doublepulsar.com Open in urlscan Pro
52.1.119.170 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f
Effective URL:
https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f?gi=c68ff7e13e3
Submission: On August 28 via manual (August 28th 2018, 8:29:03 pm UTC) from US

Summary HTTP 41 Redirects Links 18 Behaviour Indicators

Summary

This website contacted 10 IPs in 2 countries across 6 domains to perform 41 HTTP transactions. The main IP is 52.1.119.170, located in Ashburn, United States and belongs to AMAZON-AES - Amazon.com, Inc., US. The main domain is doublepulsar.com.
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on April 18th 2018. Valid for: a year.

This is the only time doublepulsar.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 4	52.1.119.170 52.1.119.170	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1 6	2400:cb00:204... 2400:cb00:2048:1::6810:7c7f	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
17	2400:cb00:204... 2400:cb00:2048:1::6810:7691	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	2a00:1450:400... 2a00:1450:4001:81e::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
4	2400:cb00:204... 2400:cb00:2048:1::6810:7991	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	52.85.182.26 52.85.182.26	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	52.202.229.79 52.202.229.79	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
5	2400:cb00:204... 2400:cb00:2048:1::6810:787f	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	52.0.177.159 52.0.177.159	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
41	10

4 52.1.119.170 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-1-119-170.compute-1.amazonaws.com

doublepulsar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2400:cb00:2048:1::6810:7c7f (United States) 1 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2400:cb00:2048:1::6810:7691 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

glyph.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-static-1.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-images-1.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81e::200e (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2400:cb00:2048:1::6810:7991 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdn-images-1.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
glyph.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.85.182.26 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-85-182-26.fra50.r.cloudfront.net

d1z2jf7jlzjs58.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.202.229.79 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-202-229-79.compute-1.amazonaws.com

srv-2018-08-28-20.pixel.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2400:cb00:2048:1::6810:787f (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.0.177.159 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-0-177-159.compute-1.amazonaws.com

collector-medium.lightstep.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
32	medium.com 1 redirects medium.com glyph.medium.com cdn-static-1.medium.com cdn-images-1.medium.com	1 MB
4	doublepulsar.com 1 redirects doublepulsar.com	30 KB
2	lightstep.com collector-medium.lightstep.com	504 B
2	google-analytics.com www.google-analytics.com	14 KB
1	parsely.com srv-2018-08-28-20.pixel.parsely.com	380 B
1	cloudfront.net d1z2jf7jlzjs58.cloudfront.net	15 KB
41	6

	Domain	Requested by
14	cdn-images-1.medium.com	doublepulsar.com
11	medium.com	1 redirects cdn-static-1.medium.com doublepulsar.com
4	cdn-static-1.medium.com	doublepulsar.com cdn-static-1.medium.com
4	doublepulsar.com	1 redirects doublepulsar.com cdn-static-1.medium.com
3	glyph.medium.com	doublepulsar.com
2	collector-medium.lightstep.com	cdn-static-1.medium.com
2	www.google-analytics.com	doublepulsar.com
1	srv-2018-08-28-20.pixel.parsely.com	d1z2jf7jlzjs58.cloudfront.net
1	d1z2jf7jlzjs58.cloudfront.net	doublepulsar.com
41	9

This site contains links to these domains. Also see Links.

Domain
medium.com
twitter.com
facebook.com
github.com
msdn.microsoft.com
docs.microsoft.com
www.kb.cert.org
medium.freecodecamp.org

Subject Issuer	Validity	Valid
doublepulsar.com COMODO RSA Domain Validation Secure Server CA	`2018-04-18` - `2019-04-18`	a year	crt.sh
*.medium.com DigiCert SHA2 Secure Server CA	`2018-07-31` - `2020-09-09`	2 years	crt.sh
*.google.com Google Internet Authority G3	`2018-08-07` - `2018-10-16`	2 months	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2017-11-22` - `2018-11-21`	a year	crt.sh
*.pixel.parsely.com Amazon	`2018-03-27` - `2019-04-27`	a year	crt.sh
medium.com DigiCert SHA2 Extended Validation Server CA	`2017-06-01` - `2019-08-30`	2 years	crt.sh
*.lightstep.com COMODO RSA Domain Validation Secure Server CA	`2017-01-24` - `2019-02-25`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f?gi=c68ff7e13e3
Frame ID: D19A2ED9EA1E3422BE38CB93F0B8E388
Requests: 44 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f HTTP 302
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fdoublepulsar.com%2Ftask-schedule... HTTP 302
https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f?gi=c68ff7e13e3 Page URL

Detected technologies

Medium (Blogs) Expand

Overall confidence: 100%
Detected patterns

script /medium\.com/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
env /^gaGlobal$/i

Parse.ly (Analytics) Expand

Overall confidence: 100%
Detected patterns

env /^PARSELY$/i

Page Statistics

41
Requests

98 %
HTTPS

56 %
IPv6

6
Domains

9
Subdomains

10
IPs

2
Countries

1098 kB
Transfer

3032 kB
Size

0
Cookies

18 Outgoing links

These are links going to different origins than the main page.

URL: https://medium.com/policy/f03bf92035c9
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://medium.com/
Title: Homepage

Search URL Search Domain Scan URL

URL: https://twitter.com/GossiTheDog

Search URL Search Domain Scan URL

URL: https://facebook.com/GossiTheDog

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?redirect=https%3A%2F%2Fdoublepulsar.com%2Ftask-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f&source=--------------------------nav_reg&operation=login
Title: Sign in

Search URL Search Domain Scan URL

URL: https://github.com/GossiTheDog/zeroday/tree/master/ALPC-TaskSched-LPE
Title: Github

Search URL Search Domain Scan URL

URL: https://github.com/GossiTheDog/zeroday/blob/master/ALPC-TaskSched-LPE/ALPC-TaskSched-LPE.cpp
Title: source

Search URL Search Domain Scan URL

URL: https://msdn.microsoft.com/en-us/library/cc248452.aspx
Title: SchRpcSetSecurity

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
Title: Microsoft Sysmon

Search URL Search Domain Scan URL

URL: https://www.kb.cert.org/vuls/id/906424
Title: CERT/CC take here

Search URL Search Domain Scan URL

URL: https://medium.freecodecamp.org/a-quick-introduction-to-web-security-f90beaf4dd41?source=placement_card_footer_grid---------1-43

Search URL Search Domain Scan URL

URL: https://medium.freecodecamp.org/@austintackaberry

Search URL Search Domain Scan URL

URL: https://medium.freecodecamp.org/@austintackaberry?source=placement_card_footer_grid---------1-43
Title: Austin Tackaberry

Search URL Search Domain Scan URL

URL: https://medium.freecodecamp.org/tor-signal-and-beyond-a-law-abiding-citizens-guide-to-privacy-1a593f2104c3?source=placement_card_footer_grid---------2-43

Search URL Search Domain Scan URL

URL: https://medium.freecodecamp.org/@quincylarson

Search URL Search Domain Scan URL

URL: https://medium.freecodecamp.org/@quincylarson?source=placement_card_footer_grid---------2-43
Title: Quincy Larson

Search URL Search Domain Scan URL

URL: https://medium.com/@Medium/personalize-your-medium-experience-with-users-publications-tags-26a41ab1ee0c#.hx4zuv3mg
Title: Learn more

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f HTTP 302
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fdoublepulsar.com%2Ftask-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f HTTP 302
https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f?gi=c68ff7e13e3 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

41 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f Show response
doublepulsar.com/
Redirect Chain

https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fdoublepulsar.com%2Ftask-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f
https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f?gi=c68ff7e13e3

125 KB
27 KB

538ms
538ms

Document
text/html

52.1.119.170
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f?gi=c68ff7e13e3

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.1.119.170 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-1-119-170.compute-1.amazonaws.com

Software

nginx / Medium

Resource Hash

001d3e0381c5f258c70cfc7e40be1bfca9374b3c94797fa0440b15f474b5703d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src https://localhost https://.instapaper.com https://.stripe.com https://.paypal.com https://getpocket.com https://doublepulsar.com https://.doublepulsar.com https://.medium.com https://medium.com https://.medium.com https://.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://.lightstep.com https://.branch.io https://app.zencoder.com 'self'; font-src data: https://.amazonaws.com https://.medium.com https://glyph.medium.com https://medium.com https://.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: doublepulsar.com
:scheme: https
:path: /task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f?gi=c68ff7e13e3
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: D19A2ED9EA1E3422BE38CB93F0B8E388

