blog.shiftleft.io Open in urlscan Pro
52.6.3.192 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
Effective URL:
https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
Submission: On October 20 via api (October 20th 2021, 5:26:34 pm UTC) from US — Scanned from DE

Summary HTTP 109 Redirects Links 51 Behaviour Indicators

Summary

This website contacted 14 IPs in 5 countries across 11 domains to perform 109 HTTP transactions. The main IP is 52.6.3.192, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is blog.shiftleft.io.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on January 19th 2021. Valid for: a year.

This is the only time blog.shiftleft.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 14	52.6.3.192 52.6.3.192	14618 (AMAZON-AES) (AMAZON-AES)
1 72	2606:4700:7::... 2606:4700:7::a29f:9904	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:710... 2a02:26f0:7100:19a::13b8	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	23.6.123.32 23.6.123.32	16625 (AKAMAI-AS) (AKAMAI-AS)
3	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
1	143.204.98.52 143.204.98.52	16509 (AMAZON-02) (AMAZON-02)
1	54.243.144.17 54.243.144.17	14618 (AMAZON-AES) (AMAZON-AES)
2	2600:1f18:24e... 2600:1f18:24e6:b901:bdc9:8410:5bcc:e9b5	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:9000:215... 2600:9000:2156:c400:19:9934:6a80:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400c:c0a::9a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
4	2600:9000:215... 2600:9000:2156:7000:11:f728:3040:93a1	16509 (AMAZON-02) (AMAZON-02)
8	2606:4700:303... 2606:4700:3036::ac43:b550	13335 (CLOUDFLAR...) (CLOUDFLARENET)
109	14

14 52.6.3.192 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-6-3-192.compute-1.amazonaws.com

blog.shiftleft.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

72 2606:4700:7::a29f:9904 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
glyph.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
miro.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-client.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:7100:19a::13b8 (Ascension Island)

ASN20940 (AKAMAI-ASN1, NL)

cdn.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.6.123.32 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-6-123-32.deploy.static.akamaitechnologies.com

a16180790160.cdn.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.52 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-52.fra50.r.cloudfront.net

cdn.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.243.144.17 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-243-144-17.compute-1.amazonaws.com

logx.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:24e6:b901:bdc9:8410:5bcc:e9b5 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

browser-http-intake.logs.datadoghq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:c400:19:9934:6a80:93a1 (United States)

ASN16509 (AMAZON-02, US)

app.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0a::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:2156:7000:11:f728:3040:93a1 (United States)

ASN16509 (AMAZON-02, US)

api2.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700:3036::ac43:b550 (United States)

ASN13335 (CLOUDFLARENET, US)

lightstep.medium.systems	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
72	medium.com 1 redirects medium.com glyph.medium.com miro.medium.com cdn-client.medium.com	1 MB
14	shiftleft.io 1 redirects blog.shiftleft.io	47 KB
8	medium.systems lightstep.medium.systems	2 KB
5	branch.io cdn.branch.io api2.branch.io	26 KB
3	google-analytics.com www.google-analytics.com	20 KB
3	optimizely.com cdn.optimizely.com a16180790160.cdn.optimizely.com logx.optimizely.com	96 KB
2	datadoghq.com browser-http-intake.logs.datadoghq.com	93 B
1	google.de www.google.de	472 B
1	google.com www.google.com	472 B
1	doubleclick.net stats.g.doubleclick.net	414 B
1	app.link app.link	574 B
109	11

	Domain	Requested by
43	cdn-client.medium.com	blog.shiftleft.io cdn-client.medium.com
19	miro.medium.com	blog.shiftleft.io cdn-client.medium.com
14	blog.shiftleft.io	1 redirects cdn-client.medium.com
9	glyph.medium.com	blog.shiftleft.io glyph.medium.com
8	lightstep.medium.systems	cdn-client.medium.com
4	api2.branch.io	cdn-client.medium.com
3	www.google-analytics.com	blog.shiftleft.io cdn-client.medium.com
2	browser-http-intake.logs.datadoghq.com	cdn-client.medium.com
1	www.google.de
1	www.google.com
1	stats.g.doubleclick.net	cdn-client.medium.com
1	app.link	cdn.branch.io
1	logx.optimizely.com	cdn-client.medium.com
1	cdn.branch.io	blog.shiftleft.io
1	a16180790160.cdn.optimizely.com	cdn.optimizely.com
1	cdn.optimizely.com	blog.shiftleft.io
1	medium.com	1 redirects
109	17

This site contains links to these domains. Also see Links.

Domain
medium.com
rsci.app.link
www.shiftleft.io
policy.medium.com
thehackernews.com
github.com
phpsecurity.readthedocs.io
owasp.org
gabertan-colton.medium.com
atsu7.medium.com
blog.whistic.com
upbulging2009.medium.com
intraline1916.medium.com
help.medium.com
itunes.apple.com
play.google.com

Subject Issuer	Validity	Valid
blog.shiftleft.io Sectigo RSA Domain Validation Secure Server CA	`2021-01-19` - `2022-01-19`	a year	crt.sh
medium.com Cloudflare Inc ECC CA-3	`2021-09-01` - `2021-11-29`	3 months	crt.sh
cdn.optimizely.com DigiCert SHA2 Secure Server CA	`2021-02-17` - `2022-02-21`	a year	crt.sh
*.cdn.optimizely.com DigiCert TLS RSA SHA256 2020 CA1	`2021-06-02` - `2022-06-07`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.branch.io DigiCert TLS RSA SHA256 2020 CA1	`2020-11-25` - `2021-12-25`	a year	crt.sh
logx.optimizely.com Amazon	`2021-08-23` - `2022-09-21`	a year	crt.sh
*.logs.datadoghq.com Sectigo RSA Domain Validation Secure Server CA	`2020-05-31` - `2022-05-31`	2 years	crt.sh
appipv4.link Amazon	`2021-06-24` - `2022-07-23`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-04` - `2022-07-03`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
Frame ID: B71C9F624A8100CBC716EBAAD13634D1
Requests: 103 HTTP requests in this frame

Frame: https://a16180790160.cdn.optimizely.com/client_storage/a16180790160.html
Frame ID: 92D20B5F083537AF750A75AC3968CC9F
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Security Code Review of a Banking Trojan — Cerberus | by Prabhu Subramanian | ShiftLeft Blog

Page URL History Show full URLs

https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b HTTP 307
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fblog.shiftleft.io%2Fsecurity-cod... HTTP 302
https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7 Page URL

Detected technologies

Medium (Blogs) Expand

Overall confidence: 100%
Detected patterns

medium\.com

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Optimizely (Analytics) Expand

Overall confidence: 100%
Detected patterns

optimizely\.com.*\.js

Page Statistics

109
Requests

100 %
HTTPS

71 %
IPv6

11
Domains

17
Subdomains

14
IPs

5
Countries

1277 kB
Transfer

3732 kB
Size

16
Cookies

51 Outgoing links

These are links going to different origins than the main page.

URL: https://medium.com/?source=post_page-----10df386b9f6b--------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fblog.shiftleft.io%2Fsecurity-code-review-of-a-banking-trojan-cerberus-10df386b9f6b&source=post_page-----10df386b9f6b---------------------nav_reg-----------
Title: Sign in

Search URL Search Domain Scan URL

URL: https://rsci.app.link/?%24canonical_url=https%3A%2F%2Fmedium.com%2Fp%2F10df386b9f6b&~feature=LoOpenInAppButton&~channel=ShowPostUnderCollection&~stage=mobileNavBar&source=post_page-----10df386b9f6b--------------------------------
Title: Open in app

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fblog.shiftleft.io%2Fsecurity-code-review-of-a-banking-trojan-cerberus-10df386b9f6b&source=post_page-----10df386b9f6b---------------------nav_reg-----------
Title: Get started

Search URL Search Domain Scan URL

URL: https://www.shiftleft.io/?utm_source=blog&utm_medium=web&source=post_page-----10df386b9f6b--------------------------------
Title: www.shiftleft.io

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-rules-30e5502c4eb4?source=responses-----10df386b9f6b--------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fblog.shiftleft.io%2Fsecurity-code-review-of-a-banking-trojan-cerberus-10df386b9f6b&source=responses-----10df386b9f6b---------------------respond_sidebar-----------
Title: What are your thoughts?

Search URL Search Domain Scan URL

URL: https://medium.com/@prabhusl?source=post_page-----10df386b9f6b--------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fuser%2F6789436b04be%2F10df386b9f6b&operation=register&redirect=https%3A%2F%2Fblog.shiftleft.io%2Fsecurity-code-review-of-a-banking-trojan-cerberus-10df386b9f6b&user=Prabhu%20Subramanian&userId=6789436b04be&source=post_page-6789436b04be----10df386b9f6b---------------------follow_byline-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=%2F_%2Fapi%2Fsubscriptions%2Fnewsletters%2F9bcefb2332fc&operation=register&redirect=https%3A%2F%2Fblog.shiftleft.io%2Fsecurity-code-review-of-a-banking-trojan-cerberus-10df386b9f6b&newsletterV3=6789436b04be&newsletterV3Id=9bcefb2332fc&user=Prabhu%20Subramanian&userId=6789436b04be&source=post_page-----10df386b9f6b---------------------subscribe_user-----------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F10df386b9f6b&operation=register&redirect=https%3A%2F%2Fblog.shiftleft.io%2Fsecurity-code-review-of-a-banking-trojan-cerberus-10df386b9f6b&source=post_actions_header--------------------------bookmark_preview-----------

Search URL Search Domain Scan URL

URL: https://thehackernews.com/2019/08/cerberus-android-banking-trojan.html
Title: Cerberus

Search URL Search Domain Scan URL

URL: https://github.com/dgoulet/torsocks
Title: torsocks

Search URL Search Domain Scan URL

URL: https://phpsecurity.readthedocs.io/en/latest/Input-Validation.html
Title: validated or sanitized

Search URL Search Domain Scan URL

URL: https://owasp.org/www-community/xss-filter-evasion-cheatsheet
Title: vulnerable

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fcollection%2Fshiftleft-blog%2F10df386b9f6b&operation=register&redirect=https%3A%2F%2Fblog.shiftleft.io%2Fsecurity-code-review-of-a-banking-trojan-cerberus-10df386b9f6b&collection=ShiftLeft%20Blog&collectionId=86a4f941c7da&source=post_sidebar--------------------------follow_sidebar-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fshiftleft-blog%2F10df386b9f6b&operation=register&redirect=https%3A%2F%2Fblog.shiftleft.io%2Fsecurity-code-review-of-a-banking-trojan-cerberus-10df386b9f6b&user=Prabhu%20Subramanian&userId=6789436b04be&source=post_sidebar-----10df386b9f6b---------------------clap_sidebar-----------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F10df386b9f6b&operation=register&redirect=https%3A%2F%2Fblog.shiftleft.io%2Fsecurity-code-review-of-a-banking-trojan-cerberus-10df386b9f6b&source=post_sidebar-----10df386b9f6b---------------------bookmark_sidebar-----------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fshiftleft-blog%2F10df386b9f6b&operation=register&redirect=https%3A%2F%2Fblog.shiftleft.io%2Fsecurity-code-review-of-a-banking-trojan-cerberus-10df386b9f6b&user=Prabhu%20Subramanian&userId=6789436b04be&source=post_actions_footer-----10df386b9f6b---------------------clap_footer-----------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F10df386b9f6b&operation=register&redirect=https%3A%2F%2Fblog.shiftleft.io%2Fsecurity-code-review-of-a-banking-trojan-cerberus-10df386b9f6b&source=post_actions_footer--------------------------bookmark_footer-----------

Search URL Search Domain Scan URL

URL: https://medium.com/@prabhusl?source=follow_footer-----10df386b9f6b--------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fuser%2F6789436b04be%2F10df386b9f6b&operation=register&redirect=https%3A%2F%2Fblog.shiftleft.io%2Fsecurity-code-review-of-a-banking-trojan-cerberus-10df386b9f6b&user=Prabhu%20Subramanian&userId=6789436b04be&source=follow_footer-6789436b04be----10df386b9f6b---------------------follow_footer-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=%2F_%2Fapi%2Fsubscriptions%2Fnewsletters%2F9bcefb2332fc&operation=register&redirect=https%3A%2F%2Fblog.shiftleft.io%2Fsecurity-code-review-of-a-banking-trojan-cerberus-10df386b9f6b&newsletterV3=6789436b04be&newsletterV3Id=9bcefb2332fc&user=Prabhu%20Subramanian&userId=6789436b04be&source=follow_footer-----10df386b9f6b---------------------subscribe_user-----------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fcollection%2Fshiftleft-blog%2F10df386b9f6b&operation=register&redirect=https%3A%2F%2Fblog.shiftleft.io%2Fsecurity-code-review-of-a-banking-trojan-cerberus-10df386b9f6b&collection=ShiftLeft%20Blog&collectionId=86a4f941c7da&source=follow_footer-----10df386b9f6b---------------------follow_footer-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://gabertan-colton.medium.com/practical-malware-analysis-basic-static-techniques-8897bd21b9e6?source=post_internal_links---------0----------------------------
Title: Practical Malware Analysis: Basic Static Techniques

Search URL Search Domain Scan URL

URL: https://gabertan-colton.medium.com/?source=post_internal_links---------0----------------------------
Title: Colton Gabertan

Search URL Search Domain Scan URL

URL: https://medium.com/@3isenheim/install-obsidian-md-on-parrot-security-8f0820f6f233?source=post_internal_links---------1----------------------------
Title: Install Obsidian.md on Parrot Security

Search URL Search Domain Scan URL

URL: https://medium.com/@3isenheim?source=post_internal_links---------1----------------------------
Title: 3isenHeiM

Search URL Search Domain Scan URL

URL: https://atsu7.medium.com/digital-security-aaf55a8f46f2?source=post_internal_links---------2----------------------------
Title: Digital Security

Search URL Search Domain Scan URL

URL: https://atsu7.medium.com/?source=post_internal_links---------2----------------------------
Title: Atsu7

Search URL Search Domain Scan URL

URL: https://blog.whistic.com/will-my-company-be-assessed-feafbeed7b5b?source=post_internal_links---------3----------------------------
Title: Will My Company Be Assessed?

Search URL Search Domain Scan URL

URL: https://medium.com/@whistic?source=post_internal_links---------3----------------------------
Title: Whistic

Search URL Search Domain Scan URL

URL: https://blog.whistic.com/?source=post_internal_links---------3----------------------------
Title: Whistic

Search URL Search Domain Scan URL

URL: https://medium.com/@montassar.naghmouchi/the-internet-we-have-the-internet-we-need-770ab7c8323d?source=post_internal_links---------4----------------------------
Title: The internet we have, the internet we need

Search URL Search Domain Scan URL

URL: https://medium.com/@montassar.naghmouchi?source=post_internal_links---------4----------------------------
Title: montasser the bored

Search URL Search Domain Scan URL

URL: https://upbulging2009.medium.com/update-kids-cooking-games-hack-free-resources-generator-ae37090f100d?source=post_internal_links---------5----------------------------
Title: {UPDATE} Kids Cooking Games Hack Free Resources Generator

Search URL Search Domain Scan URL

URL: https://upbulging2009.medium.com/?source=post_internal_links---------5----------------------------
Title: Carlin Nealson

Search URL Search Domain Scan URL

URL: https://intraline1916.medium.com/update-idle-toll-hack-free-resources-generator-971ba7505dbd?source=post_internal_links---------6----------------------------
Title: {UPDATE} Idle Toll Hack Free Resources Generator

Search URL Search Domain Scan URL

URL: https://intraline1916.medium.com/?source=post_internal_links---------6----------------------------
Title: Shannen Hinda

Search URL Search Domain Scan URL

URL: https://medium.com/hackernoon/hacker-noon-reader-survey-results-1d2c60573ec4?source=post_internal_links---------7----------------------------
Title: Hacker Noon Reader Survey Results

Search URL Search Domain Scan URL

URL: https://medium.com/@norahsmama?source=post_internal_links---------7----------------------------
Title: #Blacklivesmatter #Sayhername #Defundthepolice

Search URL Search Domain Scan URL

URL: https://medium.com/hackernoon?source=post_internal_links---------7----------------------------
Title: HackerNoon.com

Search URL Search Domain Scan URL

URL: https://medium.com/about?autoplay=1&source=post_page-----10df386b9f6b--------------------------------
Title: Learn more.

Search URL Search Domain Scan URL

URL: https://medium.com/topics?source=post_page-----10df386b9f6b--------------------------------
Title: Make Medium yours.

Search URL Search Domain Scan URL

URL: https://medium.com/creator-tools?source=post_page-----10df386b9f6b--------------------------------
Title: Write a story on Medium.

