posts.specterops.io Open in urlscan Pro
52.0.16.118 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Effective URL:
https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
Submission: On May 02 via api (May 2nd 2022, 12:37:43 pm UTC) from BE — Scanned from DE

Summary HTTP 146 Redirects Links 86 Behaviour Indicators

Summary

This website contacted 7 IPs in 2 countries across 5 domains to perform 146 HTTP transactions. The main IP is 52.0.16.118, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is posts.specterops.io.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on January 5th 2022. Valid for: a year.

This is the only time posts.specterops.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 15	52.0.16.118 52.0.16.118	14618 (AMAZON-AES) (AMAZON-AES)
1 118	2606:4700:7::... 2606:4700:7::a29f:9804	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2606:4700:7::... 2606:4700:7::a29f:9904	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
1	143.204.98.69 143.204.98.69	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:236... 2600:9000:236e:1000:19:9934:6a80:93a1	16509 (AMAZON-02) (AMAZON-02)
4	2600:9000:215... 2600:9000:2156:5e00:11:f728:3040:93a1	16509 (AMAZON-02) (AMAZON-02)
146	7

15 52.0.16.118 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-0-16-118.compute-1.amazonaws.com

posts.specterops.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

118 2606:4700:7::a29f:9804 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
glyph.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
miro.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-client.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:7::a29f:9904 (United States)

ASN13335 (CLOUDFLARENET, US)

glyph.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.69 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-69.fra50.r.cloudfront.net

cdn.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:236e:1000:19:9934:6a80:93a1 (United States)

ASN16509 (AMAZON-02, US)

app.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:2156:5e00:11:f728:3040:93a1 (United States)

ASN16509 (AMAZON-02, US)

api2.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
124	medium.com 1 redirects medium.com — Cisco Umbrella Rank: 11597 glyph.medium.com — Cisco Umbrella Rank: 27832 miro.medium.com — Cisco Umbrella Rank: 19639 cdn-client.medium.com — Cisco Umbrella Rank: 30748	2 MB
15	specterops.io 1 redirects posts.specterops.io	62 KB
5	branch.io cdn.branch.io — Cisco Umbrella Rank: 796 api2.branch.io — Cisco Umbrella Rank: 474	26 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 101	20 KB
1	app.link app.link — Cisco Umbrella Rank: 2461	568 B
146	5

	Domain	Requested by
66	miro.medium.com	posts.specterops.io
50	cdn-client.medium.com	posts.specterops.io cdn-client.medium.com
15	posts.specterops.io	1 redirects cdn-client.medium.com
7	glyph.medium.com	posts.specterops.io glyph.medium.com
4	api2.branch.io	cdn-client.medium.com
3	www.google-analytics.com	posts.specterops.io cdn-client.medium.com
1	app.link	cdn.branch.io
1	cdn.branch.io	posts.specterops.io
1	medium.com	1 redirects
146	9

This site contains links to these domains. Also see Links.

Domain
medium.com
rsci.app.link
policy.medium.com
mattifestation.medium.com
docs.microsoft.com
www.youtube.com
technet.microsoft.com
www.bleepingcomputer.com
unmitigatedrisk.com
www.download.windowsupdate.com
gist.github.com
msdn.microsoft.com
specterops.io
cyb3rward0g.medium.com
harmj0y.medium.com
jels-boulangier.medium.com
blog.readymag.com
readymag.medium.com
ngkio.medium.com
thenukewijesinghe.medium.com
help.medium.com
medium.statuspage.io
about.medium.com
blog.medium.com
knowable.fyi

Subject Issuer	Validity	Valid
posts.specterops.io Sectigo RSA Domain Validation Secure Server CA	`2022-01-05` - `2023-01-05`	a year	crt.sh
medium.com Cloudflare Inc ECC CA-3	`2022-04-27` - `2022-07-26`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
*.branch.io DigiCert TLS RSA SHA256 2020 CA1	`2021-10-27` - `2022-11-27`	a year	crt.sh
appipv4.link Amazon	`2021-06-24` - `2022-07-23`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
Frame ID: EA4A7074EE6E2737E107C8F632B88E72
Requests: 146 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Code Signing Certificate Cloning Attacks and Defenses | by Matt Graeber | Posts By SpecterOps Team Members

Page URL History Show full URLs

https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec HTTP 307
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fposts.specterops.io%2Fcode-signi... HTTP 302
https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b5... Page URL

Detected technologies

Medium (Blogs) Expand

Overall confidence: 100%
Detected patterns

medium\.com

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Page Statistics

146
Requests

100 %
HTTPS

71 %
IPv6

5
Domains

9
Subdomains

7
IPs

2
Countries

1693 kB
Transfer

4021 kB
Size

11
Cookies

86 Outgoing links

These are links going to different origins than the main page.

URL: https://medium.com/

Search URL Search Domain Scan URL

URL: https://rsci.app.link/?$canonical_url=https%3A%2F%2Fmedium.com/p/6f98657fc6ec&~feature=LoOpenInAppButton&~channel=ShowPostUnderCollection&~stage=mobileNavBar
Title: Open in app

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&source=post_page--------------------------nav_reg-----------
Title: Sign In

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&source=post_page--------------------------nav_reg-----------
Title: Get started

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fme%2Fnotifications&source=--------------------------notifications_sidenav-----------
Title: Notifications

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fme%2Flists&source=--------------------------lists_sidenav-----------
Title: Lists

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fme%2Fstories%2Fdrafts&source=--------------------------stories_sidenav-----------
Title: Stories

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fnew-story&source=--------------------------new_post_sidenav-----------
Title: Write

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-rules-30e5502c4eb4?source=responses-----6f98657fc6ec--------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&source=-----6f98657fc6ec---------------------respond_sidebar-----------
Title: What are your thoughts?

Search URL Search Domain Scan URL

URL: https://mattifestation.medium.com/?source=post_page-----6f98657fc6ec--------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fuser%2Fe8e64b89121&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&user=Matt+Graeber&userId=e8e64b89121&source=post_page-e8e64b89121----6f98657fc6ec---------------------follow_byline-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F6f98657fc6ec&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&source=--------------------------bookmark_header-----------

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/sysinternals/
Title: Sysinternals

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns
Title: Autoruns

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=AEmuhCwFL5I
Title: can be abused

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/powershell/module/pkiclient/new-selfsignedcertificate?view=win10-ps
Title: New-SelfSignedCertificate

Search URL Search Domain Scan URL

URL: https://technet.microsoft.com/en-us/library/cc783813(v=ws.10).aspx
Title: online

Search URL Search Domain Scan URL

URL: https://technet.microsoft.com/en-us/library/cc754841(v=ws.11).aspx
Title: via Group Policy

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/security/popular-usb-audio-driver-ships-with-root-certificate-big-security-no-no/
Title: Savitech audio driver

Search URL Search Domain Scan URL

URL: https://technet.microsoft.com/en-us/library/cc751157.aspx
Title: trusted by Microsoft

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/sysinternals/downloads/sigcheck
Title: sigcheck

Search URL Search Domain Scan URL

URL: http://unmitigatedrisk.com/?p=259
Title: authroot.stl

Search URL Search Domain Scan URL

URL: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Title: this link

Search URL Search Domain Scan URL

URL: https://gist.github.com/mattifestation/c712e525109f786fbaf6ed576b8d2832
Title: crude parser

Search URL Search Domain Scan URL

URL: https://msdn.microsoft.com/en-us/library/windows/desktop/aa377163(v=vs.85).aspx
Title: CertVerifyCertificateChainPolicy

Search URL Search Domain Scan URL

URL: https://specterops.io/assets/resources/SpecterOps_Subverting_Trust_in_Windows.pdf
Title: hijack Subject Interface Packages

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fspecter-ops-posts%2F6f98657fc6ec&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&user=Matt+Graeber&userId=e8e64b89121&source=-----6f98657fc6ec---------------------clap_footer-----------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fcollection%2Fspecter-ops-posts%2F6f98657fc6ec&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&collection=Posts+By+SpecterOps+Team+Members&collectionId=f05f8696e3cc&source=post_page-----6f98657fc6ec---------------------follow_footer-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://cyb3rward0g.medium.com/?source=post_page-----6f98657fc6ec----0----------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/tag/big-data?source=post_page-----6f98657fc6ec---------------big_data-----------------
Title: Big Data

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2Fa642c6b170d6&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fready-to-hunt-first-show-me-your-data-a642c6b170d6&source=-----6f98657fc6ec----0-----------------bookmark_preview-----------

Search URL Search Domain Scan URL

URL: https://medium.com/new-story?source=post_page_footer_cta_write-------------------------------------
Title: Write on Medium

Search URL Search Domain Scan URL

URL: https://medium.com/@bluescreenofjeff?source=post_page-----6f98657fc6ec----1----------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/tag/security?source=post_page-----6f98657fc6ec---------------security-----------------
Title: Security

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F767d4289af43&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fdesigning-effective-covert-red-team-attack-infrastructure-767d4289af43&source=-----6f98657fc6ec----1-----------------bookmark_preview-----------

Search URL Search Domain Scan URL

URL: https://mattifestation.medium.com/?source=post_page-----6f98657fc6ec----2----------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/tag/device-guard?source=post_page-----6f98657fc6ec---------------device_guard-----------------
Title: Device Guard

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2Ffd1a281b35a8&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fadventures-in-extremely-strict-device-guard-policy-configuration-part-1-device-drivers-fd1a281b35a8&source=-----6f98657fc6ec----2-----------------bookmark_preview-----------

Search URL Search Domain Scan URL

URL: https://harmj0y.medium.com/?source=post_page-----6f98657fc6ec----3----------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/tag/powerview?source=post_page-----6f98657fc6ec---------------powerview-----------------
Title: Powerview

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2Fe8d408c15c95&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fthe-powerview-powerusage-series-4-e8d408c15c95&source=-----6f98657fc6ec----3-----------------bookmark_preview-----------

Search URL Search Domain Scan URL

URL: https://medium.com/@enigma0x3?source=post_page-----6f98657fc6ec----4----------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/tag/dcom?source=post_page-----6f98657fc6ec---------------dcom-----------------
Title: Dcom

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2Fa88a81df27eb&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Flateral-movement-using-outlooks-createobject-method-and-dotnettojscript-a88a81df27eb&source=-----6f98657fc6ec----4-----------------bookmark_preview-----------

Search URL Search Domain Scan URL

URL: https://jels-boulangier.medium.com/first-steps-of-a-new-python-project-91f5360021ac?source=post_internal_links---------0----------------------------
Title: Jels BoulangierFirst Steps of a New Python Project

Search URL Search Domain Scan URL

URL: https://jels-boulangier.medium.com/?source=post_internal_links---------0----------------------------

Search URL Search Domain Scan URL

URL: https://blog.readymag.com/new-interactive-mode-new-ways-to-activate-shots-e682ecdd207c?source=post_internal_links---------1----------------------------
Title: ReadymaginReadymagNew interactive mode, new ways to activate Shots

Search URL Search Domain Scan URL

URL: https://readymag.medium.com/?source=post_internal_links---------1----------------------------

Search URL Search Domain Scan URL

URL: https://blog.readymag.com/?source=post_internal_links---------1----------------------------
Title: Readymag

Search URL Search Domain Scan URL

URL: https://medium.com/@andyjones_1981/making-user-journeys-configurable-in-the-gov-prototype-kit-d472d23d86a8?source=post_internal_links---------2----------------------------
Title: Andy JonesMaking user journeys configurable in the GOV prototype kit

Search URL Search Domain Scan URL

URL: https://medium.com/@andyjones_1981?source=post_internal_links---------2----------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/@tejendrabhandari/chaos-linkerd-implementation-25055c74063a?source=post_internal_links---------3----------------------------
Title: TejendrabhandariChaos & LinkerD Implementation

Search URL Search Domain Scan URL

URL: https://medium.com/@tejendrabhandari?source=post_internal_links---------3----------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/cruise/securing-kubernetes-with-k-rail-5f77a1a11174?source=post_internal_links---------4----------------------------
Title: Dustin DeckerinCruiseSecuring Kubernetes with K-rail

Search URL Search Domain Scan URL

URL: https://medium.com/@humanatcomputer?source=post_internal_links---------4----------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/cruise?source=post_internal_links---------4----------------------------
Title: Cruise

Search URL Search Domain Scan URL

URL: https://medium.com/ramsatt/how-to-format-date-and-time-in-java-2faa0ea33fe6?source=post_internal_links---------5----------------------------
Title: Sathish kumar RamalingaminramsattHow to format Date and Time in Java

Search URL Search Domain Scan URL

URL: https://medium.com/@ramsatt?source=post_internal_links---------5----------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/ramsatt?source=post_internal_links---------5----------------------------
Title: ramsatt

Search URL Search Domain Scan URL

URL: https://medium.com/@pavan.kunchapu/android-ios-enterprise-mobile-application-architecture-part-2-d2458ea0773f?source=post_internal_links---------6----------------------------
Title: Pavan KunchapuAndroid, iOS - Enterprise Mobile Application Architecture - Part 2

Search URL Search Domain Scan URL

URL: https://medium.com/@pavan.kunchapu?source=post_internal_links---------6----------------------------

Search URL Search Domain Scan URL

URL: https://ngkio.medium.com/coinness-interviewed-representatives-of-baccarat-consultants-to-learn-more-about-baccarat-and-high-aaec8320a1b9?source=post_internal_links---------7----------------------------
Title: NGK.IOCoinness interviewed representatives of Baccarat consultants to learn more about Baccarat and high…

Search URL Search Domain Scan URL

URL: https://ngkio.medium.com/?source=post_internal_links---------7----------------------------

Search URL Search Domain Scan URL

URL: https://mattifestation.medium.com/

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fuser%2Fe8e64b89121&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&user=Matt+Graeber&userId=e8e64b89121&source=post_page-e8e64b89121-------------------------follow_profile-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=%2F_%2Fapi%2Fsubscriptions%2Fnewsletters%2F7db304d15601&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&newsletterV3=e8e64b89121&newsletterV3Id=7db304d15601&user=Matt+Graeber&userId=e8e64b89121&source=--------------------------subscribe_user-----------

Search URL Search Domain Scan URL

URL: https://medium.com/@boblord/security-culture-rough-notes-f6f1f5cd6865?source=read_next_recirc---------0---------------------3490e566_a844_4be3_b453_6bfa3f5a60ab-------
Title: @boblordSecurity Culture Rough Notes

Search URL Search Domain Scan URL

URL: https://medium.com/@boblord?source=read_next_recirc---------0---------------------3490e566_a844_4be3_b453_6bfa3f5a60ab-------

Search URL Search Domain Scan URL

URL: https://medium.com/@michallevram/my-new-podcast-operation-firewall-436f755832ad?source=read_next_recirc---------1---------------------3490e566_a844_4be3_b453_6bfa3f5a60ab-------
Title: Michal Lev-RamMy new Podcast: Operation Firewall

Search URL Search Domain Scan URL

URL: https://medium.com/@michallevram?source=read_next_recirc---------1---------------------3490e566_a844_4be3_b453_6bfa3f5a60ab-------

Search URL Search Domain Scan URL

URL: https://thenukewijesinghe.medium.com/tracking-location-within-6-feet-929e1417d47e?source=read_next_recirc---------2---------------------3490e566_a844_4be3_b453_6bfa3f5a60ab-------
Title: Thenuke WijesingheTracking Location within 6 feet!