Response headers

status: 200
server: nginx
date: Tue, 28 Aug 2018 20:28:52 GMT
content-type: text/html; charset=utf-8
content-security-policy: default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://*.paypal.com https://getpocket.com https://doublepulsar.com https://*.doublepulsar.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://*.lightstep.com https://*.branch.io https://app.zencoder.com 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge, Chrome=1
x-powered-by: Medium
x-obvious-tid: 1535488132093:8494207a4823
x-obvious-info: 34738-9d22191,9d221911168
link: <https://medium.com/humans.txt>; rel="humans"
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Thu, 09 Sep 1999 09:09:09 GMT
pragma: no-cache
set-cookie: uid=lo_bTmMZWKEiNdn; path=/; expires=Wed, 28 Aug 2019 20:28:52 GMT; secure; httponly sid=1:gUQoO0TcXZiJqtUZtO5lTlF3feI3yl8xna4cQYmNTyhQKw6NoSc3Criw5Chyu8QL; path=/; expires=Wed, 28 Aug 2019 20:28:52 GMT; secure; httponly
tk: T
content-encoding: gzip

Redirect headers

status: 302
date: Tue, 28 Aug 2018 20:28:52 GMT
content-type: application/octet-stream
set-cookie: __cfduid=d6243f9b15bfd9b7874b6e01b3bc94ffc1535488131; expires=Wed, 28-Aug-19 20:28:51 GMT; path=/; domain=.medium.com; HttpOnly uid=lo_bTmMZWKEiNdn; Expires=Wed, 28-Aug-19 20:28:51 GMT; Domain=.medium.com; Path=/; Secure; HttpOnly sid=1:uge+FROmXG+nHJ3mSj5HxW81ACuj2Dyijo6e3ujnmoSe1+VpV0vEQQEzIrUClEOz; path=/; expires=Wed, 28 Aug 2019 20:28:51 GMT; domain=.medium.com; secure; httponly
content-security-policy: default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://*.paypal.com https://getpocket.com https://medium.com:443 https://*.medium.com:443 https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://*.lightstep.com https://*.branch.io https://app.zencoder.com 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge, Chrome=1
x-powered-by: Medium
x-obvious-tid: 1535488131938:3895cfe251ff
x-obvious-info: 34738-9d22191,9d221911168
link: <https://medium.com/humans.txt>; rel="humans"
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Thu, 09 Sep 1999 09:09:09 GMT
pragma: no-cache
tk: T
location: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f?gi=c68ff7e13e3
strict-transport-security: max-age=15552000; includeSubDomains; preload
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 451986d7da2cbf20-FRA

GET
S 200 m2.css
glyph.medium.com/css/e/sr/latin/e/ssr/latin/e/ssb/latin/ 43 KB
29 KB 44ms
22ms Stylesheet
text/css 2400:cb00:2048:1::6810:7691
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/css/e/sr/latin/e/ssr/latin/e/ssb/latin/m2.css

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f?gi=c68ff7e13e3

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2400:cb00:2048:1::6810:7691 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

cfa737df32b9a02f4a81427f7ce0ef751de3c9e937b121cc359678f4c49906ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f?gi=c68ff7e13e3
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 28 Aug 2018 20:28:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=14400
access-control-allow-credentials: true
cf-ray: 451986dccf63bee9-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Wed, 29 Aug 2018 00:28:52 GMT

GET
S 200 main-branding-base.rEWKzlnaQlBA3TovOX09Fw.css
cdn-static-1.medium.com/_/fp/css/ 461 KB
63 KB 32ms
15ms Stylesheet
text/css 2400:cb00:2048:1::6810:7691
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-static-1.medium.com/_/fp/css/main-branding-base.rEWKzlnaQlBA3TovOX09Fw.css

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f?gi=c68ff7e13e3

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2400:cb00:2048:1::6810:7691 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d4cbe93f6d870d39f0a65ae02fa55fcad48db3da48de2ce8973618a60d0578f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f?gi=c68ff7e13e3
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 28 Aug 2018 20:28:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-request-id: 2F2CDCD8F7A101A9
status: 200
vary: Accept-Encoding
content-length: 63522
x-amz-id-2: 2fv9NLMNAeTGHdng7H8VpvKBR0WMeCA3bRIw7zaJ2YA6sxGybmZ3eP7EDa+P2dgbyAgIoppE8kQ=
last-modified: Mon, 27 Aug 2018 21:23:29 GMT
server: cloudflare
etag: "978deef12efb74d86b861ca002b45f92"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 451986dcbf5abee9-FRA
expires: Wed, 28 Aug 2019 20:28:52 GMT

GET
S 200 analytics.js Show response
www.google-analytics.com/ 34 KB
14 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:81e::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f?gi=c68ff7e13e3

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81e::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

3fab1c883847e4b5a02f3749a9f4d9eab15cd4765873d3b2904a1a4c8755fba3

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f?gi=c68ff7e13e3
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 18 May 2018 01:10:24 GMT
server: Golfe2
age: 2986
date: Tue, 28 Aug 2018 19:39:06 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 14386
expires: Tue, 28 Aug 2018 21:39:06 GMT

GET
S 200 1*bry5HIDtIpONm_IDzSVYWA.jpeg
cdn-images-1.medium.com/letterbox/164/72/50/50/ 6 KB
6 KB 632ms
630ms Image
image/jpeg 2400:cb00:2048:1::6810:7691
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-images-1.medium.com/letterbox/164/72/50/50/1*bry5HIDtIpONm_IDzSVYWA.jpeg?source=logoAvatar-lo_bTmMZWKEiNdn---8343faddf0ec

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f?gi=c68ff7e13e3

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2400:cb00:2048:1::6810:7691 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

ecd4e7d93b0e021e5aa40a1589b5aa70dba23d80f9cb9020998bd3ead915226d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f?gi=c68ff7e13e3
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 28 Aug 2018 20:28:53 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3173-05fbec3
status: 200
vary: Accept-Encoding
content-length: 5693
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 451986dd0fb7bee9-FRA
expires: Thu, 27 Sep 2018 20:28:53 GMT

GET
S 200 1*bAnzT3NFn-9L1xf_XWqzgA.jpeg
cdn-images-1.medium.com/fit/c/120/120/ 6 KB
6 KB 27ms
25ms Image
image/jpeg 2400:cb00:2048:1::6810:7691
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-images-1.medium.com/fit/c/120/120/1*bAnzT3NFn-9L1xf_XWqzgA.jpeg

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f?gi=c68ff7e13e3

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2400:cb00:2048:1::6810:7691 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

dd288ea9c54b0fd8feedd3de8e2c91e77ca2fa58380945665ee83d54fc808aa0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f?gi=c68ff7e13e3
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 28 Aug 2018 20:28:52 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3173-05fbec3
status: 200
vary: Accept-Encoding
content-length: 6332
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 451986dd0fb8bee9-FRA
expires: Thu, 27 Sep 2018 20:28:52 GMT

GET
S 200 1*QGbgDHt48BSkdBNR2SUUXA.png
cdn-images-1.medium.com/freeze/max/60/ 905 B
1 KB 31ms
12ms Image
image/png 2400:cb00:2048:1::6810:7991
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-images-1.medium.com/freeze/max/60/1*QGbgDHt48BSkdBNR2SUUXA.png?q=20

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f?gi=c68ff7e13e3

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2400:cb00:2048:1::6810:7991 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

ddaf15d54c0ddd3bc986965d1357be26ddafc739c60a7e9af2d1871ab6afe4e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f?gi=c68ff7e13e3
Origin: https://doublepulsar.com

Response headers

date: Tue, 28 Aug 2018 20:28:52 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3173-05fbec3
status: 200
vary: Accept-Encoding
content-length: 905
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 451986dd1ad3638b-FRA
expires: Thu, 27 Sep 2018 20:28:52 GMT

