I5Hhm9RNEfg72xXdat8FGzD+zVDjEC0eGl58=
last-modified: Wed, 02 Feb 2022 10:44:12 GMT
server: cloudflare
etag: W/"7e2574c96b543ce7aad56437bfd43209"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: JpYVk_wv3nsMpD5T37.4zV_UCLChuu5P
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7b5d0d9213-FRA
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H3 200 24883.521f79ea.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
5 KB 145ms
139ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/24883.521f79ea.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a70293b8f4742f6004f43881f4574e7c76f5186fccf0550efbb6ff2cc9c87c4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 894348
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: VB7V7EPSWC2SD2S8
x-amz-id-2: nlEGVSyzmu4x8+Ikdi4QUvzXOReqBVtx1uAWIaI5sAbx4tu/mctzuv73DA+QKeHJL+BTJQJeqTI=
last-modified: Tue, 01 Feb 2022 17:29:36 GMT
server: cloudflare
etag: W/"75bf4059aa0ff75b46ba0f00205c2416"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: Zh6_cjKlzMo9WwYHqaNkWxrGi7YxOUB0
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7b5d139213-FRA
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H3 200 66451.4286c8a9.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
4 KB 145ms
140ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/66451.4286c8a9.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2e499fbf59e858017a4248742c3424bc4651708c4033b0862a79b51b2a88ce14

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 894348
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: VB7JJ2CAGTFR53RG
x-amz-id-2: 2jUCRZn5WkTU18i26LI6lkGkadt/fFMeUxkwyGWDh6vPvOOqh9gc/Srv6Kva0Q6ILKCScltin14=
last-modified: Wed, 02 Feb 2022 10:44:15 GMT
server: cloudflare
etag: W/"b828b51803f0eee859d609cbe26d52b9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: P8jwhZuUYRCQPBkNCZDwjg1E1YgUskD5
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7b5d169213-FRA
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H3 200 91743.91773f3d.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 165 KB
32 KB 146ms
140ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/91743.91773f3d.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

89bca227adaf023808e58b9cd61ba763a96c0f0ed7b996a369c7c223a65cb916

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 245698
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: PHK74NMRTX18H8S9
x-amz-id-2: wDMrxoH966k569/DKQe+iQVo851a8ollzqN2n9TgpVMzTNu7hICT9xtv7a+TlgA/8oJqW8RZdl0=
last-modified: Wed, 23 Feb 2022 21:14:21 GMT
server: cloudflare
etag: W/"e85afe7f2c28b702a156f8a8a8499f67"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: uzqxHcgnJsJQtMLhTpZUUdI8oYV1JfOZ
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7b5d179213-FRA
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H3 200 96277.a0e68f58.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 40 KB
11 KB 148ms
142ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/96277.a0e68f58.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f660dcf5009462eebbe3e19971d60fca80544e3b91b6243d63353f477596a953

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 894346
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: VB7R53SNKDTA6A19
x-amz-id-2: vadSGEhCfJ4vQSp4VtIlxVpiW5m8l70ALKOfHd4lYT7MGMcjzPNn9I3yHEhM60NFSi2hSZCaizc=
last-modified: Wed, 02 Feb 2022 10:44:18 GMT
server: cloudflare
etag: W/"4d3e894a9c4f938ebe505d61d97ceec1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: cFB225BCXfFHf4XfMPuiMWHbh4NAlOrb
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7b5d1b9213-FRA
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H3 200 50082.93fc8de3.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
5 KB 148ms
142ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/50082.93fc8de3.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e8a80bdd5cc9be1a7d3298446a05234198a2d54b76cfcd1c92cd45c7892a4f42

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 245698
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: PHKAFZJQB83R99FG
x-amz-id-2: hX4x0PP1R+y7RREOKij4TTQH/ZR/w49BIQvq0jL0vq/bVS9m5h4o5dCH3FNnNyq2RuFAdw4Y6KI=
last-modified: Wed, 23 Feb 2022 21:14:16 GMT
server: cloudflare
etag: W/"a29920d1a8f6d47d2d8f997210a88c1e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: jhoHMeUqdx2NrrG4dgUgsu2HeXnJRyNh
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7b5d459213-FRA
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H3 200 76705.4adc19b5.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 6 KB
1 KB 148ms
142ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/76705.4adc19b5.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d27edaf567774c2c1b95103ed961bb62ec52376000eb5d82b95b8f7802826f1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 894348
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: VB7QQE96P1V5258T
x-amz-id-2: me8cIbbVkAXwCpKncSW2ADEOVmDylLk7Raco75zX3JgBrojZOwIkm0qAz0V3UITJfTbTTbN0XU8=
last-modified: Tue, 01 Feb 2022 17:29:44 GMT
server: cloudflare
etag: W/"5a40e7ae5509fac2717edddc791e386a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: n62VahClD1iaF9wB2g.jlXv3NONJzD9_
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7b5d5a9213-FRA
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H3 200 14603.9da6d15d.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 8 KB
2 KB 149ms
143ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/14603.9da6d15d.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

36fdcdaa562cc2348745eaf48791cb54c9ee180eed45141d65e705fb56a2fdf5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 894348
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: VB7HWT2SH23F5QD9
x-amz-id-2: hmw82UfGQ7VRuJ6P3ckgPupS77CrkQyRTTObHOLegk2TbIYxUvmcquyOn4nZ7NdNhafgXGxFzUk=
last-modified: Tue, 01 Feb 2022 17:29:35 GMT
server: cloudflare
etag: W/"c26497cff6a7b43016829ef8bb9873ee"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: Phfbfd2BcRs5dKIBCE_fP3aBHFDsabAT
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7b5d5b9213-FRA
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H3 200 4261.5a9b54ac.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 11 KB
5 KB 149ms
143ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4261.5a9b54ac.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