Search URL Search Domain Scan URL

URL: https://medium.com/new-story?source=post_page-----10df386b9f6b--------------------------------
Title: Write

Search URL Search Domain Scan URL

URL: https://help.medium.com/hc/en-us?source=post_page-----10df386b9f6b--------------------------------
Title: Help

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-terms-of-service-9db0094a1e0f?source=post_page-----10df386b9f6b--------------------------------
Title: Legal

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/app/medium-everyones-stories/id828256236?pt=698524&mt=8&ct=post_page&source=post_page-----10df386b9f6b--------------------------------

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.medium.reader&source=post_page-----10df386b9f6b--------------------------------

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-privacy-policy-f03bf92035c9
Title: Privacy Policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b HTTP 307
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fblog.shiftleft.io%2Fsecurity-code-review-of-a-banking-trojan-cerberus-10df386b9f6b HTTP 302
https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

109 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b Show response
blog.shiftleft.io/
Redirect Chain

https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fblog.shiftleft.io%2Fsecurity-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

184 KB
37 KB

1243ms
1243ms

Document
text/html

52.6.3.192
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.6.3.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-6-3-192.compute-1.amazonaws.com

Software

nginx /

Resource Hash

3e1548b2466fc73b4f92c0ef2a388865abcd9f9953070c67ea8c32a0c7ea0907

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://medium.com

Request headers

:method: GET
:authority: blog.shiftleft.io
:scheme: https
:path: /security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

server: nginx
date: Wed, 20 Oct 2021 17:26:26 GMT
content-type: text/html; charset=utf-8
sepia-upstream: medium
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: frame-ancestors 'self' https://medium.com
etag: W/"2dfb4-rELgkH37QmmBDAq0AsprIGC3qw8"
medium-fulfilled-by: valencia/main-20211011-154348-f913722d14, lite/main-20211020-155556-05af24ebf2, rito/main-20211019-120718-75536e7bf3, tutu/main-20211020-152938-744cd4ff5e
medium-missing-time: 138
set-cookie: uid=lo_e2bc2863ee4e; Path=/; Expires=Thu, 20 Oct 2022 17:26:25 GMT; HttpOnly; Secure; SameSite=None sid=1:igzNdoCq2I86vpXzo1Qoek/t4jOlC0eRV+C1XfgL2GsAAJBE7EkhAVDWQUppNBKz; Path=/; Expires=Thu, 20 Oct 2022 17:26:25 GMT; HttpOnly; Secure; SameSite=None optimizelyEndUserId=lo_e2bc2863ee4e; Path=/; Expires=Thu, 20 Oct 2022 17:26:25 GMT; Secure; SameSite=None
vary: Accept-Encoding
x-envoy-upstream-service-time: 1134
x-request-received-at: 1634750785222

Redirect headers

date: Wed, 20 Oct 2021 17:26:25 GMT
content-type: text/plain;charset=UTF-8
content-length: 0
location: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
cf-ray: 6a13f3759c293758-MXP
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Thu, 09 Sep 1999 09:09:09 GMT
link: <https://medium.com/humans.txt>; rel="humans"
set-cookie: uid=lo_e2bc2863ee4e; Path=/; Domain=medium.com; Expires=Thu, 20 Oct 2022 17:26:24 GMT; HttpOnly; Secure sid=1:omvGHy+s6OykUqGj5kIszMecS7va8Us0fffzdDT4Ly1TI0kjZp9bi38Vaul8Pwgj; Path=/; Domain=medium.com; Expires=Thu, 20 Oct 2022 17:26:25 GMT; HttpOnly; Secure; SameSite=None optimizelyEndUserId=lo_e2bc2863ee4e; Path=/; Domain=medium.com; Expires=Thu, 20 Oct 2022 17:26:25 GMT; Secure; SameSite=None __cfruid=747b27cf2048f55be346875b30b2899a2620dfb3-1634750785; path=/; domain=.medium.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: DYNAMIC
content-security-policy: default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://medium.com https://*.medium.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
medium-fulfilled-by: edgy/6.1.4, valencia/main-20211011-154348-f913722d14
pragma: no-cache
x-content-type-options: nosniff
x-envoy-upstream-service-time: 67
x-frame-options: sameorigin
x-obvious-info: 20211020-1531-root,744cd4ff
x-obvious-tid: 1634750784987:429b17a85f09
x-opentracing: {"ot-tracer-spanid":"43f4e0ec2013cb81","ot-tracer-traceid":"267428110df03e1b","ot-tracer-sampled":"true"}
x-powered-by: Medium
x-ua-compatible: IE=edge, Chrome=1
x-xss-protection: 1; mode=block
vary: Accept-Encoding
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 unbound.css
glyph.medium.com/css/ 12 KB
1 KB 54ms
32ms Stylesheet
text/css 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/css/unbound.css

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

23d5d5917766394d6fb54189597fcc1ad7b0fe96870e594d940a89717d8338f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 944
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: text/css
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=7200
access-control-allow-credentials: true
cf-ray: 6a13f37f0d833758-MXP
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Wed, 20 Oct 2021 19:26:26 GMT

GET
H2 200 16180790160.js Show response
cdn.optimizely.com/js/ 323 KB
94 KB 41ms
10ms Script
text/javascript 2a02:26f0:7100:19a::13b8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.optimizely.com/js/16180790160.js

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100:19a::13b8 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

AmazonS3 /

Resource Hash

bdb2ccdb82aae446d8d58ac6bcc5ed9de4406aeefbeab265429bc71b59ff5d03

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-meta-pci_enabled: False
x-amz-version-id: e3JR1kN1mUBUPGZl3g5TId8EjdCOS_rM
content-encoding: gzip
etag: "25929a918b90f62669e0aa6c8dc8523a"
x-amz-request-id: 50HVYP3SRK98YJSN
x-amz-server-side-encryption: AES256
x-amz-meta-revision: 7241
x-amz-replication-status: PENDING
access-control-allow-methods: GET, HEAD
server-timing: cdn;desc="AkamaiION";dur=0,rtt;desc="0";dur=0,cdnip;desc="2a02:26f0:7100:19a::13b8";dur=0,cdnmap;desc="a5048.dsca.akamaiedge.net";dur=0,proto;desc="h2";dur=0
vary: Accept-Encoding
content-length: 95526
x-amz-id-2: 27MSIKjEYGDosBtGN7J2DPrgyv5E06PsTVgtH7EbY/6bi/CFQ4qgFZ73lD6Il+cmmLE/V6ye59c=
last-modified: Mon, 11 Oct 2021 20:43:15 GMT
server: AmazonS3
date: Wed, 20 Oct 2021 17:26:26 GMT
access-control-max-age: 86400
strict-transport-security: max-age=15768000
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: x-amz-meta-revision
cache-control: max-age=120
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: *

GET
H2 200 1*L47Xj04aYH3LfOqiaGxDbQ.png
miro.medium.com/max/266/ 8 KB
8 KB 144ms
134ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/266/1*L47Xj04aYH3LfOqiaGxDbQ.png

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3902e09f4d4f9116749cc903d43b45fa4c0fc9740c4ee7ab8136fd83d672aceb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 59
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 8502
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210910-123150-2615267c7e
accept-ranges: bytes
cf-ray: 6a13f37f0d823758-MXP
expires: Fri, 19 Nov 2021 17:26:26 GMT

GET
H2 200 0*9lo__MxYF44NYpOW.jpg
miro.medium.com/fit/c/96/96/ 743 B
879 B 178ms
168ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/96/96/0*9lo__MxYF44NYpOW.jpg

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

031654b461dbcc01656d64c2107f830c00a52ef785f10b07794b5254db6d9394

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 54
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 743
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211018-134342-44be7a075d
accept-ranges: bytes
cf-ray: 6a13f37f0d7f3758-MXP
expires: Fri, 19 Nov 2021 17:26:26 GMT

GET
H2 200 sohne-400-normal.woff
glyph.medium.com/font/b492c44/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 19 KB
19 KB 95ms
55ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/b492c44/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9a1bb21db6c50c8c9d7931a77cba791bc9d7ecd6eef2373a66cb4cde5e6e5d16

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://blog.shiftleft.io
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 5440615
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 6a13f37f898d374c-MXP
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Thu, 20 Oct 2022 17:26:26 GMT

GET
H2 200 fell-400-normal.woff
glyph.medium.com/font/78ce731/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 24 KB
25 KB 78ms
39ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/78ce731/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/fell-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e8fed51ae35ba9d9c900b99b774df79551240e4954aa5bdd2289cf32d64c1715

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://blog.shiftleft.io
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 15599023
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 6a13f37f8990374c-MXP
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Thu, 20 Oct 2022 17:26:26 GMT

GET
H2 200 1*6flaxqJDOHOoLnmTOWDpng.jpeg
miro.medium.com/max/60/ 741 B
883 B 158ms
158ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*6flaxqJDOHOoLnmTOWDpng.jpeg?q=20

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a07358507310640ab2ba64a1da261e6c30ac52f9e2ca23b26e34a52d15401ebd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 81
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 741
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211018-134342-44be7a075d
accept-ranges: bytes
cf-ray: 6a13f37f8e173758-MXP
expires: Fri, 19 Nov 2021 17:26:26 GMT

GET
H2 200 1*X31uDmDTy2cS5t9DAb377g.png
miro.medium.com/max/60/ 3 KB
3 KB 229ms
229ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*X31uDmDTy2cS5t9DAb377g.png?q=20

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d1c31199cc52a64a61615187c4f272c7ef8a2bcb32212e647d81af7bca99f34e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
x-envoy-upstream-service-time: 66
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 2707
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211018-134342-44be7a075d
accept-ranges: bytes
cf-ray: 6a13f37f8e1b3758-MXP
expires: Fri, 19 Nov 2021 17:26:26 GMT

GET
H2 200 0*9lo__MxYF44NYpOW.jpg
miro.medium.com/fit/c/160/160/ 2 KB
2 KB 161ms
161ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/160/160/0*9lo__MxYF44NYpOW.jpg

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e30f5133eb12404b75437af4a96906c6da30cf1364d663596a56fea3688cb335

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 39
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 1780
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211018-134342-44be7a075d
accept-ranges: bytes
cf-ray: 6a13f37f8e1e3758-MXP
expires: Fri, 19 Nov 2021 17:26:26 GMT

GET
H2 200 1*KOjM5X3O-cjnsipJTA0lSQ.png
miro.medium.com/fit/c/160/160/ 9 KB
9 KB 155ms
155ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/160/160/1*KOjM5X3O-cjnsipJTA0lSQ.png

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8aaae6aa0d95ddcb9ffef0997ccd5cc6882a06f6717f99a8b615cb58969b0bbc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 57
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 8887
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210910-123150-2615267c7e
accept-ranges: bytes
cf-ray: 6a13f37f8e203758-MXP
expires: Fri, 19 Nov 2021 17:26:26 GMT

GET
H2 200 0*9lo__MxYF44NYpOW.jpg
miro.medium.com/fit/c/80/80/ 841 B
916 B 182ms
172ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/80/80/0*9lo__MxYF44NYpOW.jpg

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aabb06dd2b98e1abb75fbdbb123bc6def570d1455b8c442326203cf56978858f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 71
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 841
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211018-134342-44be7a075d
accept-ranges: bytes
cf-ray: 6a13f3800f1e3758-MXP
expires: Fri, 19 Nov 2021 17:26:26 GMT

GET
H2 200 1*KOjM5X3O-cjnsipJTA0lSQ.png
miro.medium.com/fit/c/80/80/ 3 KB
3 KB 158ms
148ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/80/80/1*KOjM5X3O-cjnsipJTA0lSQ.png

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e69aa83383ecb755e563c100573926eb1faf687c85b239a45ef7f246cf09baa8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 32
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 3374
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210910-123150-2615267c7e
accept-ranges: bytes
cf-ray: 6a13f3800f213758-MXP
expires: Fri, 19 Nov 2021 17:26:26 GMT

GET
H2 200 1*GdTLPvlw86RykmiyWwuImg.png
miro.medium.com/max/60/ 11 KB
11 KB 178ms
168ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*GdTLPvlw86RykmiyWwuImg.png?q=20

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

91e7870b5ddd02fe1237719009472570fdfca9bcbc99f0be1a5e39b83e477e3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 37
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 10796
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211018-134342-44be7a075d
accept-ranges: bytes
cf-ray: 6a13f3800f223758-MXP
expires: Fri, 19 Nov 2021 17:26:26 GMT

GET
H2 200 0*yi3jNWDGNPyEzmiQ
miro.medium.com/max/60/ 723 B
806 B 178ms
168ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/0*yi3jNWDGNPyEzmiQ?q=20

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

72c9430b1da4d4487e923b6caa00ab72720d627399d4b168708a6d2b70df3b33

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 43
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 723
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211018-134342-44be7a075d
accept-ranges: bytes
cf-ray: 6a13f3800f263758-MXP
expires: Fri, 19 Nov 2021 17:26:26 GMT

GET
H2 200 1*4tRnPEju17J4AN--QnMXlg.jpeg
miro.medium.com/max/60/ 1000 B
1 KB 161ms
151ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*4tRnPEju17J4AN--QnMXlg.jpeg?q=20

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0925e05cd0fc94c67b9378577f221e8f0ec840e487fe5fe41f6e9bae0c2e70b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 42
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 1000
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211008-093104-50563333ea
accept-ranges: bytes
cf-ray: 6a13f3800f283758-MXP
expires: Fri, 19 Nov 2021 17:26:26 GMT

GET
H2 200 1*K_ASFaz5nY8Ft1f2ZtV3bA.jpeg
miro.medium.com/max/60/ 791 B
907 B 173ms
163ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*K_ASFaz5nY8Ft1f2ZtV3bA.jpeg?q=20

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

711337a2833f9dabcd18494241867451c681432d95639cd75010b725bdb87792

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 83
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 791
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210910-123150-2615267c7e
accept-ranges: bytes
cf-ray: 6a13f3800f293758-MXP
expires: Fri, 19 Nov 2021 17:26:26 GMT

GET
H2 200 1*6ardDAxx6x-Nmy_oQ3YG3g.jpeg
miro.medium.com/max/60/ 868 B
951 B 174ms
164ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*6ardDAxx6x-Nmy_oQ3YG3g.jpeg?q=20

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea2fb7fcf5407ece21f68bbdea5f34437a596e4b0f0a276ef542906e6fb7c24b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 69
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 868
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211008-093104-50563333ea
accept-ranges: bytes
cf-ray: 6a13f3800f2c3758-MXP
expires: Fri, 19 Nov 2021 17:26:26 GMT

GET
H2 200 1*hn4v1tCaJy7cWMyb0bpNpQ.png
miro.medium.com/max/60/ 3 KB
3 KB 80ms
70ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*hn4v1tCaJy7cWMyb0bpNpQ.png?q=20

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

68078ec955d9fe1ecbba1656e1f4469e2585307cfc1b5b993df6e56e5de3d359

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 129
x-envoy-upstream-service-time: 25
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 3059
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210928-152012-e160f205e6
accept-ranges: bytes
cf-ray: 6a13f3800f2d3758-MXP
expires: Fri, 19 Nov 2021 17:26:26 GMT

GET
H2 200 1*GnkmNjuSErCRoRogSpVPWA.png
miro.medium.com/max/60/ 784 B
857 B 173ms
163ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*GnkmNjuSErCRoRogSpVPWA.png?q=20

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

29c7dbbb65a9f2b520af47befd60f717559534a8198b70a46b8edaac8b2d9078

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 44
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 784
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211018-134342-44be7a075d
accept-ranges: bytes
cf-ray: 6a13f3800f303758-MXP
expires: Fri, 19 Nov 2021 17:26:26 GMT

GET
H2 200 manifest.8f43e8de.js Show response
cdn-client.medium.com/lite/static/js/ 18 KB
9 KB 58ms
46ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/manifest.8f43e8de.js

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a89a11c31dd00078a7e555c4e47656179ed0ef24efbb8558ce7611b152848a99

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3770
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: EQ4R2409NZ9BBE8Q
x-amz-id-2: I4Q7N7NMwbDhmX4GWu0c34TSSxaZxX456DhFTdmUguoQsMEE7tbriqMtAI6var7/Te3xTYwTva0=
last-modified: Wed, 20 Oct 2021 15:50:32 GMT
server: cloudflare
etag: W/"32d9256f2af73dc785a7651638784710"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: dwkUQeNwCTUN7NyLqzWOdBsgIOOXM5Ml
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6a13f37fae4e3758-MXP
expires: Thu, 20 Oct 2022 17:26:26 GMT

GET
H2 200 90006.9601d5ac.js Show response
cdn-client.medium.com/lite/static/js/ 739 KB
230 KB 61ms
50ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/90006.9601d5ac.js

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

07aed477b2d3c0765d37e7b9b5f097bd4d0f53560ccb8f46d2ec7805afb75730

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 148268
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: Q1YVX790RKEJB5TA
x-amz-id-2: kc3lucTZgMi1/KL1EQr1lIDnuXu4/O3gPS4lS7E37fitnBTSF/tS+7Ak8lf2JlbCQfMMpa047dM=
last-modified: Tue, 05 Oct 2021 11:58:00 GMT
server: cloudflare
etag: W/"217f2f07ce790438d7120f05d0b3aac1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 2XuuNiCoze82VIhr7Z3cjFJ.eggAEgsM
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6a13f37fae503758-MXP
expires: Thu, 20 Oct 2022 17:26:26 GMT