Search URL Search Domain Scan URL

URL: https://thenukewijesinghe.medium.com/?source=read_next_recirc---------2---------------------3490e566_a844_4be3_b453_6bfa3f5a60ab-------

Search URL Search Domain Scan URL

URL: https://medium.com/@chad_8793/abscan-cybersecurity-aggregation-for-foss-solutions-2acef2b70419?source=read_next_recirc---------3---------------------3490e566_a844_4be3_b453_6bfa3f5a60ab-------
Title: ChadABScan — Cybersecurity Aggregation for FOSS solutions.

Search URL Search Domain Scan URL

URL: https://medium.com/@chad_8793?source=read_next_recirc---------3---------------------3490e566_a844_4be3_b453_6bfa3f5a60ab-------

Search URL Search Domain Scan URL

URL: https://help.medium.com/hc/en-us
Title: Help

Search URL Search Domain Scan URL

URL: https://medium.statuspage.io/
Title: Status

Search URL Search Domain Scan URL

URL: https://about.medium.com/creators/
Title: Writers

Search URL Search Domain Scan URL

URL: https://blog.medium.com/
Title: Blog

Search URL Search Domain Scan URL

URL: https://medium.com/jobs-at-medium/work-at-medium-959d1a85284e
Title: Careers

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-privacy-policy-f03bf92035c9
Title: Privacy

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-terms-of-service-9db0094a1e0f
Title: Terms

Search URL Search Domain Scan URL

URL: https://medium.com/about?autoplay=1
Title: About

Search URL Search Domain Scan URL

URL: https://knowable.fyi/
Title: Knowable

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec HTTP 307
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec HTTP 302
https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

146 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec Show response
posts.specterops.io/
Redirect Chain

https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

221 KB
50 KB

868ms
868ms

Document
text/html

52.0.16.118
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.0.16.118 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-0-16-118.compute-1.amazonaws.com

Software

nginx /

Resource Hash

eb8eb3e0c49d3f68ed782a41959bc3a0262ea4025b553bd30069beecc0d537b7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://medium.com

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: frame-ancestors 'self' https://medium.com
content-type: text/html; charset=utf-8
date: Mon, 02 May 2022 12:37:35 GMT
etag: W/"374ec-MBjlnK7GCbizUWfsbhKfUdWWOd8"
medium-fulfilled-by: valencia/main-20220427-204309-b6dfbe6d15, lite/main-20220429-164525-76b86985eb, rito/main-20220502-112849-d11ea35936, tutu/main-20220429-184122-1a1a67f8b7
medium-missing-time: 339
sepia-upstream: medium
server: nginx
vary: Accept-Encoding
x-envoy-upstream-service-time: 763
x-request-received-at: 1651495054937

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache, no-store, max-age=0, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7050cf1b8e12996e-FRA
content-length: 0
content-security-policy: default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://medium.com https://*.medium.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
content-type: text/plain;charset=UTF-8
date: Mon, 02 May 2022 12:37:34 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: Thu, 09 Sep 1999 09:09:09 GMT
link: <https://medium.com/humans.txt>; rel="humans"
location: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
medium-fulfilled-by: edgy/8.3.0, valencia/main-20220427-204309-b6dfbe6d15
pragma: no-cache
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
worker-missing-cookies: 1
x-content-type-options: nosniff
x-envoy-upstream-service-time: 29
x-frame-options: sameorigin
x-obvious-info: 20220429-1842-root,1a1a67f8
x-obvious-tid: 1651495054729:bf7580b151f
x-opentracing: {"ot-tracer-spanid":"5b3b491b4c973916","ot-tracer-traceid":"10e805a5834a4ee","ot-tracer-sampled":"true"}
x-powered-by: Medium
x-ua-compatible: IE=edge, Chrome=1
x-xss-protection: 1; mode=block

GET
H2 200 unbound.css
glyph.medium.com/css/ 12 KB
1 KB 42ms
30ms Stylesheet
text/css 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/css/unbound.css

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9f2c1f3ed67f960d3ba0f120c688de9a9ac07db0a32ef8ad2eec65e703fe62f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 341
x-envoy-upstream-service-time: 27
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: text/css
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=7200
access-control-allow-credentials: true
cf-ray: 7050cf223ae3996e-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Mon, 02 May 2022 14:37:35 GMT

GET
H2 200 1*D-FDlfkqivRBQZoESrwtqw.png
miro.medium.com/fit/c/64/64/ 2 KB
2 KB 39ms
29ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/64/64/1*D-FDlfkqivRBQZoESrwtqw.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8bbe6871b13980a0c8d28ad8267ab8827abb9a9eb1f80691d0e91ffb57a8a51b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 373711
x-envoy-upstream-service-time: 37
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2399
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220303-000533-8c0cdff0ab
accept-ranges: bytes
cf-ray: 7050cf22bbb7996e-FRA
expires: Wed, 01 Jun 2022 12:37:35 GMT

GET
H2 200 1*rzDEywT-rGMVud0vq03qfw.jpeg
miro.medium.com/fit/c/96/96/ 7 KB
7 KB 35ms
26ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/96/96/1*rzDEywT-rGMVud0vq03qfw.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

27638e3a4e36b6a4a403e0fad7c322855c9a7559a585475e7f1347a109790503

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 167390
x-envoy-upstream-service-time: 64
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 7062
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 7050cf22bbb8996e-FRA
expires: Wed, 01 Jun 2022 12:37:35 GMT

GET
H3 200 sohne-400-normal.woff
glyph.medium.com/font/b492c44/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 19 KB
19 KB 53ms
42ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/b492c44/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b0f424bafe993b016ea96973894f95dfc4290608478a2d7d3fdd080d9b0a60d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 7096702
x-envoy-upstream-service-time: 32
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 7050cf22ba1d5c5c-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H2 200 1*Pe1OeWP-UySRMW4aWa4jJQ.png
miro.medium.com/max/1400/ 36 KB
36 KB 115ms
115ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/1400/1*Pe1OeWP-UySRMW4aWa4jJQ.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a9d4d3245169f56ad9bc167adec56c07184e6deef4256da99d14f7ed48dbdd4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 35
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 36474
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cf22cbd9996e-FRA
expires: Wed, 01 Jun 2022 12:37:35 GMT

GET
H2 200 1*fLrpueTtcZk_Gx5qOIxvsA.png
miro.medium.com/max/1400/ 229 KB
229 KB 180ms
178ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/1400/1*fLrpueTtcZk_Gx5qOIxvsA.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

33ca0a574612f3d1c32cbfa41440556463cadae2608bc6ecc90726275771bdc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 51
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 234084
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cf22cbe4996e-FRA
expires: Wed, 01 Jun 2022 12:37:35 GMT

GET
H2 200 1*3toLhPm3VGMpDEl36JE3dg.png
miro.medium.com/max/1400/ 130 KB
130 KB 137ms
135ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/1400/1*3toLhPm3VGMpDEl36JE3dg.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3140d725f076fec762b22640c8a80c4f96fc5345e5d2081858f540c9395be220

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 106
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 133094
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cf22cbe8996e-FRA
expires: Wed, 01 Jun 2022 12:37:35 GMT

GET
H2 200 1*AKQ4cT51gcN4EmWpcJbNEQ.jpeg
miro.medium.com/fit/c/40/40/ 1 KB
1 KB 28ms
26ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/1*AKQ4cT51gcN4EmWpcJbNEQ.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55639d0f6de7e3d3d8205dc12f5d243178451e4afb9eaecd062a317f825ea527

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 343543
x-envoy-upstream-service-time: 50
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1268
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 7050cf22cbe9996e-FRA
expires: Wed, 01 Jun 2022 12:37:35 GMT

GET
H3 200 0*T_vmStdFlN9LwSqy
miro.medium.com/focal/112/112/50/50/ 6 KB
7 KB 148ms
134ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/0*T_vmStdFlN9LwSqy

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fcd5ede73d71dc3c5ad03d804457853cb598e1721f92c94603ccf084272c97a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 36
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6321
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cf22fd669088-FRA
expires: Wed, 01 Jun 2022 12:37:35 GMT

GET
H3 200 1*OHbXtgSIV1gGcnG6_0u_YA.png
miro.medium.com/fit/c/40/40/ 960 B
1 KB 39ms
25ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/1*OHbXtgSIV1gGcnG6_0u_YA.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0d94f7b463a101acc0aab3becbe0d63929025e42eaa6ff23e6999953ffbcf719

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 64117
x-envoy-upstream-service-time: 55
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 960
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 7050cf22fd659088-FRA
expires: Wed, 01 Jun 2022 12:37:35 GMT

GET
H3 200 1*yhUMsApmfVB7sDiFfnJM8Q.png
miro.medium.com/focal/112/112/50/50/ 6 KB
7 KB 131ms
118ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/1*yhUMsApmfVB7sDiFfnJM8Q.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

81419976c7e01b2408ed407e5a7e8e505478286c3d01df8f6d206824fc45189f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 32
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6378
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cf22fd699088-FRA
expires: Wed, 01 Jun 2022 12:37:35 GMT

GET
H3 200 1*vs59_LRb_SmKADkM4KVXjg.jpeg
miro.medium.com/fit/c/40/40/ 1 KB
2 KB 139ms
125ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/1*vs59_LRb_SmKADkM4KVXjg.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0933460b008ff84e427d5cfad6fcc11996c98c27f59bff0b496d864a73aaa4e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 147
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1499
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 7050cf22fd6d9088-FRA
expires: Wed, 01 Jun 2022 12:37:35 GMT

GET
H3 200 0*g6bDQ-QUmmG1mDIH
miro.medium.com/focal/112/112/50/50/ 5 KB
5 KB 132ms
118ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/0*g6bDQ-QUmmG1mDIH

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cef387bd6938302d335cab8ac0f319e04575f1844f7762ef2e129852187d263c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 79
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5082
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cf22fd6a9088-FRA
expires: Wed, 01 Jun 2022 12:37:35 GMT

GET
H3 200 0*7B0qujBEUf9Mws-4
miro.medium.com/fit/c/40/40/ 2 KB
2 KB 55ms
41ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/0*7B0qujBEUf9Mws-4

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

63229414edb249c22a6cdf3e2754b19bb02198ade86fb46af6e562e0e22918b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 252695
x-envoy-upstream-service-time: 76
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1645
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cf22fd6b9088-FRA
expires: Wed, 01 Jun 2022 12:37:35 GMT

GET
H3 200 2*2hUfjdY1ONGsla6XJcBHEw.jpeg
miro.medium.com/fit/c/40/40/ 1 KB
2 KB 145ms
131ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/2*2hUfjdY1ONGsla6XJcBHEw.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bfc89bb7b75673e8e83d8aa5ff747a0a069ed5b2a44a2a732a5353eb2f2e3198

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 42
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1419
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cf22fd6c9088-FRA
expires: Wed, 01 Jun 2022 12:37:35 GMT

GET
H3 200 1*oTmcx_qDWCtP5RKvy3iuxg.png
miro.medium.com/focal/112/112/50/50/ 4 KB
4 KB 146ms
134ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/1*oTmcx_qDWCtP5RKvy3iuxg.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a2e285c9f7c472800ad0ac72c8085b82ed56000b1de8ad3aeb7980b98ee7d31c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 49
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4157
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cf22fd559088-FRA
expires: Wed, 01 Jun 2022 12:37:35 GMT

GET
H3 200 1*RC7gZWdczzhbRG_CV1vz1g.jpeg
miro.medium.com/fit/c/40/40/ 2 KB
2 KB 38ms
25ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/1*RC7gZWdczzhbRG_CV1vz1g.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

83bcf6db343ac887a1fa044213341d8aac44115fcce7d7aad16107ff0c1ea0ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 531470
x-envoy-upstream-service-time: 66
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1733
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 7050cf22fd5a9088-FRA
expires: Wed, 01 Jun 2022 12:37:35 GMT

GET
H3 200 0*YmNZ97vPVmaIM90T.jpg
miro.medium.com/fit/c/40/40/ 449 B
867 B 57ms
44ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/0*YmNZ97vPVmaIM90T.jpg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

666dcc08996aba0b6cca9bd8b2cf2f8d3968d7c496c13a52da52c5a5a23f8c04

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 374317
x-envoy-upstream-service-time: 39
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 449
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 7050cf22fd589088-FRA
expires: Wed, 01 Jun 2022 12:37:35 GMT

GET
H3 200 1*6fGkhqo16iFGDEQ-wQZw3A.jpeg
miro.medium.com/focal/112/112/50/50/ 6 KB
6 KB 46ms
33ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/1*6fGkhqo16iFGDEQ-wQZw3A.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

11857895e79aef7d5589552ff01742119d0a0750f0a96e9335155d0c38bbd7d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 374317
x-envoy-upstream-service-time: 29
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5802
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cf22fd569088-FRA
expires: Wed, 01 Jun 2022 12:37:35 GMT

GET
H3 200 1*Ul6gtVQZaiI1qhnp-zJWLg.png
miro.medium.com/fit/c/40/40/ 698 B
1 KB 46ms
32ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/1*Ul6gtVQZaiI1qhnp-zJWLg.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3f1df0bf2819fa8b0b3ddd7b0ce20305fbe8b92d6234fc46d57815d20754541a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 519790
x-envoy-upstream-service-time: 44
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 698
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 7050cf22fd769088-FRA
expires: Wed, 01 Jun 2022 12:37:35 GMT

GET
H3 200 1*Kf_1bx1MP-isDfC4vop3aw.png
miro.medium.com/focal/112/112/50/50/ 24 KB
25 KB 168ms
154ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/1*Kf_1bx1MP-isDfC4vop3aw.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

67cde6c1e33ba068d019511f7ef65043e04f558350da9fc582e79267d0d36f52

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 88
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 25055
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cf22fd779088-FRA
expires: Wed, 01 Jun 2022 12:37:35 GMT

GET
H3 200 1*rzDEywT-rGMVud0vq03qfw.jpeg
miro.medium.com/fit/c/176/176/ 23 KB
24 KB 45ms
31ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/176/176/1*rzDEywT-rGMVud0vq03qfw.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c3996ced907a09be9c8cbac17bde56953fa8f5000dc8759ac8b692ab8e2c2c7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 29349
x-envoy-upstream-service-time: 38
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 23726
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220309-195817-93688b9a29
accept-ranges: bytes
cf-ray: 7050cf22fd799088-FRA
expires: Wed, 01 Jun 2022 12:37:35 GMT

GET
H3 200 0*e6CtPa9OWXxpfQ-f.png
miro.medium.com/fit/c/40/40/ 3 KB
3 KB 57ms
43ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/0*e6CtPa9OWXxpfQ-f.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