06366c64f54a1a53351585fd67f879da58bbc1efdb9ea51343ec867d4e2b9c01

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 86725
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 01T0ES7NT6DKJ035
x-amz-id-2: unuVi+o06FHYHw3n7cE7N8KclZMlLs+bPcPq1QGK1bkVfCWJYnBmgTuKqtMSE1YxopyyxQQ0VjY=
last-modified: Thu, 24 Feb 2022 22:33:42 GMT
server: cloudflare
etag: W/"f9c9012fcb9a33f37201ed1a4c5225a9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 0AQhTvzvnK0QRY5ayVtgCoM5ToJYxMFW
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7b5d5c9213-FRA
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H3 200 5892.e4c14ec5.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 113 KB
29 KB 151ms
145ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5892.e4c14ec5.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

563c33f073923e14287dcdd69eb98810b288c8234b6160d177f040246344a739

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 268634
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: KHNQXGM77YXWTZS2
x-amz-id-2: i+YvPZ4ThrK5UW4Eu0lguyaORhAnxs/rlqorA2NnhtqMHiZAZsVClpu0FO6nZy7Y46StB3cOiN8=
last-modified: Wed, 16 Feb 2022 21:47:27 GMT
server: cloudflare
etag: W/"3681939881f868ec263dfcf66ee28d70"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: tRJfAE92MgMNKEq.PrF5rYIzRNy5OmDX
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7b5d5d9213-FRA
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H3 200 98453.4185c7d5.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 49 KB
16 KB 156ms
150ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/98453.4185c7d5.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4168fe3724a8e4f8cac9c79ccf6c38d4e7304779f9c45251e7b8719ccac365a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 695825
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: MAJT175HK86JG89R
x-amz-id-2: f4s4PTcOEkM8xlhZaJ9PDqDj1xBVBwJOBCAZOS4j7L1JRGHg1Albgmdj2Bhb7MmwPkMSOh/s3L0=
last-modified: Thu, 17 Feb 2022 22:59:20 GMT
server: cloudflare
etag: W/"ebf0fa5f3820820fc449c0435a94745d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: aw4RfbXkBWu2dX4S6rjirgml5ezyFH0g
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7b5d5f9213-FRA
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H3 200 50020.e2a89974.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 46 KB
14 KB 157ms
151ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/50020.e2a89974.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d68b753a11d9f06ed882392b75f256775ddbf6b4ab75e84a4ce560fb961c4884

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 680012
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: QNH751VFCBMHWEQ3
x-amz-id-2: mlW5XQqBpN+t1OpJdnlNSESU5hpY/r4X4d4TBdxhJjmoDoe6Hj6aql4koW916wNzxCWMjRJq7Bg=
last-modified: Fri, 18 Feb 2022 00:22:27 GMT
server: cloudflare
etag: W/"cc91d74898e1daf57e8286207eb58598"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: tDhlIoBHTPLS.YMY.p2u9j_H9MDaBouv
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7b5d609213-FRA
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H3 200 39483.2d01cc2f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 61 KB
20 KB 157ms
151ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/39483.2d01cc2f.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

88a9759304d72c443340f743e7ea08c1965a8c3987a38c5243ad04545e674f8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 166388
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 74G663XFZP6HH15G
x-amz-id-2: 3mHINZsisXdWav/ML9jg6NYpiHJvfEDQCKfCZpoqXeg3BOoLbQ2CzIaVtSMTcc7Li5o8LHWJMLc=
last-modified: Wed, 09 Feb 2022 18:03:36 GMT
server: cloudflare
etag: W/"11f0a6814a057565ffc565b6d8b91765"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: GgKwUoEtFXGbnfcV8sG1nk7wwlqW2tZJ
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7b5d649213-FRA
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H3 200 Post.1a092fe3.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
4 KB 160ms
153ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/Post.1a092fe3.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

acfbbf8277040cf7a8aa0c120014dd848a324ba0c83c75376eb84aa2ebe757c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 908266
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: ZGE8PR9Y7RFZKZ9P
x-amz-id-2: uw7Lxnt78OdG3thK2EjhTZVgqFDFtztxzqiJNqE0Oe3/pxlY6cxforvr89PwoNJfqc6snoyyETE=
last-modified: Thu, 10 Feb 2022 04:06:29 GMT
server: cloudflare
etag: W/"4216681817e3a2c18a9e2cd63b042989"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: _ZOLB5Yrp5.zwO8tCGamxBHa3on0Qiz7
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7b5d679213-FRA
expires: Sun, 26 Feb 2023 19:25:38 GMT

GET
H3 200 84792.d3cd03bb.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 92 KB
24 KB 43ms
42ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/84792.d3cd03bb.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.dc3e6a1a.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8cf724aa8e1275c52479a57bb65d042eea0484ac82a7355ca0f06ef55e3de13c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 380599
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: H9PY76HJ19KVEMEX
x-amz-id-2: TzcNOZ0JhnXUl1WKNG8INb/Rh5+lznYPuunVEzoet1Mns1hBNu9bhtDSx2RE6uvRN2NqzpRhiK8=
last-modified: Tue, 11 Jan 2022 07:30:13 GMT
server: cloudflare
etag: W/"9123da6f6119097d2b86f6a331492e48"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: guEmWTWycaWmN4glESZXA43SvXHWyexT
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7ffe329213-FRA
expires: Sun, 26 Feb 2023 19:25:39 GMT

GET
H3 200 17084.0ad6f84c.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 68 KB
19 KB 43ms
43ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/17084.0ad6f84c.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.dc3e6a1a.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8a9783669bd80b6f8257a3cbc57b59d61ef424f1b95cabef9b15f4ad0f6a7df9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 380594
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 1NK27DMASCKVB6V9
x-amz-id-2: hmyg1Lm59ebx0V/eeZ1CWiC+ChEd+oBuWgHkKizNB8c03ENgsVLHqK8gi2Is2NxBGoAU8PLuyI8=
last-modified: Tue, 11 Jan 2022 07:30:05 GMT
server: cloudflare
etag: W/"08990a97629f3d698608356a8fe04c90"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 21J9XTkEPc2DrXwSiueOBhycR_IxpPbA
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7ffe349213-FRA
expires: Sun, 26 Feb 2023 19:25:39 GMT