GET
H2 200 main.19c06f9f.js Show response
cdn-client.medium.com/lite/static/js/ 879 KB
229 KB 65ms
55ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/main.19c06f9f.js

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

19d581e09fc7c3cc5cd94e4c57415c3d202981f201c4078ec37c2c8ef0619383

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3770
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: EQ4YVEZNB1NMA2DM
x-amz-id-2: fVw0mxSKWZtMIYZZL5K2W48fS+wQdIieYZL/NHYOcMvnCmQTUBWsYY025jPcprMAdnjRDa+66cQ=
last-modified: Wed, 20 Oct 2021 16:09:44 GMT
server: cloudflare
etag: W/"b5b6fe3a2664ebc773b22eba94d9c06f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: msOTACI.lKnMGLdy3mMIOYHXWd8HFmUE
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6a13f37fae513758-MXP
expires: Thu, 20 Oct 2022 17:26:26 GMT

GET
H2 200 45573.4354ed57.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 62 KB
16 KB 50ms
40ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/45573.4354ed57.chunk.js

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc001c0ba3d95353f2c8d38764e28c442347c6dadddea149097ce0b7699f2f94

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 114433
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: 5Y52RH89SSH2XCFV
x-amz-id-2: uSKZPTAjtnaN7avFVqdyaJpMWtAtVhIx8QoDXqGBmPdSSXi2NZwzhPCQhQlStVTpGkpWC3Tl7aM=
last-modified: Mon, 04 Oct 2021 08:07:06 GMT
server: cloudflare
etag: W/"6a81d283b5003925b4a970b292bfcc5b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: V72xGN9kaRcaybYuNsFR7RB7.fBonGvn
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6a13f37fae523758-MXP
expires: Thu, 20 Oct 2022 17:26:26 GMT

GET
H2 200 instrumentation.46e170b7.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 5 KB
3 KB 48ms
38ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/instrumentation.46e170b7.chunk.js

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

70de61bacf37b98fef1041caecb079adcbb1eeba9c0ad401861737359af9506b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 671495
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: K6C0HWVQNBTN58AT
x-amz-id-2: yYDZFLqjSkipSkxqwV8AaIaOzelijhjPQkhABbQY0+DPrrzfDaMqDRw3P+I3675WD0PN1QcoEEo=
last-modified: Tue, 12 Oct 2021 20:02:22 GMT
server: cloudflare
etag: W/"6348d6c49ef6e259e804ea4e1f26a8d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: Dto2tAL.mhV1SBrV8qJqwG3aUj.7a4TJ
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6a13f37fae4b3758-MXP
expires: Thu, 20 Oct 2022 17:26:26 GMT

GET
H2 200 reporting.0a3746f4.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 1 KB
1 KB 58ms
48ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/reporting.0a3746f4.chunk.js

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

caf23f6a8b5e1810a1bb919f2ebbc804b6e58e39554ea54babe40dfea54dda4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 89796
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: 5Y5AEYC0YS0TE5FJ
x-amz-id-2: ThClbuNfPXpoKaGqB6NZ89WMuzgSHeLCKb39Aj0wkRl2pZyM0AyGpX9QEmOTGOUaq9oBixlcUTI=
last-modified: Mon, 04 Oct 2021 08:07:45 GMT
server: cloudflare
etag: W/"fd53fbfb1a678b05d93264c7c204f467"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: lT.z7a_pQt9dXM1wZ_bixgGOeL_GZqi4
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6a13f37fae4c3758-MXP
expires: Thu, 20 Oct 2022 17:26:26 GMT

GET
H2 200 81144.478f446d.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 5 KB
2 KB 57ms
46ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/81144.478f446d.chunk.js

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b7c79b2e110e5e329d8cde062b26d6392577c60769eecc421691bf314eb4fd96

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 412842
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: 5Y5F3SW2SPJF8WCC
x-amz-id-2: 9AN1mBmK1UJ6rgn/X5LHvXrjB/UpkuHsz1gWHDdDHuR8e96/K5Ftopm0ifMWMAaB1QfZU3/WUjo=
last-modified: Mon, 04 Oct 2021 08:07:09 GMT
server: cloudflare
etag: W/"bdcb237223712d52828fa99f2d40062b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 6YmTFeVvx3QwdhrdXMjR7KEw6m5Omlad
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6a13f37ffee23758-MXP
expires: Thu, 20 Oct 2022 17:26:26 GMT

GET
H2 200 11034.d256484f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
3 KB 77ms
65ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/11034.d256484f.chunk.js

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b5d4620f0d3c8be34de726d1fc4e4e81a96574083acd205717036793f64c5eb9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 114433
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: PE4ZS6DQB49WY5EM
x-amz-id-2: X7J4SZPxChqLXAzyjMDtmLfvzII30/aiNmF7ZI8MPrtHmfUPPLS3bCCfTTJE/zcmY/NRDUlcAFY=
last-modified: Mon, 04 Oct 2021 08:08:29 GMT
server: cloudflare
etag: W/"06942e4a4d60267f5ea9346f75d67895"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: zG9MpjO8q1UHB2BvcHa4kdKz91EUXB6j
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6a13f37ffee43758-MXP
expires: Thu, 20 Oct 2022 17:26:26 GMT

GET
H2 200 90192.ba099145.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 53 KB
16 KB 64ms
52ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/90192.ba099145.chunk.js

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

828d4afe2376ecd309b49531b98426f626d57ff9075085d4baa90225f8d10ed5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 534640
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: 3CAP6NW518WA14FE
x-amz-id-2: +KGldJ00KdlZRoeJugPhoH1h4NFd8ley/jPx8/O2IQd2D9tFrdfgKNPLSAg1Mh1d+vfdmy8llsI=
last-modified: Thu, 14 Oct 2021 09:32:31 GMT
server: cloudflare
etag: W/"ce5a26cdcddd64a10ffb5d4d5bc4b6d6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: tlw3YUnE4hNeIy8GXuCS7HaA.gDBnZAQ
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6a13f37ffee53758-MXP
expires: Thu, 20 Oct 2022 17:26:26 GMT

GET
H2 200 79088.e4863540.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
1 KB 77ms
65ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/79088.e4863540.chunk.js

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

11e449f2bbccdf612464bef6a7db62a67d853aba8cb171f16f2423179e88521d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 114433
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: PE4P5K8ZYV00BSFS
x-amz-id-2: PHUwiYQ4AgFBUC6ODN5my5VOuJzbhcjYqQhccMmH/rzYJMMu2TefvdAJAKvYujXyw6som5Ail5Y=
last-modified: Mon, 04 Oct 2021 08:07:09 GMT
server: cloudflare
etag: W/"497ff54d2f3611e8a813f362d0c971ad"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: cel7pf.JdvPtsALVukGQfdbhMh1GbI73
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6a13f37ffee83758-MXP
expires: Thu, 20 Oct 2022 17:26:26 GMT

GET
H2 200 81645.c8a01874.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
3 KB 75ms
64ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/81645.c8a01874.chunk.js

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea36e60783ccb9611b6d8785c50d423a4a7b632ef342fdb72ad80898c53492e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 114433
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: PE4HAPAJ7T3Q538J
x-amz-id-2: vNpsYDRKy7DW+bPhOTv113HATNgP3ggkuypiWgLJ6YU7bnXH/+qRQUxR9VQszuIE6CwCHJjJL9g=
last-modified: Mon, 04 Oct 2021 08:07:09 GMT
server: cloudflare
etag: W/"5f9bfb456d80ee670fba27016ca9105c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: cU.MDXE5XVq8qxCpDELlsgpdJhEdofuM
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6a13f37ffeea3758-MXP
expires: Thu, 20 Oct 2022 17:26:26 GMT

GET
H2 200 70832.444ac173.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 16 KB
6 KB 90ms
79ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/70832.444ac173.chunk.js

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b3e6acdd4073d54ac1a42d27af8ae679f907a67307c54ca2f242f237b01e62e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 420137
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: VCHY7S44Q08WTCRX
x-amz-id-2: u1FJM4NUK3smMttnzcWZ/ZlprAUU5Pslr+8/wISmxobiRnVxRO54SazuyCudrDHQZH8EiS8Ra78=
last-modified: Thu, 14 Oct 2021 18:48:59 GMT
server: cloudflare
etag: W/"3f8a77459fa1c79a9b1ab21f2abc9bb5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: v0Wi5QEL4wBogUPLTQ7JccaOkFC6OqMQ
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6a13f37ffeed3758-MXP
expires: Thu, 20 Oct 2022 17:26:26 GMT

GET
H2 200 63303.da52dbf3.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
4 KB 76ms
65ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/63303.da52dbf3.chunk.js

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7cd0b8e33aadd7312ccc39906739b928b62414a2d047922b3e1ca217ff8a28b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 410575
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: 2KRRQWFHDF9E2FTH
x-amz-id-2: R/xWk6AQIXjaNYmoaNu8N15CMMgPlt4umVrPizO02hGgzZzZwrZbf4zOqU+St1HOQn+cCDEVc+w=
last-modified: Fri, 15 Oct 2021 20:54:50 GMT
server: cloudflare
etag: W/"ee1d588c59c456933d820e77bd019526"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 2ofup52kOgnNFhufcjcebwsDTiErXkXt
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6a13f37ffeef3758-MXP
expires: Thu, 20 Oct 2022 17:26:26 GMT

GET
H2 200 80685.98eaf21e.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 21 KB
6 KB 74ms
63ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/80685.98eaf21e.chunk.js

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9e673635c527c61c90ec3cf579b6eaf8a7a4fcd861551df2e97b015c0f3f3f4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 486130
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: 9CFMRE3E10NEGJ3A
x-amz-id-2: OllioJws5RdaDIqadEFhFPSqZ9IC/S4aaPljqx4RxcJdPpc0iirDBF3xo1ZBRmnFLB02vgTXYaw=
last-modified: Thu, 14 Oct 2021 21:13:11 GMT
server: cloudflare
etag: W/"848b4a5e81d09e3a9e732ce411dfdff0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: WdSjJnrxradJdAfn.Pvc3.YmO0uoSVb2
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6a13f37ffef23758-MXP
expires: Thu, 20 Oct 2022 17:26:26 GMT

GET
H2 200 50006.f237604f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 4 KB
1 KB 75ms
64ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/50006.f237604f.chunk.js

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

371e7a8f65f2084adaf2db1648b24a7fc736db6ff243d878026b46d2c55254eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 89796
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: PE4HFTTM5DQQ56VQ
x-amz-id-2: oDwUryQtkMMfK0DyzPAoc3WjBoR2l9YCGXxEyYCHsXUgaxt39vpHYRX6Ox/dRnwJ4gVs5IzwzRc=
last-modified: Mon, 04 Oct 2021 08:07:06 GMT
server: cloudflare
etag: W/"59460f6e9d8b9f32a009d66ca608f955"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: X_DWdYGSUQD3z49XduZL9iCRA1yiGri7
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6a13f37ffef33758-MXP
expires: Thu, 20 Oct 2022 17:26:26 GMT

GET
H2 200 26022.606a1a5e.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 44 KB
12 KB 61ms
51ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/26022.606a1a5e.chunk.js

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1c6237fb689955af7a654da2388ec0b3be15677ccbdfc34882de50eb2f79c722

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 94430
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: 5PKK6KRG6KVN6EGY
x-amz-id-2: ouwq9NNOjlKYJLq3gPSY7c6Jz/0r8mHFYFLPSxhc5e5W6FMgwL7PhEo+kN+p681YVSnMkTF98ww=
last-modified: Mon, 18 Oct 2021 22:38:25 GMT
server: cloudflare
etag: W/"86ecad1a6521e0f1746538da09eeada9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: G_BwHLSdwKDFPTY33xvUZN8Ehp7OtRNz
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6a13f37ffef53758-MXP
expires: Thu, 20 Oct 2022 17:26:26 GMT

GET
H2 200 5850.2cc3e6a0.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 31 KB
10 KB 88ms
77ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5850.2cc3e6a0.chunk.js

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6be052929052cc2807e324acc57ba815bee542fdb333c036cb63fb833edff850

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 410575
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: 2KRZTGDZECR40F8Y
x-amz-id-2: WVsKIQW3adHUOHeAGb4g1gtcCDhClGs7f9SLxOG29nFTL7vuN4NiNQNUiXWdduromtZ6mHW/jTc=
last-modified: Fri, 15 Oct 2021 20:54:50 GMT
server: cloudflare
etag: W/"606884bed3ffe1e872ba3e05f5fb2786"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: uYdb8DdaRX6jhFXWjvk44sLdzOaZRH.V
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6a13f37ffef83758-MXP
expires: Thu, 20 Oct 2022 17:26:26 GMT

GET
H2 200 92397.6c801126.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
2 KB 56ms
46ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/92397.6c801126.chunk.js

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

74aecca96bdaba8b72438429b11d6c83b4dd41cb4d4206c297a8e5eac206758c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 420137
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: 6P8JH2E9FF4HTZ0D
x-amz-id-2: 7xYYZzKlUKShzPyBGMp6HJr50m5WH/Lq15Vgk1I3RPAP8F9V1rzkm4x4KG/x5reugiPXX5WYUw4=
last-modified: Thu, 14 Oct 2021 18:49:01 GMT
server: cloudflare
etag: W/"bb5889fa62842a0bc893b1f9d145845c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: SJ.7wLdDT3yBC2xooIuMuSuGyzkdoaeH
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6a13f37ffef93758-MXP
expires: Thu, 20 Oct 2022 17:26:26 GMT

GET
H2 200 11615.6d046961.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 20 KB
7 KB 74ms
64ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/11615.6d046961.chunk.js

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c9c496ba4a3abcbe8c5bc6796ff0f0e06f9b5be18b08325a58a08f8088ceafd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 420137
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: VCHH9PZF31Z029ME
x-amz-id-2: TIfqrnPL98O+2AMJDBZQC9HZob/BP5ZvN/zcBu+pOUtfv+WboiaSSdKCrl57oG5Df1frGQmwrQ8=
last-modified: Thu, 14 Oct 2021 20:33:57 GMT
server: cloudflare
etag: W/"dc98799acec09033226b41a5b3c9a664"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: WBWwKhJf83upxAVi6anWHO4g7ky5I9rc
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6a13f37ffefa3758-MXP
expires: Thu, 20 Oct 2022 17:26:26 GMT

GET
H2 200 5055.da1a97c1.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 8 KB
927 B 75ms
64ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5055.da1a97c1.chunk.js

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2f1526c6e666132b80e05ff9df43b01f05591d7625c6a2e4959bde45ca378e4a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 594987
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: WAA5YM213YQWPKF2
x-amz-id-2: v8Gw9WM3KjB354MBLX2G4rUraEqQp/Kc1bhLTohdnZc09Po3/QA6k5SlUqDtgXmVFeSqm5I4VTs=
last-modified: Tue, 14 Sep 2021 17:18:24 GMT
server: cloudflare
etag: W/"197d201bb24f03bc2935e9f0650fcf06"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: Pr6jiGoMNWwCyFtalmht1qzpL8NyLnam
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6a13f37ffefb3758-MXP
expires: Thu, 20 Oct 2022 17:26:26 GMT

GET
H2 200 70921.b54b0f55.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 13 KB
5 KB 73ms
63ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/70921.b54b0f55.chunk.js

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d922b38beff30f8d5acc276cf142facc3719c25635014c8fbd9885f9906b32a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 410575
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: 2KRTNYK4EM13MNCG
x-amz-id-2: ciR38h1qoP5gXa6Go7qcXEmWHCL1TjHmmOU9apzuiqmvLUoSAdD3zF2WAtgQomgQzrt3klNxQHc=
last-modified: Fri, 15 Oct 2021 23:09:12 GMT
server: cloudflare
etag: W/"0ecf4f390707f04bfebddcbdee9e3073"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: UvFH26SYtwYBn2_6wGuff3far7vwzedk
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6a13f37ffefc3758-MXP
expires: Thu, 20 Oct 2022 17:26:26 GMT

GET
H2 200 79851.0c6f9f31.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 17 KB
6 KB 94ms
83ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/79851.0c6f9f31.chunk.js

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

328a96a6ebf9abc6ba510caa489962c29879265ac105c95fa109ca68f1c8f050

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 114429
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: CBAV0WVRQZHJNCW9
x-amz-id-2: vQxfjRRbDqJ42wIlHMxsNBxWGTtvRN993UegIUuuIo9hseF3JnDI1fNGkHvzDelagaXSCAJbrrw=
last-modified: Mon, 04 Oct 2021 08:07:09 GMT
server: cloudflare
etag: W/"ca934837e8a8416df962bb9e151782c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: D46EmOqRSwRZ_anM5yA_RVecQrQg4CSu
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6a13f37ffefd3758-MXP
expires: Thu, 20 Oct 2022 17:26:26 GMT