GET
S 200 1*74s94Fgdzatbi9cjS0qPqg.png
cdn-images-1.medium.com/freeze/max/60/ 3 KB
3 KB 53ms
34ms Image
image/png 2400:cb00:2048:1::6810:7991
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-images-1.medium.com/freeze/max/60/1*74s94Fgdzatbi9cjS0qPqg.png?q=20

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f?gi=c68ff7e13e3

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2400:cb00:2048:1::6810:7991 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

9339ac52d824c320302756d6c55919c99edcf92e5a6b2c891a1474c04fc31b93

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f?gi=c68ff7e13e3
Origin: https://doublepulsar.com

Response headers

date: Tue, 28 Aug 2018 20:28:52 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3173-05fbec3
status: 200
vary: Accept-Encoding
content-length: 2837
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 451986dd1ad4638b-FRA
expires: Thu, 27 Sep 2018 20:28:52 GMT

GET
S 200 1*euFkwA7zJWm-l7aDoNtJrw.jpeg
cdn-images-1.medium.com/fit/c/120/120/ 7 KB
7 KB 18ms
16ms Image
image/jpeg 2400:cb00:2048:1::6810:7691
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-images-1.medium.com/fit/c/120/120/1*euFkwA7zJWm-l7aDoNtJrw.jpeg

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f?gi=c68ff7e13e3

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2400:cb00:2048:1::6810:7691 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

48b612477d7a718ad054a6c46be64c13f6610325ed1d8979db008b1c021ac8c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f?gi=c68ff7e13e3
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 28 Aug 2018 20:28:52 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3173-05fbec3
status: 200
vary: Accept-Encoding
content-length: 7042
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 451986dd0fb9bee9-FRA
expires: Thu, 27 Sep 2018 20:28:52 GMT

GET
S 200 1*euFkwA7zJWm-l7aDoNtJrw.jpeg
cdn-images-1.medium.com/fit/c/80/80/ 3 KB
3 KB 26ms
24ms Image
image/jpeg 2400:cb00:2048:1::6810:7691
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-images-1.medium.com/fit/c/80/80/1*euFkwA7zJWm-l7aDoNtJrw.jpeg

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f?gi=c68ff7e13e3

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2400:cb00:2048:1::6810:7691 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

d49f9d5f6cf0fe5e246dae163447d21a876c54cdf3da502fca7d95f2441a51a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f?gi=c68ff7e13e3
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 28 Aug 2018 20:28:52 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3173-05fbec3
status: 200
vary: Accept-Encoding
content-length: 3499
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 451986dd0fbabee9-FRA
expires: Thu, 27 Sep 2018 20:28:52 GMT

GET
S 200 main-base.bundle.f-HrTzKfLQ-RHgtMdZKvnQ.js Show response
cdn-static-1.medium.com/_/fp/gen-js/ 1 MB
332 KB 14ms
13ms Script
application/javascript 2400:cb00:2048:1::6810:7691
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-static-1.medium.com/_/fp/gen-js/main-base.bundle.f-HrTzKfLQ-RHgtMdZKvnQ.js

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f?gi=c68ff7e13e3

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2400:cb00:2048:1::6810:7691 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

38b31c7529a8422f3b72a5b6024cf038d17e6fc2090cc21bf78142942c9725e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f?gi=c68ff7e13e3
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 28 Aug 2018 20:28:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-request-id: 0853405475446B90
status: 200
vary: Accept-Encoding
content-length: 339605
x-amz-id-2: qu3uRgYSZIA1qUXdKjZrItTZLwqw+OzKOmyuMnQ17UsDYXCKAOtWovqCzzJHjGdmI7IhL6LsMJI=
last-modified: Tue, 28 Aug 2018 18:54:13 GMT
server: cloudflare
etag: "5d59bedf29db2e2e93b3c6e156338957"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 451986dd0fb5bee9-FRA
expires: Wed, 28 Aug 2019 20:28:52 GMT

GET
H/1.1 200
OK p.js Show response
d1z2jf7jlzjs58.cloudfront.net/keys/medium.com/ 39 KB
15 KB 32ms
8ms Script
application/x-javascript 52.85.182.26
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://d1z2jf7jlzjs58.cloudfront.net/keys/medium.com/p.js
Requested by: Host: doublepulsar.com
URL: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f?gi=c68ff7e13e3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.85.182.26 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-52-85-182-26.fra50.r.cloudfront.net
Software: nginx /
Resource Hash: 9017bde45a1db033bbe04bcebddbf4392bf9a5fa7f1f1bc6c84f7e640f71521b

Request headers

Referer: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f?gi=c68ff7e13e3
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 07 Aug 2018 00:43:09 GMT
Content-Encoding: gzip
Last-Modified: Tue, 07 Aug 2018 00:27:38 GMT
Server: nginx
Age: 71128
ETag: W/"5b68e77a-9c11"
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Content-Type: application/x-javascript
Via: 1.1 2d2eb60d814c8202a5a69fa957cd569d.cloudfront.net (CloudFront)
Connection: keep-alive
X-Amz-Cf-Id: bg0SRBDQKAG_Ph14b8gooo4x4tH5Ph19fP7Ag6g-5_OpHYVDUrrMcQ==

GET
H2 200 stat
doublepulsar.com/_/ 43 B
1 KB 139ms
139ms Image
image/gif 52.1.119.170
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://doublepulsar.com/_/stat?event=pixel.load&origin=https%3A%2F%2Fdoublepulsar.com

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f?gi=c68ff7e13e3

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.1.119.170 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-1-119-170.compute-1.amazonaws.com

Software

nginx / Medium

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src https://localhost https://.instapaper.com https://.stripe.com https://.paypal.com https://getpocket.com https://doublepulsar.com https://.doublepulsar.com https://.medium.com https://medium.com https://.medium.com https://.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://.lightstep.com https://.branch.io https://app.zencoder.com 'self'; font-src data: https://.amazonaws.com https://.medium.com https://glyph.medium.com https://medium.com https://.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

:path: /_/stat?event=pixel.load&origin=https%3A%2F%2Fdoublepulsar.com
pragma: no-cache
cookie: uid=lo_bTmMZWKEiNdn; sid=1:gUQoO0TcXZiJqtUZtO5lTlF3feI3yl8xna4cQYmNTyhQKw6NoSc3Criw5Chyu8QL
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: doublepulsar.com
referer: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f?gi=c68ff7e13e3
:scheme: https
:method: GET
Referer: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f?gi=c68ff7e13e3
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 28 Aug 2018 20:28:52 GMT
x-content-type-options: nosniff
x-powered-by: Medium
x-obvious-info: 34738-9d22191,9d221911168
status: 200
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge, Chrome=1
pragma: no-cache
x-obvious-tid: 1535488132684:c231da91d611
server: nginx
tk: T
x-frame-options: sameorigin
content-type: image/gif
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-security-policy: default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://*.paypal.com https://getpocket.com https://doublepulsar.com https://*.doublepulsar.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://*.lightstep.com https://*.branch.io https://app.zencoder.com 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
link: <https://medium.com/humans.txt>; rel="humans"
expires: Thu, 09 Sep 1999 09:09:09 GMT

GET
DATA 200
OK truncated
/ 9 KB
0 Font
font/opentype

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 99c5448d6c84fc71d6805e2485727db250113edcaea123a064f8c26ce95947d8

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Origin: https://doublepulsar.com

Response headers

Access-Control-Allow-Origin: *
Content-Type: font/opentype

GET
DATA 200
OK truncated
/ 10 KB
0 Font
font/opentype

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1ed6a034a5055a869c7c25765ee1f2844a27a54e83e8a857d77b3f1cd83dd3

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Origin: https://doublepulsar.com

Response headers

Access-Control-Allow-Origin: *
Content-Type: font/opentype

GET
DATA 200
OK truncated
/ 10 KB
0 Font
font/opentype

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a3d669b687929b3aa777fdd2c400c2b8c6b794978536a64d7e1f71edcf8037e8

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Origin: https://doublepulsar.com

Response headers

Access-Control-Allow-Origin: *
Content-Type: font/opentype

GET
S 200 charter-400-italic.woff
glyph.medium.com/font/81d2bf1/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 10 KB
11 KB 29ms
14ms Font
application/font-woff 2400:cb00:2048:1::6810:7991
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/81d2bf1/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/charter-400-italic.woff