23bcf80d51d93cdc5b76301b2817c0ca11a86952938d489ed798a7c251ced164

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 69800
x-envoy-upstream-service-time: 39
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2795
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 7050cf22fd7c9088-FRA
expires: Wed, 01 Jun 2022 12:37:35 GMT

GET
H3 200 1*eQ2bDN8sD2idKHs_XQpNZw.png
miro.medium.com/focal/112/112/50/50/ 15 KB
15 KB 57ms
43ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/1*eQ2bDN8sD2idKHs_XQpNZw.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0ecbb2bd9e04b3e953a44b24420e54ccf06cd332750b04079d4e49bc89455a00

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 69800
x-envoy-upstream-service-time: 68
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 15226
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cf22fd7d9088-FRA
expires: Wed, 01 Jun 2022 12:37:35 GMT

GET
H3 200 1*zfpPaX15PJxOKjPH7ciGQw.jpeg
miro.medium.com/fit/c/40/40/ 2 KB
2 KB 55ms
42ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/1*zfpPaX15PJxOKjPH7ciGQw.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

03d1b9a863bbcc586a87dd7fd37e96e7b23d46552c1e9e862332eac62b391a23

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 176046
x-envoy-upstream-service-time: 3084
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1703
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cf22fd5c9088-FRA
expires: Wed, 01 Jun 2022 12:37:35 GMT

GET
H3 200 1*A6bf_zkD888pFA3P-O7w2A.jpeg
miro.medium.com/focal/112/112/50/50/ 6 KB
6 KB 37ms
24ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/1*A6bf_zkD888pFA3P-O7w2A.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

11aed8810f133a7e03e92571aaf9d6e4b47e6a008ff64f8a1409a2a191627f87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 163836
x-envoy-upstream-service-time: 129
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5992
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cf22fd5f9088-FRA
expires: Wed, 01 Jun 2022 12:37:35 GMT

GET
H3 200 0*HmJx-3_KqJvmxYcJ
miro.medium.com/fit/c/40/40/ 2 KB
2 KB 38ms
25ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/0*HmJx-3_KqJvmxYcJ

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf9b8a68d7b854c401d427fd8fd5f1c49b5a5eeb23a878171529f810852cdd49

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3686
x-envoy-upstream-service-time: 43
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1612
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cf22fd629088-FRA
expires: Wed, 01 Jun 2022 12:37:35 GMT

GET
H3 200 1*yzFIeRjbME07ZTDm6OLOGw.jpeg
miro.medium.com/focal/112/112/50/50/ 6 KB
7 KB 146ms
133ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/1*yzFIeRjbME07ZTDm6OLOGw.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3f25762cbf878575de21d2fac0757c522ea159e204e8c6fdf0b528ccad20afa2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 29
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6330
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cf22fd649088-FRA
expires: Wed, 01 Jun 2022 12:37:35 GMT

GET
H3 200 0*nhRB_dadhiEmWoJi
miro.medium.com/fit/c/40/40/ 707 B
1 KB 44ms
31ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/40/40/0*nhRB_dadhiEmWoJi

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

935650ae2b5ed7fa1c4e27c084d660e0af387e2e1eed30f61dedaebae112b10f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 4684
x-envoy-upstream-service-time: 30
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 707
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 7050cf22fd6f9088-FRA
expires: Wed, 01 Jun 2022 12:37:35 GMT

GET
H3 200 1*YD6dMS_npmKs1A3kSFgymA.png
miro.medium.com/focal/112/112/50/50/ 13 KB
13 KB 55ms
41ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/112/112/50/50/1*YD6dMS_npmKs1A3kSFgymA.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7116e4c1e6212fdcc6af90fe98df0df8b97d02387f69235d2006b1dc7dfcdff4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 4684
x-envoy-upstream-service-time: 46
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 12923
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 7050cf22fd709088-FRA
expires: Wed, 01 Jun 2022 12:37:35 GMT

GET
H3 200 sohne-500-normal.woff
glyph.medium.com/font/df9ba7f/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 18 KB
19 KB 34ms
34ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/df9ba7f/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-500-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

65f0c65b5db3aa0568c7986479a4a3e909a05a84fb34ced48d70a2d628dd1444

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 5452412
x-envoy-upstream-service-time: 31
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 7050cf22da6d5c5c-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H3 200 sohne-700-normal.woff
glyph.medium.com/font/cf896f3/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 19 KB
19 KB 41ms
41ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/cf896f3/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-700-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78661d3e6871b6e5c37f3113d811cb3dfc69546449e3b2c28095b6e7f28d9a7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 5745056
x-envoy-upstream-service-time: 16
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 7050cf22da705c5c-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H3 200 charter-400-normal.woff
glyph.medium.com/font/be78681/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 15 KB
16 KB 42ms
42ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/be78681/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/charter-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3231d9c5077d6423b7ab05c50dbb1c953d5213c24ac287793b8217985743321

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 5745056
x-envoy-upstream-service-time: 20
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 7050cf22da735c5c-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H3 200 charter-400-italic.woff
glyph.medium.com/font/81d2bf1/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 16 KB
17 KB 42ms
42ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/81d2bf1/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/charter-400-italic.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ec7121b47a89c0f8c46fc497009d41ebd3f25601b5485753d11bc366050a8e0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 8489168
x-envoy-upstream-service-time: 39
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 7050cf22da745c5c-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H2 200 manifest.2de70306.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
5 KB 48ms
35ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/manifest.2de70306.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9822ff5ce7974082b226d2b60b5f3f5bb0d175d5595995b9d10b7c796242e3ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 243314
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: XF7FSP4R9KBC1Y49
x-amz-id-2: xyqOqPcL/q4yGWNjOSTgFL9sG6SfCEP3rIFVzkd7cWSQCnyI3qHJ5kq9M2vCYRO/TXbYHNMFOGM=
last-modified: Fri, 29 Apr 2022 16:42:37 GMT
server: cloudflare
etag: W/"6413d8dc46cc40262d5851084a35c8e1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: tggR_8EnKLu7jvp6I3l0VYksUpaba95m
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf238d15996e-FRA
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H2 200 2432.d8441b61.js Show response
cdn-client.medium.com/lite/static/js/ 693 KB
214 KB 64ms
54ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a132b202e134fc5a2a9179cf72ece97a614f94ba00bce8af1778633d2337557b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 6473
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH8BMWK1N5ERYNB
x-amz-id-2: jAy3kdCgwBfIv7KBM+U07XOSCfobzL3CnmV/bwHExnUTLRSF3QxV5TpAtpSfQIF9+XWEOrbc7Xc=
last-modified: Thu, 14 Apr 2022 09:35:47 GMT
server: cloudflare
etag: W/"4ea04e083777417655bdfab94e3b1988"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: d4yOD0d3viUzyB5H2ftJictqMsEU7ccN
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf238d18996e-FRA
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H2 200 main.aca3d227.js Show response
cdn-client.medium.com/lite/static/js/ 722 KB
175 KB 37ms
28ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/main.aca3d227.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

32e2f51b7c073d9ffa72b18ddb1ee134d471e36e901c3f49aa61b28013160b34

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 243314
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: XF7CPAA4F4QA64PM
x-amz-id-2: CCYTdsuxmJQQwLi+qs1tGG2OAA5l5TOq4qPV6Asbtxmasbvo40aAyaw8NGwj7lsU9Y0NOcnivSs=
last-modified: Wed, 27 Apr 2022 13:59:57 GMT
server: cloudflare
etag: W/"1ca96c568a0dca95532b7189b491298e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 3AAg_AjtToRjDhZvrTqVcj51gL6WF.h8
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf238d1b996e-FRA
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H2 200 5573.159bf40f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 62 KB
16 KB 45ms
36ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5573.159bf40f.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e94f5c9ab17624e0617356aa0ce9b87c16a4a62e48ff8ccaabe6963072b76ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 270358
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: W5EH3ZWGCATAJ0JK
x-amz-id-2: uquA+D1mKTUgmaodaYFoBDYRFjBCghvQCPgGBuwnPNqPSgEh4m7aoHPDNWRkrQ4qGn6JNGvqqTU=
last-modified: Mon, 24 May 2021 10:33:47 GMT
server: cloudflare
etag: W/"285e9d718f6e570e00b30e966996ec1c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: HmLCtdjGYWgk2SnFK4M0oX_6tJ50SNp9
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf238d19996e-FRA
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H2 200 instrumentation.3c974b48.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 3 KB
2 KB 34ms
24ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/instrumentation.3c974b48.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e5c7d6eec6793799ee5594da6b8f51b2f2e5b49d6744ffca0e250613481ab452

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 235129
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNHC8B1TRZR74CBF
x-amz-id-2: z3WhWz+YlBJc2hPnc0ARhb27k1kgSjFT/omm5ncUygZ+Qwpg6JZUV6n4y0L6MjdGIun1sEhSbss=
last-modified: Thu, 14 Apr 2022 09:07:11 GMT
server: cloudflare
etag: W/"ff66ec13bbcc5b73c4019bb39bd044bb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: qjF6fisK9JJ5aoxqQKyOQ9uuWcg0f8QA
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf238d1c996e-FRA
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H2 200 407.bc239897.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 21 KB
8 KB 37ms
28ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/407.bc239897.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

57d7e335635b2bbec137dff9afc1d284e8efcff1cc28cd2ac92edc8ccddc3749

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 235129
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNHFBM4SFEDKW4XV
x-amz-id-2: fJ+MDNRq2AsSO8E4R0uzQUZCJCS/I01UR4pzp879vBoGbMZ6IHI8cgB5YdD3jUSL17qHZ/lHxS8=
last-modified: Thu, 14 Apr 2022 09:06:27 GMT
server: cloudflare
etag: W/"34675f828a974dbf83babace038c3f15"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: sGsjD3uwddUrPGuYfsZf8a24w0k_0NA3
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf238d1e996e-FRA
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H3 200 9216.3db13475.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 13 KB
6 KB 34ms
28ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9216.3db13475.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a8021cf2dae7f4997b2c1a72ffe82fe2ad7fd4299ccfd7279c8fb8892ef0c495

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 235294
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH296CRQQDYB2V8
x-amz-id-2: mY6rALMQB4cP9fqaURW2Y07YZHRs8vI5IdWzNsYIPZHORAoA+OOSU49hBGVHiRclmeqYQ3m8v58=
last-modified: Thu, 14 Apr 2022 09:06:35 GMT
server: cloudflare
etag: W/"5b419d65f14cdfdf454bd2f33e125a38"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: heA.L9U6.758IbuJl9cz9qkk4zZnDDyl
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf23ce5a9088-FRA
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H3 200 AppLayout.8f4a2cfb.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 108 KB
21 KB 42ms
36ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/AppLayout.8f4a2cfb.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

52c93d4beae39b5288a3cb267d812797664c89f82eafdf9435193149b64c480c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 243042
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: XF7FB2WN7C2SA3Q7
x-amz-id-2: URgTo/EBq4H7ysffd4Gnw3ebgC3+RHrLBH5ehQQZXbUxh4/MAU1xi+YHXTLfIUJmPvA+8XdciI4=
last-modified: Wed, 27 Apr 2022 13:59:29 GMT
server: cloudflare
etag: W/"cef5788314fc6145fac049341040f964"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: qxAyHAdnbwhpkctzuqUbrkFbTHac6znm
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf23ce5c9088-FRA
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H3 200 reporting.f90575a9.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 1 KB
1 KB 41ms
35ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/reporting.f90575a9.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9abe5f8b85053850abb6e03c4fde96e2a2ea3f1d9220fdd307f18d5c371d50cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 235294
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: ZTNFQ3DE11YMHABW
x-amz-id-2: MaoH80zs6gT3mZ9kscdnCoX3sGPVpE7mKymkioceeAFcF5EY9v+ywF0g+A/3xSr64Ws1eTUy2wE=
last-modified: Thu, 14 Apr 2022 09:07:31 GMT
server: cloudflare
etag: W/"635d49707990cdd4f3c1ad13b0d0eafa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: OrnP3Wx_LBAu5tvJHOBGMuYc5kyast0a
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf23ce5d9088-FRA
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H3 200 3402.43690127.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 5 KB
2 KB 43ms
37ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3402.43690127.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

16b223867849c67d463897ff4aa970bc9eb172b5ce0089c824bf15b9279a4d65

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 234525
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: HAAG24G2J6Z2R75J
x-amz-id-2: jJHkPZz4jKyAsNP2i/dv6IaWMQwqhAapRtXjUBSK8q3UBd/y+/If7ERC72s6fXSiDmDrpgBjRnE=
last-modified: Thu, 14 Apr 2022 09:06:26 GMT
server: cloudflare
etag: W/"ca4b6f5071c04a623a9bc72ced0f2727"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: L_jxD7YdqC4D7M.9gF7agHoI1l8zYyGo
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf23ce5f9088-FRA
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H3 200 1752.a348f767.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 23 KB
11 KB 44ms
37ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1752.a348f767.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

961f2b3e92eba06b032c090511ab8fb8b65ff7f0b471c7bd22817061288f8368

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 591729
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: KZ14F4DJ39Z3KD31
x-amz-id-2: EH9a3SVQgwGg+xgKP+wLoMBxv4vi3bqNF1lLFBsPfty2oXINnyDdoXCZNr63aUDBWO4Du/Lj2Tk=
last-modified: Tue, 25 May 2021 18:36:29 GMT
server: cloudflare
etag: W/"7741f0aa651938c2144d2a015cea95e3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: tE2Oq32GJtDB6jVcHF3DcPbZYJQJcUaP
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf23ce609088-FRA
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H3 200 7794.9590314e.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
4 KB 36ms
30ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7794.9590314e.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a68bdc22aa6d2deedff5c4999e3618222cf20b0902530b7f924b9e2a4300e40

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 235294
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: ZZ2GZ8XPEV2XSK8Q
x-amz-id-2: ZlnxwgkjMnGtnnoC7ojH0QwhC0XfdFWPNT0tzpzMx7ygzdLPg6cqgl3wZCpV+Z2ow4dAGrEJyes=
last-modified: Tue, 25 May 2021 18:36:34 GMT
server: cloudflare
etag: W/"fdb51abd005c8009b18f0a8ff313072f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: edEnQQoOPA8J97QSUBTjXG.e16leDLA5
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf23ce629088-FRA
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H3 200 8316.18f2a6aa.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 6 KB
3 KB 44ms
38ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8316.18f2a6aa.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