GET
H2 200 64578.6bb8c112.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 18 KB
6 KB 75ms
65ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/64578.6bb8c112.chunk.js

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9cc93d77bce3e5a11f3f321ddbbdbb5976e3b4a2ce14a9492f4bd85fa4d7c3dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 410575
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: 2KRKXYAAWWNKRNXR
x-amz-id-2: nEnpMamfUkg7P+oFT8qgB404uFTe/mlzPR9+rx/7uM3GUZoiWT3+c13Acqtv1mw65JWHgiJdkdk=
last-modified: Fri, 15 Oct 2021 20:54:50 GMT
server: cloudflare
etag: W/"34017a2861253bb1b681083d2b35ca17"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: oPcCk57uEaWQA.f2ljvOKMLOgTbPohEJ
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6a13f37ffefe3758-MXP
expires: Thu, 20 Oct 2022 17:26:26 GMT

GET
H2 200 22026.dbbd9f6f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
2 KB 89ms
78ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/22026.dbbd9f6f.chunk.js

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

af215f4eea3203aa2da018e970bf5ed360a8431871c8b8ec33fdd2547b036449

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 94430
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: 5PKWPBQPNWVNN9AC
x-amz-id-2: jB909XzhWmFI1P2lVWAUsxe6gGFtM9Acmv0i9shZRaJRFPcGiS6lVgDr6rRcy/Tt6aQYJ/B0T9Q=
last-modified: Mon, 18 Oct 2021 22:38:24 GMT
server: cloudflare
etag: W/"cc8c0ba9785646cea2e2bdff819eac41"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: mokojt1rAtgOBd8yLZ23wOR2udDT4OTj
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6a13f3800f033758-MXP
expires: Thu, 20 Oct 2022 17:26:26 GMT

GET
H2 200 36851.ff668046.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 190 KB
35 KB 85ms
74ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/36851.ff668046.chunk.js

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d731189cc2a1c9d5ed8b9025d4ab954be73ba3e95410a5fdeb84dfab3a4df8a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 94430
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: 5PKSTRR6ASN5XQJA
x-amz-id-2: tdwIB7ZcyoBuoaqcT30uCrRbW0rZiyQ2i6RkT+HlhgI4MX8zvlpxwgXSSkkB7tAj9oYmxoFgJB0=
last-modified: Tue, 19 Oct 2021 14:53:41 GMT
server: cloudflare
etag: W/"055cc3655dba3e4d66a0e7c42a10ea35"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: yTHr1cUj5mC2846AAL2sqvtf9wSIhs7z
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6a13f3800f043758-MXP
expires: Thu, 20 Oct 2022 17:26:26 GMT

GET
H2 200 33673.de5f47de.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
5 KB 62ms
52ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/33673.de5f47de.chunk.js

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6c6cf788712212b09b59a3e1ccd46b4d6c08abee242f49cb9b861287b211bc7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1067456
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: 6F9FJ730DMPKKW3N
x-amz-id-2: NmWTLHWVUxQWE/Ti9WgLwFuXDjUH5I/Smm/dh3qbqt+qE+MIvsSRPBf3eKN8WzpMmfRa0+dFSAU=
last-modified: Wed, 06 Oct 2021 10:14:11 GMT
server: cloudflare
etag: W/"1e81fe373d1e5bb655046e68e9842657"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: ZdAvWHfCPM3BRsXp_.JnGIqLQLjPwvz8
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6a13f3800f063758-MXP
expires: Thu, 20 Oct 2022 17:26:26 GMT

GET
H2 200 95972.996c4300.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 6 KB
1 KB 83ms
72ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/95972.996c4300.chunk.js

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1544e425ef52ed94fd570107984feef287ce2f9968cb7e92bae020fdd4181fac

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1185286
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: SWMK26KA1AN1AH1R
x-amz-id-2: vPJ8Sy2hNGEOdxsW4cCzogyWXzLC8slduHDOvetwHzhWJn7F7a+hP/VXhoGjHGF455XZkCE5wEk=
last-modified: Wed, 06 Oct 2021 16:10:09 GMT
server: cloudflare
etag: W/"ff88e06a1e64e8ba6ed7bdd609cbd4e5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: gm6ExaKxydn.i8XyfzYy_E1QeYhMQ.k8
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6a13f3800f083758-MXP
expires: Thu, 20 Oct 2022 17:26:26 GMT

GET
H2 200 11366.069ea1f1.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 11 KB
5 KB 83ms
73ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/11366.069ea1f1.chunk.js

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e9f213c47a963ef2f76ea5601d5d2154d802a60f06f16460647d4da51190381a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 89795
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: QV5PV6FVCT0MP06N
x-amz-id-2: cbJusQ9lgp/uAW1cT6IsSPelqnnOFADsy1Dovzfy4e5xM3br5Z5Usd8oBLXgBKkR3Oe4C2Si4Y0=
last-modified: Mon, 04 Oct 2021 08:07:01 GMT
server: cloudflare
etag: W/"03cde7daef26a5a8cf5a45eb15c8b3a8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: p6t_oTyqcM.TbCG1m.Xv0Ks4BCCjlzfL
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6a13f3800f093758-MXP
expires: Thu, 20 Oct 2022 17:26:26 GMT

GET
H2 200 60519.be2d6721.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 17 KB
6 KB 74ms
63ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/60519.be2d6721.chunk.js

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be686c52f8ea0ceebe1d93f22b275f0728b935a58a895a5930eee272c9f84b6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 114431
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: QV5M030YVAAVF0Y7
x-amz-id-2: 1urZkWUvY9z8ATN7S17QtLjfngyarzbCHWhfvOtI+hJBYCNfp11/YRn1ZcOEWDIc5xo7TtFZDVA=
last-modified: Mon, 04 Oct 2021 08:07:07 GMT
server: cloudflare
etag: W/"3dacf2813832f18935531bc6997284ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: cRYrorbYUmsmp7a1SKap3GOier6gp_8D
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6a13f3800f0a3758-MXP
expires: Thu, 20 Oct 2022 17:26:26 GMT

GET
H2 200 62182.91cdfb4e.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 19 KB
7 KB 88ms
78ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/62182.91cdfb4e.chunk.js

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7ad708810c15c14d27363765e5dd4be28dc70dafc870a116102151e63f5284fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1047160
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: M1YEDEKX5TF9PJ71
x-amz-id-2: YKiI4VtdOtLxD5LxGIiXSYXFc/0Vv3dkvSmRnymu+hI3fM0wgIPS4KknpRMMsM8uLB4bnhADuR0=
last-modified: Fri, 08 Oct 2021 13:34:30 GMT
server: cloudflare
etag: W/"9d2a06a07032a06fd42d8b4c24ef61a9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: zgS8Rd7hle_3GT5IKODiZqkq.xlajRxB
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6a13f3800f0d3758-MXP
expires: Thu, 20 Oct 2022 17:26:26 GMT

GET
H2 200 35285.dc03faaf.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 11 KB
4 KB 80ms
70ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/35285.dc03faaf.chunk.js

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

81645980d414457d090680a89e4ff0e93ad8fff658d37f2fb412d33d6cf08d13

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 89796
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: QV5RR3NYPSQRBNCJ
x-amz-id-2: ngffedeKp61jhxpcipKdAiwrn89SGXJXaPI+yMeuyf19kGMyuhU//onqRwUQJ2apM+8R2u5EOa4=
last-modified: Mon, 04 Oct 2021 08:07:04 GMT
server: cloudflare
etag: W/"cd66d4955c09b18928f10461af044122"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: j1w34nA0Q9i2XYIwl612wvMvwhd1bpGv
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6a13f3800f113758-MXP
expires: Thu, 20 Oct 2022 17:26:26 GMT

GET
H2 200 76155.44ce1e2e.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 58 KB
18 KB 84ms
74ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/76155.44ce1e2e.chunk.js

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4d7072d7c18f58105b6ba413459dba078a92b0c8180e9c2c60b48347ba3f5cd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 94428
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: 837Z1X08MP47NF8P
x-amz-id-2: +5nYGtej81UcQEaTXw1fulS5X3CZ+Eg4au4viO9nC55fRrggsRtJKAYJjqUQLiENj4erBc3Eq5Q=
last-modified: Mon, 18 Oct 2021 22:38:29 GMT
server: cloudflare
etag: W/"a9655511c873c27e20f92ea429728835"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: WyxQ5df7jl6Z1x0oiV8usRyRxA3fiAR2
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6a13f3800f133758-MXP
expires: Thu, 20 Oct 2022 17:26:26 GMT

GET
H2 200 9972.269c800c.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 11 KB
4 KB 80ms
70ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9972.269c800c.chunk.js

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fcbb2c4ecf78c2d2b5f9e04f3f7c8d3fa8d2fa81f255aa81373b6a04a505fd49

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1047160
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: M1Y00Y6NJPMZR216
x-amz-id-2: vyfVNNit/XsxNWR1d/Ws3uQROxUBA//wxDHt1fEZXbava3u8WcOlvX3HX2Y8P1djoxWrbzJ9eg0=
last-modified: Fri, 08 Oct 2021 13:34:33 GMT
server: cloudflare
etag: W/"c1719fdf7560068c7b60dc5775ffd806"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: hoKkR_KosF2gxjBiiOtUWKqlY.JtVctl
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6a13f3800f143758-MXP
expires: Thu, 20 Oct 2022 17:26:26 GMT

GET
H2 200 43642.ad2ae9a9.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 43 KB
13 KB 81ms
71ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/43642.ad2ae9a9.chunk.js

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f4ecb7d857ad647607e980bcd585d5678430b97cc1176b160a1a0fe9cd5f800

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 420137
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: 6P8WY9Q230W77BAN
x-amz-id-2: fX6mxGW29W0E0gbd0godOmHaXu04bDNblSTNltkWp/r/R/KD5fvG4TJFOAjODF98PKphV/gfSoY=
last-modified: Thu, 14 Oct 2021 18:48:56 GMT
server: cloudflare
etag: W/"77a9d2b2704ca1190fe2f9eca661a42d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: XQDfUeEyrkbHxZfIyIZrbKWYtvh0iUfr
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6a13f3800f153758-MXP
expires: Thu, 20 Oct 2022 17:26:26 GMT

GET
H2 200 46463.3c01e067.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 45 KB
12 KB 79ms
69ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/46463.3c01e067.chunk.js

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a9ac268562067c71d94ab20172d52551ad92193aab101c68263c9330bf354b51

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 666937
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: 0GCTPRYDKTERA4HS
x-amz-id-2: Bp7J6Xe6ci9smtSGdSD8P9M0+7yyddlGOSStI+3aLjMz6LUXe4yxFaRd/L3W0pWFgCZfatcmlqo=
last-modified: Tue, 12 Oct 2021 23:22:04 GMT
server: cloudflare
etag: W/"0f5968760fbb62e3d888451e6b33f960"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 8CMslM_u75TQ4ge0Za4m5CV.CsFRZWuN
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6a13f3800f183758-MXP
expires: Thu, 20 Oct 2022 17:26:26 GMT

GET
H2 200 10733.13d16b41.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 40 KB
14 KB 76ms
66ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/10733.13d16b41.chunk.js

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b87f10b6eba2c329fcd766b203120d5fee37bb48e5c834c26b1c5c9bc773b38a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 94428
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: 837PPG57PP12F6BD
x-amz-id-2: LDxyqB3+TxZKNDpckuVMROuKGV/JJ1B60JqLQJZE8JgaaF+M07DL39g3QzVhiZrMX9VsZU2Vuv4=
last-modified: Mon, 18 Oct 2021 22:38:23 GMT
server: cloudflare
etag: W/"d5f3fa89b7dffc505ebda440f1a04b3c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: Db.YpHkdvDvDMtQvxezNYnCNEXkGkvbZ
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6a13f3800f193758-MXP
expires: Thu, 20 Oct 2022 17:26:26 GMT

GET
H2 200 Post.7f15b0f2.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 13 KB
5 KB 80ms
70ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/Post.7f15b0f2.chunk.js

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d2564f93f66eff02f06426741198b51398f94af1f769a1d79af793d04095cb06

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 150667
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: 9R4B4V3MWSN6RKBT
x-amz-id-2: unI0W0Ms5kzMBLXN27aY4uoKXI+tiLJJwo1s2/Wy5czts8I7ay7L61zIjK++J0P267rVOMuHe2k=
last-modified: Mon, 04 Oct 2021 18:49:12 GMT
server: cloudflare
etag: W/"e287ae9a33a8e726b5c2ff530690a089"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: Xb5mlQlFCGL2lq499SrxxygxvImx7wYs
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6a13f3800f1b3758-MXP
expires: Thu, 20 Oct 2022 17:26:26 GMT

GET
H2 200 sohne-500-normal.woff
glyph.medium.com/font/df9ba7f/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 18 KB
18 KB 41ms
40ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/df9ba7f/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-500-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

37df73af877e88b767044bae0ec895370689d3f1986a7b84d5325ab9c7287c55

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://blog.shiftleft.io
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 5443848
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 6a13f37fb9d2374c-MXP
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Thu, 20 Oct 2022 17:26:26 GMT

GET
H2 200 charter-400-normal.woff
glyph.medium.com/font/be78681/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 15 KB
15 KB 53ms
52ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/be78681/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/charter-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff4c91bf9cb91b2fb2e0344577754e3f2ade240aa8d8d8db0171901c9115feb1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://blog.shiftleft.io
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 5440324
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 6a13f37fb9d4374c-MXP
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Thu, 20 Oct 2022 17:26:26 GMT

GET
H2 200 charter-700-normal.woff
glyph.medium.com/font/f50d520/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 15 KB
15 KB 37ms
36ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/f50d520/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/charter-700-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

582a04757d62c3d9ad1c9cc5d7e40787a900fd02b3aeace43d41008a7658d071

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://blog.shiftleft.io
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 5443848
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 6a13f37fb9d6374c-MXP
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Thu, 20 Oct 2022 17:26:26 GMT

GET
H2 200 charter-400-italic.woff
glyph.medium.com/font/81d2bf1/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 16 KB
16 KB 47ms
46ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/81d2bf1/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/charter-400-italic.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5653275fd2234822f5aab4c7fb5bc5325e4991570295998f1ab5a83287c7f285

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://blog.shiftleft.io
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 15597963
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 6a13f37fb9d9374c-MXP
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Thu, 20 Oct 2022 17:26:26 GMT

GET
H2 200 sohne-400-normal.woff
glyph.medium.com/font/b492c44/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 28 KB
28 KB 49ms
48ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/b492c44/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/sohne-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a4234de612d23c49b753051754b4a09d58f6812aae0960fac0578cd2e8d9566d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://blog.shiftleft.io
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 5434872
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 6a13f37fb9da374c-MXP
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Thu, 20 Oct 2022 17:26:26 GMT

GET
H2 200 38342.4b9aa08d.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 120 KB
34 KB 37ms
36ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/38342.4b9aa08d.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.8f43e8de.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8ec449353423bc9bfac8983259d112fb8a44307c352a2c53208878c6359d5e61

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 114398
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: TDD8TSVNA766354F
x-amz-id-2: HNQfnlJjYdj39K7W5xPEIl3xmbbzLApuKTa8nnxKbJeyPC/giuWwKpMIOAuIpHswp4hwA9jn3E8=
last-modified: Mon, 04 Oct 2021 08:07:05 GMT
server: cloudflare
etag: W/"54b870de94a0e4cb6f2c2a86f41b6f51"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: i.lGMeLEPYWcQmhNDG4jhpajBjAHwCoG
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6a13f385a8d63758-MXP
expires: Thu, 20 Oct 2022 17:26:27 GMT

GET
H2 200 55402.fa313293.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 28 KB
10 KB 34ms
33ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/55402.fa313293.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.8f43e8de.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

943930552f48653e4cc82592c95970a7cbf30f72b31b936e7ca888cb3f46f21b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 89792
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: TDD44VH586PZESPM
x-amz-id-2: L2Ew2ot7JdpgyizCEQrV4cQd9Wh6GjBrvFYy76REhijUVSyuacs26wNpWUnyqWGNkZOnwgvXJ0Q=
last-modified: Mon, 04 Oct 2021 08:07:07 GMT
server: cloudflare
etag: W/"7244a1a52bb5128e72d7b09371cfbd4e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: ZwO0P2AW.ds958N3x7dbHhqCC8vXe3N6
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6a13f385a8d73758-MXP
expires: Thu, 20 Oct 2022 17:26:27 GMT

GET
H2 200 99590.5bbdf3d1.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 36 KB
10 KB 38ms
37ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/99590.5bbdf3d1.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.8f43e8de.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

31933b925e9898941572448e8682c87bc849cf204a6c51342b64b6c1080877d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 410574
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: Q0QXBFFNYKHNQVT6
x-amz-id-2: 6MQZRkR525J6YZsSQr3v9dvavlgAeq8FEEi2jWjIpTt1lEpBA0SIMvQ/HVe0mHCC5jzhFmPZJ6E=
last-modified: Fri, 15 Oct 2021 20:54:53 GMT
server: cloudflare
etag: W/"5879a996cc3b092b04be5312ad73dc7d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: MbV8vSbjPa_6DPA3wZ1YfczLgCUf.unw
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6a13f385a8d83758-MXP
expires: Thu, 20 Oct 2022 17:26:27 GMT