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f?gi=c68ff7e13e3

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2400:cb00:2048:1::6810:7991 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f0b9a9e4ea994c106a4fc595828ca1332b2cd0435d5d159d26d1773344d97367

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://glyph.medium.com/css/e/sr/latin/e/ssr/latin/e/ssb/latin/m2.css
Origin: https://doublepulsar.com

Response headers

date: Tue, 28 Aug 2018 20:28:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=14400
access-control-allow-credentials: true
cf-ray: 451986dd2af6638b-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Wed, 29 Aug 2018 00:28:52 GMT

GET
S 200 marat-sans-400-normal.woff
glyph.medium.com/font/d8659c9/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 14 KB
15 KB 15ms
14ms Font
application/font-woff 2400:cb00:2048:1::6810:7991
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/d8659c9/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/marat-sans-400-normal.woff

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f?gi=c68ff7e13e3

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2400:cb00:2048:1::6810:7991 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

12fe85ec038af8c41ba830412520589dbd125d417913c10a57838ac92ab96192

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://glyph.medium.com/css/e/sr/latin/e/ssr/latin/e/ssb/latin/m2.css
Origin: https://doublepulsar.com

Response headers

date: Tue, 28 Aug 2018 20:28:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=14400
access-control-allow-credentials: true
cf-ray: 451986dd2aef638b-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Wed, 29 Aug 2018 00:28:52 GMT

GET
H/1.1 200
OK / Show response
srv-2018-08-28-20.pixel.parsely.com/start/ 77 B
380 B 431ms
109ms Script
application/json 52.202.229.79
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://srv-2018-08-28-20.pixel.parsely.com/start/?rand=1535488132722&plid=8719025&idsite=medium.com&url=https%3A%2F%2Fdoublepulsar.com%2Ftask-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f%3Fgi%3Dc68ff7e13e3&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%7D&sid=1&surl=https%3A%2F%2Fdoublepulsar.com%2Ftask-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f%3Fgi%3Dc68ff7e13e3&sref=&sts=1535488132719&slts=0&title=Task+Scheduler+ALPC+exploit+high+level+analysis+%E2%80%93+DoublePulsar&date=Tue+Aug+28+2018+20%3A28%3A52+GMT%2B0000+(Coordinated+Universal+Time)&action=pageview&callback=parselyStartCallback
Requested by: Host: d1z2jf7jlzjs58.cloudfront.net
URL: https://d1z2jf7jlzjs58.cloudfront.net/keys/medium.com/p.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.202.229.79 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-202-229-79.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 5ce0347e1c7738fb0d06911eb0dccfc350a84258da1da61e7a5879ca677e0853

Request headers

Referer: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f?gi=c68ff7e13e3
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 28 Aug 2018 20:28:53 GMT
Server: nginx
Connection: keep-alive
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Length: 77
Content-Type: application/json

GET
S 200 collect
www.google-analytics.com/r/ 35 B
101 B 16ms
15ms Image
image/gif 2a00:1450:4001:81e::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j68&a=906007676&t=pageview&_s=1&dl=https%3A%2F%2Fdoublepulsar.com%2Ftask-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f%3Fgi%3Dc68ff7e13e3&ul=en-us&de=UTF-8&dt=Task%20Scheduler%20ALPC%20exploit%20high%20level%20analysis%20%E2%80%93%20DoublePulsar&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAEAB~&jid=1805573815&gjid=726696173&cid=2070758958.1535488133&tid=UA-24232453-2&_gid=1631947436.1535488133&_r=1&z=226539488

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f?gi=c68ff7e13e3

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81e::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f?gi=c68ff7e13e3
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Aug 2018 20:28:52 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 main-common-async.bundle.nJD9-yjP0__r2XhkwIzYwQ.js Show response
cdn-static-1.medium.com/_/fp/gen-js/ 646 KB
177 KB 13ms
11ms Script
application/javascript 2400:cb00:2048:1::6810:7691
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-static-1.medium.com/_/fp/gen-js/main-common-async.bundle.nJD9-yjP0__r2XhkwIzYwQ.js

Requested by

Host: cdn-static-1.medium.com
URL: https://cdn-static-1.medium.com/_/fp/gen-js/main-base.bundle.f-HrTzKfLQ-RHgtMdZKvnQ.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2400:cb00:2048:1::6810:7691 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a29be471406efdc615f0cb4143cb80efb164aef7cd6882bc5503f6ace72c67d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f?gi=c68ff7e13e3
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 28 Aug 2018 20:28:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-request-id: 8E5A22E5C81F43D3
status: 200
vary: Accept-Encoding
content-length: 180743
x-amz-id-2: +xuw9bAs74sd1cSh8e1BhGs7G2yo+6KqwmsR4Z3jUyaHDHmaFpI50h94quDVq0m2L9vcax4SPpU=
last-modified: Tue, 28 Aug 2018 18:54:13 GMT
server: cloudflare
etag: "a899606bd250be7fee206361490c3680"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 451986deb9a9bee9-FRA
expires: Wed, 28 Aug 2019 20:28:52 GMT

OPTIONS
S 204 upvotes Show response
medium.com/p/ff08cda6ad4f/ 0
2 KB 173ms
159ms XHR
text/plain 2400:cb00:2048:1::6810:787f
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://medium.com/p/ff08cda6ad4f/upvotes

Requested by

Host: cdn-static-1.medium.com
URL: https://cdn-static-1.medium.com/_/fp/gen-js/main-base.bundle.f-HrTzKfLQ-RHgtMdZKvnQ.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2400:cb00:2048:1::6810:787f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Medium

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src https://localhost https://.instapaper.com https://.stripe.com https://.paypal.com https://getpocket.com https://medium.com:443 https://.medium.com:443 https://.medium.com https://medium.com https://.medium.com https://.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://.lightstep.com https://.branch.io https://app.zencoder.com 'self'; font-src data: https://.amazonaws.com https://.medium.com https://glyph.medium.com https://medium.com https://.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Access-Control-Request-Method: GET
Origin: https://doublepulsar.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers: content-type,x-client-date,x-obvious-cid,x-opentracing,x-xsrf-token

Response headers

date: Tue, 28 Aug 2018 20:28:53 GMT
x-content-type-options: nosniff
x-powered-by: Medium
x-obvious-info: 34738-9d22191,9d221911168
status: 204
access-control-max-age: 86400
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge, Chrome=1
access-control-allow-headers: Accept, Content-Type, Origin, User-Agent, DNT, Cache-Control, X-Xsrf-Token, X-Obvious-Cid, X-Client-Date, x-opentracing
x-obvious-tid: 1535488133074:bd07555ba0b8
server: cloudflare
x-frame-options: sameorigin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-methods: GET, POST, PUT, DELETE
access-control-allow-origin: https://doublepulsar.com
cache-control: no-cache
access-control-allow-credentials: true
content-security-policy: default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://*.paypal.com https://getpocket.com https://medium.com:443 https://*.medium.com:443 https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://*.lightstep.com https://*.branch.io https://app.zencoder.com 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
cf-ray: 451986df1a4963f1-FRA
link: <https://medium.com/humans.txt>; rel="humans"

GET
S 200 1*QGbgDHt48BSkdBNR2SUUXA.png
cdn-images-1.medium.com/max/1600/ 24 KB
24 KB 11ms
10ms Image
image/png 2400:cb00:2048:1::6810:7691
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-images-1.medium.com/max/1600/1*QGbgDHt48BSkdBNR2SUUXA.png

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2400:cb00:2048:1::6810:7691 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

a2a593a4971e2cf80ae04855e04de39d1c7c2eda07c6191938d9b1c675d06cf2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 28 Aug 2018 20:28:52 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3173-05fbec3
status: 200
vary: Accept-Encoding
content-length: 24145
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 451986df1a05bee9-FRA
expires: Thu, 27 Sep 2018 20:28:52 GMT

GET
S 200 1*74s94Fgdzatbi9cjS0qPqg.png
cdn-images-1.medium.com/max/1600/ 158 KB
158 KB 12ms
11ms Image
image/png 2400:cb00:2048:1::6810:7691
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-images-1.medium.com/max/1600/1*74s94Fgdzatbi9cjS0qPqg.png