83ba7707bfe79a63651504c93f7a572d83f1effea66a3e9429a4b10f26c38899

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 235294
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNHD5SFN5Y8TW45S
x-amz-id-2: hFIjAklPE8uAiFD3F+iWoIjr1hZAL+bvgJNwZvAJEZUDnYTo6ZgZ84z2QdIcyEiccMTz7/tDkuo=
last-modified: Thu, 14 Apr 2022 09:06:33 GMT
server: cloudflare
etag: W/"9fa67454adaeb385a3a70077ff7b7df1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: QUYK47Sx_vLYH.MHyrUF8Ib7srVpusAN
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf23ce639088-FRA
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H3 200 2405.89e8736f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
3 KB 45ms
39ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2405.89e8736f.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f5fa5d264f847e3bcd45c3aedbf330f93c59e6fe473ef54ff9f6aa59c3afffa0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 235294
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH2TE2SJTAHKM5Z
x-amz-id-2: XhOOvodMaGPRX1ojQDX2fJ825yiUBac3LNf3jZg8okPfD032sOJYW39eboPyYoY017frR5Y++MU=
last-modified: Thu, 14 Apr 2022 09:06:25 GMT
server: cloudflare
etag: W/"d00a20bd58905eea8d54536e9f107647"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: rVT8_6QruDr0MpUrMx5.bmLv9Vum6pG1
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf23ce659088-FRA
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H3 200 5221.181764f4.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 22 KB
7 KB 48ms
42ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5221.181764f4.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aac225fb0961062b19f4f980fb4424f22652ba2d24a50bc4190ad57476f0a11f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 506350
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: RRS7QBM6HPC96YM9
x-amz-id-2: XgOi2uZuYrZcl1w+yiTU4jreTzbYzXKLWoLLSzKPFvdYPDKUy7J35kPs2NoW5uLtmqjFNHwr+FY=
last-modified: Fri, 22 Apr 2022 12:21:15 GMT
server: cloudflare
etag: W/"9c10954e9712c77358a76e4b78269985"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: joRvdL39s_Auomhf12LS6FRNT_1Mfret
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf23ce669088-FRA
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H3 200 7927.2808b7fb.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 22 KB
8 KB 45ms
39ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7927.2808b7fb.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2f6c2c34730d1750fbeeafda24dea309bda720a0ba14518453b2314f778eda6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 235294
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH1PP72JD7ZC4KX
x-amz-id-2: jL0uI8uuyrXYLFGE/1W82XjY6t/xLL2r94yNzdWzltKFy2xq+wPzVhtLYW216v/Z0kMGAC/0fqE=
last-modified: Thu, 14 Apr 2022 09:06:33 GMT
server: cloudflare
etag: W/"40219a5e404b723e34b385d93749eb93"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: IxrJR.aQAJezcuYFrtyltHojOozyWQpH
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf23ce689088-FRA
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H3 200 786.03a36ffb.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 4 KB
1 KB 49ms
43ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/786.03a36ffb.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

631d2367c0fa2447811a1ce22c115bc828e6655cfedfc3ba4457ad8694cfd8ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 235294
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH6RV2AGRQ0H7A1
x-amz-id-2: GBzNzo/Yy4mLB5vDNQiiJZbJaFjzBRUpqk2qrtjNnJICjvhRI7l2CFpbT6MC/aYuo49KWxbvf2w=
last-modified: Thu, 14 Apr 2022 09:06:33 GMT
server: cloudflare
etag: W/"2851e5a2798ff3cbdd1138972426933b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 3Dc.8odO3AGlGT8yk7bJev0oeYPYJNZI
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf23ce699088-FRA
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H3 200 5472.5f6d4371.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 11 KB
1 KB 86ms
80ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5472.5f6d4371.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ee6184aa8ad5fa680d2808790bb04a001d8369d143b313da43af3794ab7ea3e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 235294
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH8PTMK5AP330DM
x-amz-id-2: xGpOOu8UZAzsu1YWUtNuDaspxj3NnwdsbLl4CFr6mQNnuC5VgdmPYNonihLFzHPh0iUQuVnGPss=
last-modified: Thu, 14 Apr 2022 09:06:30 GMT
server: cloudflare
etag: W/"6adb8844d763f7d58b6ed49ab89899c7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: M9BL7xv54wPjdaXSST5ko_cL9x0mMNwi
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf23ce6a9088-FRA
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H3 200 2981.a5db1477.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 8 KB
4 KB 87ms
80ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2981.a5db1477.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a50c182c3abff5281695952c4a4e15735b198053c6ffca9e67d44a2aa8a4696

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 235294
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNHD79BG7TYX8FQF
x-amz-id-2: i+703M4auI2KWsJr44vB1PX2t1YW8SvqTOaxNZoY6ZxLgCuFeMfj8xYi9lUJuKDlA8520qipoBs=
last-modified: Thu, 14 Apr 2022 09:06:26 GMT
server: cloudflare
etag: W/"2195fa1153170d02f4e8ffe85e34c5b2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 0P7ivI0fxCKSZ0gTEie59OTCIkM7d5eE
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf23ce6c9088-FRA
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H3 200 5260.626b1a4f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 150 KB
39 KB 76ms
69ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5260.626b1a4f.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a81b674bedff3bff07f4f79c82d99f7fb4abc4d051725c3d370506bbfc002540

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 235294
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH0NGF7PM5XVM3Q
x-amz-id-2: tUN9V2+xFd4zjSA+ZMII7pflnNw+pyPpiJtuuyR339PAg2pEfEqGPZ4lYH2M6DDxdgzZ7ePoFLk=
last-modified: Thu, 14 Apr 2022 09:06:29 GMT
server: cloudflare
etag: W/"d54dc2b69a8408e4b05103b956019a69"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: XEFVan_esU9zit2XEfJ9ZVMckrSpVrqN
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf23ce6e9088-FRA
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H3 200 4869.c2275563.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 17 KB
6 KB 71ms
64ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4869.c2275563.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0e4afb12eda0b925f25e1e14874cc5ec3f8107a481fdf55da978358e4f245a99

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 243042
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 1RMTRHVEA6XKMBKV
x-amz-id-2: Lm1W5pJdiThTuARwLlzGcprvDMWk01A6F89PIbKUCDjMoQRtx4dLn+tF82Ub7M51ZfbhcL5Z//s=
last-modified: Mon, 25 Apr 2022 15:05:56 GMT
server: cloudflare
etag: W/"00d847f1547ff2e05282073c86977aa5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: sS.6Hn4eyhXamKADS6gcRFBV2ae6UyK8
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf23ce709088-FRA
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H3 200 7404.8e1be3ba.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 23 KB
6 KB 69ms
62ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7404.8e1be3ba.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed75ede75b5c0944c5d43581211b6d17951dd92a4f11932dccaa56fd7636094d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 243042
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 1RMW5BKJR7XF3STD
x-amz-id-2: dhY4jfNcvziFGLsLFWLtMJe7sHCAHmWVxuNKacUQTS+cIqc+j63FhbEY3YdETUOTlw97qjz9OO4=
last-modified: Wed, 27 Apr 2022 13:59:24 GMT
server: cloudflare
etag: W/"abb70e8f1ad2ffc355639710a245ada3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: xLp2Wz3y3szGGrz7ntGsr1lGvQ3NSa1n
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf23ce719088-FRA
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H3 200 455.f5fbf145.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 20 KB
6 KB 68ms
61ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/455.f5fbf145.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ac9fa4a572df7ae8001d71bfc68fa058f4387611061b8683388d57393fa33d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 243042
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 1RMHP4FC2N3W27WX
x-amz-id-2: IfoG9I7b2fEA936C0tAqT/hh38rVVJgcpd5SOYUvC1uu5jfZ7fpNwCLsZbzBhRTR8Q0d39u44+k=
last-modified: Wed, 27 Apr 2022 13:59:21 GMT
server: cloudflare
etag: W/"8ce7ca38caf343032e4b3dfca7502d10"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: kmR3rBWKakAsj1J2.Y_vlYgnfxHS91eF
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf23ce739088-FRA
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H3 200 7070.088d513c.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 18 KB
6 KB 49ms
42ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7070.088d513c.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9b01204c367b33010f85cfd42e023acd087dd548f8dfa8e68b18cacb45e1f876

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 235294
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH32NHX2PK3308V
x-amz-id-2: zsvx/2w1ItKRz24BnsDl2fEJq4IZfPeeSEGQvT066vYkRPZNDOGz5UOf42N7pg1czdlQpuPnmjk=
last-modified: Thu, 14 Apr 2022 09:06:31 GMT
server: cloudflare
etag: W/"4d8fdc449efd237280288bbf688558f2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: K0muy9JORxUH6p6bJfgV09ZGno7nymcE
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf23ce759088-FRA
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H3 200 7217.3953b0f0.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
4 KB 50ms
43ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7217.3953b0f0.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e44b89888ba69b9a2e0fbf4cf2e26389f9ecf2711df12d0d286dbbebc1281b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 235294
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNHBYVEYW8BWXXNQ
x-amz-id-2: P0LsJ8j9mlyYmTP45azx+eH4U8lLRKb1lUbqryQn4YVtC5ILscAPJR9rhFMHGH+DeUDK/Eis60c=
last-modified: Thu, 14 Apr 2022 09:06:32 GMT
server: cloudflare
etag: W/"58720bdd388e0656b76f62b4a5ff5342"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: OZwFHpgdUD2sKDAtk4gZmMMvNPTrJlRt
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf23ce769088-FRA
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H3 200 8491.a2b7fab7.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 40 KB
12 KB 50ms
44ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8491.a2b7fab7.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

38111edac6045a680d3d8f2f7d638f024047b53fcc055dc11250d40dd98ee2d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 235294
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH6SVKHC1BPPRR3
x-amz-id-2: 36Hrc4Echk9c0rXd/ZzV2AvDGV98iS/Rer07bucHbq7lb1+RCcRBOopXJ7HxCt0ZJwpVnBB5rWo=
last-modified: Thu, 14 Apr 2022 09:06:34 GMT
server: cloudflare
etag: W/"5d01285ddf2c787bd518a32b366af371"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: Jsy2Lxh1msL6Y.ooRtLzR4d6vHqwlQ3F
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf23ce799088-FRA
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H3 200 9211.b7a00c16.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 13 KB
5 KB 57ms
50ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9211.b7a00c16.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c98433e98decfbc9278b45b95d83623746fcdb2662870afdbc0d9cd6d84caf54

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 235294
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH4W640C9XF6RJN
x-amz-id-2: DRUt8mSyKes8nCq/psp4HGMhhDPpua9crWNc+2eEgEb5nqFc75RzvIl1M2mhUnBmuNlGMDhfBlA=
last-modified: Thu, 14 Apr 2022 09:06:35 GMT
server: cloudflare
etag: W/"577263f7900d50e63a75a1f0f05dbbe5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: VWEllxqkFrnSXO387u0TA6YYdC3U.pgv
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf23ce7b9088-FRA
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H3 200 6562.6c3f9802.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
3 KB 58ms
51ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6562.6c3f9802.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

68d0a56f118231878b6efb098e52c15c24d01bb1d8ad2f4d6d4237bc4dfc3f3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1027515
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: P1M42AW9QBTBBTZQ
x-amz-id-2: XdlBeJW5OdzmY786nhuIdMkGi2IaxnEmlov0XClJV207SbauWrBY1qFK0AgNP/3pD/YaEE3wnLk=
last-modified: Fri, 15 Apr 2022 15:45:14 GMT
server: cloudflare
etag: W/"1ca654d2edbbd07104403857df5f81b4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: AASPv5ptCk06M_vQZi9Up905TWUR.1Rn
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf23ce7e9088-FRA
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H3 200 7215.d799b2b5.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 37 KB
12 KB 59ms
52ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7215.d799b2b5.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ca1be7fb0f10c09765a6b7bbe5cacd522ef68ca9656954e2ab93ebfbeadd5d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 235294
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH6ASKCBHWEH6YT
x-amz-id-2: thX0A0WpRM7CNFcf0QiWHYAuHXq2b/71GV+8DWH0JZPx+pWB1sXCstFGQZINVjbMbe+ngkvwu0I=
last-modified: Thu, 14 Apr 2022 09:06:32 GMT
server: cloudflare
etag: W/"3c526ca7c5fee7883f16deb523109c91"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 8XpJXp74sBSDTltKZ7Iy4ZGcwhFWJyxk
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf23ce7f9088-FRA
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H3 200 864.41fe9c86.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 16 KB
5 KB 62ms
55ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/864.41fe9c86.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5f8e45dd2eada0aa7f9746e369496a99ed0d1bc70ec364dc99066674373224f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 235294
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: ZTNAF09XCK1FJT5C
x-amz-id-2: dTTttVwlA3PTaKgrh4eq3rmxgPAxiCJymvctDY+V9ov9AlhKhryMTs6tH98N8ocHdHR28jk/7A0=
last-modified: Thu, 14 Apr 2022 09:06:34 GMT
server: cloudflare
etag: W/"fff5133a06973c44d03a9975ebc499f7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 35onYHaq2EFcCuHneGFmh1Rlc_q4dy_H
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf23ce819088-FRA
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H3 200 4351.0369de5f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 13 KB
5 KB 62ms
55ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4351.0369de5f.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

823af0ed59d37ff692a804950379a09490c6418e7b18629616ab9b6bc3b7d9ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 235294
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNHCBPE4W0A996V8
x-amz-id-2: ikWd7+eLYjwl8TmJwUxM03Dido2xgcO6wFP9ksGOFjfI4XE/6rk8TJPre7k1fc9qIg18H/76XN0=
last-modified: Thu, 14 Apr 2022 09:06:27 GMT
server: cloudflare
etag: W/"706de7bad195044244572950d562e14d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: LnE7PgGhZCmzrDthwn8d8CF.czjYz2iU
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf23ce829088-FRA
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H3 200 82.83ce6d83.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
5 KB 63ms
56ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/82.83ce6d83.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78a688bf794d2b0344741a5bd24831d2527d999e5395b8f19055b0b82805373d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 235294
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNHDCBR3B6ZMNA8X
x-amz-id-2: qJC1bfUmqAsLIIwNe7N7rxiKFcgwA3LbPEVSUrfDXggaxU5TzfiCXUlaRZhTzGUJfS/J8TMbnsU=
last-modified: Thu, 14 Apr 2022 09:06:33 GMT
server: cloudflare
etag: W/"14e1c3bb89a150e9af8b6e481200d7f9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: pPofGSIVAl0KmPhGyMZSP9BXsaGh4qy_
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf23ce859088-FRA
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H3 200 108.03b9652e.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 100 KB
18 KB 87ms
80ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/108.03b9652e.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55a9dfcc7fb458905a960b1d44c73ef9fd59c959393f31d0e5ecdf99e137a849

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 235294
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH7CFHB8RDR73VJ
x-amz-id-2: kYoF14l5ZxbPwO0NZ+X7+shscUQBWUmUeGhVd5s+iLTzZpfb0QCDxLnTpatDgpMPWsaCDdUegaI=
last-modified: Fri, 15 Apr 2022 08:10:20 GMT
server: cloudflare
etag: W/"7c2ea1f36d696b74936232f1e88900d4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: G2eY.NzI3u6RxUOwjwtpIZlWWV4tJwUj
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf23ce879088-FRA
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H3 200 5281.652a7988.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
3 KB 86ms
79ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5281.652a7988.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2efe526dc817b96a4822fdfbee06c9100af12e59e1e3a20932e6745c35e09988