GET
H2 200 23913.df8fa5ab.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 63 KB
20 KB 32ms
31ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/23913.df8fa5ab.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.8f43e8de.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3b2af86ee65e3a22bdd66c8fc2d948c58802b6c0c8b0214b442aad26f06f64cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 410574
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: Q0QX5CVSFZGKHVVD
x-amz-id-2: KXDJtFDre2kpx5aHnC3tLs1OdBSzxqOm3fxfUZGfzmJOa2n52/cyHMacaOwxzov9KWlhyuQHJkM=
last-modified: Fri, 15 Oct 2021 20:54:46 GMT
server: cloudflare
etag: W/"4ea6f563d72d2a46e7e436d4aac8526d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: YuHdfjfrC6cN7wBshVGK_TQnbjuYvY4l
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6a13f385a8d93758-MXP
expires: Thu, 20 Oct 2022 17:26:27 GMT

GET
H2 200 ThreadedResponsesSidebar.eb7e5908.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 22 KB
8 KB 33ms
33ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/ThreadedResponsesSidebar.eb7e5908.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.8f43e8de.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d33e8d30615e1ea504c766a0ec3095de54e599224f2742101e9468571b87eae7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 410574
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: Q0QSJA1X8J5MQYAR
x-amz-id-2: 0OsA39KH7cy6o8FqhEg3Yeal5RaA5KNnGzkz97LNB8g2CCItyxCGTdZkMS9NZuU5zQEHrcZdmdo=
last-modified: Fri, 15 Oct 2021 20:55:09 GMT
server: cloudflare
etag: W/"afeba1d9c1d40dc81cd8ce922f7e5535"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: oUQCrM_awB0wqtXAM8BkQT7upyuvaJPP
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6a13f385a8dc3758-MXP
expires: Thu, 20 Oct 2022 17:26:27 GMT

GET
H2 200 1*6flaxqJDOHOoLnmTOWDpng.jpeg
miro.medium.com/max/700/ 39 KB
39 KB 212ms
212ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/700/1*6flaxqJDOHOoLnmTOWDpng.jpeg

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6eb0da58ef1d393f4fc6f91088c9dc4269e8967021794f0c93757ae109700cea

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:28 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
x-envoy-upstream-service-time: 32
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 39663
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211018-134342-44be7a075d
accept-ranges: bytes
cf-ray: 6a13f387ed513758-MXP
expires: Fri, 19 Nov 2021 17:26:28 GMT

GET
H2 200 a16180790160.html Show response
a16180790160.cdn.optimizely.com/client_storage/ Frame 92D2 1 KB
1 KB 122ms
34ms Document
text/html 23.6.123.32
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://a16180790160.cdn.optimizely.com/client_storage/a16180790160.html

Requested by

Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/16180790160.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.6.123.32 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-6-123-32.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

0afe2b89d142b8a3955e3f9d7b27853e68d848689edafeb8e6bdb3735c5baea0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

:method: GET
:authority: a16180790160.cdn.optimizely.com
:scheme: https
:path: /client_storage/a16180790160.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b

Response headers

x-amz-id-2: d93XgNzOI1wWJVII0dGyVJVjBlDccGywhvERHmklWyIznC9qHOoiiZuThcTg/MIB2Oge5TSlI+M=
x-amz-request-id: 5B4WCZYATJT798WE
x-amz-replication-status: PENDING
last-modified: Mon, 11 Oct 2021 20:43:04 GMT
etag: "60c7d8e02f7d76fde40963a7c3088250"
x-amz-server-side-encryption: AES256
x-amz-meta-pci_enabled: False
content-encoding: gzip
x-amz-version-id: YG56SQISJUoiKsMZWmWO.ilXL4mJLxbs
accept-ranges: bytes
content-type: text/html; charset=utf-8
server: AmazonS3
content-length: 781
vary: Accept-Encoding
cache-control: max-age=120
date: Wed, 20 Oct 2021 17:26:27 GMT
server-timing: cdn;desc="AkamaiION";dur=0,rtt;desc="24";dur=0,cdnip;desc="23.6.123.32";dur=0,cdnmap;desc="a4728.x.akamaiedge.net";dur=0,proto;desc="h2";dur=0
strict-transport-security: max-age=15768000

POST
H2 200 graphql Show response
blog.shiftleft.io/_/ 143 B
439 B 201ms
201ms Fetch
application/json 52.6.3.192
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.shiftleft.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/90006.9601d5ac.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.6.3.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-6-3-192.compute-1.amazonaws.com

Software

nginx /

Resource Hash

b667afc4874447d6397c523078b591aa277c06e5c7587a86cd535346e29093df

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

sec-fetch-mode: cors
medium-frontend-route: post
origin: https://blog.shiftleft.io
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
ot-tracer-spanid: 0f688ddc76323181
cookie: uid=lo_e2bc2863ee4e; sid=1:igzNdoCq2I86vpXzo1Qoek/t4jOlC0eRV+C1XfgL2GsAAJBE7EkhAVDWQUppNBKz; optimizelyEndUserId=lo_e2bc2863ee4e; dd_cookie_test_e8fe1b89-fcc1-4fa9-b63a-cd21fc171161=test; _dd_s=rum=0&expire=1634751687459; dd_cookie_test_7c9b2739-ff81-4240-a2fb-30b4b165b7dc=test; dd_cookie_test_599763dc-6227-40c3-8349-05b8e555a978=test; dd_cookie_test_1000af67-b27a-421d-8373-04a382dae2da=test; lightstep_guid/lite-web=659d9c21398081e7; lightstep_session_id=3f521b2e3c934e26; optimizelyEndUserId=lo_e2bc2863ee4e
sec-fetch-dest: empty
medium-frontend-app: lite/main-20211020-155556-05af24ebf2
content-length: 197
:path: /_/graphql
pragma: no-cache
sec-fetch-site: same-origin
ot-tracer-sampled: true
ot-tracer-traceid: 9069143fa9abb11
medium-frontend-path: /security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
graphql-operation: VisitorQuery
content-type: application/json
accept: */*
cache-control: no-cache
:authority: blog.shiftleft.io
referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
:scheme: https
apollographql-client-version: main-20211020-155556-05af24ebf2
apollographql-client-name: lite
:method: POST
apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
Accept-Language: de-DE,de;q=0.9
ot-tracer-traceid: 9069143fa9abb11
Medium-Frontend-Path: /security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
Graphql-Operation: VisitorQuery
content-type: application/json
accept: */*
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
Medium-Frontend-App: lite/main-20211020-155556-05af24ebf2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
apollographql-client-version: main-20211020-155556-05af24ebf2
ot-tracer-spanid: 0f688ddc76323181

Response headers

date: Wed, 20 Oct 2021 17:26:28 GMT
sepia-upstream: medium
server: nginx
etag: W/"8f-eQTVCI9oxJxd5rVnrQUwJyV3GPk"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20211011-154348-f913722d14, rito/main-20211019-120718-75536e7bf3
x-envoy-upstream-service-time: 90
content-length: 143
x-xss-protection: 0
x-request-received-at: 1634750787943

POST
H2 200 graphql Show response
blog.shiftleft.io/_/ 27 KB
5 KB 499ms
498ms Fetch
application/json 52.6.3.192
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.shiftleft.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/90006.9601d5ac.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.6.3.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-6-3-192.compute-1.amazonaws.com

Software

nginx /

Resource Hash

91cb6d3a584cf6503f7d3248f7b6c60eed3179c66dcbd7c8e11c02414196eb9f

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

sec-fetch-mode: cors
medium-frontend-route: post
origin: https://blog.shiftleft.io
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
ot-tracer-spanid: 0f688ddc76323181
cookie: uid=lo_e2bc2863ee4e; sid=1:igzNdoCq2I86vpXzo1Qoek/t4jOlC0eRV+C1XfgL2GsAAJBE7EkhAVDWQUppNBKz; optimizelyEndUserId=lo_e2bc2863ee4e; dd_cookie_test_e8fe1b89-fcc1-4fa9-b63a-cd21fc171161=test; _dd_s=rum=0&expire=1634751687459; dd_cookie_test_7c9b2739-ff81-4240-a2fb-30b4b165b7dc=test; dd_cookie_test_599763dc-6227-40c3-8349-05b8e555a978=test; dd_cookie_test_1000af67-b27a-421d-8373-04a382dae2da=test; lightstep_guid/lite-web=659d9c21398081e7; lightstep_session_id=3f521b2e3c934e26; optimizelyEndUserId=lo_e2bc2863ee4e
sec-fetch-dest: empty
medium-frontend-app: lite/main-20211020-155556-05af24ebf2
content-length: 5244
:path: /_/graphql
pragma: no-cache
sec-fetch-site: same-origin
ot-tracer-sampled: true
ot-tracer-traceid: 9069143fa9abb11
medium-frontend-path: /security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
graphql-operation: PostViewerEdgeContent
content-type: application/json
accept: */*
cache-control: no-cache
:authority: blog.shiftleft.io
referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
:scheme: https
apollographql-client-version: main-20211020-155556-05af24ebf2
apollographql-client-name: lite
:method: POST
apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
Accept-Language: de-DE,de;q=0.9
ot-tracer-traceid: 9069143fa9abb11
Medium-Frontend-Path: /security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
Graphql-Operation: PostViewerEdgeContent
content-type: application/json
accept: */*
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
Medium-Frontend-App: lite/main-20211020-155556-05af24ebf2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
apollographql-client-version: main-20211020-155556-05af24ebf2
ot-tracer-spanid: 0f688ddc76323181

Response headers

date: Wed, 20 Oct 2021 17:26:28 GMT
content-encoding: gzip
sepia-upstream: medium
server: nginx
etag: W/"6b93-QET2U3uaAC2GjnFf/XyQyi/TLXw"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20211011-154348-f913722d14, rito/main-20211019-120718-75536e7bf3, tutu/main-20211020-152938-744cd4ff5e
x-envoy-upstream-service-time: 383
x-xss-protection: 0
x-request-received-at: 1634750788084

POST
H2 200 graphql Show response
blog.shiftleft.io/_/ 445 B
768 B 223ms
222ms Fetch
application/json 52.6.3.192
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.shiftleft.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/90006.9601d5ac.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.6.3.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-6-3-192.compute-1.amazonaws.com

Software

nginx /

Resource Hash

e5ffb4d37659dac4112281c5bd9450b47fc4bc807760940ef3140dac0b79c839

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

sec-fetch-mode: cors
medium-frontend-route: post
origin: https://blog.shiftleft.io
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
ot-tracer-spanid: 0f688ddc76323181
cookie: uid=lo_e2bc2863ee4e; sid=1:igzNdoCq2I86vpXzo1Qoek/t4jOlC0eRV+C1XfgL2GsAAJBE7EkhAVDWQUppNBKz; optimizelyEndUserId=lo_e2bc2863ee4e; dd_cookie_test_e8fe1b89-fcc1-4fa9-b63a-cd21fc171161=test; _dd_s=rum=0&expire=1634751687459; dd_cookie_test_7c9b2739-ff81-4240-a2fb-30b4b165b7dc=test; dd_cookie_test_599763dc-6227-40c3-8349-05b8e555a978=test; dd_cookie_test_1000af67-b27a-421d-8373-04a382dae2da=test; lightstep_guid/lite-web=659d9c21398081e7; lightstep_session_id=3f521b2e3c934e26; optimizelyEndUserId=lo_e2bc2863ee4e
sec-fetch-dest: empty
medium-frontend-app: lite/main-20211020-155556-05af24ebf2
content-length: 605
:path: /_/graphql
pragma: no-cache
sec-fetch-site: same-origin
ot-tracer-sampled: true
ot-tracer-traceid: 9069143fa9abb11
medium-frontend-path: /security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
graphql-operation: UserViewerEdge
content-type: application/json
accept: */*
cache-control: no-cache
:authority: blog.shiftleft.io
referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
:scheme: https
apollographql-client-version: main-20211020-155556-05af24ebf2
apollographql-client-name: lite
:method: POST
apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
Accept-Language: de-DE,de;q=0.9
ot-tracer-traceid: 9069143fa9abb11
Medium-Frontend-Path: /security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
Graphql-Operation: UserViewerEdge
content-type: application/json
accept: */*
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
Medium-Frontend-App: lite/main-20211020-155556-05af24ebf2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
apollographql-client-version: main-20211020-155556-05af24ebf2
ot-tracer-spanid: 0f688ddc76323181

Response headers

date: Wed, 20 Oct 2021 17:26:28 GMT
sepia-upstream: medium
server: nginx
etag: W/"1bd-/czvDpwn6bPDZRtxkOa+sLe+GEY"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20211011-154348-f913722d14, rito/main-20211019-120718-75536e7bf3, tutu/main-20211020-124414-f4254aceb3
x-envoy-upstream-service-time: 102
content-length: 445
x-xss-protection: 0
x-request-received-at: 1634750787956

POST
H2 200 graphql Show response
blog.shiftleft.io/_/ 397 B
719 B 235ms
234ms Fetch
application/json 52.6.3.192
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.shiftleft.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/90006.9601d5ac.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.6.3.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-6-3-192.compute-1.amazonaws.com

Software

nginx /

Resource Hash

c7dc45bd661e1df09c46705f567d61303ad09d1f2d7e37ec9e8781e090d786fc

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

sec-fetch-mode: cors
medium-frontend-route: post
origin: https://blog.shiftleft.io
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
ot-tracer-spanid: 0f688ddc76323181
cookie: uid=lo_e2bc2863ee4e; sid=1:igzNdoCq2I86vpXzo1Qoek/t4jOlC0eRV+C1XfgL2GsAAJBE7EkhAVDWQUppNBKz; optimizelyEndUserId=lo_e2bc2863ee4e; dd_cookie_test_e8fe1b89-fcc1-4fa9-b63a-cd21fc171161=test; _dd_s=rum=0&expire=1634751687459; dd_cookie_test_7c9b2739-ff81-4240-a2fb-30b4b165b7dc=test; dd_cookie_test_599763dc-6227-40c3-8349-05b8e555a978=test; dd_cookie_test_1000af67-b27a-421d-8373-04a382dae2da=test; lightstep_guid/lite-web=659d9c21398081e7; lightstep_session_id=3f521b2e3c934e26; optimizelyEndUserId=lo_e2bc2863ee4e
sec-fetch-dest: empty
medium-frontend-app: lite/main-20211020-155556-05af24ebf2
content-length: 601
:path: /_/graphql
pragma: no-cache
sec-fetch-site: same-origin
ot-tracer-sampled: true
ot-tracer-traceid: 9069143fa9abb11
medium-frontend-path: /security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
graphql-operation: CollectionViewerEdge
content-type: application/json
accept: */*
cache-control: no-cache
:authority: blog.shiftleft.io
referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
:scheme: https
apollographql-client-version: main-20211020-155556-05af24ebf2
apollographql-client-name: lite
:method: POST
apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
Accept-Language: de-DE,de;q=0.9
ot-tracer-traceid: 9069143fa9abb11
Medium-Frontend-Path: /security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
Graphql-Operation: CollectionViewerEdge
content-type: application/json
accept: */*
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
Medium-Frontend-App: lite/main-20211020-155556-05af24ebf2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
apollographql-client-version: main-20211020-155556-05af24ebf2
ot-tracer-spanid: 0f688ddc76323181

Response headers

date: Wed, 20 Oct 2021 17:26:28 GMT
sepia-upstream: medium
server: nginx
etag: W/"18d-C1gBZJbhKYJnMgU4aG710ZO3ToE"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20211011-154348-f913722d14, rito/main-20211019-120718-75536e7bf3, tutu/main-20211020-152938-744cd4ff5e
x-envoy-upstream-service-time: 113
content-length: 397
x-xss-protection: 0
x-request-received-at: 1634750787957

POST
H2 200 graphql Show response
blog.shiftleft.io/_/ 418 B
739 B 223ms
222ms Fetch
application/json 52.6.3.192
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.shiftleft.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/90006.9601d5ac.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.6.3.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-6-3-192.compute-1.amazonaws.com