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2400:cb00:2048:1::6810:7691 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

c0ba01921bd2a53e2b8556a112d98c10576c2d44842cbd68a9fde225b42263d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 28 Aug 2018 20:28:52 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3173-05fbec3
status: 200
vary: Accept-Encoding
content-length: 161612
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 451986df1a06bee9-FRA
expires: Thu, 27 Sep 2018 20:28:52 GMT

GET
S 200 main-notes.bundle.YL0ZDiM8Uv0f_wuvzZFRDQ.js Show response
cdn-static-1.medium.com/_/fp/gen-js/ 89 KB
29 KB 13ms
13ms Script
application/javascript 2400:cb00:2048:1::6810:7691
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-static-1.medium.com/_/fp/gen-js/main-notes.bundle.YL0ZDiM8Uv0f_wuvzZFRDQ.js

Requested by

Host: cdn-static-1.medium.com
URL: https://cdn-static-1.medium.com/_/fp/gen-js/main-base.bundle.f-HrTzKfLQ-RHgtMdZKvnQ.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2400:cb00:2048:1::6810:7691 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

534956f6fbe11b9b63044a7d9d89af8791868e93af9f3834b6944bb1425388ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 28 Aug 2018 20:28:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-request-id: 502644B109ED8681
status: 200
vary: Accept-Encoding
content-length: 29581
x-amz-id-2: QAO38t6S5WL4P3Y6bcbILaKxCFgrtbKCeM69hnD5FeZBlI5guVgOr83lvb7dja/u2oir5MpPIH0=
last-modified: Tue, 28 Aug 2018 18:54:13 GMT
server: cloudflare
etag: "f16e0d128efd70840eccc02932baaf70"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 451986df9a86bee9-FRA
expires: Wed, 28 Aug 2019 20:28:53 GMT

GET
S 200 upvotes Show response
medium.com/p/ff08cda6ad4f/ 9 KB
2 KB 225ms
225ms XHR
application/json 2400:cb00:2048:1::6810:7c7f
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://medium.com/p/ff08cda6ad4f/upvotes

Requested by

Host: doublepulsar.com
URL: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2400:cb00:2048:1::6810:7c7f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Medium

Resource Hash

122226a57f6f35408d53036b32f74049fa3a1d054d201c1c36b8ea0267813183

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

X-Client-Date: 1535488132964
Origin: https://doublepulsar.com
X-XSRF-Token: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/json
X-Obvious-CID: web
Accept: application/json
Referer: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f
x-opentracing: {"ot-tracer-spanid":"19155cd08b085a","ot-tracer-traceid":"5bb9f08238140c90","ot-tracer-sampled":"true"}

Response headers

date: Tue, 28 Aug 2018 20:28:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-powered-by: Medium
x-obvious-info: 34738-9d22191,9d221911168
status: 200
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge, Chrome=1
pragma: no-cache
x-obvious-tid: 1535488133228:70634a392c53
server: cloudflare
x-frame-options: sameorigin
tk: T
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/json; charset=utf-8
access-control-allow-origin: https://doublepulsar.com
access-control-expose-headers: X-Xsrf-Token, X-Obvious-Cid, X-Client-Date, X-Obvious-Profiling, X-Diagnostics, x-opentracing
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
cf-ray: 451986e01bb0bf20-FRA
link: <https://medium.com/humans.txt>; rel="humans"
expires: Thu, 09 Sep 1999 09:09:09 GMT

OPTIONS
S 204 quotes Show response
medium.com/p/ff08cda6ad4f/ 0
148 B 432ms
431ms XHR
text/plain 2400:cb00:2048:1::6810:787f
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://medium.com/p/ff08cda6ad4f/quotes

Requested by

Host: cdn-static-1.medium.com
URL: https://cdn-static-1.medium.com/_/fp/gen-js/main-base.bundle.f-HrTzKfLQ-RHgtMdZKvnQ.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2400:cb00:2048:1::6810:787f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Medium

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src https://localhost https://.instapaper.com https://.stripe.com https://.paypal.com https://getpocket.com https://medium.com:443 https://.medium.com:443 https://.medium.com https://medium.com https://.medium.com https://.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://.lightstep.com https://.branch.io https://app.zencoder.com 'self'; font-src data: https://.amazonaws.com https://.medium.com https://glyph.medium.com https://medium.com https://.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Access-Control-Request-Method: GET
Origin: https://doublepulsar.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers: content-type,x-client-date,x-obvious-cid,x-xsrf-token

Response headers

date: Tue, 28 Aug 2018 20:28:53 GMT
x-content-type-options: nosniff
x-powered-by: Medium
x-obvious-info: 34738-9d22191,9d221911168
status: 204
access-control-max-age: 86400
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge, Chrome=1
access-control-allow-headers: Accept, Content-Type, Origin, User-Agent, DNT, Cache-Control, X-Xsrf-Token, X-Obvious-Cid, X-Client-Date, x-opentracing
x-obvious-tid: 1535488133582:ebd0988f6c4e
server: cloudflare
x-frame-options: sameorigin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-methods: GET, POST, PUT, DELETE
access-control-allow-origin: https://doublepulsar.com
cache-control: no-cache
access-control-allow-credentials: true
content-security-policy: default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://*.paypal.com https://getpocket.com https://medium.com:443 https://*.medium.com:443 https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://*.lightstep.com https://*.branch.io https://app.zencoder.com 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
cf-ray: 451986e0abc863f1-FRA
link: <https://medium.com/humans.txt>; rel="humans"

OPTIONS
S 204 responses Show response
medium.com/_/api/posts/ff08cda6ad4f/ 0
243 B 159ms
157ms XHR
text/plain 2400:cb00:2048:1::6810:787f
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://medium.com/_/api/posts/ff08cda6ad4f/responses?filter=best

Requested by

Host: cdn-static-1.medium.com
URL: https://cdn-static-1.medium.com/_/fp/gen-js/main-base.bundle.f-HrTzKfLQ-RHgtMdZKvnQ.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2400:cb00:2048:1::6810:787f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Medium

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src https://localhost https://.instapaper.com https://.stripe.com https://.paypal.com https://getpocket.com https://medium.com:443 https://.medium.com:443 https://.medium.com https://medium.com https://.medium.com https://.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://.lightstep.com https://.branch.io https://app.zencoder.com 'self'; font-src data: https://.amazonaws.com https://.medium.com https://glyph.medium.com https://medium.com https://.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Access-Control-Request-Method: GET
Origin: https://doublepulsar.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers: content-type,x-client-date,x-obvious-cid,x-opentracing,x-xsrf-token

Response headers

date: Tue, 28 Aug 2018 20:28:53 GMT
x-content-type-options: nosniff
x-powered-by: Medium
x-obvious-info: 34738-9d22191,9d221911168
status: 204
access-control-max-age: 86400
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge, Chrome=1
access-control-allow-headers: Accept, Content-Type, Origin, User-Agent, DNT, Cache-Control, X-Xsrf-Token, X-Obvious-Cid, X-Client-Date, x-opentracing
x-obvious-tid: 1535488133329:4da1e5827069
server: cloudflare
x-frame-options: sameorigin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-methods: GET, POST, PUT, DELETE
access-control-allow-origin: https://doublepulsar.com
cache-control: no-cache
access-control-allow-credentials: true
content-security-policy: default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://*.paypal.com https://getpocket.com https://medium.com:443 https://*.medium.com:443 https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://*.lightstep.com https://*.branch.io https://app.zencoder.com 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
cf-ray: 451986e0abd963f1-FRA
link: <https://medium.com/humans.txt>; rel="humans"

OPTIONS
S 200 reports Show response
collector-medium.lightstep.com/api/v0/ 0
194 B 348ms
109ms XHR
text/plain 52.0.177.159
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-medium.lightstep.com/api/v0/reports
Requested by: Host: cdn-static-1.medium.com
URL: https://cdn-static-1.medium.com/_/fp/gen-js/main-base.bundle.f-HrTzKfLQ-RHgtMdZKvnQ.js
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.0.177.159 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-0-177-159.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method: POST
Origin: https://doublepulsar.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers: content-type,lightstep-access-token