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 235294
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNHA6FG3QS6BVZBR
x-amz-id-2: bKpvQT0l0R+9iZqrjI+NXH9ySdz2IFP+YXfDKuy5s72Zk70knnO/JKoSdTDbKkL+TCOkHk72s6s=
last-modified: Thu, 14 Apr 2022 09:06:29 GMT
server: cloudflare
etag: W/"04b131139a2938b205f512652ec29a97"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 33irNxWTdFjop9o1_s8tyzZ.0zoR_rMU
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf23ce899088-FRA
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H3 200 4483.0101c012.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 38 KB
11 KB 84ms
77ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4483.0101c012.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

07918926d32c0d5d21c288246436f1cc382a3b9adf3aa176a4b8c0816af62223

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 235294
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH1YTQ6E6M920R7
x-amz-id-2: dYayIGduzTq4ZA4PK7fr/S4vhbNG20MqIBzVL0gN9baEYSZSgb+ekkXPwUV+BVhNUH2dpYE9jQc=
last-modified: Thu, 14 Apr 2022 09:06:27 GMT
server: cloudflare
etag: W/"561e556084890738e5ab71de9801ee5d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: hRmNv03McdnjlIEbnQRlszZjFIUcsYjR
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf23ce8c9088-FRA
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H3 200 5436.fc39abce.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 46 KB
12 KB 71ms
64ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5436.fc39abce.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd0087577c271b36d8fc5d37717b676f7a217bec2fb4bd5136768159ded5d46c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 242671
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 1RMK4RZ41YTA78QZ
x-amz-id-2: bX0nrnWvk7HvJIxVwSQG9t/IEtUV+avtvlVHRcMdaXwjoXxYi8r91uPcvKoynxyjCwNqfPHuOb0=
last-modified: Wed, 27 Apr 2022 15:47:54 GMT
server: cloudflare
etag: W/"86548260585abaa50379184d5886d9b7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: ..4jVd0te3irwrhfZcbtSr4ZJifMyKOq
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf23ce8e9088-FRA
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H3 200 3043.34648c6a.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 16 KB
4 KB 69ms
61ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3043.34648c6a.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

41234e184791c80f9a83742fa6c197d988d2565c6608e0ee4e3373e93e31445b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 424862
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 41JJSBHRFDQ8PDRD
x-amz-id-2: XSga7+dFr1nQbg0udnpaD+ZembEzEPdu+SftY2Oh1KKvw1c9bKoMx1JiDFAD6dkwWt7KaglqoQE=
last-modified: Wed, 13 Apr 2022 09:57:05 GMT
server: cloudflare
etag: W/"57e7dd326c1b4d24e44ed9b8655754f5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: qLLyYE6QMBOdC61niRO7qEtzgOLMz.Fw
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf23ce909088-FRA
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H3 200 8849.e115d3a3.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
4 KB 69ms
61ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8849.e115d3a3.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

10e46dff53123335dce3e87dfc8251b15ed13b86826aa3118739b1243ed6d52c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 235294
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: HAATHP1X27M9HZPW
x-amz-id-2: 683N1h/tXCINTqDwy3VcGYllMGCVmR7O99borv9elo47JM5seRVfVFqZ/3Ntjb+Snb+lPFzB4UA=
last-modified: Thu, 14 Apr 2022 09:06:34 GMT
server: cloudflare
etag: W/"d163a762211dc93b003999a47cafe931"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: ugBxVtgkTa8ZpfcJJs1c.657kjvR0RNP
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf23ce919088-FRA
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H3 200 PostPage.MainContent.4b390770.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 149 KB
35 KB 64ms
56ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/PostPage.MainContent.4b390770.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b43930561a52851efe9c47f9deef3b1343a4f280933855a288ac9952330c35da

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 242670
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 1RMM8BABVJYBYFRP
x-amz-id-2: DIL/kw4d+sbDBP7KFvJ4lYu06spblUKLq0IFSNpP2uNKlOi4yl7tx7bBmBbKK2w016L3ydD8iaU=
last-modified: Fri, 29 Apr 2022 16:42:17 GMT
server: cloudflare
etag: W/"34cd202db27cd0e9fbcea7b99b726c10"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 7rvg21TV3JAgWb0bMLk.jkAJO4W4.Kvu
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf23ce939088-FRA
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H3 200 9855.9e69fa39.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 17 KB
6 KB 98ms
90ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9855.9e69fa39.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b8abac313c0dae8e2709ed36c1c1676d1a8a86c8e3a3965a179442e669c25afa

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 235294
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH7H59J7QC6V68X
x-amz-id-2: gyS8ldjT8aws/lMw9VGPbkNS48v4x0dQz9XhRbQlSgj4SBP/PTxNceMrNo1pV1Nwwd1aERiim2E=
last-modified: Fri, 15 Apr 2022 18:26:13 GMT
server: cloudflare
etag: W/"01bbdff36d0c4903b3d076b034dbd253"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: koXbgREQZJn8hxN5mgAbbW0MQggqXgDa
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf23ce959088-FRA
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H3 200 6867.bcfa4e6c.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
3 KB 99ms
90ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6867.bcfa4e6c.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

045676d2831ed605d4edf201f9b8e3bc4fc46e4d488d9e677b6fa83043de6720

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 235294
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH7YTTQSSZG18XS
x-amz-id-2: XKHuYZfu5msrcHtwsAJFK4PajzVv2H7yH2KREVMevuFRrEo3FhDJ5YzD9YCBOURVowD9fmNpvk0=
last-modified: Thu, 14 Apr 2022 09:06:31 GMT
server: cloudflare
etag: W/"c35955eb45367a3c5a61cb3e5279c051"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: T1iOWUKz_Z7hLHCKM26CR_AUg99Ys3ui
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf23ce969088-FRA
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H3 200 8267.bd6c7fcc.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 14 KB
5 KB 100ms
91ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8267.bd6c7fcc.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0e862a957a95b167600d06cd2c964ac06266092937f8ca2f587d302221e07736

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 235294
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: CNH9TT2FRDHEJAJN
x-amz-id-2: CzZXWd4XJhBL5DlE2SA+PFp4LcvTYJPcsYcI34zw48MscRCdM4Mw+AsEGsodT9ffByISg9U31vw=
last-modified: Thu, 14 Apr 2022 09:06:33 GMT
server: cloudflare
etag: W/"6398675540e0c71d315b2ef2e05ed6fc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: fgCIJoEUvzHhaObJL5yEPMH3fkD2i4oj
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf23ce9a9088-FRA
expires: Tue, 02 May 2023 12:37:35 GMT

GET
H3 200 PostPage.RightColumnContent.ad17f5ca.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 29 KB
8 KB 101ms
93ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/PostPage.RightColumnContent.ad17f5ca.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

82da7bb07cf25157db0e2a0d86abf66d4657bd3bdbf0df82c806ad37cc2f2670

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 449027
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 4DKKM7ZVSG369GAQ
x-amz-id-2: lIR+N0aJYaAlmKCqrlUVVb3zjRX40givVN9jsZnW2KkwygcVqZbdjek2Byn4mj2yXCo4Se8lYxs=
last-modified: Tue, 26 Apr 2022 15:19:16 GMT
server: cloudflare
etag: W/"0be1fc1197eeff20c2723d32d395567a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: zc8_aQub6ydNnaRxC11_RVPjqI2Awjw.
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf23ce9e9088-FRA
expires: Tue, 02 May 2023 12:37:36 GMT

GET
H3 200 4792.14f7a597.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 92 KB
24 KB 30ms
29ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4792.14f7a597.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.2de70306.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

037c0651d9c9b72d1c9a88010e2530907e7fbca66d4f1c97bceea1393f1e7c3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 235294
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: HAAK2JN6DE2M03W6
x-amz-id-2: Ypea0MIYkuTkpRkidUVMlfjFOekUzA45uC+Vg260xcsMfq7uG8JtKFIS4kZQE6pRewZ1DuqXM8M=
last-modified: Thu, 14 Apr 2022 09:06:28 GMT
server: cloudflare
etag: W/"68d93728be9339fe82bac120d5ca3d8d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: G5oQk1h_lSKJ4xkTzMHQRHB7mff9ylPH
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf28cd509088-FRA
expires: Tue, 02 May 2023 12:37:36 GMT

GET
H3 200 7084.b2e2a6eb.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 68 KB
19 KB 26ms
26ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7084.b2e2a6eb.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.2de70306.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5f9800223ce8f0691ee91d0721640086a5022d8c27d9497adbef62b5b76678aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 235294
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: HAAQ1BHG1Q16PVH1
x-amz-id-2: rpTC/g1yauiB3ex3gZ+cTKDlgxEFf7nDWcxwzgh1Yqr5GFF4SJIy94jJA7RtkinTdZa5o0XjG1A=
last-modified: Thu, 14 Apr 2022 09:06:31 GMT
server: cloudflare
etag: W/"73521766007a340f43277ee2bb9cef8e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: cfpB7exect7gEoieK.cn9tDJbfHjhHR.
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf28cd519088-FRA
expires: Tue, 02 May 2023 12:37:36 GMT

GET
H3 200 8537.29ab83f7.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 7 KB
3 KB 25ms
25ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8537.29ab83f7.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.2de70306.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5679f29ecd4ef217d09efc2f24975ae464eaacb7f2a5d0c6d8f8826da7ec021b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 235294
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: HAANM2B6MZQ1F68J
x-amz-id-2: 84d2zFKasory9ZlNDSGTzv3EI87GPZohOsS6HQXKDHJfZxnTUM7J1mJ4vUF7Ru6V2JeVI0zORIo=
last-modified: Thu, 14 Apr 2022 09:06:34 GMT
server: cloudflare
etag: W/"e184386ab56bc2c712b8e6fbc4f83a8f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: Qk_8LgS9pAqsMKxCAf8ZI8XsRNIYBH9A
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf28cd539088-FRA
expires: Tue, 02 May 2023 12:37:36 GMT

GET
H3 200 3551.69fe8b4c.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 22 KB
8 KB 24ms
24ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3551.69fe8b4c.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.2de70306.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e4cb950f759cf04de04b107cf1a1d3d7beb457c57abbb06ba0e53353d6854435

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 235294
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: HAAMWT2XVG25CV99
x-amz-id-2: O92GO+f5wp4MZTPejDTn027EcUMgktwemYti2/OluHYSoWgSQr9BjKB8dPZlk2XUWR7lcrHbwk0=
last-modified: Thu, 14 Apr 2022 09:06:26 GMT
server: cloudflare
etag: W/"bbfd20f6707f94928e866764ecff85e8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: ayC7oy9vYwAPAudL09GUE6theIm7Cjz_
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf28cd559088-FRA
expires: Tue, 02 May 2023 12:37:36 GMT

GET
H3 200 9104.d15c7fd3.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 93 KB
27 KB 34ms
33ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9104.d15c7fd3.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.2de70306.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f6da58ca59f2d4d96243cad2a0e35cdef45ded2eaa9f2288080cbb8f1a6b2e82

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 855159
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: QEQG1NQ8J5CB39CW
x-amz-id-2: g5IYOXQ9mUKoAEomLHx2Hx3CTMEbyMdOVut6d64NtPVU9YZCmoP6u5c9ErbYOUXj8WIA4/rrbYk=
last-modified: Fri, 22 Apr 2022 08:22:49 GMT
server: cloudflare
etag: W/"2f090aef0d5d462631bb3c8eb2c005b4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: lp88Tinxiq7hM9Uc.oqB0CgCT8vY1VHj
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf28cd569088-FRA
expires: Tue, 02 May 2023 12:37:36 GMT

GET
H3 200 ThreadedResponsesSidebar.5bca90ec.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 11 KB
5 KB 23ms
23ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/ThreadedResponsesSidebar.5bca90ec.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.2de70306.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e46ae7646156ceff7f10d7adf0ce70c42fe739a24a769c52b7377f7985d56ecb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 235294
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: HAAPMGZVJHNV5J09
x-amz-id-2: eF4yArygea9fVOUXGzbQQJNVcfA3odVWQVHCxt5IMmeKzyNRm4Msc5B29hxHg3vP7Uq2gsNocLY=
last-modified: Thu, 14 Apr 2022 09:07:04 GMT
server: cloudflare
etag: W/"6cb059260c23a64ab427e5204bbbf3f8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: cZnuP3jpIHqMOMoLkKnEZh4blbs.yVCq
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf28cd589088-FRA
expires: Tue, 02 May 2023 12:37:36 GMT

GET
H3 200 1*dmbNkD5D-u45r44go_cf0g.png
miro.medium.com/fit/c/24/24/ 383 B
790 B 32ms
32ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/24/24/1*dmbNkD5D-u45r44go_cf0g.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c7472f7ddd48154cafa5966a38a523318a4c9463190594712195bfaba962220a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:37 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 235401
x-envoy-upstream-service-time: 25
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 383
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 7050cf2aefd49088-FRA
expires: Wed, 01 Jun 2022 12:37:37 GMT

GET
H3 200 1*AKQ4cT51gcN4EmWpcJbNEQ.jpeg
miro.medium.com/fit/c/20/20/ 887 B
1 KB 34ms
34ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*AKQ4cT51gcN4EmWpcJbNEQ.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

929f0b3618d0160011013f1e00fcc9e51defae6b76bb585af955baaec25413a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:37 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 262990
x-envoy-upstream-service-time: 44
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 887
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cf2aefd69088-FRA
expires: Wed, 01 Jun 2022 12:37:37 GMT

GET
H3 200 0*T_vmStdFlN9LwSqy
miro.medium.com/focal/56/56/50/50/ 2 KB
2 KB 117ms
116ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/0*T_vmStdFlN9LwSqy

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c62910cdaa9ca3408e925cac99b9f4368f73a9d8de089ba25471a9aefa9476d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:37 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 35
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2127
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cf2aefd79088-FRA
expires: Wed, 01 Jun 2022 12:37:37 GMT

GET
H3 200 1*OHbXtgSIV1gGcnG6_0u_YA.png
miro.medium.com/fit/c/20/20/ 552 B
957 B 33ms
32ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*OHbXtgSIV1gGcnG6_0u_YA.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7cf1f2a2ebfd5a5260aed8221a68b10b294764821c1465af0ed8ac884a882b30

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:37 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 4541
x-envoy-upstream-service-time: 34
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 552
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 7050cf2aefdc9088-FRA
expires: Wed, 01 Jun 2022 12:37:37 GMT

GET
H3 200 1*yhUMsApmfVB7sDiFfnJM8Q.png
miro.medium.com/focal/56/56/50/50/ 2 KB
3 KB 109ms
108ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/1*yhUMsApmfVB7sDiFfnJM8Q.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c8055d0abce3e3194f05d9b67751bd4096a9cd8573c31539c6f3316ca45bf7b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:37 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 39
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2383
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cf2aefde9088-FRA
expires: Wed, 01 Jun 2022 12:37:37 GMT