Software

nginx /

Resource Hash

e8132c50760252004db923a55d339815cae88b6b2e476e54d5b92ac4272ba05a

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

sec-fetch-mode: cors
medium-frontend-route: post
origin: https://blog.shiftleft.io
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
ot-tracer-spanid: 0f688ddc76323181
cookie: uid=lo_e2bc2863ee4e; sid=1:igzNdoCq2I86vpXzo1Qoek/t4jOlC0eRV+C1XfgL2GsAAJBE7EkhAVDWQUppNBKz; optimizelyEndUserId=lo_e2bc2863ee4e; dd_cookie_test_e8fe1b89-fcc1-4fa9-b63a-cd21fc171161=test; _dd_s=rum=0&expire=1634751687459; dd_cookie_test_7c9b2739-ff81-4240-a2fb-30b4b165b7dc=test; dd_cookie_test_599763dc-6227-40c3-8349-05b8e555a978=test; dd_cookie_test_1000af67-b27a-421d-8373-04a382dae2da=test; lightstep_guid/lite-web=659d9c21398081e7; lightstep_session_id=3f521b2e3c934e26; optimizelyEndUserId=lo_e2bc2863ee4e
sec-fetch-dest: empty
medium-frontend-app: lite/main-20211020-155556-05af24ebf2
content-length: 1028
:path: /_/graphql
pragma: no-cache
sec-fetch-site: same-origin
ot-tracer-sampled: true
ot-tracer-traceid: 9069143fa9abb11
medium-frontend-path: /security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
graphql-operation: NewsletterV3ViewerEdge
content-type: application/json
accept: */*
cache-control: no-cache
:authority: blog.shiftleft.io
referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
:scheme: https
apollographql-client-version: main-20211020-155556-05af24ebf2
apollographql-client-name: lite
:method: POST
apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
Accept-Language: de-DE,de;q=0.9
ot-tracer-traceid: 9069143fa9abb11
Medium-Frontend-Path: /security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
Graphql-Operation: NewsletterV3ViewerEdge
content-type: application/json
accept: */*
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
Medium-Frontend-App: lite/main-20211020-155556-05af24ebf2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
apollographql-client-version: main-20211020-155556-05af24ebf2
ot-tracer-spanid: 0f688ddc76323181

Response headers

date: Wed, 20 Oct 2021 17:26:28 GMT
sepia-upstream: medium
server: nginx
etag: W/"1a2-RiyTijp2YLbOoEl991nBYrlYIpo"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20211011-154348-f913722d14, rito/main-20211019-120718-75536e7bf3, tutu/main-20211020-152938-744cd4ff5e
x-envoy-upstream-service-time: 105
content-length: 418
x-xss-protection: 0
x-request-received-at: 1634750787954

POST
H2 200 graphql Show response
blog.shiftleft.io/_/ 283 B
606 B 585ms
585ms Fetch
application/json 52.6.3.192
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.shiftleft.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/90006.9601d5ac.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.6.3.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-6-3-192.compute-1.amazonaws.com

Software

nginx /

Resource Hash

c8ab4027a02bc3a390d88c1499678e3de64f412f8d2ad829141a75603fa791e7

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

sec-fetch-mode: cors
medium-frontend-route: post
origin: https://blog.shiftleft.io
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
ot-tracer-spanid: 0f688ddc76323181
cookie: uid=lo_e2bc2863ee4e; sid=1:igzNdoCq2I86vpXzo1Qoek/t4jOlC0eRV+C1XfgL2GsAAJBE7EkhAVDWQUppNBKz; optimizelyEndUserId=lo_e2bc2863ee4e; dd_cookie_test_e8fe1b89-fcc1-4fa9-b63a-cd21fc171161=test; _dd_s=rum=0&expire=1634751687459; dd_cookie_test_7c9b2739-ff81-4240-a2fb-30b4b165b7dc=test; dd_cookie_test_599763dc-6227-40c3-8349-05b8e555a978=test; dd_cookie_test_1000af67-b27a-421d-8373-04a382dae2da=test; lightstep_guid/lite-web=659d9c21398081e7; lightstep_session_id=3f521b2e3c934e26; optimizelyEndUserId=lo_e2bc2863ee4e
sec-fetch-dest: empty
medium-frontend-app: lite/main-20211020-155556-05af24ebf2
content-length: 453
:path: /_/graphql
pragma: no-cache
sec-fetch-site: same-origin
ot-tracer-sampled: true
ot-tracer-traceid: 9069143fa9abb11
medium-frontend-path: /security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
graphql-operation: PostViewerEdge
content-type: application/json
accept: */*
cache-control: no-cache
:authority: blog.shiftleft.io
referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
:scheme: https
apollographql-client-version: main-20211020-155556-05af24ebf2
apollographql-client-name: lite
:method: POST
apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
Accept-Language: de-DE,de;q=0.9
ot-tracer-traceid: 9069143fa9abb11
Medium-Frontend-Path: /security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
Graphql-Operation: PostViewerEdge
content-type: application/json
accept: */*
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
Medium-Frontend-App: lite/main-20211020-155556-05af24ebf2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
apollographql-client-version: main-20211020-155556-05af24ebf2
ot-tracer-spanid: 0f688ddc76323181

Response headers

date: Wed, 20 Oct 2021 17:26:28 GMT
sepia-upstream: medium
server: nginx
etag: W/"11b-4VKVOXk1oOjDd3P9KXlQnDeSg3Q"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20211011-154348-f913722d14, rito/main-20211019-120718-75536e7bf3, tutu/main-20211020-152938-744cd4ff5e
x-envoy-upstream-service-time: 459
content-length: 283
x-xss-protection: 0
x-request-received-at: 1634750787972

POST
H2 200 graphql Show response
blog.shiftleft.io/_/ 78 B
399 B 299ms
299ms Fetch
application/json 52.6.3.192
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.shiftleft.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/90006.9601d5ac.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.6.3.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-6-3-192.compute-1.amazonaws.com

Software

nginx /

Resource Hash

08cebad88c5aef692d76bbfb88c7abc4babbaa83d5198d931d701336a7882f40

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

sec-fetch-mode: cors
medium-frontend-route: post
origin: https://blog.shiftleft.io
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
ot-tracer-spanid: 0f688ddc76323181
cookie: uid=lo_e2bc2863ee4e; sid=1:igzNdoCq2I86vpXzo1Qoek/t4jOlC0eRV+C1XfgL2GsAAJBE7EkhAVDWQUppNBKz; optimizelyEndUserId=lo_e2bc2863ee4e; dd_cookie_test_e8fe1b89-fcc1-4fa9-b63a-cd21fc171161=test; _dd_s=rum=0&expire=1634751687459; dd_cookie_test_7c9b2739-ff81-4240-a2fb-30b4b165b7dc=test; dd_cookie_test_599763dc-6227-40c3-8349-05b8e555a978=test; dd_cookie_test_1000af67-b27a-421d-8373-04a382dae2da=test; lightstep_guid/lite-web=659d9c21398081e7; lightstep_session_id=3f521b2e3c934e26; optimizelyEndUserId=lo_e2bc2863ee4e
sec-fetch-dest: empty
medium-frontend-app: lite/main-20211020-155556-05af24ebf2
content-length: 5608
:path: /_/graphql
pragma: no-cache
sec-fetch-site: same-origin
ot-tracer-sampled: true
ot-tracer-traceid: 9069143fa9abb11
medium-frontend-path: /security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
graphql-operation: InteractivePostBodyQuery
content-type: application/json
accept: */*
cache-control: no-cache
:authority: blog.shiftleft.io
referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
:scheme: https
apollographql-client-version: main-20211020-155556-05af24ebf2
apollographql-client-name: lite
:method: POST
apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
Accept-Language: de-DE,de;q=0.9
ot-tracer-traceid: 9069143fa9abb11
Medium-Frontend-Path: /security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
Graphql-Operation: InteractivePostBodyQuery
content-type: application/json
accept: */*
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
Medium-Frontend-App: lite/main-20211020-155556-05af24ebf2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
apollographql-client-version: main-20211020-155556-05af24ebf2
ot-tracer-spanid: 0f688ddc76323181

Response headers

date: Wed, 20 Oct 2021 17:26:28 GMT
sepia-upstream: medium
server: nginx
etag: W/"4e-5mdQpYz/T7RvOgG7pxvinkxLQ1s"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20211011-154348-f913722d14, rito/main-20211019-120718-75536e7bf3, tutu/main-20211020-152938-744cd4ff5e
x-envoy-upstream-service-time: 159
content-length: 78
x-xss-protection: 0
x-request-received-at: 1634750787976

GET
H2 200 responses.editor.c0f25530.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
4 KB 34ms
34ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/responses.editor.c0f25530.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.8f43e8de.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d24b7cd2f1c78bcfb26b68a9d2cb4b4a2017be4262792cb25070a916c4374080

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 114329
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: 34H83PT349TQKKTE
x-amz-id-2: vYlpZcsYFUwUadyoPAA95appEGGhfparA2MTE/WAk6BHCl9/ORWVxVI+ljXTm2ZiEg5+e6GmHLM=
last-modified: Mon, 04 Oct 2021 08:07:46 GMT
server: cloudflare
etag: W/"20ce871606cd56fbc5f5d46db1652bc4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: lsHMO.GGJeyfIZCU70bZ48tLRMDBTob8
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 6a13f3889eab3758-MXP
expires: Thu, 20 Oct 2022 17:26:27 GMT

POST
H2 200 graphql Show response
blog.shiftleft.io/_/ 464 B
785 B 303ms
302ms Fetch
application/json 52.6.3.192
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.shiftleft.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/90006.9601d5ac.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.6.3.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-6-3-192.compute-1.amazonaws.com

Software

nginx /

Resource Hash

c9f2c2c0f863b24ba21b568b99f3b82c2552982472cf1b7e6b1c9f275ab720e3

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

sec-fetch-mode: cors
medium-frontend-route: post
origin: https://blog.shiftleft.io
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
ot-tracer-spanid: 0f688ddc76323181
cookie: uid=lo_e2bc2863ee4e; sid=1:igzNdoCq2I86vpXzo1Qoek/t4jOlC0eRV+C1XfgL2GsAAJBE7EkhAVDWQUppNBKz; optimizelyEndUserId=lo_e2bc2863ee4e; dd_cookie_test_e8fe1b89-fcc1-4fa9-b63a-cd21fc171161=test; _dd_s=rum=0&expire=1634751687459; dd_cookie_test_7c9b2739-ff81-4240-a2fb-30b4b165b7dc=test; dd_cookie_test_599763dc-6227-40c3-8349-05b8e555a978=test; dd_cookie_test_1000af67-b27a-421d-8373-04a382dae2da=test; lightstep_guid/lite-web=659d9c21398081e7; lightstep_session_id=3f521b2e3c934e26; optimizelyEndUserId=lo_e2bc2863ee4e
sec-fetch-dest: empty
medium-frontend-app: lite/main-20211020-155556-05af24ebf2
content-length: 7138
:path: /_/graphql
pragma: no-cache
sec-fetch-site: same-origin
ot-tracer-sampled: true
ot-tracer-traceid: 9069143fa9abb11
medium-frontend-path: /security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
graphql-operation: PagedThreadedPostResponsesQuery
content-type: application/json
accept: */*
cache-control: no-cache
:authority: blog.shiftleft.io
referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
:scheme: https
apollographql-client-version: main-20211020-155556-05af24ebf2
apollographql-client-name: lite
:method: POST
apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
Accept-Language: de-DE,de;q=0.9
ot-tracer-traceid: 9069143fa9abb11
Medium-Frontend-Path: /security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
Graphql-Operation: PagedThreadedPostResponsesQuery
content-type: application/json
accept: */*
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
Medium-Frontend-App: lite/main-20211020-155556-05af24ebf2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
apollographql-client-version: main-20211020-155556-05af24ebf2
ot-tracer-spanid: 0f688ddc76323181

Response headers

date: Wed, 20 Oct 2021 17:26:28 GMT
sepia-upstream: medium
server: nginx
etag: W/"1d0-0EVcgvl8YHG2cx0N79sqMje8K84"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20211011-154348-f913722d14, rito/main-20211019-120718-75536e7bf3, tutu/main-20211020-152938-744cd4ff5e
x-envoy-upstream-service-time: 182
content-length: 464
x-xss-protection: 0
x-request-received-at: 1634750788040

GET
H2 200 1*6flaxqJDOHOoLnmTOWDpng.jpeg
miro.medium.com/max/700/ 39 KB
39 KB 35ms
35ms Image
image/jpeg 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/700/1*6flaxqJDOHOoLnmTOWDpng.jpeg

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/90006.9601d5ac.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6eb0da58ef1d393f4fc6f91088c9dc4269e8967021794f0c93757ae109700cea

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:28 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 0
x-envoy-upstream-service-time: 32
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 39663
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211018-134342-44be7a075d
accept-ranges: bytes
cf-ray: 6a13f389787e3758-MXP
expires: Fri, 19 Nov 2021 17:26:28 GMT

POST
H2 200 /
blog.shiftleft.io/_/clientele/reports/performance/ 0
0 112ms
112ms Fetch
application/octet-stream 52.6.3.192
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.shiftleft.io/_/clientele/reports/performance/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.19c06f9f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.6.3.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-6-3-192.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

sec-fetch-mode: cors
origin: https://blog.shiftleft.io
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
sec-fetch-dest: empty
cookie: uid=lo_e2bc2863ee4e; sid=1:igzNdoCq2I86vpXzo1Qoek/t4jOlC0eRV+C1XfgL2GsAAJBE7EkhAVDWQUppNBKz; optimizelyEndUserId=lo_e2bc2863ee4e; _dd_s=rum=0&expire=1634751687459; lightstep_guid/lite-web=659d9c21398081e7; lightstep_session_id=3f521b2e3c934e26; optimizelyEndUserId=lo_e2bc2863ee4e; dd_cookie_test_9d4c3e46-0e8e-4634-8f53-2b2dd9b25d9c=test
content-length: 194
:path: /_/clientele/reports/performance/
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type: application/json
accept: */*
cache-control: no-cache
:authority: blog.shiftleft.io
referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 20 Oct 2021 17:26:28 GMT
medium-fulfilled-by: valencia/main-20211011-154348-f913722d14, clientele/main-20211018-134342-44be7a075d
x-envoy-upstream-service-time: 6
sepia-upstream: medium
server: nginx
content-length: 0
content-type: application/octet-stream

POST
H2 200 /
blog.shiftleft.io/_/clientele/reports/performance/ 0
0 112ms
112ms Fetch
application/octet-stream 52.6.3.192
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.shiftleft.io/_/clientele/reports/performance/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.19c06f9f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.6.3.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-6-3-192.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

sec-fetch-mode: cors
origin: https://blog.shiftleft.io
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
sec-fetch-dest: empty
cookie: uid=lo_e2bc2863ee4e; sid=1:igzNdoCq2I86vpXzo1Qoek/t4jOlC0eRV+C1XfgL2GsAAJBE7EkhAVDWQUppNBKz; optimizelyEndUserId=lo_e2bc2863ee4e; _dd_s=rum=0&expire=1634751687459; lightstep_guid/lite-web=659d9c21398081e7; lightstep_session_id=3f521b2e3c934e26; optimizelyEndUserId=lo_e2bc2863ee4e; dd_cookie_test_9d4c3e46-0e8e-4634-8f53-2b2dd9b25d9c=test; dd_cookie_test_5249c706-9935-457f-bca8-a5be085d7e23=test; dd_cookie_test_bc97aa24-0cd7-4dbd-a8d4-b66dc28d6799=test
content-length: 1407
:path: /_/clientele/reports/performance/
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type: application/json
accept: */*
cache-control: no-cache
:authority: blog.shiftleft.io
referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 20 Oct 2021 17:26:28 GMT
medium-fulfilled-by: valencia/main-20211011-154348-f913722d14, clientele/main-20211018-134342-44be7a075d
x-envoy-upstream-service-time: 5
sepia-upstream: medium
server: nginx
content-length: 0
content-type: application/octet-stream

POST
H2 200 /
blog.shiftleft.io/_/clientele/reports/performance/ 0
0 114ms
114ms Fetch
application/octet-stream 52.6.3.192
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.shiftleft.io/_/clientele/reports/performance/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.19c06f9f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.6.3.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-6-3-192.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

sec-fetch-mode: cors
origin: https://blog.shiftleft.io
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
sec-fetch-dest: empty
cookie: uid=lo_e2bc2863ee4e; sid=1:igzNdoCq2I86vpXzo1Qoek/t4jOlC0eRV+C1XfgL2GsAAJBE7EkhAVDWQUppNBKz; optimizelyEndUserId=lo_e2bc2863ee4e; _dd_s=rum=0&expire=1634751687459; lightstep_guid/lite-web=659d9c21398081e7; lightstep_session_id=3f521b2e3c934e26; optimizelyEndUserId=lo_e2bc2863ee4e; dd_cookie_test_9d4c3e46-0e8e-4634-8f53-2b2dd9b25d9c=test; dd_cookie_test_5249c706-9935-457f-bca8-a5be085d7e23=test; dd_cookie_test_bc97aa24-0cd7-4dbd-a8d4-b66dc28d6799=test
content-length: 210
:path: /_/clientele/reports/performance/
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type: application/json
accept: */*
cache-control: no-cache
:authority: blog.shiftleft.io
referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 20 Oct 2021 17:26:28 GMT
medium-fulfilled-by: valencia/main-20211011-154348-f913722d14, clientele/main-20211018-134342-44be7a075d
x-envoy-upstream-service-time: 7
sepia-upstream: medium
server: nginx
content-length: 0
content-type: application/octet-stream