GET
H3 200 28537.be5ec2c0.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 7 KB
3 KB 45ms
44ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/28537.be5ec2c0.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.dc3e6a1a.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

72d811ea39f645d321d911989fac34c52f0f694797b10edc0733d83c42f7b77f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 894347
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 8QMG3SJ0SP7KQN2S
x-amz-id-2: odabzYiKX0vnzqN/JmlviqxlJOGHo70Dixy0hyUDJArOUcme//TJFYWtYhEOBfrpVqNweBDswQc=
last-modified: Tue, 01 Feb 2022 17:29:38 GMT
server: cloudflare
etag: W/"c320baf63b22d57d0c9c313580cfc338"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: alP1g3fZNIUe4QSjaSeRZRtKddRx2XhI
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7ffe369213-FRA
expires: Sun, 26 Feb 2023 19:25:39 GMT

GET
H3 200 62034.52303e5f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 26 KB
10 KB 48ms
48ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/62034.52303e5f.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.dc3e6a1a.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3931b21f7555294211914aa674b509cc250b9a53c6695a56429387b59255b7e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 893610
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 8QMNCAVPRWY8RDD5
x-amz-id-2: TE/38GTfBD1SoYqE6libKTqkC0fZL5yJztjja38Y4RCn2NtVS0bVxSMWOGTy5jYyG+zimv1R360=
last-modified: Tue, 01 Feb 2022 17:29:42 GMT
server: cloudflare
etag: W/"03982ab43a8d6310f553a243710aee7f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: LE_t3HO7PcXcGhMKYsA7b6A3QnMAX1Lk
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7ffe399213-FRA
expires: Sun, 26 Feb 2023 19:25:39 GMT

GET
H3 200 38106.9530ec84.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 36 KB
10 KB 44ms
44ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/38106.9530ec84.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.dc3e6a1a.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b5291965181d7397c413c049ef055d2146a4bf693a989ded2b4a917341cab83b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 894345
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 8QMS1EEMJRE1SDQX
x-amz-id-2: 5tTRjZSqUyR9UTBLeFghGu0d0U+rB3TOcGb55EyTijOnJDo1j/FbBMakcuThp3GVBu/afcHMrrs=
last-modified: Tue, 01 Feb 2022 17:29:39 GMT
server: cloudflare
etag: W/"1e9f496884be5e3bbb586073b3672317"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: iOWL31ni1hCCgKsPLxvygw.CIFbGs9l7
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7ffe3a9213-FRA
expires: Sun, 26 Feb 2023 19:25:39 GMT

GET
H3 200 67700.ee94b28f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 62 KB
20 KB 45ms
44ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/67700.ee94b28f.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.dc3e6a1a.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

69319d5c3b310ed9728384564a7377c655254ee2bf8d7b0d8f446a9516cba2f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 894347
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 8QMWD4P3E4DE101Y
x-amz-id-2: jXgTRXbMArdiN72QDEZkc/8iBDuv7nWiwv4tyw6S02CSLPlqaNlzM522jT6HOWuOeklfkV375Hk=
last-modified: Tue, 01 Feb 2022 17:29:42 GMT
server: cloudflare
etag: W/"912d6c5b892fd41b36f019727e34b0af"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: Z5g4tYmOaLHs49DAmeC.jn7jrZoRmnK5
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7ffe3b9213-FRA
expires: Sun, 26 Feb 2023 19:25:39 GMT

GET
H3 200 ThreadedResponsesSidebar.0a4a59aa.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 20 KB
8 KB 46ms
46ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/ThreadedResponsesSidebar.0a4a59aa.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.dc3e6a1a.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

63d5ed100877af14015bbc208de37446811ce956e66d257c0c4af9f125cc23a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 892604
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 8QMN4NBZ2KK5RXQY
x-amz-id-2: 9D+64kTMpGzCO8SJCU1uHFerzEMUzIyTKt4ug37qKHNsIQVTjBTjXPFDsoG0wsij1744nLY41fw=
last-modified: Tue, 01 Feb 2022 17:30:10 GMT
server: cloudflare
etag: W/"31bd3504ef8a709122fcc30c7dc3df10"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: wELALJEmaQUinbEg0pW99hsnW4wqFvZt
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f7ffe3e9213-FRA
expires: Sun, 26 Feb 2023 19:25:39 GMT

POST
H2 200 graphql Show response
posts.specterops.io/_/ 143 B
525 B 147ms
147ms Fetch
application/json 52.4.38.70
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/13730.c507718c.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.4.38.70 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-4-38-70.compute-1.amazonaws.com

Software

nginx /

Resource Hash

799283ad942ff2daec915822e9c6decf218b8cae139e582ff9671a66cf6f944e

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
Accept-Language: de-DE,de;q=0.9
ot-tracer-traceid: 7ab417cdb8806185
Medium-Frontend-Path: /code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
Graphql-Operation: VisitorQuery
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Medium-Frontend-App: lite/main-20220225-225933-b51771cb7e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
apollographql-client-version: main-20220225-225933-b51771cb7e
ot-tracer-spanid: 4e788f5a5cb79a2a

Response headers

date: Sat, 26 Feb 2022 19:25:39 GMT
sepia-upstream: medium
server: nginx
etag: W/"8f-BNyKmrOzFgitgBfOKLcq2C0WzWE"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220225-231219-be8e9ca42c, rito/main-20220225-091616-7bd16ef09e
x-envoy-upstream-service-time: 34
content-length: 143
x-xss-protection: 0
x-request-received-at: 1645903539745