GET
H3 200 1*vs59_LRb_SmKADkM4KVXjg.jpeg
miro.medium.com/fit/c/20/20/ 1014 B
1 KB 114ms
113ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*vs59_LRb_SmKADkM4KVXjg.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9659835bfed3392755119d8685120842003bbab1d1310625cef721d9e940a288

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:37 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 74
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1014
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 7050cf2affdf9088-FRA
expires: Wed, 01 Jun 2022 12:37:37 GMT

GET
H3 200 0*g6bDQ-QUmmG1mDIH
miro.medium.com/focal/56/56/50/50/ 2 KB
2 KB 115ms
114ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/0*g6bDQ-QUmmG1mDIH

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

91bf45bb362b5ab124a381e15a1483d5617bad00a28ea887770432c2bc80b157

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:37 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 48
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2131
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cf2affe09088-FRA
expires: Wed, 01 Jun 2022 12:37:37 GMT

GET
H3 200 0*7B0qujBEUf9Mws-4
miro.medium.com/fit/c/20/20/ 996 B
1 KB 118ms
116ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/0*7B0qujBEUf9Mws-4

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae396a5a0cea065cb4430f4adb864267784154828334af3151cecf5a5020132a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:37 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 41
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 996
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cf2affe29088-FRA
expires: Wed, 01 Jun 2022 12:37:37 GMT

GET
H3 200 2*2hUfjdY1ONGsla6XJcBHEw.jpeg
miro.medium.com/fit/c/20/20/ 949 B
1 KB 115ms
113ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/2*2hUfjdY1ONGsla6XJcBHEw.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

211e4b049defdee73e54f4bc51a8e4b83f49508c9f7f1fca0e724eecc9c164be

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:37 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 47
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 949
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cf2affe49088-FRA
expires: Wed, 01 Jun 2022 12:37:37 GMT

GET
H3 200 1*oTmcx_qDWCtP5RKvy3iuxg.png
miro.medium.com/focal/56/56/50/50/ 2 KB
2 KB 118ms
115ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/1*oTmcx_qDWCtP5RKvy3iuxg.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

edd2545f35d67cbed67c28c7f44e2b33856c359a5f8a54b6aa513d35776b5d0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:37 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 37
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1573
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cf2affe89088-FRA
expires: Wed, 01 Jun 2022 12:37:37 GMT

GET
H3 200 1*RC7gZWdczzhbRG_CV1vz1g.jpeg
miro.medium.com/fit/c/20/20/ 998 B
1 KB 31ms
28ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*RC7gZWdczzhbRG_CV1vz1g.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9f7b1c49906eae527208ba88eada86422aa8b86c2820c74c68f56a62b693333b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:37 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 524398
x-envoy-upstream-service-time: 34
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 998
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 7050cf2affea9088-FRA
expires: Wed, 01 Jun 2022 12:37:37 GMT

GET
H3 200 0*YmNZ97vPVmaIM90T.jpg
miro.medium.com/fit/c/20/20/ 267 B
678 B 116ms
114ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/0*YmNZ97vPVmaIM90T.jpg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e12e786013197aef083989a0591e05cd3fe5314a5ee838f224225069df5d2ccb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:37 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 33
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 267
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cf2affec9088-FRA
expires: Wed, 01 Jun 2022 12:37:37 GMT

GET
H3 200 1*6fGkhqo16iFGDEQ-wQZw3A.jpeg
miro.medium.com/focal/56/56/50/50/ 2 KB
3 KB 125ms
123ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/1*6fGkhqo16iFGDEQ-wQZw3A.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5ce07b0c2d3f35e8193b9da4e829480830b9e9c9b061392018cd37f2b372e54b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:37 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 53
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2178
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cf2affee9088-FRA
expires: Wed, 01 Jun 2022 12:37:37 GMT

GET
H3 200 1*Ul6gtVQZaiI1qhnp-zJWLg.png
miro.medium.com/fit/c/20/20/ 305 B
712 B 29ms
27ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*Ul6gtVQZaiI1qhnp-zJWLg.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

12c6be40dcd70da7f8d8f70e0d150d45bc8ad57692a3e62403f0f754ee2bce86

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:37 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 518197
x-envoy-upstream-service-time: 98
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 305
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 7050cf2afff09088-FRA
expires: Wed, 01 Jun 2022 12:37:37 GMT

GET
H3 200 1*Kf_1bx1MP-isDfC4vop3aw.png
miro.medium.com/focal/56/56/50/50/ 7 KB
7 KB 114ms
112ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/1*Kf_1bx1MP-isDfC4vop3aw.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

24336f5b1f01e184ab7846ab979ea1a053edad46c666e094e2317b7a259d313b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:37 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 49
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 7096
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cf2afff19088-FRA
expires: Wed, 01 Jun 2022 12:37:37 GMT

GET
H3 200 0*e6CtPa9OWXxpfQ-f.png
miro.medium.com/fit/c/20/20/ 887 B
1 KB 120ms
117ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/0*e6CtPa9OWXxpfQ-f.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fccf5ac15c1f87152527ac52f878c87c370b0f101316ad1868338d9e645df70f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:37 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 93
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 887
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220322-153408-5d6507f242
accept-ranges: bytes
cf-ray: 7050cf2afff29088-FRA
expires: Wed, 01 Jun 2022 12:37:37 GMT

GET
H3 200 1*eQ2bDN8sD2idKHs_XQpNZw.png
miro.medium.com/focal/56/56/50/50/ 5 KB
6 KB 122ms
120ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/1*eQ2bDN8sD2idKHs_XQpNZw.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eb3be15be82444084b3a2ce9dec8ed35416cbd237cbf6904454fb56c896d0b01

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:37 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 61
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5357
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cf2afff49088-FRA
expires: Wed, 01 Jun 2022 12:37:37 GMT

GET
H3 200 1*zfpPaX15PJxOKjPH7ciGQw.jpeg
miro.medium.com/fit/c/20/20/ 1 KB
1 KB 129ms
127ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/1*zfpPaX15PJxOKjPH7ciGQw.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

da5995c95c7f9a202fda3d0122954b75c75a3ea2b83156699118fb87a2f400d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:37 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 2770
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1061
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cf2afff69088-FRA
expires: Wed, 01 Jun 2022 12:37:37 GMT

GET
H3 200 1*A6bf_zkD888pFA3P-O7w2A.jpeg
miro.medium.com/focal/56/56/50/50/ 2 KB
3 KB 125ms
123ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/1*A6bf_zkD888pFA3P-O7w2A.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

345d2b21b01c3d533a687d296a0214d36d2dd4d7f8acc772851bc49bee94a6aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:37 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 115
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2164
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cf2afff79088-FRA
expires: Wed, 01 Jun 2022 12:37:37 GMT

GET
H3 200 0*HmJx-3_KqJvmxYcJ
miro.medium.com/fit/c/20/20/ 973 B
1 KB 124ms
122ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/0*HmJx-3_KqJvmxYcJ

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bf59f57ab858e8d4970262473de4f5a7e7fa18b836c9827e579af4654fb94b92

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:37 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 83
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 973
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cf2afff99088-FRA
expires: Wed, 01 Jun 2022 12:37:37 GMT

GET
H3 200 1*yzFIeRjbME07ZTDm6OLOGw.jpeg
miro.medium.com/focal/56/56/50/50/ 2 KB
3 KB 120ms
119ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/1*yzFIeRjbME07ZTDm6OLOGw.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

09ed7f55967e73c995d82b30bf0ffb1bfc3bce1b01afd468b8efde5ef4ca39d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:37 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 63
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2419
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cf2afffb9088-FRA
expires: Wed, 01 Jun 2022 12:37:37 GMT

GET
H3 200 0*nhRB_dadhiEmWoJi
miro.medium.com/fit/c/20/20/ 331 B
736 B 30ms
29ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/20/20/0*nhRB_dadhiEmWoJi

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8774d6086c4c6dedfbc82571bec2656a39ad57620b3242384e9436b0c6a91eb1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:37 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3621
x-envoy-upstream-service-time: 39
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 331
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cf2afffc9088-FRA
expires: Wed, 01 Jun 2022 12:37:37 GMT

GET
H3 200 1*YD6dMS_npmKs1A3kSFgymA.png
miro.medium.com/focal/56/56/50/50/ 4 KB
4 KB 43ms
41ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/focal/56/56/50/50/1*YD6dMS_npmKs1A3kSFgymA.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8efc2ee287b42948ff9ee59c8e331d2dd0ea09541139b5bb9c282cadefe5e8a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:37 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 4132
x-envoy-upstream-service-time: 35
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3907
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cf2affff9088-FRA
expires: Wed, 01 Jun 2022 12:37:37 GMT

POST
H2 200 graphql Show response
posts.specterops.io/_/ 143 B
439 B 118ms
117ms Fetch
application/json 52.0.16.118
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.0.16.118 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-0-16-118.compute-1.amazonaws.com

Software

nginx /

Resource Hash

e0ca095aa0521c0bdeed5db0ab7bba91d4876f02f8a734e448c5d957ad4e47c1

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 3a01ab000fd8bade
Medium-Frontend-Path: /code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
Graphql-Operation: VisitorQuery
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Medium-Frontend-App: lite/main-20220429-164525-76b86985eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
apollographql-client-version: main-20220429-164525-76b86985eb
ot-tracer-spanid: 30586e5319afc74e

Response headers

date: Mon, 02 May 2022 12:37:37 GMT
sepia-upstream: medium
server: nginx
etag: W/"8f-ySbe/+ZlBvcNWye4eMdQHhwGM9I"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220427-204309-b6dfbe6d15, rito/main-20220502-112849-d11ea35936
x-envoy-upstream-service-time: 12
content-length: 143
x-xss-protection: 0
x-request-received-at: 1651495057535

POST
H2 200 graphql Show response
posts.specterops.io/_/ 108 B
429 B 146ms
146ms Fetch
application/json 52.0.16.118
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.0.16.118 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-0-16-118.compute-1.amazonaws.com

Software

nginx /

Resource Hash

02e9e1939e214dfa38c8eab94afca48043e7f00c46e95908662548a7d19819e1

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 3a01ab000fd8bade
Medium-Frontend-Path: /code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
Graphql-Operation: PostPageMeterQuery
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Medium-Frontend-App: lite/main-20220429-164525-76b86985eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
apollographql-client-version: main-20220429-164525-76b86985eb
ot-tracer-spanid: 30586e5319afc74e

Response headers

date: Mon, 02 May 2022 12:37:37 GMT
sepia-upstream: medium
server: nginx
etag: W/"6c-I3CG28DxUiEEF9QH3iLEotaTHR8"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220427-204309-b6dfbe6d15, rito/main-20220502-112849-d11ea35936, tutu/main-20220429-184122-1a1a67f8b7
x-envoy-upstream-service-time: 43
content-length: 108
x-xss-protection: 0
x-request-received-at: 1651495057533

POST
H2 200 graphql Show response
posts.specterops.io/_/ 838 B
1 KB 157ms
157ms Fetch
application/json 52.0.16.118
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.0.16.118 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-0-16-118.compute-1.amazonaws.com

Software

nginx /

Resource Hash

7b4cb5b0d50ec1a51d1fac881065296d7a33abccaad9b0f6e67f2a2da136a23d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 3a01ab000fd8bade
Medium-Frontend-Path: /code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
Graphql-Operation: UserViewerEdge
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Medium-Frontend-App: lite/main-20220429-164525-76b86985eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
apollographql-client-version: main-20220429-164525-76b86985eb
ot-tracer-spanid: 30586e5319afc74e

Response headers

date: Mon, 02 May 2022 12:37:37 GMT
sepia-upstream: medium
server: nginx
etag: W/"346-dilCvrIsQmbewYC2OfZPeVqlHbo"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220427-204309-b6dfbe6d15, rito/main-20220502-112849-d11ea35936, tutu/main-20220429-184122-1a1a67f8b7
x-envoy-upstream-service-time: 53
content-length: 838
x-xss-protection: 0
x-request-received-at: 1651495057535

POST
H2 200 graphql Show response
posts.specterops.io/_/ 210 B
531 B 152ms
152ms Fetch
application/json 52.0.16.118
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.0.16.118 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-0-16-118.compute-1.amazonaws.com

Software

nginx /

Resource Hash

cab28dad12eb8b08a7c631e7f242d82922990d144b39444bf8a008aa2add19c6

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 3a01ab000fd8bade
Medium-Frontend-Path: /code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
Graphql-Operation: NewsletterV3ViewerEdge
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Medium-Frontend-App: lite/main-20220429-164525-76b86985eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
apollographql-client-version: main-20220429-164525-76b86985eb
ot-tracer-spanid: 30586e5319afc74e

Response headers

date: Mon, 02 May 2022 12:37:37 GMT
sepia-upstream: medium
server: nginx
etag: W/"d2-R0+mBm1Y7kpctyMk2K0xFKc36Cw"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220427-204309-b6dfbe6d15, rito/main-20220502-112849-d11ea35936, tutu/main-20220429-184122-1a1a67f8b7
x-envoy-upstream-service-time: 46
content-length: 210
x-xss-protection: 0
x-request-received-at: 1651495057538

POST
H2 200 graphql Show response
posts.specterops.io/_/ 268 B
590 B 142ms
142ms Fetch
application/json 52.0.16.118
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.0.16.118 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-0-16-118.compute-1.amazonaws.com

Software

nginx /

Resource Hash

178576a182b7de1d6d042a99a6e8a57cefe11f958cc667b1f6504836caf72d41

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 3a01ab000fd8bade
Medium-Frontend-Path: /code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
Graphql-Operation: PostViewerEdgeQuery
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Medium-Frontend-App: lite/main-20220429-164525-76b86985eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
apollographql-client-version: main-20220429-164525-76b86985eb
ot-tracer-spanid: 30586e5319afc74e

Response headers

date: Mon, 02 May 2022 12:37:37 GMT
sepia-upstream: medium
server: nginx
etag: W/"10c-mn7JHzeowGAaiz+t4Q8PSh74Kws"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220427-204309-b6dfbe6d15, rito/main-20220502-112849-d11ea35936, tutu/main-20220429-184122-1a1a67f8b7
x-envoy-upstream-service-time: 36
content-length: 268
x-xss-protection: 0
x-request-received-at: 1651495057539

POST
H2 200 graphql Show response
posts.specterops.io/_/ 103 B
398 B 226ms
226ms Fetch
application/json 52.0.16.118
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.0.16.118 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-0-16-118.compute-1.amazonaws.com

Software

nginx /

Resource Hash

aff6e5d1740b33e9611dfd5f8c9aa4bb0842270f37bca94d654ef53ac21e422b

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 3a01ab000fd8bade
Medium-Frontend-Path: /code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Graphql-Operation: MaybeTextToSpeechQuery
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Medium-Frontend-App: lite/main-20220429-164525-76b86985eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
apollographql-client-version: main-20220429-164525-76b86985eb
ot-tracer-spanid: 30586e5319afc74e