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 32ms
8ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fc27aed7787a4f63d2feba50e6bc6122ac3c5479456d40c0a445899a08ad92f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 19 Oct 2021 16:47:48 GMT
server: Golfe2
age: 2371
date: Wed, 20 Oct 2021 16:46:57 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19887
expires: Wed, 20 Oct 2021 18:46:57 GMT

GET
H2 200 branch-latest.min.js Show response
cdn.branch.io/ 79 KB
24 KB 44ms
14ms Script
text/javascript 143.204.98.52
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.branch.io/branch-latest.min.js
Requested by: Host: blog.shiftleft.io
URL: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b?gi=840f2d99dae7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.52 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-52.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 93019ef931f847b3f88047feb3c87914c648839920dfd0482fe4d640a106372e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-version-id: dPcbo._dc8laXt1CGk.P2lrH66o74Yit
content-encoding: gzip
last-modified: Thu, 14 Oct 2021 16:27:46 GMT
server: AmazonS3
age: 202
etag: "49d34b8e058b253d35893807b3bac09d"
x-cache: Hit from cloudfront
content-type: text/javascript
via: 1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control: max-age=300
date: Wed, 20 Oct 2021 17:23:07 GMT
x-amz-cf-pop: FRA50-C1
content-length: 23872
x-amz-cf-id: 4vvn33juqoIGC3johe4w2bbPSFI_OKRz4LlpCYYEhHtR0p3duAR9RQ==

GET
H2 200 1*Crl55Tm6yDNMoucPo1tvDg.png
miro.medium.com/max/135/ 4 KB
4 KB 37ms
36ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/135/1*Crl55Tm6yDNMoucPo1tvDg.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

971c28b0d1f472873001dc7dc6a2cccb67ae422fd00cd6a12e753fbc1ff1e2ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:29 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 20
x-envoy-upstream-service-time: 104
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 4048
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210708-194908-a2c5797557
accept-ranges: bytes
cf-ray: 6a13f38fecf83758-MXP
expires: Fri, 19 Nov 2021 17:26:29 GMT

GET
H2 200 1*W_RAPQ62h0em559zluJLdQ.png
miro.medium.com/max/135/ 4 KB
5 KB 31ms
30ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/135/1*W_RAPQ62h0em559zluJLdQ.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8a16399be3dd5a77dab492b09571656ea17bcab138b1422484312c761aecbf2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:29 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 20
x-envoy-upstream-service-time: 20
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 4354
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210726-203004-84c4ac1529
accept-ranges: bytes
cf-ray: 6a13f38fecfc3758-MXP
expires: Fri, 19 Nov 2021 17:26:29 GMT

GET
H2 200 sohne-400-italic.woff
glyph.medium.com/font/3887986/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 19 KB
20 KB 38ms
38ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/3887986/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-400-italic.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78f3247a4ee16f29508798e228c2f1cfe7d0406cee82a94cf2c34a25cb0a41ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://blog.shiftleft.io
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 15599758
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 6a13f390efd9374c-MXP
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Thu, 20 Oct 2022 17:26:29 GMT

POST
H/1.1 204
No Content events Show response
logx.optimizely.com/v1/ 0
362 B 423ms
106ms XHR
text/plain 54.243.144.17
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://logx.optimizely.com/v1/events
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/90006.9601d5ac.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.243.144.17 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-243-144-17.compute-1.amazonaws.com
Software: nginx/1.17.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Wed, 20 Oct 2021 17:26:29 GMT
Server: nginx/1.17.2
Content-Type: text/plain
Access-Control-Allow-Origin: https://blog.shiftleft.io
Access-Control-Expose-Headers: X-Results-Data-Source
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *
X-Request-Id: 3e4eb7fd-f028-48a8-9ae4-eea791db59fb

POST
H2 200 pub853ea8d17ad6821d9f8f11861d23dfed Show response
browser-http-intake.logs.datadoghq.com/v1/input/ 2 B
93 B 116ms
116ms Fetch
application/json 2600:1f18:24e6:b901:bdc9:8410:5bcc:e9b5
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://browser-http-intake.logs.datadoghq.com/v1/input/pub853ea8d17ad6821d9f8f11861d23dfed
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.19c06f9f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:24e6:b901:bdc9:8410:5bcc:e9b5 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Wed, 20 Oct 2021 17:26:29 GMT
content-length: 2
content-type: application/json

OPTIONS
H2 200 pub853ea8d17ad6821d9f8f11861d23dfed
browser-http-intake.logs.datadoghq.com/v1/input/ Frame 0
0 314ms
99ms Preflight 2600:1f18:24e6:b901:bdc9:8410:5bcc:e9b5
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://browser-http-intake.logs.datadoghq.com/v1/input/pub853ea8d17ad6821d9f8f11861d23dfed
Protocol: H2
Server: 2600:1f18:24e6:b901:bdc9:8410:5bcc:e9b5 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://blog.shiftleft.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 20 Oct 2021 17:26:29 GMT
content-length: 0
access-control-allow-origin: *
access-control-allow-methods: POST
access-control-allow-headers: x-logmatic-add-useragent,x-logmatic-add-ip,content-type
access-control-max-age: 0

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
208 B 15ms
14ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j94&a=1521814294&t=pageview&_s=1&dl=https%3A%2F%2Fblog.shiftleft.io%2Fsecurity-code-review-of-a-banking-trojan-cerberus-10df386b9f6b&ul=en-us&de=UTF-8&dt=Security%20Code%20Review%20of%20a%20Banking%20Trojan%20%E2%80%94%20Cerberus%20%7C%20by%20Prabhu%20Subramanian%20%7C%20ShiftLeft%20Blog&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1108961301&gjid=119055935&cid=1102572570.1634750789&tid=UA-24232453-2&_gid=273598397.1634750789&_r=1&_slc=1&z=837211246

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/90006.9601d5ac.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 20 Oct 2021 17:26:29 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.shiftleft.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
71 B 18ms
18ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j94&a=1521814294&t=pageview&_s=1&dl=https%3A%2F%2Fblog.shiftleft.io%2Fsecurity-code-review-of-a-banking-trojan-cerberus-10df386b9f6b&ul=en-us&de=UTF-8&dt=Security%20Code%20Review%20of%20a%20Banking%20Trojan%20%E2%80%94%20Cerberus%20%7C%20by%20Prabhu%20Subramanian%20%7C%20ShiftLeft%20Blog&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEDAAEABAAAAAC~&jid=368043250&gjid=182106839&cid=1102572570.1634750789&tid=UA-92418701-1&_gid=273598397.1634750789&_r=1&_slc=1&z=210042427

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/90006.9601d5ac.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 20 Oct 2021 17:26:29 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.shiftleft.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 _r Show response
app.link/ 90 B
574 B 220ms
176ms Script
text/javascript 2600:9000:2156:c400:19:9934:6a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.link/_r?sdk=web2.59.0&branch_key=key_live_ofxXr2qTrrU9NqURK8ZwEhknBxiI6KBm&callback=branch_callback__0

Requested by

Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2156:c400:19:9934:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

openresty / Express

Resource Hash

b7072764efc29f34e560bdf5f15b9b49a3f13c829f745a08f9645aed801f7c09

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 20 Oct 2021 17:26:29 GMT
via: 1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-content-type-options: nosniff
server: openresty
x-amz-cf-pop: FRA50-C1
x-powered-by: Express
x-cache: Miss from cloudfront
content-type: text/javascript; charset=utf-8
content-length: 90
etag: W/"5a-k5rhHtxKzoBVjaTeVFxQg5FiDGc"
x-amz-cf-id: bjfnFxVgPlnSz5HUdZ9_rAjMY3vmwjvaBWkp3guyTaGJwbmup3VCxQ==

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
414 B 60ms
19ms XHR
text/plain 2a00:1450:400c:c0a::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j94&tid=UA-92418701-1&cid=1102572570.1634750789&jid=368043250&gjid=182106839&_gid=273598397.1634750789&_u=IEDAAEABAAAAAC~&z=408834831

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/90006.9601d5ac.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0a::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 20 Oct 2021 17:26:29 GMT
content-type: text/plain
access-control-allow-origin: https://blog.shiftleft.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
472 B 78ms
37ms Image
image/gif 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j94&tid=UA-92418701-1&cid=1102572570.1634750789&jid=368043250&_u=IEDAAEABAAAAAC~&z=782570616

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 20 Oct 2021 17:26:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
472 B 59ms
31ms Image
image/gif 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j94&tid=UA-92418701-1&cid=1102572570.1634750789&jid=368043250&_u=IEDAAEABAAAAAC~&z=782570616

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 20 Oct 2021 17:26:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 open Show response
api2.branch.io/v1/ 312 B
626 B 213ms
173ms XHR
application/json 2600:9000:2156:7000:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/open
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/90006.9601d5ac.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:7000:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 6bf0f5bdc7682e114f56043145a2bafd189de54f8a11fda8da93164b94ce1042

Request headers

Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 20 Oct 2021 17:26:29 GMT
via: 1.1 a09186728c1bcdf0a561aedd92656804.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache
x-branch-request-id: d7dda6225a9640b5b1b95b644bde9eed-2021102017
content-length: 312
x-amz-cf-id: 5xUX6BD6LUlijC15CltjCDOScgiwuK2IgyXItqYK5iRHgo9LfxykJg==

POST
H2 200 reports Show response
lightstep.medium.systems/api/v0/ 96 B
415 B 156ms
156ms XHR
application/json 2606:4700:3036::ac43:b550
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/90006.9601d5ac.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:b550 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2df980cd1f10e102f355faffde198920508532717d8ad0bf1e81972c34b2e4f9

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
Accept-Language: de-DE,de;q=0.9
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
Content-Type: application/json

Response headers

date: Wed, 20 Oct 2021 17:26:30 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AMNTFh%2BBZDPnP9jg%2FEqVBmWIJX8%2FU3XyBWsj2BcZczVvNr48PHBla3OjbWvX9Os5amglqcT8sQj9WiyEE0J23pbb5rp8xq6wqdX9gGvmUE0YZo7NL4ftW%2Bj9J%2FwhsfS%2FtbLWNZE30bGIiDji55VAeB7ig6AbyQc%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
x-envoy-upstream-service-time: 28
cf-ray: 6a13f3954b1559a7-MXP
access-control-allow-headers: LightStep-Access-Token, Content-Type
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

OPTIONS
H2 200 reports
lightstep.medium.systems/api/v0/ Frame 0
0 214ms
160ms Preflight 2606:4700:3036::ac43:b550
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Protocol: H2
Server: 2606:4700:3036::ac43:b550 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,lightstep-access-token
Origin: https://blog.shiftleft.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 20 Oct 2021 17:26:29 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
x-envoy-upstream-service-time: 29
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PGWWHwwe9IoYuhVcdcG6JpP8WmBCbqIKAbhLmgpbsVWIZpnP%2FJXkUTf%2B7p%2FS1pphb%2BW2zhymXg1hCIwfuEs0YEP0WUCcGoDJgQQzKSufP3nCocBhJPqWfWZklDiZloNLKUoy1k9l5tt%2FwKSV95IBnoTRgPCe3gg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6a13f39448a859a7-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

POST
H2 200 profile Show response
api2.branch.io/v1/ 180 B
574 B 288ms
288ms XHR
application/json 2600:9000:2156:7000:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/profile

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/90006.9601d5ac.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2156:7000:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ Express

Resource Hash

bff85ae7269660967f4bb6672d888532dd62ac999744e5d36ca4b9eddf7b4725

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 20 Oct 2021 17:26:30 GMT
via: 1.1 a09186728c1bcdf0a561aedd92656804.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA50-C1
x-powered-by: Express
etag: W/"b4-fzZ1A7+rO2IhLuNy/j3X8O2yuBM"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: dbd1450d3ac84b42b7deed2abcd8ea3c-2021102017
content-length: 180
x-amz-cf-id: _WHF1vBAddGya4BHmuEcRBkFMOnCy0TLTtdIDNZMDy9gKMaV_EQlPA==

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
387 B 206ms
205ms XHR
application/json 2600:9000:2156:7000:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/pageview
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/90006.9601d5ac.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:7000:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: / Express
Resource Hash: a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Request headers

Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 20 Oct 2021 17:26:30 GMT
via: 1.1 a09186728c1bcdf0a561aedd92656804.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: 1c931af366a047bc991e3ee266133a72-2021102017
content-length: 28
x-amz-cf-id: nCRL9gpJoToAc7naF17wZk2vUekAoI11d2HzE0pdKB_X-i_Gmm4ugQ==

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
388 B 714ms
714ms XHR
application/json 2600:9000:2156:7000:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/pageview
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/90006.9601d5ac.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:7000:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: / Express
Resource Hash: a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Request headers

Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 20 Oct 2021 17:26:31 GMT
via: 1.1 a09186728c1bcdf0a561aedd92656804.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: 5d0840ade8374d8eb8b3362b8d020b86-2021102017
content-length: 28
x-amz-cf-id: HkQM-m5_PbtBNViNC1Nf3nmImnDgH1OQqSi-pDbnGnRrFdP54CPNBA==

POST
H2 200 reports Show response
lightstep.medium.systems/api/v0/ 96 B
372 B 179ms
178ms XHR
application/json 2606:4700:3036::ac43:b550
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/90006.9601d5ac.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:b550 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bed9f304e413358458331a0ba0e33569e6d2a067edb4ee0a40a48608d578d599

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
Accept-Language: de-DE,de;q=0.9
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
Content-Type: application/json

Response headers

date: Wed, 20 Oct 2021 17:26:30 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U4b7JHqNbk5%2FXDkjqARIOoSNGQT9NaxTRMNmVH0Qd0xlSgtohpS1y9FAIRx%2BtIommvAPkVcEHPO5emY3jzg%2FbdKiojfwCmZUP4lFM4d2P7AtIwLD6t0Jenw4oYLj7z7Io42ab2NWs0Ri4EUEC4Uwogd2klujsIE%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
x-envoy-upstream-service-time: 50
cf-ray: 6a13f3995ed559a7-MXP
access-control-allow-headers: LightStep-Access-Token, Content-Type
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

OPTIONS
H2 200 reports
lightstep.medium.systems/api/v0/ Frame 0
0 128ms
128ms Preflight 2606:4700:3036::ac43:b550
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Protocol: H2
Server: 2606:4700:3036::ac43:b550 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,lightstep-access-token
Origin: https://blog.shiftleft.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 20 Oct 2021 17:26:30 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
x-envoy-upstream-service-time: 1
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oPstEkd%2Fyn%2B%2BrZaGXlKdToi9FcgcVHW01mi8sgiEwV2unSaXBMTFyG7ae8Hc0zSROGIcBYvQt53FONzNB%2FnkzEzLIlXkl4WslE%2Fs%2FEyxBKLR0Vq7Fqy4%2BmKjVAqDfyJu4Uk9KIT6dM4NlrM8sfBSB6YMQvMYB9I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6a13f3988cb659a7-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

POST
H2 200 reports Show response
lightstep.medium.systems/api/v0/ 96 B
374 B 132ms
132ms XHR
application/json 2606:4700:3036::ac43:b550
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/90006.9601d5ac.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:b550 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d26c6fe74b63caad9a0e693d7fa4a1a0d4c6660746b368a45f39509f924817bb

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
Accept-Language: de-DE,de;q=0.9
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
Content-Type: application/json

Response headers

date: Wed, 20 Oct 2021 17:26:31 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KsoUyuifHxcTiGhfu%2B%2FVdtLeVG%2F17OtCnvQh3roJwnGELeU1gCSeiGdY0P%2B8b%2FZ1uv551R5zMMFA8NjmiGqS6g%2BlIKwGEXLiTYHbIPilSdlWJc97O5iz%2Frk%2BttwIlkrmt1nAN2ebjfx%2BMAiu9ICQ0BXsAf9LYnY%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
x-envoy-upstream-service-time: 0
cf-ray: 6a13f39dcc0759a7-MXP
access-control-allow-headers: LightStep-Access-Token, Content-Type
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

OPTIONS
H2 200 reports
lightstep.medium.systems/api/v0/ Frame 0
0 132ms
132ms Preflight 2606:4700:3036::ac43:b550
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Protocol: H2
Server: 2606:4700:3036::ac43:b550 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,lightstep-access-token
Origin: https://blog.shiftleft.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 20 Oct 2021 17:26:31 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
x-envoy-upstream-service-time: 0
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qMUFFb7WfT9HnYfZiTllNdmCCMx6eegi4%2B5nBnuZDnCCob2zlm7RtDbKWFp6UXjEhveB3MuXeFro0lc%2Fbc6Vw0KgckNNFPdHcLEeAFhxKHl5GIt5NKp36xRDP2q9knZkg7JKygZ2Kl%2F19Gs5jLH9IPXSq5MTfRg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6a13f39cf98559a7-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