POST
H2 200 graphql Show response
posts.specterops.io/_/ 838 B
1 KB 253ms
253ms Fetch
application/json 52.4.38.70
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/13730.c507718c.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.4.38.70 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-4-38-70.compute-1.amazonaws.com

Software

nginx /

Resource Hash

2cb4926529d85e3bc76ca5cd4019efac0bf2ae2f2604e8740d58100c69ca2964

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
Accept-Language: de-DE,de;q=0.9
ot-tracer-traceid: 7ab417cdb8806185
Medium-Frontend-Path: /code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
Graphql-Operation: UserViewerEdge
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Medium-Frontend-App: lite/main-20220225-225933-b51771cb7e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
apollographql-client-version: main-20220225-225933-b51771cb7e
ot-tracer-spanid: 4e788f5a5cb79a2a

Response headers

date: Sat, 26 Feb 2022 19:25:39 GMT
sepia-upstream: medium
server: nginx
etag: W/"346-1UwwJ8WX6IVl5h/mz3Y339xkqTQ"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220225-231219-be8e9ca42c, rito/main-20220225-091616-7bd16ef09e, tutu/main-20220225-195659-a6df74685a
x-envoy-upstream-service-time: 139
content-length: 838
x-xss-protection: 0
x-request-received-at: 1645903539746

POST
H2 200 graphql Show response
posts.specterops.io/_/ 210 B
618 B 216ms
215ms Fetch
application/json 52.4.38.70
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/13730.c507718c.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.4.38.70 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-4-38-70.compute-1.amazonaws.com

Software

nginx /

Resource Hash

c3ae723c17cbcedad45c70cacd29c521a318a01c04d162781eba13088a719006

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
Accept-Language: de-DE,de;q=0.9
ot-tracer-traceid: 7ab417cdb8806185
Medium-Frontend-Path: /code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
Graphql-Operation: NewsletterV3ViewerEdge
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Medium-Frontend-App: lite/main-20220225-225933-b51771cb7e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
apollographql-client-version: main-20220225-225933-b51771cb7e
ot-tracer-spanid: 4e788f5a5cb79a2a

Response headers

date: Sat, 26 Feb 2022 19:25:39 GMT
sepia-upstream: medium
server: nginx
etag: W/"d2-gLZpyubG7Ksj/gtuqz9lDxD617w"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220225-231219-be8e9ca42c, rito/main-20220225-091616-7bd16ef09e, tutu/main-20220225-195659-a6df74685a
x-envoy-upstream-service-time: 101
content-length: 210
x-xss-protection: 0
x-request-received-at: 1645903539750

POST
H2 200 graphql Show response
posts.specterops.io/_/ 268 B
676 B 172ms
172ms Fetch
application/json 52.4.38.70
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/13730.c507718c.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.4.38.70 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-4-38-70.compute-1.amazonaws.com

Software

nginx /

Resource Hash

c50abb8aeb128fe9ed86cb200e1721157766c64f527f5d6e9919c7f87c946a09

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
Accept-Language: de-DE,de;q=0.9
ot-tracer-traceid: 7ab417cdb8806185
Medium-Frontend-Path: /code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
Graphql-Operation: PostViewerEdgeQuery
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Medium-Frontend-App: lite/main-20220225-225933-b51771cb7e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
apollographql-client-version: main-20220225-225933-b51771cb7e
ot-tracer-spanid: 4e788f5a5cb79a2a

Response headers

date: Sat, 26 Feb 2022 19:25:39 GMT
sepia-upstream: medium
server: nginx
etag: W/"10c-aySuGdrrkN/sft0v3oStMMeYllM"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220225-231219-be8e9ca42c, rito/main-20220225-091616-7bd16ef09e, tutu/main-20220225-195659-a6df74685a
x-envoy-upstream-service-time: 59
content-length: 268
x-xss-protection: 0
x-request-received-at: 1645903539747

POST
H2 200 graphql Show response
posts.specterops.io/_/ 96 B
502 B 291ms
291ms Fetch
application/json 52.4.38.70
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/13730.c507718c.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.4.38.70 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-4-38-70.compute-1.amazonaws.com

Software

nginx /

Resource Hash

aaaca262fe6fc64fafe54bd0236329a0ad10abe3ece58da67d89725ebf0589bf

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
Accept-Language: de-DE,de;q=0.9
ot-tracer-traceid: 7ab417cdb8806185
Medium-Frontend-Path: /code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Graphql-Operation: InteractivePostBodyQuery
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Medium-Frontend-App: lite/main-20220225-225933-b51771cb7e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
apollographql-client-version: main-20220225-225933-b51771cb7e
ot-tracer-spanid: 4e788f5a5cb79a2a

Response headers

date: Sat, 26 Feb 2022 19:25:39 GMT
sepia-upstream: medium
server: nginx
etag: W/"60-Ot8fahRq/24OZZD50baRxE1h1oo"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220225-231219-be8e9ca42c, rito/main-20220225-091616-7bd16ef09e, tutu/main-20220225-195659-a6df74685a
x-envoy-upstream-service-time: 73
content-length: 96
x-xss-protection: 0
x-request-received-at: 1645903539852

GET
H3 200 responses.editor.142e6649.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
4 KB 41ms
41ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/responses.editor.142e6649.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.dc3e6a1a.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b9b342854878e881ee595685861b7aa2fecdf3510dc785e0638960e3c348b372

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 894343
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: ATVH2X68D6QNY5HC
x-amz-id-2: LZdHRApUtQilFZ6rCtrYM/uNmS7ZLC7zfOjq46j85/viGeLMjwF+diag9YAuYH3zJ9AzL7LwE8w=
last-modified: Tue, 01 Feb 2022 17:30:31 GMT
server: cloudflare
etag: W/"4efcc1c569f0125e50a7a73603ad1a4e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 03CGcdxMmfJ1uiXP_h.W7ekFIQGuS.2x
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6e3b8f834d789213-FRA
expires: Sun, 26 Feb 2023 19:25:39 GMT