Response headers

date: Tue, 28 Aug 2018 20:28:53 GMT
access-control-allow-origin: *
access-control-allow-methods: POST
content-type: text/plain; charset=utf-8
status: 200
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
content-length: 0

GET
S 200 responses Show response
medium.com/_/api/posts/ff08cda6ad4f/ 153 B
543 B 243ms
243ms XHR
application/json 2400:cb00:2048:1::6810:7c7f
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://medium.com/_/api/posts/ff08cda6ad4f/responses?filter=best

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2400:cb00:2048:1::6810:7c7f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Medium

Resource Hash

5ed19a93dabd32b4bf6fcb7542de8cd00de1535ab15005c51eaece4eb0907bc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

X-Client-Date: 1535488133223
Origin: https://doublepulsar.com
X-XSRF-Token: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/json
X-Obvious-CID: web
Accept: application/json
Referer: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f
x-opentracing: {"ot-tracer-spanid":"cae2225b1ca6f","ot-tracer-traceid":"4c6a66dc08552","ot-tracer-sampled":"true"}

Response headers

date: Tue, 28 Aug 2018 20:28:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-powered-by: Medium
x-obvious-info: 34738-9d22191,9d221911168
status: 200
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge, Chrome=1
pragma: no-cache
x-obvious-tid: 1535488133495:125e9759aba9
server: cloudflare
x-frame-options: sameorigin
tk: T
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/json; charset=utf-8
access-control-allow-origin: https://doublepulsar.com
access-control-expose-headers: X-Xsrf-Token, X-Obvious-Cid, X-Client-Date, X-Obvious-Profiling, X-Diagnostics, x-opentracing
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
cf-ray: 451986e1ad7dbf20-FRA
link: <https://medium.com/humans.txt>; rel="humans"
expires: Thu, 09 Sep 1999 09:09:09 GMT

OPTIONS
S 204 responsesStream Show response
medium.com/_/api/posts/ff08cda6ad4f/ 0
148 B 195ms
195ms XHR
text/plain 2400:cb00:2048:1::6810:787f
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://medium.com/_/api/posts/ff08cda6ad4f/responsesStream?filter=best

Requested by

Host: cdn-static-1.medium.com
URL: https://cdn-static-1.medium.com/_/fp/gen-js/main-base.bundle.f-HrTzKfLQ-RHgtMdZKvnQ.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2400:cb00:2048:1::6810:787f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Medium

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src https://localhost https://.instapaper.com https://.stripe.com https://.paypal.com https://getpocket.com https://medium.com:443 https://.medium.com:443 https://.medium.com https://medium.com https://.medium.com https://.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://.lightstep.com https://.branch.io https://app.zencoder.com 'self'; font-src data: https://.amazonaws.com https://.medium.com https://glyph.medium.com https://medium.com https://.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Access-Control-Request-Method: GET
Origin: https://doublepulsar.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers: content-type,x-client-date,x-obvious-cid,x-opentracing,x-xsrf-token

Response headers

date: Tue, 28 Aug 2018 20:28:53 GMT
x-content-type-options: nosniff
x-powered-by: Medium
x-obvious-info: 34738-9d22191,9d221911168
status: 204
access-control-max-age: 86400
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge, Chrome=1
access-control-allow-headers: Accept, Content-Type, Origin, User-Agent, DNT, Cache-Control, X-Xsrf-Token, X-Obvious-Cid, X-Client-Date, x-opentracing
x-obvious-tid: 1535488133608:624d88531038
server: cloudflare
x-frame-options: sameorigin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-methods: GET, POST, PUT, DELETE
access-control-allow-origin: https://doublepulsar.com
cache-control: no-cache
access-control-allow-credentials: true
content-security-policy: default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://*.paypal.com https://getpocket.com https://medium.com:443 https://*.medium.com:443 https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://*.lightstep.com https://*.branch.io https://app.zencoder.com 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
cf-ray: 451986e23d2a63f1-FRA
link: <https://medium.com/humans.txt>; rel="humans"

POST
S 200 reports Show response
collector-medium.lightstep.com/api/v0/ 112 B
310 B 3370ms
3369ms XHR
application/json 52.0.177.159
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-medium.lightstep.com/api/v0/reports
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.0.177.159 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-0-177-159.compute-1.amazonaws.com
Software: /
Resource Hash: 6c8852de163d0d42bb09e9bab257b728cbcd289eefe523e2f41527181cd0b1c8

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f
Origin: https://doublepulsar.com
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
Content-Type: application/json

Response headers

date: Tue, 28 Aug 2018 20:28:56 GMT
status: 200
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
content-length: 112

GET
S 200 quotes Show response
medium.com/p/ff08cda6ad4f/ 97 B
311 B 327ms
327ms XHR
application/json 2400:cb00:2048:1::6810:7c7f
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://medium.com/p/ff08cda6ad4f/quotes

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2400:cb00:2048:1::6810:7c7f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Medium

Resource Hash

ea0623a65f5cf892db65e2d7c116975971981fd3601b28baeed3362e6410156e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

X-Client-Date: 1535488133221
Origin: https://doublepulsar.com
X-XSRF-Token: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/json
Accept: application/json
Referer: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f
X-Obvious-CID: web

Response headers

date: Tue, 28 Aug 2018 20:28:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-powered-by: Medium
x-obvious-info: 34738-9d22191,9d221911168
status: 200
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge, Chrome=1
pragma: no-cache
link: <https://medium.com/humans.txt>; rel="humans"
x-obvious-tid: 1535488133796:a7809482e6ef
server: cloudflare
x-frame-options: sameorigin
tk: T
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/json; charset=utf-8
access-control-allow-origin: https://doublepulsar.com
access-control-expose-headers: X-Xsrf-Token, X-Obvious-Cid, X-Client-Date, X-Obvious-Profiling, X-Diagnostics, x-opentracing
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
cf-ray: 451986e35f35bf20-FRA
x-opentracing: {"ot-tracer-spanid":"572c3cc7220e26ce","ot-tracer-traceid":"5a3b22317b893f77","ot-tracer-sampled":"true"}
expires: Thu, 09 Sep 1999 09:09:09 GMT

GET
S 200 responsesStream Show response
medium.com/_/api/posts/ff08cda6ad4f/ 115 B
244 B 369ms
369ms XHR
application/json 2400:cb00:2048:1::6810:7c7f
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://medium.com/_/api/posts/ff08cda6ad4f/responsesStream?filter=best

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2400:cb00:2048:1::6810:7c7f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Medium

Resource Hash

69b484b9d920826dae636253ccd8655ec92a8e4bf52f91a084bc8e4979c5ba98

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

X-Client-Date: 1535488133473
Origin: https://doublepulsar.com
X-XSRF-Token: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/json
X-Obvious-CID: web
Accept: application/json
Referer: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f
x-opentracing: {"ot-tracer-spanid":"8b7e93f56107","ot-tracer-traceid":"a919589420648","ot-tracer-sampled":"true"}

Response headers

date: Tue, 28 Aug 2018 20:28:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-powered-by: Medium
x-obvious-info: 34738-9d22191,9d221911168
status: 200
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge, Chrome=1
pragma: no-cache
x-obvious-tid: 1535488133761:cc158ef4fa25
server: cloudflare
x-frame-options: sameorigin
tk: T
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/json; charset=utf-8
access-control-allow-origin: https://doublepulsar.com
access-control-expose-headers: X-Xsrf-Token, X-Obvious-Cid, X-Client-Date, X-Obvious-Profiling, X-Diagnostics, x-opentracing
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
cf-ray: 451986e36f4abf20-FRA
link: <https://medium.com/humans.txt>; rel="humans"
expires: Thu, 09 Sep 1999 09:09:09 GMT

OPTIONS
S 204 placements Show response
medium.com/_/api/ 0
171 B 158ms
158ms XHR
text/plain 2400:cb00:2048:1::6810:787f
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://medium.com/_/api/placements?requestContext%5BpostPageContext%5D%5BpostId%5D=ff08cda6ad4f&requestContext%5BcontextType%5D=postPageContext&slots%5B0%5D%5Blocation%5D=1&slots%5B0%5D%5Bindex%5D=0