Response headers

date: Mon, 02 May 2022 12:37:37 GMT
sepia-upstream: medium
server: nginx
etag: W/"67-hwVXqeGehpUH7w76cB3LOBt2Lkg"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220427-204309-b6dfbe6d15, rito/main-20220502-112849-d11ea35936
x-envoy-upstream-service-time: 26
content-length: 103
x-xss-protection: 0
x-request-received-at: 1651495057633

POST
H2 200 graphql Show response
posts.specterops.io/_/ 96 B
415 B 257ms
257ms Fetch
application/json 52.0.16.118
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.0.16.118 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-0-16-118.compute-1.amazonaws.com

Software

nginx /

Resource Hash

aaaca262fe6fc64fafe54bd0236329a0ad10abe3ece58da67d89725ebf0589bf

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 3a01ab000fd8bade
Medium-Frontend-Path: /code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Graphql-Operation: InteractivePostBodyQuery
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Medium-Frontend-App: lite/main-20220429-164525-76b86985eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
apollographql-client-version: main-20220429-164525-76b86985eb
ot-tracer-spanid: 30586e5319afc74e

Response headers

date: Mon, 02 May 2022 12:37:37 GMT
sepia-upstream: medium
server: nginx
etag: W/"60-Ot8fahRq/24OZZD50baRxE1h1oo"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220427-204309-b6dfbe6d15, rito/main-20220502-112849-d11ea35936, tutu/main-20220429-184122-1a1a67f8b7
x-envoy-upstream-service-time: 58
content-length: 96
x-xss-protection: 0
x-request-received-at: 1651495057634

GET
H3 200 responses.editor.857df5ad.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
4 KB 21ms
21ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/responses.editor.857df5ad.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.2de70306.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c91ebb44296a087c6734815b767b2631cf21cbb446757abe01d92ebb97323a4a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 235135
content-type: application/javascript
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 887XZEAFQ44HRT6J
x-amz-id-2: flfXVoow0Wmc3WN/tyqoDVzkRf7DYQv4tJYETVVuuy28XaXVMqn40KHtB0lK5e8LRimUG5SDIZo=
last-modified: Thu, 14 Apr 2022 09:07:31 GMT
server: cloudflare
etag: W/"195376c9eb500dd7a4c4583562103d50"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: n9gS1uYafrO67iJ9cRLDZTxo6qKQufkF
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 7050cf2d8b0b9088-FRA
expires: Tue, 02 May 2023 12:37:37 GMT

GET
H3 200 sohne-400-italic.woff
glyph.medium.com/font/3887986/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 19 KB
20 KB 37ms
37ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/3887986/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-400-italic.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d4997e3de54c0bc7f4b845fb053c714d48c52eed08a18f7555b2abc003e1990

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://glyph.medium.com/css/unbound.css
Origin: https://posts.specterops.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 5778008
x-envoy-upstream-service-time: 33
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 7050cf2d994e5c5c-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Tue, 02 May 2023 12:37:37 GMT

POST
H2 200 graphql Show response
posts.specterops.io/_/ 9 KB
2 KB 201ms
201ms Fetch
application/json 52.0.16.118
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.0.16.118 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-0-16-118.compute-1.amazonaws.com

Software

nginx /

Resource Hash

55a06538e78e37d1075d20d7b565a41b7e4d851fa943791d2caa20e7626d50d1

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 3a01ab000fd8bade
Medium-Frontend-Path: /code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Graphql-Operation: PagedThreadedPostResponsesQuery
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Medium-Frontend-App: lite/main-20220429-164525-76b86985eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
apollographql-client-version: main-20220429-164525-76b86985eb
ot-tracer-spanid: 30586e5319afc74e

Response headers

date: Mon, 02 May 2022 12:37:37 GMT
content-encoding: gzip
sepia-upstream: medium
server: nginx
etag: W/"22bb-+I3GhRJA8XcShTwiT6k7M9UpYOA"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220427-204309-b6dfbe6d15, rito/main-20220502-112849-d11ea35936, tutu/main-20220429-184122-1a1a67f8b7
x-envoy-upstream-service-time: 90
x-xss-protection: 0
x-request-received-at: 1651495057633

POST
H2 200 /
posts.specterops.io/_/clientele/reports/performance/ 0
0 110ms
110ms Fetch
application/octet-stream 52.0.16.118
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://posts.specterops.io/_/clientele/reports/performance/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.aca3d227.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.0.16.118 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-0-16-118.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 02 May 2022 12:37:37 GMT
medium-fulfilled-by: valencia/main-20220427-204309-b6dfbe6d15, clientele/main-20220415-143145-f9ab5ad4ad
x-envoy-upstream-service-time: 5
sepia-upstream: medium
server: nginx
content-length: 0
content-type: application/octet-stream

POST
H2 200 /
posts.specterops.io/_/clientele/reports/performance/ 0
0 111ms
111ms Fetch
application/octet-stream 52.0.16.118
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://posts.specterops.io/_/clientele/reports/performance/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.aca3d227.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.0.16.118 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-0-16-118.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 02 May 2022 12:37:37 GMT
medium-fulfilled-by: valencia/main-20220427-204309-b6dfbe6d15, clientele/main-20220415-143145-f9ab5ad4ad
x-envoy-upstream-service-time: 5
sepia-upstream: medium
server: nginx
content-length: 0
content-type: application/octet-stream

POST
H2 200 /
posts.specterops.io/_/clientele/reports/performance/ 0
0 110ms
110ms Fetch
application/octet-stream 52.0.16.118
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://posts.specterops.io/_/clientele/reports/performance/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.aca3d227.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.0.16.118 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-0-16-118.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 02 May 2022 12:37:37 GMT
medium-fulfilled-by: valencia/main-20220427-204309-b6dfbe6d15, clientele/main-20220415-143145-f9ab5ad4ad
x-envoy-upstream-service-time: 5
sepia-upstream: medium
server: nginx
content-length: 0
content-type: application/octet-stream

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 31ms
7ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 1109
date: Mon, 02 May 2022 12:19:09 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 02 May 2022 14:19:09 GMT

GET
H2 200 branch-latest.min.js Show response
cdn.branch.io/ 79 KB
24 KB 36ms
8ms Script
text/javascript 143.204.98.69
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.branch.io/branch-latest.min.js
Requested by: Host: posts.specterops.io
URL: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec?gi=f1d5b53e524b
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-69.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 93019ef931f847b3f88047feb3c87914c648839920dfd0482fe4d640a106372e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-amz-version-id: dPcbo._dc8laXt1CGk.P2lrH66o74Yit
content-encoding: gzip
last-modified: Thu, 14 Oct 2021 16:27:46 GMT
server: AmazonS3
age: 77
etag: "49d34b8e058b253d35893807b3bac09d"
x-cache: Hit from cloudfront
content-type: text/javascript
via: 1.1 fa5a3d5abd34c6fac657b045a4dcbdc4.cloudfront.net (CloudFront)
cache-control: max-age=300
date: Mon, 02 May 2022 12:36:22 GMT
x-amz-cf-pop: FRA50-C1
content-length: 23872
x-amz-cf-id: gsnwmfDB1HD8dw2YCy8Lti9ICWhesliXOQcl5Ew7Sk-SsKgBRvWkuQ==

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 31ms
14ms XHR
text/plain 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=586989293&t=pageview&_s=1&dl=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&ul=en-us&de=UTF-8&dt=Code%20Signing%20Certificate%20Cloning%20Attacks%20and%20Defenses%20%7C%20by%20Matt%20Graeber%20%7C%20Posts%20By%20SpecterOps%20Team%20Members&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=595784398&gjid=1274050709&cid=1004956740.1651495059&tid=UA-24232453-2&_gid=1871695584.1651495059&_r=1&_slc=1&z=2028924571

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 02 May 2022 12:37:38 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://posts.specterops.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 28ms
15ms XHR
text/plain 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=586989293&t=pageview&_s=1&dl=https%3A%2F%2Fposts.specterops.io%2Fcode-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec&ul=en-us&de=UTF-8&dt=Code%20Signing%20Certificate%20Cloning%20Attacks%20and%20Defenses%20%7C%20by%20Matt%20Graeber%20%7C%20Posts%20By%20SpecterOps%20Team%20Members&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEDAAEABAAAAAC~&jid=977667604&gjid=1040468720&cid=1004956740.1651495059&tid=UA-102239211-2&_gid=1871695584.1651495059&_r=1&_slc=1&z=1146530685

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 02 May 2022 12:37:38 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://posts.specterops.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 _r Show response
app.link/ 91 B
568 B 132ms
100ms Script
text/javascript 2600:9000:236e:1000:19:9934:6a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.link/_r?sdk=web2.59.0&branch_key=key_live_ofxXr2qTrrU9NqURK8ZwEhknBxiI6KBm&callback=branch_callback__0

Requested by

Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:236e:1000:19:9934:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

openresty / Express

Resource Hash

1b2d40b9e4be26796138408e5027e13762e850e2f036676ae3df9d9527c7690f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:38 GMT
via: 1.1 ec1ac21acdbd36c971eca9d6b61d0744.cloudfront.net (CloudFront)
x-content-type-options: nosniff
server: openresty
x-amz-cf-pop: FRA60-P1
x-powered-by: Express
x-cache: Miss from cloudfront
content-type: text/javascript; charset=utf-8
content-length: 91
etag: W/"5b-/zJCbjZvOAbe5N0oiCmXl2Dvve0"
x-amz-cf-id: KC5-btPEQ3gRCDc1UW46VHDIcJd_-CjJAD_u2Pa3OPpek-V3jSTXTw==

POST
H2 200 graphql Show response
posts.specterops.io/_/ 23 KB
5 KB 419ms
419ms Fetch
application/json 52.0.16.118
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.0.16.118 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-0-16-118.compute-1.amazonaws.com

Software

nginx /

Resource Hash

f95215165ee8d307ad2fc71dd85d719a5c746678925d6609897b9a969aeafbed

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
accept-language: de-DE,de;q=0.9
ot-tracer-traceid: 3a01ab000fd8bade
Medium-Frontend-Path: /code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Graphql-Operation: PostNextFiveStoriesCollection
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
Medium-Frontend-App: lite/main-20220429-164525-76b86985eb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
apollographql-client-version: main-20220429-164525-76b86985eb
ot-tracer-spanid: 30586e5319afc74e

Response headers

date: Mon, 02 May 2022 12:37:39 GMT
content-encoding: gzip
sepia-upstream: medium
server: nginx
etag: W/"5b24-wewSwFX5sWElnvTe77MAjvZQ4Gc"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20220427-204309-b6dfbe6d15, rito/main-20220502-112849-d11ea35936, tutu/main-20220429-184122-1a1a67f8b7
x-envoy-upstream-service-time: 215
x-xss-protection: 0
x-request-received-at: 1651495059021

POST
H2 200 open Show response
api2.branch.io/v1/ 316 B
631 B 224ms
192ms XHR
application/json 2600:9000:2156:5e00:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/open
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:5e00:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e5bf597a0df391a0b7cab2127f1733e84b4a40185bcf3b1e08f776ab625c1cb4

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 02 May 2022 12:37:39 GMT
via: 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache
x-branch-request-id: 0bb9ef49ef614d5d82e0e87539c5bbb8-2022050212
content-length: 316
x-amz-cf-id: yELqT9mx9HJzncv_uqeTA89oqPLvKnyKItHzUMHRQovy9wtTfPX8Pw==

POST
H2 200 profile Show response
api2.branch.io/v1/ 183 B
567 B 174ms
174ms XHR
application/json 2600:9000:2156:5e00:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/profile

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2156:5e00:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ Express

Resource Hash

03707c3aca41aed4a203efd304992c3b5be5691ff18fbd29ada0edb687cae203

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 02 May 2022 12:37:39 GMT
via: 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA50-C1
x-powered-by: Express
etag: W/"b7-ZLRVIe6uwH/yLiJJ94Ja5+j8guI"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: c3e01873ad0e4ed09ed8218aeba161e6-2022050212
content-length: 183
x-amz-cf-id: rMiytplHmKAEH04ffg4M7qcZZ9SK5wRjQNMnIWPE8MSaP1Mp-AHWQQ==

GET
H3 200 1*9WbXEpOxOhaMq99CwG1ESQ.png
miro.medium.com/fit/c/24/24/ 1 KB
2 KB 35ms
35ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/24/24/1*9WbXEpOxOhaMq99CwG1ESQ.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6290b43b37dd2590fd9c5d74fbc9faf384eb0e8fe402dfba901dd9c530ab608a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:39 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 68785
x-envoy-upstream-service-time: 63
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1451
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 7050cf397a3b9088-FRA
expires: Wed, 01 Jun 2022 12:37:39 GMT

GET
H3 200 0*jMWvjIv69DaaUe1g.jpg
miro.medium.com/fit/c/112/112/ 6 KB
6 KB 112ms
111ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/112/112/0*jMWvjIv69DaaUe1g.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

351eda368d41338c4554a8e9ea10ff5bba4b27776438dfb9adb67bee2721de27

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:39 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 46
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5942
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220303-000533-8c0cdff0ab
accept-ranges: bytes
cf-ray: 7050cf397a3d9088-FRA
expires: Wed, 01 Jun 2022 12:37:39 GMT

GET
H3 200 0*jMWvjIv69DaaUe1g.jpg
miro.medium.com/fit/c/56/56/ 2 KB
3 KB 119ms
118ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/56/56/0*jMWvjIv69DaaUe1g.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9b0bc94ed45c7af6d0990a8a8b843c9b11fcdde17149849a8c56872b77bb8183

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:39 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 54
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2324
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220330-133401-fe9f360f0d
accept-ranges: bytes
cf-ray: 7050cf397a409088-FRA
expires: Wed, 01 Jun 2022 12:37:39 GMT

GET
H3 200 1*BfnBBXS_ynr61tIk6gwVFw.png
miro.medium.com/fit/c/24/24/ 1 KB
2 KB 22ms
21ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/24/24/1*BfnBBXS_ynr61tIk6gwVFw.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c4d015fba7da1c2d0896be66eec8d84c1d73231aa050d8da4836a8ad638e259f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:39 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 15621
x-envoy-upstream-service-time: 35
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1240
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220308-111139-470fbc5021
accept-ranges: bytes
cf-ray: 7050cf397a419088-FRA
expires: Wed, 01 Jun 2022 12:37:39 GMT

GET
H3 200 0*V_bbboT69XLRdGeR.png
miro.medium.com/fit/c/112/112/ 6 KB
6 KB 118ms
116ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/112/112/0*V_bbboT69XLRdGeR.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3202f91086df9921bf8e3b1cfe00d430d235195fa3e2404377c2b2f42000cd99

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:39 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 29
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6105
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cf397a439088-FRA
expires: Wed, 01 Jun 2022 12:37:39 GMT

GET
H3 200 0*V_bbboT69XLRdGeR.png
miro.medium.com/fit/c/56/56/ 2 KB
3 KB 122ms
120ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/56/56/0*V_bbboT69XLRdGeR.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3bf61eb35dc28ecc2881cbad93e07b97c42c215cdd03cba5572ffdcd0eab3265

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:39 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 51
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2423
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cf397a459088-FRA
expires: Wed, 01 Jun 2022 12:37:39 GMT

GET
H3 200 1*rzDEywT-rGMVud0vq03qfw.jpeg
miro.medium.com/fit/c/24/24/ 999 B
1 KB 26ms
25ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/24/24/1*rzDEywT-rGMVud0vq03qfw.jpeg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3f6728a76d0bd8a4d6527388ed9059f3b56b6fe822ef4219b3417bfc65c3b274

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:39 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 6931
x-envoy-upstream-service-time: 67
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 999
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 7050cf397a479088-FRA
expires: Wed, 01 Jun 2022 12:37:39 GMT

GET
H3 200 0*sw2zONm9TfgE0c1p.
miro.medium.com/fit/c/112/112/ 13 KB
14 KB 131ms
130ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/112/112/0*sw2zONm9TfgE0c1p.