POST
H2 200 graphql Show response
posts.specterops.io/_/ 9 KB
3 KB 307ms
306ms Fetch
application/json 52.4.38.70
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/13730.c507718c.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.4.38.70 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-4-38-70.compute-1.amazonaws.com

Software

nginx /

Resource Hash

68e79f40f1a36f1cb823192fb38640dc997117600d5b1f020182974471d8ecf2

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
Accept-Language: de-DE,de;q=0.9
ot-tracer-traceid: 7ab417cdb8806185
Medium-Frontend-Path: /code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Graphql-Operation: PagedThreadedPostResponsesQuery
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Medium-Frontend-App: lite/main-20220225-225933-b51771cb7e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
apollographql-client-version: main-20220225-225933-b51771cb7e
ot-tracer-spanid: 4e788f5a5cb79a2a

Response headers

date: Sat, 26 Feb 2022 19:25:39 GMT
content-encoding: gzip
sepia-upstream: medium
server: nginx
etag: W/"22c9-UcTT+crLqyLF5I6uazRFy69HKmE"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220225-231219-be8e9ca42c, rito/main-20220225-091616-7bd16ef09e, tutu/main-20220225-195659-a6df74685a
x-envoy-upstream-service-time: 150
x-xss-protection: 0
x-request-received-at: 1645903539853

POST
H2 200 /
posts.specterops.io/_/clientele/reports/performance/ 0
0 119ms
118ms Fetch
application/octet-stream 52.4.38.70
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://posts.specterops.io/_/clientele/reports/performance/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.00045fc8.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.4.38.70 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-4-38-70.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 26 Feb 2022 19:25:39 GMT
medium-fulfilled-by: valencia/main-20220225-231219-be8e9ca42c, clientele/main-20220127-165259-3a6b3d812a
x-envoy-upstream-service-time: 5
sepia-upstream: medium
server: nginx
content-length: 0
content-type: application/octet-stream

POST
H2 200 /
posts.specterops.io/_/clientele/reports/performance/ 0
0 120ms
119ms Fetch
application/octet-stream 52.4.38.70
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://posts.specterops.io/_/clientele/reports/performance/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.00045fc8.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.4.38.70 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-4-38-70.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 26 Feb 2022 19:25:39 GMT
medium-fulfilled-by: valencia/main-20220225-231219-be8e9ca42c, clientele/main-20220127-165259-3a6b3d812a
x-envoy-upstream-service-time: 6
sepia-upstream: medium
server: nginx
content-length: 0
content-type: application/octet-stream

POST
H2 200 /
posts.specterops.io/_/clientele/reports/performance/ 0
0 115ms
114ms Fetch
application/octet-stream 52.4.38.70
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://posts.specterops.io/_/clientele/reports/performance/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.00045fc8.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.4.38.70 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-4-38-70.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 26 Feb 2022 19:25:39 GMT
medium-fulfilled-by: valencia/main-20220225-231219-be8e9ca42c, clientele/main-20220127-165259-3a6b3d812a
x-envoy-upstream-service-time: 4
sepia-upstream: medium
server: nginx
content-length: 0
content-type: application/octet-stream

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 61ms
18ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 6647
date: Sat, 26 Feb 2022 17:34:53 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Sat, 26 Feb 2022 19:34:53 GMT

GET
H2 200 branch-latest.min.js Show response
cdn.branch.io/ 79 KB
24 KB 100ms
33ms Script
text/javascript 143.204.98.52
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.branch.io/branch-latest.min.js
Requested by: Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=fe3205f6b49
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-52.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 93019ef931f847b3f88047feb3c87914c648839920dfd0482fe4d640a106372e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id: dPcbo._dc8laXt1CGk.P2lrH66o74Yit
content-encoding: gzip
last-modified: Thu, 14 Oct 2021 16:27:46 GMT
server: AmazonS3
age: 222
etag: "49d34b8e058b253d35893807b3bac09d"
x-cache: Hit from cloudfront
content-type: text/javascript
via: 1.1 e64eb476d8f76c461d21278e018e194e.cloudfront.net (CloudFront)
cache-control: max-age=300
date: Sat, 26 Feb 2022 19:21:59 GMT
x-amz-cf-pop: FRA50-C1
content-length: 23872
x-amz-cf-id: hbBbLfVJLMqbVB7Iazwi1C5D1HhiVbExR-agrXZeMI8c_s7bCCwNRg==

GET
H3 200 1*Crl55Tm6yDNMoucPo1tvDg.png
miro.medium.com/max/135/ 4 KB
4 KB 131ms
130ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/135/1*Crl55Tm6yDNMoucPo1tvDg.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

971c28b0d1f472873001dc7dc6a2cccb67ae422fd00cd6a12e753fbc1ff1e2ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:41 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 210
x-envoy-upstream-service-time: 21
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4048
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 6e3b8f8bc88a9213-FRA
expires: Mon, 28 Mar 2022 19:25:41 GMT

GET
H3 200 1*W_RAPQ62h0em559zluJLdQ.png
miro.medium.com/max/135/ 4 KB
5 KB 75ms
74ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/135/1*W_RAPQ62h0em559zluJLdQ.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8a16399be3dd5a77dab492b09571656ea17bcab138b1422484312c761aecbf2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:41 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 210
x-envoy-upstream-service-time: 42
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4354
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 6e3b8f8bc8a99213-FRA
expires: Mon, 28 Mar 2022 19:25:41 GMT

GET
H3 200 sohne-400-italic.woff
glyph.medium.com/font/3887986/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 19 KB
20 KB 36ms
36ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/3887986/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-400-italic.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d4997e3de54c0bc7f4b845fb053c714d48c52eed08a18f7555b2abc003e1990

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2799602
x-envoy-upstream-service-time: 33
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 6e3b8f8c095e921f-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sun, 26 Feb 2023 19:25:41 GMT