POST
H2 200 reports Show response
lightstep.medium.systems/api/v0/ 96 B
395 B 135ms
135ms XHR
application/json 2606:4700:3036::ac43:b550
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/90006.9601d5ac.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:b550 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 25da3784dac80ae092ab65f0ef5755407a63e8e94adf8d7c97d1f00506831aed

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
Accept-Language: de-DE,de;q=0.9
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
Content-Type: application/json

Response headers

date: Wed, 20 Oct 2021 17:26:32 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q5VjjolbatUMKKx4UnBsipqYjqxat7znTWrWzLVL%2FPNF90N9he8RcUC%2FcDsBCZiBbAMxyAJsCrK5mUJT3c%2FY2hML74zGqnp7Ud35Xgn16VInFsuzRo334OGa4cq%2BU5eaubIrgUwhlQowrn%2FoV1rUChy7fMpZICU%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
x-envoy-upstream-service-time: 0
cf-ray: 6a13f3a2196f59a7-MXP
access-control-allow-headers: LightStep-Access-Token, Content-Type
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

OPTIONS
H2 200 reports
lightstep.medium.systems/api/v0/ Frame 0
0 143ms
143ms Preflight 2606:4700:3036::ac43:b550
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Protocol: H2
Server: 2606:4700:3036::ac43:b550 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,lightstep-access-token
Origin: https://blog.shiftleft.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 20 Oct 2021 17:26:31 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
x-envoy-upstream-service-time: 0
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KfKtH6WHxOQJTj%2Fv0%2FLXj%2FAvYBaFaiyiWkzWT5S4qBWhf17kA9PXvOGWXku93a0c1UwkrGu2CscKktzn1gmD%2BmG5uzNEOfVDYeEPhbsrNzCp5mgIaLeaEmTFdvA%2BTGndowIZZFJsZtwN%2FoJwJW%2BboEaKiC5YNdA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6a13f3a13e9359a7-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

POST
H2 200 batch Show response
blog.shiftleft.io/_/ 17 B
172 B 269ms
268ms Fetch
application/json 52.6.3.192
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.shiftleft.io/_/batch
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.19c06f9f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.6.3.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-6-3-192.compute-1.amazonaws.com
Software: nginx /
Resource Hash: f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4

Request headers

sec-fetch-mode: cors
origin: https://blog.shiftleft.io
x-xsrf-token: 1
accept-language: de-DE,de;q=0.9
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
cookie: uid=lo_e2bc2863ee4e; sid=1:igzNdoCq2I86vpXzo1Qoek/t4jOlC0eRV+C1XfgL2GsAAJBE7EkhAVDWQUppNBKz; optimizelyEndUserId=lo_e2bc2863ee4e; _dd_s=rum=0&expire=1634751687459; lightstep_guid/lite-web=659d9c21398081e7; lightstep_session_id=3f521b2e3c934e26; optimizelyEndUserId=lo_e2bc2863ee4e; _ga=GA1.2.1102572570.1634750789; _gid=GA1.2.273598397.1634750789; _gat=1; _gat_tracker0=1
content-length: 7811
:path: /_/batch
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type: application/json
accept: */*
cache-control: no-cache
:authority: blog.shiftleft.io
referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://blog.shiftleft.io/security-code-review-of-a-banking-trojan-cerberus-10df386b9f6b
x-xsrf-token: 1
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type: application/json

Response headers

date: Wed, 20 Oct 2021 17:26:32 GMT
medium-fulfilled-by: valencia/main-20211011-154348-f913722d14
x-envoy-upstream-service-time: 152
sepia-upstream: medium
server: nginx
content-length: 17
content-type: application/json

Verdicts & Comments Add Verdict or Comment

25 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

16 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.medium.com/	1970-01-20 06:51:26	Name: uid Value: lo_e2bc2863ee4e
.medium.com/	1970-01-20 06:51:26	Name: sid Value: 1:omvGHy+s6OykUqGj5kIszMecS7va8Us0fffzdDT4Ly1TI0kjZp9bi38Vaul8Pwgj
.medium.com/	1970-01-20 06:51:26	Name: optimizelyEndUserId Value: lo_e2bc2863ee4e
.medium.com/	1969-12-31 23:59:59	Name: __cfruid Value: 747b27cf2048f55be346875b30b2899a2620dfb3-1634750785
blog.shiftleft.io/	1970-01-20 06:51:26	Name: uid Value: lo_e2bc2863ee4e
blog.shiftleft.io/	1970-01-20 06:51:26	Name: sid Value: 1:igzNdoCq2I86vpXzo1Qoek/t4jOlC0eRV+C1XfgL2GsAAJBE7EkhAVDWQUppNBKz
blog.shiftleft.io/	1970-01-20 06:51:26	Name: optimizelyEndUserId Value: lo_e2bc2863ee4e
blog.shiftleft.io/	1970-01-19 22:05:51	Name: _dd_s Value: rum=0&expire=1634751687459
blog.shiftleft.io/	1970-01-19 22:15:55	Name: lightstep_guid/lite-web Value: 659d9c21398081e7
blog.shiftleft.io/	1970-01-19 22:15:55	Name: lightstep_session_id Value: 3f521b2e3c934e26
.shiftleft.io/	1970-01-20 02:25:02	Name: optimizelyEndUserId Value: lo_e2bc2863ee4e
.shiftleft.io/	1970-01-20 15:37:02	Name: _ga Value: GA1.2.1102572570.1634750789
.shiftleft.io/	1970-01-19 22:07:17	Name: _gid Value: GA1.2.273598397.1634750789
.shiftleft.io/	1970-01-19 22:05:50	Name: _gat Value: 1
.shiftleft.io/	1970-01-19 22:05:50	Name: _gat_tracker0 Value: 1
.app.link/	1970-01-20 06:51:26	Name: _s Value: cb%2FkaHLzSqQEjtRRyqNz4OQJmngPblaNN0flFN9aXGyqvnmUffopbfzN%2B5N5xSz6

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' https://medium.com

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a16180790160.cdn.optimizely.com
api2.branch.io
app.link
blog.shiftleft.io
browser-http-intake.logs.datadoghq.com
cdn-client.medium.com
cdn.branch.io
cdn.optimizely.com
glyph.medium.com
lightstep.medium.systems
logx.optimizely.com
medium.com
miro.medium.com
stats.g.doubleclick.net
www.google-analytics.com
www.google.com
www.google.de
143.204.98.52
23.6.123.32
2600:1f18:24e6:b901:bdc9:8410:5bcc:e9b5
2600:9000:2156:7000:11:f728:3040:93a1
2600:9000:2156:c400:19:9934:6a80:93a1
2606:4700:3036::ac43:b550
2606:4700:7::a29f:9904
2a00:1450:4001:80f::2004
2a00:1450:4001:810::200e
2a00:1450:4001:831::2003
2a00:1450:400c:c0a::9a
2a02:26f0:7100:19a::13b8
52.6.3.192
54.243.144.17
031654b461dbcc01656d64c2107f830c00a52ef785f10b07794b5254db6d9394
07aed477b2d3c0765d37e7b9b5f097bd4d0f53560ccb8f46d2ec7805afb75730
08cebad88c5aef692d76bbfb88c7abc4babbaa83d5198d931d701336a7882f40
0925e05cd0fc94c67b9378577f221e8f0ec840e487fe5fe41f6e9bae0c2e70b8
0afe2b89d142b8a3955e3f9d7b27853e68d848689edafeb8e6bdb3735c5baea0
0b3e6acdd4073d54ac1a42d27af8ae679f907a67307c54ca2f242f237b01e62e
0c9c496ba4a3abcbe8c5bc6796ff0f0e06f9b5be18b08325a58a08f8088ceafd
11e449f2bbccdf612464bef6a7db62a67d853aba8cb171f16f2423179e88521d
1544e425ef52ed94fd570107984feef287ce2f9968cb7e92bae020fdd4181fac
19d581e09fc7c3cc5cd94e4c57415c3d202981f201c4078ec37c2c8ef0619383
1c6237fb689955af7a654da2388ec0b3be15677ccbdfc34882de50eb2f79c722
23d5d5917766394d6fb54189597fcc1ad7b0fe96870e594d940a89717d8338f7
25da3784dac80ae092ab65f0ef5755407a63e8e94adf8d7c97d1f00506831aed
29c7dbbb65a9f2b520af47befd60f717559534a8198b70a46b8edaac8b2d9078
2df980cd1f10e102f355faffde198920508532717d8ad0bf1e81972c34b2e4f9
2f1526c6e666132b80e05ff9df43b01f05591d7625c6a2e4959bde45ca378e4a
31933b925e9898941572448e8682c87bc849cf204a6c51342b64b6c1080877d9
328a96a6ebf9abc6ba510caa489962c29879265ac105c95fa109ca68f1c8f050
371e7a8f65f2084adaf2db1648b24a7fc736db6ff243d878026b46d2c55254eb
37df73af877e88b767044bae0ec895370689d3f1986a7b84d5325ab9c7287c55
3902e09f4d4f9116749cc903d43b45fa4c0fc9740c4ee7ab8136fd83d672aceb
3b2af86ee65e3a22bdd66c8fc2d948c58802b6c0c8b0214b442aad26f06f64cb
3e1548b2466fc73b4f92c0ef2a388865abcd9f9953070c67ea8c32a0c7ea0907
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4d7072d7c18f58105b6ba413459dba078a92b0c8180e9c2c60b48347ba3f5cd2
5653275fd2234822f5aab4c7fb5bc5325e4991570295998f1ab5a83287c7f285
582a04757d62c3d9ad1c9cc5d7e40787a900fd02b3aeace43d41008a7658d071
68078ec955d9fe1ecbba1656e1f4469e2585307cfc1b5b993df6e56e5de3d359
6be052929052cc2807e324acc57ba815bee542fdb333c036cb63fb833edff850
6bf0f5bdc7682e114f56043145a2bafd189de54f8a11fda8da93164b94ce1042
6c6cf788712212b09b59a3e1ccd46b4d6c08abee242f49cb9b861287b211bc7e
6eb0da58ef1d393f4fc6f91088c9dc4269e8967021794f0c93757ae109700cea
6f4ecb7d857ad647607e980bcd585d5678430b97cc1176b160a1a0fe9cd5f800
70de61bacf37b98fef1041caecb079adcbb1eeba9c0ad401861737359af9506b
711337a2833f9dabcd18494241867451c681432d95639cd75010b725bdb87792
72c9430b1da4d4487e923b6caa00ab72720d627399d4b168708a6d2b70df3b33
74aecca96bdaba8b72438429b11d6c83b4dd41cb4d4206c297a8e5eac206758c
78f3247a4ee16f29508798e228c2f1cfe7d0406cee82a94cf2c34a25cb0a41ee
7ad708810c15c14d27363765e5dd4be28dc70dafc870a116102151e63f5284fc
7cd0b8e33aadd7312ccc39906739b928b62414a2d047922b3e1ca217ff8a28b6
81645980d414457d090680a89e4ff0e93ad8fff658d37f2fb412d33d6cf08d13
828d4afe2376ecd309b49531b98426f626d57ff9075085d4baa90225f8d10ed5
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8a16399be3dd5a77dab492b09571656ea17bcab138b1422484312c761aecbf2d
8aaae6aa0d95ddcb9ffef0997ccd5cc6882a06f6717f99a8b615cb58969b0bbc
8ec449353423bc9bfac8983259d112fb8a44307c352a2c53208878c6359d5e61
91cb6d3a584cf6503f7d3248f7b6c60eed3179c66dcbd7c8e11c02414196eb9f
91e7870b5ddd02fe1237719009472570fdfca9bcbc99f0be1a5e39b83e477e3a
93019ef931f847b3f88047feb3c87914c648839920dfd0482fe4d640a106372e
943930552f48653e4cc82592c95970a7cbf30f72b31b936e7ca888cb3f46f21b
971c28b0d1f472873001dc7dc6a2cccb67ae422fd00cd6a12e753fbc1ff1e2ea
9a1bb21db6c50c8c9d7931a77cba791bc9d7ecd6eef2373a66cb4cde5e6e5d16
9cc93d77bce3e5a11f3f321ddbbdbb5976e3b4a2ce14a9492f4bd85fa4d7c3dd
9e673635c527c61c90ec3cf579b6eaf8a7a4fcd861551df2e97b015c0f3f3f4b
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a07358507310640ab2ba64a1da261e6c30ac52f9e2ca23b26e34a52d15401ebd
a4234de612d23c49b753051754b4a09d58f6812aae0960fac0578cd2e8d9566d
a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb
a89a11c31dd00078a7e555c4e47656179ed0ef24efbb8558ce7611b152848a99
a9ac268562067c71d94ab20172d52551ad92193aab101c68263c9330bf354b51
aabb06dd2b98e1abb75fbdbb123bc6def570d1455b8c442326203cf56978858f
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af215f4eea3203aa2da018e970bf5ed360a8431871c8b8ec33fdd2547b036449
b5d4620f0d3c8be34de726d1fc4e4e81a96574083acd205717036793f64c5eb9
b667afc4874447d6397c523078b591aa277c06e5c7587a86cd535346e29093df
b7072764efc29f34e560bdf5f15b9b49a3f13c829f745a08f9645aed801f7c09
b7c79b2e110e5e329d8cde062b26d6392577c60769eecc421691bf314eb4fd96
b87f10b6eba2c329fcd766b203120d5fee37bb48e5c834c26b1c5c9bc773b38a
bc001c0ba3d95353f2c8d38764e28c442347c6dadddea149097ce0b7699f2f94
bdb2ccdb82aae446d8d58ac6bcc5ed9de4406aeefbeab265429bc71b59ff5d03
be686c52f8ea0ceebe1d93f22b275f0728b935a58a895a5930eee272c9f84b6e
bed9f304e413358458331a0ba0e33569e6d2a067edb4ee0a40a48608d578d599
bff85ae7269660967f4bb6672d888532dd62ac999744e5d36ca4b9eddf7b4725
c7dc45bd661e1df09c46705f567d61303ad09d1f2d7e37ec9e8781e090d786fc
c8ab4027a02bc3a390d88c1499678e3de64f412f8d2ad829141a75603fa791e7
c9f2c2c0f863b24ba21b568b99f3b82c2552982472cf1b7e6b1c9f275ab720e3
caf23f6a8b5e1810a1bb919f2ebbc804b6e58e39554ea54babe40dfea54dda4f
d1c31199cc52a64a61615187c4f272c7ef8a2bcb32212e647d81af7bca99f34e
d24b7cd2f1c78bcfb26b68a9d2cb4b4a2017be4262792cb25070a916c4374080
d2564f93f66eff02f06426741198b51398f94af1f769a1d79af793d04095cb06
d26c6fe74b63caad9a0e693d7fa4a1a0d4c6660746b368a45f39509f924817bb
d33e8d30615e1ea504c766a0ec3095de54e599224f2742101e9468571b87eae7
d731189cc2a1c9d5ed8b9025d4ab954be73ba3e95410a5fdeb84dfab3a4df8a5
d922b38beff30f8d5acc276cf142facc3719c25635014c8fbd9885f9906b32a7
e30f5133eb12404b75437af4a96906c6da30cf1364d663596a56fea3688cb335
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5ffb4d37659dac4112281c5bd9450b47fc4bc807760940ef3140dac0b79c839
e69aa83383ecb755e563c100573926eb1faf687c85b239a45ef7f246cf09baa8
e8132c50760252004db923a55d339815cae88b6b2e476e54d5b92ac4272ba05a
e8fed51ae35ba9d9c900b99b774df79551240e4954aa5bdd2289cf32d64c1715
e9f213c47a963ef2f76ea5601d5d2154d802a60f06f16460647d4da51190381a
ea2fb7fcf5407ece21f68bbdea5f34437a596e4b0f0a276ef542906e6fb7c24b
ea36e60783ccb9611b6d8785c50d423a4a7b632ef342fdb72ad80898c53492e1
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
fc27aed7787a4f63d2feba50e6bc6122ac3c5479456d40c0a445899a08ad92f3
fcbb2c4ecf78c2d2b5f9e04f3f7c8d3fa8d2fa81f255aa81373b6a04a505fd49
ff4c91bf9cb91b2fb2e0344577754e3f2ade240aa8d8d8db0171901c9115feb1

blog.shiftleft.io Open in urlscan Pro 52.6.3.192 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

109 Requests

100 %HTTPS

71 %IPv6

11 Domains

17 Subdomains

14 IPs

5 Countries

1277 kBTransfer

3732 kBSize

16 Cookies

51 Outgoing links

Page URL History

Redirected requests

109 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

blog.shiftleft.io Open in urlscan Pro
52.6.3.192 Public Scan

Screenshot
Live screenshot

Full Image

109
Requests

100 %
HTTPS

71 %
IPv6

11
Domains

17
Subdomains

14
IPs

5
Countries

1277 kB
Transfer

3732 kB
Size

16
Cookies

109 HTTP transactions
0 data transactions