Requested by

Host: cdn-static-1.medium.com
URL: https://cdn-static-1.medium.com/_/fp/gen-js/main-base.bundle.f-HrTzKfLQ-RHgtMdZKvnQ.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2400:cb00:2048:1::6810:787f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Medium

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src https://localhost https://.instapaper.com https://.stripe.com https://.paypal.com https://getpocket.com https://medium.com:443 https://.medium.com:443 https://.medium.com https://medium.com https://.medium.com https://.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://.lightstep.com https://.branch.io https://app.zencoder.com 'self'; font-src data: https://.amazonaws.com https://.medium.com https://glyph.medium.com https://medium.com https://.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Access-Control-Request-Method: GET
Origin: https://doublepulsar.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers: content-type,x-client-date,x-obvious-cid,x-opentracing,x-xsrf-token

Response headers

date: Tue, 28 Aug 2018 20:28:54 GMT
x-content-type-options: nosniff
x-powered-by: Medium
x-obvious-info: 34738-9d22191,9d221911168
status: 204
access-control-max-age: 86400
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge, Chrome=1
access-control-allow-headers: Accept, Content-Type, Origin, User-Agent, DNT, Cache-Control, X-Xsrf-Token, X-Obvious-Cid, X-Client-Date, x-opentracing
x-obvious-tid: 1535488134071:3e8cec4c9142
server: cloudflare
x-frame-options: sameorigin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-methods: GET, POST, PUT, DELETE
access-control-allow-origin: https://doublepulsar.com
cache-control: no-cache
access-control-allow-credentials: true
content-security-policy: default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://*.paypal.com https://getpocket.com https://medium.com:443 https://*.medium.com:443 https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://*.lightstep.com https://*.branch.io https://app.zencoder.com 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
cf-ray: 451986e55f6763f1-FRA
link: <https://medium.com/humans.txt>; rel="humans"

GET
S 200 placements Show response
medium.com/_/api/ 28 KB
7 KB 749ms
749ms XHR
application/json 2400:cb00:2048:1::6810:7c7f
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://medium.com/_/api/placements?requestContext%5BpostPageContext%5D%5BpostId%5D=ff08cda6ad4f&requestContext%5BcontextType%5D=postPageContext&slots%5B0%5D%5Blocation%5D=1&slots%5B0%5D%5Bindex%5D=0

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2400:cb00:2048:1::6810:7c7f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Medium

Resource Hash

67e952ed5c0f001b92933cf23e4d6c854d4f14a6776be46646773b7960ec9257

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

X-Client-Date: 1535488133975
Origin: https://doublepulsar.com
X-XSRF-Token: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/json
X-Obvious-CID: web
Accept: application/json
Referer: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f
x-opentracing: {"ot-tracer-spanid":"938ebc9f81396","ot-tracer-traceid":"462e60db9ba00","ot-tracer-sampled":"true"}

Response headers

date: Tue, 28 Aug 2018 20:28:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-powered-by: Medium
x-obvious-info: 34738-9d22191,9d221911168
status: 200
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge, Chrome=1
pragma: no-cache
x-obvious-tid: 1535488134236:eb4f8f709c6a
server: cloudflare
x-frame-options: sameorigin
tk: T
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/json; charset=utf-8
access-control-allow-origin: https://doublepulsar.com
access-control-expose-headers: X-Xsrf-Token, X-Obvious-Cid, X-Client-Date, X-Obvious-Profiling, X-Diagnostics, x-opentracing
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
cf-ray: 451986e659dbbf20-FRA
link: <https://medium.com/humans.txt>; rel="humans"
expires: Thu, 09 Sep 1999 09:09:09 GMT

GET
S 200 1*bAnzT3NFn-9L1xf_XWqzgA.jpeg
cdn-images-1.medium.com/fit/c/36/36/ 2 KB
2 KB 11ms
11ms Image
image/jpeg 2400:cb00:2048:1::6810:7691
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-images-1.medium.com/fit/c/36/36/1*bAnzT3NFn-9L1xf_XWqzgA.jpeg

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2400:cb00:2048:1::6810:7691 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

49d968f60654979a77d05e95c4264afae4d4b75f97dab7fc975528f0ba12f765

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 28 Aug 2018 20:28:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3173-05fbec3
status: 200
vary: Accept-Encoding
content-length: 1661
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 451986eb29c9bee9-FRA
expires: Thu, 27 Sep 2018 20:28:54 GMT

GET
S 200 1*aTuK1Gn--qhwGZeEj2QXig.jpeg
cdn-images-1.medium.com/fit/c/36/36/ 2 KB
2 KB 12ms
12ms Image
image/jpeg 2400:cb00:2048:1::6810:7691
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-images-1.medium.com/fit/c/36/36/1*aTuK1Gn--qhwGZeEj2QXig.jpeg

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2400:cb00:2048:1::6810:7691 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

80320da0a0712225c5deb7303520058ea7895ca540fa873224f09d024e0d9a3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 28 Aug 2018 20:28:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3173-05fbec3
status: 200
vary: Accept-Encoding
content-length: 1702
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 451986eb29cabee9-FRA
expires: Thu, 27 Sep 2018 20:28:54 GMT

GET
S 200 1*CEi35YFI3DqbuAu0jAhFYA.jpeg
cdn-images-1.medium.com/fit/c/36/36/ 1 KB
1 KB 12ms
12ms Image
image/jpeg 2400:cb00:2048:1::6810:7691
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-images-1.medium.com/fit/c/36/36/1*CEi35YFI3DqbuAu0jAhFYA.jpeg

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2400:cb00:2048:1::6810:7691 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

96323a560d35f46fbea4d79725fd43453cfe7e00d4979b146667bff7662764e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 28 Aug 2018 20:28:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3173-05fbec3
status: 200
vary: Accept-Encoding
content-length: 1364
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 451986eb29cbbee9-FRA
expires: Thu, 27 Sep 2018 20:28:54 GMT

GET
S 200 1*heFbQfGHtoU_6vfRQSZkDg.jpeg
cdn-images-1.medium.com/fit/c/400/120/ 28 KB
28 KB 30ms
30ms Image
image/jpeg 2400:cb00:2048:1::6810:7691
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-images-1.medium.com/fit/c/400/120/1*heFbQfGHtoU_6vfRQSZkDg.jpeg

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2400:cb00:2048:1::6810:7691 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

2e184ffa8671970f3fe4b0be312117044ed4f457cfae3b01491a407056283efc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 28 Aug 2018 20:28:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3173-05fbec3
status: 200
vary: Accept-Encoding
content-length: 28300
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 451986eb29ccbee9-FRA
expires: Thu, 27 Sep 2018 20:28:54 GMT

GET
S 200 1*xw9gprMTI6h3U3NkKV0vUg.jpeg
cdn-images-1.medium.com/fit/c/400/120/ 19 KB
19 KB 11ms
11ms Image
image/jpeg 2400:cb00:2048:1::6810:7691
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-images-1.medium.com/fit/c/400/120/1*xw9gprMTI6h3U3NkKV0vUg.jpeg

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2400:cb00:2048:1::6810:7691 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

2a16c73520a131d8b796ee318141f1dd283b26cbb7f53ea7e72496b0f0a3e4c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 28 Aug 2018 20:28:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3173-05fbec3
status: 200
vary: Accept-Encoding
content-length: 19060
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 451986eb29cdbee9-FRA
expires: Thu, 27 Sep 2018 20:28:54 GMT

GET
S 200 1*ayrs-c5kyUqIuLskDCErvw.png
cdn-images-1.medium.com/fit/c/400/120/ 111 KB
111 KB 16ms
16ms Image
image/png 2400:cb00:2048:1::6810:7691
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-images-1.medium.com/fit/c/400/120/1*ayrs-c5kyUqIuLskDCErvw.png

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2400:cb00:2048:1::6810:7691 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

57318970f383436309aa4c79ebd6a929a072faea81c40fbf182042778374b673

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 28 Aug 2018 20:28:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3173-05fbec3
status: 200
vary: Accept-Encoding
content-length: 113499
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 451986eb29cfbee9-FRA
expires: Thu, 27 Sep 2018 20:28:54 GMT