GET
H2 200 _r Show response
app.link/ 91 B
562 B 217ms
169ms Script
text/javascript 2600:9000:2156:d800:19:9934:6a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.link/_r?sdk=web2.59.0&branch_key=key_live_ofxXr2qTrrU9NqURK8ZwEhknBxiI6KBm&callback=branch_callback__0

Requested by

Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2156:d800:19:9934:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

openresty / Express

Resource Hash

baba5941cc5bbe32dbd224fb4c4a4799cbcbc24fdcb7980ee8c9fff6d9cae607

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 19:25:41 GMT
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
x-content-type-options: nosniff
server: openresty
x-amz-cf-pop: FRA50-C1
x-powered-by: Express
x-cache: Miss from cloudfront
content-type: text/javascript; charset=utf-8
content-length: 91
etag: W/"5b-2B8yQNFCTJv2kRW9IKJMrvj6A1w"
x-amz-cf-id: KYew43xXsQazH6za61oTsizwNMPW5IggDsgQiRzq2tgJuLhyScq3lg==

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 53ms
27ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1952908207&t=pageview&_s=1&dl=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&ul=en-us&de=UTF-8&dt=Code%20Signing%20Certificate%20Cloning%20Attacks%20and%20Defenses%20%7C%20by%20Matt%20Graeber%20%7C%20Posts%20By%20SpecterOps%20Team%20Members&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=731673132&gjid=1191434801&cid=1641830277.1645903541&tid=UA-24232453-2&_gid=1114463297.1645903541&_r=1&_slc=1&z=552112262

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/13730.c507718c.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 19:25:41 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://posts.specterops.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 49ms
28ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1952908207&t=pageview&_s=1&dl=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&ul=en-us&de=UTF-8&dt=Code%20Signing%20Certificate%20Cloning%20Attacks%20and%20Defenses%20%7C%20by%20Matt%20Graeber%20%7C%20Posts%20By%20SpecterOps%20Team%20Members&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEDAAEABAAAAAC~&jid=213961585&gjid=235282835&cid=1641830277.1645903541&tid=UA-102239211-2&_gid=1114463297.1645903541&_r=1&_slc=1&z=896801497

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/13730.c507718c.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 26 Feb 2022 19:25:41 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://posts.specterops.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 open Show response
api2.branch.io/v1/ 316 B
629 B 233ms
176ms XHR
application/json 2600:9000:2156:7e00:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/open
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/13730.c507718c.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:7e00:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 9a985875c68ee123300836a3dcc850d69d1758f89b1de99675c72552c69dd2a1

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sat, 26 Feb 2022 19:25:41 GMT
via: 1.1 e64eb476d8f76c461d21278e018e194e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache
x-branch-request-id: 2338209a6b3a400bac72202742ac8fcf-2022022619
content-length: 316
x-amz-cf-id: sX-FOBidU2qds_CFq46b7eZUgG7m8L2I5J1oH7KTn-cnRd0dCrCo4Q==

POST
H2 200 profile Show response
api2.branch.io/v1/ 183 B
567 B 270ms
270ms XHR
application/json 2600:9000:2156:7e00:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/profile

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/13730.c507718c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2156:7e00:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ Express

Resource Hash

a89558f04fa2390cb0d780ad645b93496eda74d769a8c8c27ae2fc210f7f6b18

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sat, 26 Feb 2022 19:25:41 GMT
via: 1.1 e64eb476d8f76c461d21278e018e194e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA50-C1
x-powered-by: Express
etag: W/"b7-/6WlLXyb4zgU0ukMNVNolVp82No"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: 00e85f5b3bbf4cdd82a15cc58d32c394-2022022619
content-length: 183
x-amz-cf-id: H3m6wPeZFRPsrxTRSLz6hgjGVhnYY5bhvBqujFORRgda4vdYxTz1kA==

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
389 B 406ms
406ms XHR
application/json 2600:9000:2156:7e00:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/pageview
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/13730.c507718c.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:7e00:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: / Express
Resource Hash: a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sat, 26 Feb 2022 19:25:42 GMT
via: 1.1 e64eb476d8f76c461d21278e018e194e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: 31a7385dfe2a44449798115a2db7c8d5-2022022619
content-length: 28
x-amz-cf-id: UrDkOfOFzR63NfHdlpRVnvzQRKnkFcbg9JO4oX0bV_UCbcc-NLZIow==

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
388 B 225ms
224ms XHR
application/json 2600:9000:2156:7e00:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/pageview
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/13730.c507718c.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:7e00:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: / Express
Resource Hash: a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sat, 26 Feb 2022 19:25:42 GMT
via: 1.1 e64eb476d8f76c461d21278e018e194e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: 96a24927fd064a76aaf7eb87fbd0f003-2022022619
content-length: 28
x-amz-cf-id: 8b5I77FhnQF9fCfhAbylkqqINpRivrPbvWSe9ULCgxDoC9ipHTwDbw==

POST
H2 200 batch Show response
posts.specterops.io/_/ 17 B
260 B 259ms
258ms Fetch
application/json 52.4.38.70
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://posts.specterops.io/_/batch
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.00045fc8.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.4.38.70 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-4-38-70.compute-1.amazonaws.com
Software: nginx /
Resource Hash: f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
x-xsrf-token: 1
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
content-type: application/json

Response headers

date: Sat, 26 Feb 2022 19:25:44 GMT
medium-fulfilled-by: valencia/main-20220225-231219-be8e9ca42c
x-envoy-upstream-service-time: 146
sepia-upstream: medium
server: nginx
content-length: 17
content-type: application/json

Verdicts & Comments Add Verdict or Comment

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

13 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.medium.com/	1970-01-20 01:54:55	Name: vary Value: enable_medium_app_lo
.medium.com/	1970-01-20 09:57:19	Name: uid Value: lo_974ea8f0da5a
.medium.com/	1970-01-20 09:57:19	Name: sid Value: 1%3AkzPQRcW5fZWYVpMC8ShRmVGeZ700jnitZk4PISQVaXb3S%2BNGWKPODxOSDSBW5oID
.medium.com/	1969-12-31 23:59:59	Name: __cfruid Value: bf3c96f99c094a0973e2e0a9eef595ea16226d33-1645903537
posts.specterops.io/	1970-01-20 09:57:19	Name: uid Value: lo_974ea8f0da5a
posts.specterops.io/	1970-01-20 09:57:19	Name: sid Value: 1:C2oF+r1oGGD6XDP1kAo+Tr3/aep1liOADT4Kuhd9mQT41IV2Ks5Vyvs/lXjexL71
posts.specterops.io/	1970-01-20 01:13:09	Name: vary Value: enable_medium_app
posts.specterops.io/	1970-01-20 01:11:44	Name: _dd_s Value: rum=0&expire=1645904439186
.specterops.io/	1970-01-20 18:42:55	Name: _ga Value: GA1.2.1641830277.1645903541
.specterops.io/	1970-01-20 01:13:09	Name: _gid Value: GA1.2.1114463297.1645903541
.specterops.io/	1970-01-20 01:11:43	Name: _gat Value: 1
.specterops.io/	1970-01-20 01:11:43	Name: _gat_tracker0 Value: 1
.app.link/	1970-01-20 09:57:19	Name: _s Value: qpp2zswarzwSYrypv8FD5eDlqJgycs760CvB1mRgPbLqjC8E5dzgklVEpHC0UuEu