OPTIONS reports
collector-medium.lightstep.com/api/v0/ 0
0

POST
H2 409 batch Show response
doublepulsar.com/_/ 115 B
1 KB 297ms
296ms XHR
application/json 52.1.119.170
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://doublepulsar.com/_/batch

Requested by

Host: cdn-static-1.medium.com
URL: https://cdn-static-1.medium.com/_/fp/gen-js/main-base.bundle.f-HrTzKfLQ-RHgtMdZKvnQ.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.1.119.170 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-1-119-170.compute-1.amazonaws.com

Software

nginx / Medium

Resource Hash

bfaa03919d4b6d3418d0c9e1d43c961fb3ccc20e78998dd39df8aa6c9f049892

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

origin: https://doublepulsar.com
x-xsrf-token: 1
accept-encoding: gzip, deflate
x-obvious-cid: web
content-length: 17146
:path: /_/batch
pragma: no-cache
x-client-date: 1535488137864
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
content-type: application/json
accept: application/json
cache-control: no-cache
:authority: doublepulsar.com
referer: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f
:scheme: https
:method: POST
X-Client-Date: 1535488137864
Origin: https://doublepulsar.com
X-XSRF-Token: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/json
Accept: application/json
Referer: https://doublepulsar.com/task-scheduler-alpc-exploit-high-level-analysis-ff08cda6ad4f
X-Obvious-CID: web

Response headers

date: Tue, 28 Aug 2018 20:28:58 GMT
x-content-type-options: nosniff
x-powered-by: Medium
x-obvious-info: 34738-9d22191,9d221911168
status: 409
content-length: 115
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge, Chrome=1
pragma: no-cache
link: <https://medium.com/humans.txt>; rel="humans"
x-obvious-tid: 1535488138012:3193c5ac3ab5
server: nginx
x-frame-options: sameorigin
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
set-cookie: uid=; path=/; expires=Tue, 28 Aug 2018 20:28:57 GMT; domain=doublepulsar.com; secure; httponly sid=; path=/; expires=Tue, 28 Aug 2018 20:28:57 GMT; domain=doublepulsar.com; secure; httponly uid=; path=/; expires=Tue, 28 Aug 2018 20:28:57 GMT; domain=.doublepulsar.com; secure; httponly sid=; path=/; expires=Tue, 28 Aug 2018 20:28:57 GMT; domain=.doublepulsar.com; secure; httponly uid=; path=/; expires=Tue, 28 Aug 2018 20:28:57 GMT; secure; httponly sid=; path=/; expires=Tue, 28 Aug 2018 20:28:57 GMT; secure; httponly
x-opentracing: {"ot-tracer-spanid":"5052aa341a596a4e","ot-tracer-traceid":"21d2cdf73637d327","ot-tracer-sampled":"true"}
expires: Thu, 09 Sep 1999 09:09:09 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: collector-medium.lightstep.com
URL: https://collector-medium.lightstep.com/api/v0/reports

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self'; connect-src https://localhost https://.instapaper.com https://.stripe.com https://.paypal.com https://getpocket.com https://doublepulsar.com https://.doublepulsar.com https://.medium.com https://medium.com https://.medium.com https://.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://.lightstep.com https://.branch.io https://app.zencoder.com 'self'; font-src data: https://.amazonaws.com https://.medium.com https://glyph.medium.com https://medium.com https://.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn-images-1.medium.com
cdn-static-1.medium.com
collector-medium.lightstep.com
d1z2jf7jlzjs58.cloudfront.net
doublepulsar.com
glyph.medium.com
medium.com
srv-2018-08-28-20.pixel.parsely.com
www.google-analytics.com
collector-medium.lightstep.com
2400:cb00:2048:1::6810:7691
2400:cb00:2048:1::6810:787f
2400:cb00:2048:1::6810:7991
2400:cb00:2048:1::6810:7c7f
2a00:1450:4001:81e::200e
52.0.177.159
52.1.119.170
52.202.229.79
52.85.182.26
001d3e0381c5f258c70cfc7e40be1bfca9374b3c94797fa0440b15f474b5703d
122226a57f6f35408d53036b32f74049fa3a1d054d201c1c36b8ea0267813183
12fe85ec038af8c41ba830412520589dbd125d417913c10a57838ac92ab96192
2a16c73520a131d8b796ee318141f1dd283b26cbb7f53ea7e72496b0f0a3e4c0
2e184ffa8671970f3fe4b0be312117044ed4f457cfae3b01491a407056283efc
38b31c7529a8422f3b72a5b6024cf038d17e6fc2090cc21bf78142942c9725e9
3fab1c883847e4b5a02f3749a9f4d9eab15cd4765873d3b2904a1a4c8755fba3
48b612477d7a718ad054a6c46be64c13f6610325ed1d8979db008b1c021ac8c9
49d968f60654979a77d05e95c4264afae4d4b75f97dab7fc975528f0ba12f765
4a29be471406efdc615f0cb4143cb80efb164aef7cd6882bc5503f6ace72c67d
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
534956f6fbe11b9b63044a7d9d89af8791868e93af9f3834b6944bb1425388ed
57318970f383436309aa4c79ebd6a929a072faea81c40fbf182042778374b673
5ce0347e1c7738fb0d06911eb0dccfc350a84258da1da61e7a5879ca677e0853
5ed19a93dabd32b4bf6fcb7542de8cd00de1535ab15005c51eaece4eb0907bc8
67e952ed5c0f001b92933cf23e4d6c854d4f14a6776be46646773b7960ec9257
69b484b9d920826dae636253ccd8655ec92a8e4bf52f91a084bc8e4979c5ba98
6c8852de163d0d42bb09e9bab257b728cbcd289eefe523e2f41527181cd0b1c8
80320da0a0712225c5deb7303520058ea7895ca540fa873224f09d024e0d9a3b
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
9017bde45a1db033bbe04bcebddbf4392bf9a5fa7f1f1bc6c84f7e640f71521b
9339ac52d824c320302756d6c55919c99edcf92e5a6b2c891a1474c04fc31b93
96323a560d35f46fbea4d79725fd43453cfe7e00d4979b146667bff7662764e3
99c5448d6c84fc71d6805e2485727db250113edcaea123a064f8c26ce95947d8
a2a593a4971e2cf80ae04855e04de39d1c7c2eda07c6191938d9b1c675d06cf2
a3d669b687929b3aa777fdd2c400c2b8c6b794978536a64d7e1f71edcf8037e8
bfaa03919d4b6d3418d0c9e1d43c961fb3ccc20e78998dd39df8aa6c9f049892
c0ba01921bd2a53e2b8556a112d98c10576c2d44842cbd68a9fde225b42263d0
cfa737df32b9a02f4a81427f7ce0ef751de3c9e937b121cc359678f4c49906ca
d49f9d5f6cf0fe5e246dae163447d21a876c54cdf3da502fca7d95f2441a51a6
d4cbe93f6d870d39f0a65ae02fa55fcad48db3da48de2ce8973618a60d0578f6
dd288ea9c54b0fd8feedd3de8e2c91e77ca2fa58380945665ee83d54fc808aa0
ddaf15d54c0ddd3bc986965d1357be26ddafc739c60a7e9af2d1871ab6afe4e7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea0623a65f5cf892db65e2d7c116975971981fd3601b28baeed3362e6410156e
ecd4e7d93b0e021e5aa40a1589b5aa70dba23d80f9cb9020998bd3ead915226d
ef1ed6a034a5055a869c7c25765ee1f2844a27a54e83e8a857d77b3f1cd83dd3
f0b9a9e4ea994c106a4fc595828ca1332b2cd0435d5d159d26d1773344d97367

doublepulsar.com Open in urlscan Pro 52.1.119.170 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

41 Requests

98 %HTTPS

56 %IPv6

6 Domains

9 Subdomains

10 IPs

2 Countries

1098 kBTransfer

3032 kBSize

0 Cookies

18 Outgoing links

Page URL History

Redirected requests

41 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

doublepulsar.com Open in urlscan Pro
52.1.119.170 Public Scan

Screenshot
Live screenshot

Full Image

41
Requests

98 %
HTTPS

56 %
IPv6

6
Domains

9
Subdomains

10
IPs

2
Countries

1098 kB
Transfer

3032 kB
Size

0
Cookies

41 HTTP transactions
3 data transactions