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' https://medium.com

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api2.branch.io
app.link
cdn-client.medium.com
cdn.branch.io
glyph.medium.com
medium.com
miro.medium.com
posts.specterops.io
www.google-analytics.com
143.204.98.52
2600:9000:2156:7e00:11:f728:3040:93a1
2600:9000:2156:d800:19:9934:6a80:93a1
2606:4700:7::a29f:9804
2606:4700:7::a29f:9904
2a00:1450:4001:810::200e
52.4.38.70
018b5b257410f8d487cbce3c542d9063154574d83aa25bbef18844c901f18ff1
06366c64f54a1a53351585fd67f879da58bbc1efdb9ea51343ec867d4e2b9c01
0791e414e986ffa3f6e135050df4933777c28ca6756119550d97a4aaa7d704af
0a68bdc22aa6d2deedff5c4999e3618222cf20b0902530b7f924b9e2a4300e40
10935457085f3bae0103273242eed0cd1b866e1cffae36822cbfe06dec22a5ab
149e94404b0e86f4cbc2d7b2477449154e79db509d3028eb42ee02708182b563
17bc9b92ebab80637567c7dfd6bcdfe3498462acc7d12ea5331260c2dd404e9b
20d1f56ba11ce04885ba77d1cec9d314748d73ce7de160765fe166b469b457b3
27638e3a4e36b6a4a403e0fad7c322855c9a7559a585475e7f1347a109790503
2cb4926529d85e3bc76ca5cd4019efac0bf2ae2f2604e8740d58100c69ca2964
2e499fbf59e858017a4248742c3424bc4651708c4033b0862a79b51b2a88ce14
2f15554a0139715f3c8db82a10aa47bbb71e40799928ad3845efeeddf9d37083
33e2f340aa38d101f7d1bd12b168f1b1fdb78b0083765a43c0600ce6518c04a9
36fdcdaa562cc2348745eaf48791cb54c9ee180eed45141d65e705fb56a2fdf5
37359d2c6eb82ca5b4a6c0567aa5d0d22d0d4d85a9aa5950490f330253795d44
386ff0e96e4564b30a3ba03e97878f71c9deccf8829ccfe73f80657a951aa572
3931b21f7555294211914aa674b509cc250b9a53c6695a56429387b59255b7e8
3a292c657fdde02baff56bbd86da419f3d22e0be137888d1094176efa5cb010a
3b1c3db72fa6da00fe30f190a2b8ac5bb0bc1f8a1aa12b79d64a35c678b62b51
3d474a8a84592a2d701b5277b3a7df4c6bd910aa3739c5b32937d1a1346ea884
3d4997e3de54c0bc7f4b845fb053c714d48c52eed08a18f7555b2abc003e1990
4168fe3724a8e4f8cac9c79ccf6c38d4e7304779f9c45251e7b8719ccac365a4
434e394b3a3721595fdb41f40aee3ff23c11a4ebb1074de44cd6a7b0c27b5cd7
4ab8d9caf917b6bec7ca41468d969db0b255f257732475aa890772a079d13239
539ae3662e77a9c2f0ae7301ff47ecfb790fec1a013b76e26e3e096f403a2535
563c33f073923e14287dcdd69eb98810b288c8234b6160d177f040246344a739
63d5ed100877af14015bbc208de37446811ce956e66d257c0c4af9f125cc23a6
650023eeeb84a95eabf337fdd5491023a315c1487adf8ed1d398dcacace69f12
65f0c65b5db3aa0568c7986479a4a3e909a05a84fb34ced48d70a2d628dd1444
68e79f40f1a36f1cb823192fb38640dc997117600d5b1f020182974471d8ecf2
69319d5c3b310ed9728384564a7377c655254ee2bf8d7b0d8f446a9516cba2f9
693b35e271c7e7eb914b40b90d09b33832dbc6bc4646ae4d73ab77560a488fdf
6b3dd41522bb086c85f01424492e7d11c0319c80cc6283c7c45876ab1d624b91
6e9a4246015ad572163a9eae7ddec430a20000cf580b47f21164f8c92fdc1ff0
6f05f9b2f0eebaffe717b4edc93f24e451c578cc9be3772fcf36164115f51eef
6f3ba599ad93b5212865f9e979087631b68ea83b8753eac06c720e40e72a41bb
719e1399331154251e2969f34dfb87134297dc8994ad1ccddf983926f8b51f24
72d811ea39f645d321d911989fac34c52f0f694797b10edc0733d83c42f7b77f
799283ad942ff2daec915822e9c6decf218b8cae139e582ff9671a66cf6f944e
7f14214332f60b0f9f112dcd6a531a01a6043eae086690f468f1bf7967bca32c
88a9759304d72c443340f743e7ea08c1965a8c3987a38c5243ad04545e674f8a
89bca227adaf023808e58b9cd61ba763a96c0f0ed7b996a369c7c223a65cb916
8a16399be3dd5a77dab492b09571656ea17bcab138b1422484312c761aecbf2d
8a9783669bd80b6f8257a3cbc57b59d61ef424f1b95cabef9b15f4ad0f6a7df9
8cf724aa8e1275c52479a57bb65d042eea0484ac82a7355ca0f06ef55e3de13c
8d429990f40a7dcf438332eac5daa70b877f5eed73fa5e06ead5aceb8c3262ee
8fc69ae7fe159390316f74529abefacebc2b59f3648c3af2d6c432a3b78b07c6
911980866403ae7df85da8c4597dfbaede8964bccc0aebc54786d797aa4a1e45
93019ef931f847b3f88047feb3c87914c648839920dfd0482fe4d640a106372e
955c4c507d0997bbc74c266102fa2ed1a6fce7e9db160164d85fc0191d2858ca
961f2b3e92eba06b032c090511ab8fb8b65ff7f0b471c7bd22817061288f8368
971c28b0d1f472873001dc7dc6a2cccb67ae422fd00cd6a12e753fbc1ff1e2ea
98727c089d2e24cb009cc4092221e17553101321174b8d7aaa876f41d734d222
99e6fb690c810d23951fa198757f91db0eac07e3408fde00f845f388cdea391f
9a985875c68ee123300836a3dcc850d69d1758f89b1de99675c72552c69dd2a1
9f2c1f3ed67f960d3ba0f120c688de9a9ac07db0a32ef8ad2eec65e703fe62f3
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a3231d9c5077d6423b7ab05c50dbb1c953d5213c24ac287793b8217985743321
a3a2bf63254d3d3acbae07d320a8d3adc053e503a15fc2bee743bc36fd433a83
a70293b8f4742f6004f43881f4574e7c76f5186fccf0550efbb6ff2cc9c87c4f
a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb
a89558f04fa2390cb0d780ad645b93496eda74d769a8c8c27ae2fc210f7f6b18
aaaca262fe6fc64fafe54bd0236329a0ad10abe3ece58da67d89725ebf0589bf
acebdf620c7ce3e1d09fc38c4a050da2e12491902f39ba3095961573941ae612
acfbbf8277040cf7a8aa0c120014dd848a324ba0c83c75376eb84aa2ebe757c8
ae6394942d1cb24bfc33ef79109b1bd5f85638ce8764fc7b82df1ec1c5288a17
b0f424bafe993b016ea96973894f95dfc4290608478a2d7d3fdd080d9b0a60d1
b5291965181d7397c413c049ef055d2146a4bf693a989ded2b4a917341cab83b
b9b342854878e881ee595685861b7aa2fecdf3510dc785e0638960e3c348b372
baba5941cc5bbe32dbd224fb4c4a4799cbcbc24fdcb7980ee8c9fff6d9cae607
bc001c0ba3d95353f2c8d38764e28c442347c6dadddea149097ce0b7699f2f94
c3ae723c17cbcedad45c70cacd29c521a318a01c04d162781eba13088a719006
c50abb8aeb128fe9ed86cb200e1721157766c64f527f5d6e9919c7f87c946a09
c60e90d4c6c570d781b8c9e2c20dd37ce9c41281e15ec22aae10699620ab0898
d167bc56af6bc1231a953916dec835db5b2629ff06ef22f5ab25d048c71cc2d4
d27edaf567774c2c1b95103ed961bb62ec52376000eb5d82b95b8f7802826f1c
d68b753a11d9f06ed882392b75f256775ddbf6b4ab75e84a4ce560fb961c4884
dc9ebdefdfbc0d05894e56098b72c9abe00b9441ac48f6ac29a25d38975ff3a3
ddac8b642d7667b3fb9605ac5b043dcf21976aed041ad4d6221f0a0cc10a4376
de0e646d56babcf5004d2a9e8b0134d72056a222a8ce987c456a6b456988db50
df55e1647aaa31dc1a9879bb336faa6f878d2af6aec095a3b0dff0bdd909218f
e8a80bdd5cc9be1a7d3298446a05234198a2d54b76cfcd1c92cd45c7892a4f42
ea5a82869f3f7fa681f1e7cb1e505542f3a9d193071a8ec9f263ad7866d899f1
ec7121b47a89c0f8c46fc497009d41ebd3f25601b5485753d11bc366050a8e0e
ef51bb71e5dece4317a836c372a2e0c196b4e8d4467efee685bc72382e1783c9
f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
f660dcf5009462eebbe3e19971d60fca80544e3b91b6243d63353f477596a953
f69d9f12637469fe5d3814942b650313f8e5bc84b961d5a812c5ddbb69c8c078

posts.specterops.io Open in urlscan Pro 52.4.38.70 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

94 Requests

100 %HTTPS

71 %IPv6

5 Domains

9 Subdomains

7 IPs

2 Countries

1161 kBTransfer

3534 kBSize

13 Cookies

64 Outgoing links

Page URL History

Redirected requests

94 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

posts.specterops.io Open in urlscan Pro
52.4.38.70 Public Scan

Screenshot
Live screenshot

Full Image

94
Requests

100 %
HTTPS

71 %
IPv6

5
Domains

9
Subdomains

7
IPs

2
Countries

1161 kB
Transfer

3534 kB
Size

13
Cookies

94 HTTP transactions
0 data transactions