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4db5b8b0669983fbd58e681e81140d2cb5c7d0763d343016a178e83dc7df1cfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:39 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 56
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13725
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cf397a489088-FRA
expires: Wed, 01 Jun 2022 12:37:39 GMT

GET
H3 200 0*sw2zONm9TfgE0c1p.
miro.medium.com/fit/c/56/56/ 4 KB
5 KB 115ms
113ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/56/56/0*sw2zONm9TfgE0c1p.

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f33ca66db72fb7e064d1c6f1c45c697f45af3263f31baa271d41cb036acd1f1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:39 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 44
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4410
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cf397a4e9088-FRA
expires: Wed, 01 Jun 2022 12:37:39 GMT

GET
H3 200 1*idzSM22ouVWVRLUiU5Kpkg.jpeg
miro.medium.com/fit/c/24/24/ 1 KB
1 KB 33ms
31ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/24/24/1*idzSM22ouVWVRLUiU5Kpkg.jpeg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

af345a4f2d59d19e76d1d83ff8b22db4aed9807cc0ed64d85042629a1faf450b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:39 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 359093
x-envoy-upstream-service-time: 62
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1112
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cf397a4f9088-FRA
expires: Wed, 01 Jun 2022 12:37:39 GMT

GET
H3 200 0*hhBONb3BcEI0uwMf.png
miro.medium.com/fit/c/112/112/ 10 KB
10 KB 28ms
27ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/112/112/0*hhBONb3BcEI0uwMf.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1b0cd6e5a6b5c9d9cac70f67e4f20fbd1ce08368269d1db136dffe52149ea5b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:39 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 29413
x-envoy-upstream-service-time: 37
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 10138
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220322-153408-5d6507f242
accept-ranges: bytes
cf-ray: 7050cf397a529088-FRA
expires: Wed, 01 Jun 2022 12:37:39 GMT

GET
H3 200 0*hhBONb3BcEI0uwMf.png
miro.medium.com/fit/c/56/56/ 3 KB
4 KB 33ms
32ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/56/56/0*hhBONb3BcEI0uwMf.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6dab13fafddfef8d2887754d708471fc16938f98760c809649b374db290e9a1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:39 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 29413
x-envoy-upstream-service-time: 48
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3181
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220308-111139-470fbc5021
accept-ranges: bytes
cf-ray: 7050cf397a569088-FRA
expires: Wed, 01 Jun 2022 12:37:39 GMT

GET
H3 200 0*6mGXmQSDMYyKuVUK.jpg
miro.medium.com/fit/c/24/24/ 976 B
1 KB 51ms
50ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/24/24/0*6mGXmQSDMYyKuVUK.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

12288ca4f5447aeefac3bd194a5f46a43ca8a3745a698d2a46f58662b4444b9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:39 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 108530
x-envoy-upstream-service-time: 31
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 976
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20211118-133226-0da3f823da
accept-ranges: bytes
cf-ray: 7050cf397a589088-FRA
expires: Wed, 01 Jun 2022 12:37:39 GMT

GET
H3 200 1*pOhM_LC0IGAN5PP8hMn7Nw.png
miro.medium.com/fit/c/112/112/ 14 KB
14 KB 32ms
31ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/112/112/1*pOhM_LC0IGAN5PP8hMn7Nw.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a70bc682227f91025f7f306869499621b8f350c058c5ae8c070db694532dafd0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:39 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 29751
x-envoy-upstream-service-time: 75
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 14207
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cf397a5b9088-FRA
expires: Wed, 01 Jun 2022 12:37:39 GMT

GET
H3 200 1*pOhM_LC0IGAN5PP8hMn7Nw.png
miro.medium.com/fit/c/56/56/ 5 KB
5 KB 123ms
122ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/56/56/1*pOhM_LC0IGAN5PP8hMn7Nw.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5e47fef36b8d94cbbd62a52420658b571bdf1603cffe87edd00a276d4d6928f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 12:37:39 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 64
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4662
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20220418-141835-1d92ac7480
accept-ranges: bytes
cf-ray: 7050cf397a5c9088-FRA
expires: Wed, 01 Jun 2022 12:37:39 GMT

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
389 B 180ms
180ms XHR
application/json 2600:9000:2156:5e00:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/pageview
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:5e00:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: / Express
Resource Hash: a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 02 May 2022 12:37:39 GMT
via: 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: c4e06242abc047c0bf897fd03ad43c5a-2022050212
content-length: 28
x-amz-cf-id: SDDe0m4ZMiIRTIpZs64q79cKVZz9n5nEhTzautZMFUBJZ8SW4zCNvA==

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
389 B 180ms
179ms XHR
application/json 2600:9000:2156:5e00:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/pageview
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/2432.d8441b61.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:5e00:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: / Express
Resource Hash: a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 02 May 2022 12:37:39 GMT
via: 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: 78c6626b639245fd99a063968eb75962-2022050212
content-length: 28
x-amz-cf-id: odK5hw8DOHb77R4k-62fcz2wCGoKGv7Y0qu5QGOyYB6F8LT8y5hbTw==

POST
H2 200 batch Show response
posts.specterops.io/_/ 17 B
173 B 261ms
260ms Fetch
application/json 52.0.16.118
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://posts.specterops.io/_/batch
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.aca3d227.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.0.16.118 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-0-16-118.compute-1.amazonaws.com
Software: nginx /
Resource Hash: f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4

Request headers

Referer: https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
x-xsrf-token: 1
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
content-type: application/json

Response headers

date: Mon, 02 May 2022 12:37:41 GMT
medium-fulfilled-by: valencia/main-20220427-204309-b6dfbe6d15
x-envoy-upstream-service-time: 155
sepia-upstream: medium
server: nginx
content-length: 17
content-type: application/json

Verdicts & Comments Add Verdict or Comment

24 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.medium.com/	1970-01-20 11:30:31	Name: sid Value: 1:nmxPjVihApLPem/BYz9ZuEs4/VK4ix673HUROdT7df7yShjnNJXr5c12kMYfAM/W
.medium.com/	1970-01-20 11:30:31	Name: uid Value: lo_52619f782598
.medium.com/	1969-12-31 23:59:59	Name: __cfruid Value: 582df4590ebbe9e53ff7f5d9bc44119630d17050-1651495054
posts.specterops.io/	1970-01-20 11:30:31	Name: uid Value: lo_52619f782598
posts.specterops.io/	1970-01-20 11:30:31	Name: sid Value: 1:C2oF+r1oGGD6XDP1kAo+TuakxuRrPnYKaIv+JnqQ33vR/+X1h1xufULg0mzG6Dw2
posts.specterops.io/	1970-01-20 02:44:55	Name: _dd_s Value: rum=0&expire=1651495956773
.specterops.io/	1970-01-20 20:16:07	Name: _ga Value: GA1.2.1004956740.1651495059
.specterops.io/	1970-01-20 02:46:21	Name: _gid Value: GA1.2.1871695584.1651495059
.specterops.io/	1970-01-20 02:44:55	Name: _gat Value: 1
.specterops.io/	1970-01-20 02:44:55	Name: _gat_tracker0 Value: 1
.app.link/	1970-01-20 11:30:31	Name: _s Value: jluRJuJLifw%2Fw%2B6PuoLp73UgOvKbSIRLf6X4f%2FlsTrVyHz%2BGNrbJHCf3tWZZd7BH

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' https://medium.com

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api2.branch.io
app.link
cdn-client.medium.com
cdn.branch.io
glyph.medium.com
medium.com
miro.medium.com
posts.specterops.io
www.google-analytics.com
143.204.98.69
2600:9000:2156:5e00:11:f728:3040:93a1
2600:9000:236e:1000:19:9934:6a80:93a1
2606:4700:7::a29f:9804
2606:4700:7::a29f:9904
2a00:1450:4001:831::200e
52.0.16.118
02e9e1939e214dfa38c8eab94afca48043e7f00c46e95908662548a7d19819e1
03707c3aca41aed4a203efd304992c3b5be5691ff18fbd29ada0edb687cae203
037c0651d9c9b72d1c9a88010e2530907e7fbca66d4f1c97bceea1393f1e7c3d
03d1b9a863bbcc586a87dd7fd37e96e7b23d46552c1e9e862332eac62b391a23
045676d2831ed605d4edf201f9b8e3bc4fc46e4d488d9e677b6fa83043de6720
07918926d32c0d5d21c288246436f1cc382a3b9adf3aa176a4b8c0816af62223
0933460b008ff84e427d5cfad6fcc11996c98c27f59bff0b496d864a73aaa4e9
09ed7f55967e73c995d82b30bf0ffb1bfc3bce1b01afd468b8efde5ef4ca39d1
0a68bdc22aa6d2deedff5c4999e3618222cf20b0902530b7f924b9e2a4300e40
0d94f7b463a101acc0aab3becbe0d63929025e42eaa6ff23e6999953ffbcf719
0e4afb12eda0b925f25e1e14874cc5ec3f8107a481fdf55da978358e4f245a99
0e862a957a95b167600d06cd2c964ac06266092937f8ca2f587d302221e07736
0ecbb2bd9e04b3e953a44b24420e54ccf06cd332750b04079d4e49bc89455a00
10e46dff53123335dce3e87dfc8251b15ed13b86826aa3118739b1243ed6d52c
11857895e79aef7d5589552ff01742119d0a0750f0a96e9335155d0c38bbd7d4
11aed8810f133a7e03e92571aaf9d6e4b47e6a008ff64f8a1409a2a191627f87
12288ca4f5447aeefac3bd194a5f46a43ca8a3745a698d2a46f58662b4444b9b
12c6be40dcd70da7f8d8f70e0d150d45bc8ad57692a3e62403f0f754ee2bce86
16b223867849c67d463897ff4aa970bc9eb172b5ce0089c824bf15b9279a4d65
178576a182b7de1d6d042a99a6e8a57cefe11f958cc667b1f6504836caf72d41
1b0cd6e5a6b5c9d9cac70f67e4f20fbd1ce08368269d1db136dffe52149ea5b3
1b2d40b9e4be26796138408e5027e13762e850e2f036676ae3df9d9527c7690f
211e4b049defdee73e54f4bc51a8e4b83f49508c9f7f1fca0e724eecc9c164be
23bcf80d51d93cdc5b76301b2817c0ca11a86952938d489ed798a7c251ced164
24336f5b1f01e184ab7846ab979ea1a053edad46c666e094e2317b7a259d313b
27638e3a4e36b6a4a403e0fad7c322855c9a7559a585475e7f1347a109790503
2efe526dc817b96a4822fdfbee06c9100af12e59e1e3a20932e6745c35e09988
2f6c2c34730d1750fbeeafda24dea309bda720a0ba14518453b2314f778eda6c
3140d725f076fec762b22640c8a80c4f96fc5345e5d2081858f540c9395be220
3202f91086df9921bf8e3b1cfe00d430d235195fa3e2404377c2b2f42000cd99
32e2f51b7c073d9ffa72b18ddb1ee134d471e36e901c3f49aa61b28013160b34
33ca0a574612f3d1c32cbfa41440556463cadae2608bc6ecc90726275771bdc7
345d2b21b01c3d533a687d296a0214d36d2dd4d7f8acc772851bc49bee94a6aa
351eda368d41338c4554a8e9ea10ff5bba4b27776438dfb9adb67bee2721de27
38111edac6045a680d3d8f2f7d638f024047b53fcc055dc11250d40dd98ee2d1
3bf61eb35dc28ecc2881cbad93e07b97c42c215cdd03cba5572ffdcd0eab3265
3ca1be7fb0f10c09765a6b7bbe5cacd522ef68ca9656954e2ab93ebfbeadd5d5
3d4997e3de54c0bc7f4b845fb053c714d48c52eed08a18f7555b2abc003e1990
3f1df0bf2819fa8b0b3ddd7b0ce20305fbe8b92d6234fc46d57815d20754541a
3f25762cbf878575de21d2fac0757c522ea159e204e8c6fdf0b528ccad20afa2
3f6728a76d0bd8a4d6527388ed9059f3b56b6fe822ef4219b3417bfc65c3b274
41234e184791c80f9a83742fa6c197d988d2565c6608e0ee4e3373e93e31445b
4db5b8b0669983fbd58e681e81140d2cb5c7d0763d343016a178e83dc7df1cfd
52c93d4beae39b5288a3cb267d812797664c89f82eafdf9435193149b64c480c
55639d0f6de7e3d3d8205dc12f5d243178451e4afb9eaecd062a317f825ea527
55a06538e78e37d1075d20d7b565a41b7e4d851fa943791d2caa20e7626d50d1
55a9dfcc7fb458905a960b1d44c73ef9fd59c959393f31d0e5ecdf99e137a849
5679f29ecd4ef217d09efc2f24975ae464eaacb7f2a5d0c6d8f8826da7ec021b
57d7e335635b2bbec137dff9afc1d284e8efcff1cc28cd2ac92edc8ccddc3749
5a50c182c3abff5281695952c4a4e15735b198053c6ffca9e67d44a2aa8a4696
5ce07b0c2d3f35e8193b9da4e829480830b9e9c9b061392018cd37f2b372e54b
5e47fef36b8d94cbbd62a52420658b571bdf1603cffe87edd00a276d4d6928f3
5f8e45dd2eada0aa7f9746e369496a99ed0d1bc70ec364dc99066674373224f7
5f9800223ce8f0691ee91d0721640086a5022d8c27d9497adbef62b5b76678aa
6290b43b37dd2590fd9c5d74fbc9faf384eb0e8fe402dfba901dd9c530ab608a
631d2367c0fa2447811a1ce22c115bc828e6655cfedfc3ba4457ad8694cfd8ea
63229414edb249c22a6cdf3e2754b19bb02198ade86fb46af6e562e0e22918b8
65f0c65b5db3aa0568c7986479a4a3e909a05a84fb34ced48d70a2d628dd1444
666dcc08996aba0b6cca9bd8b2cf2f8d3968d7c496c13a52da52c5a5a23f8c04
67cde6c1e33ba068d019511f7ef65043e04f558350da9fc582e79267d0d36f52
68d0a56f118231878b6efb098e52c15c24d01bb1d8ad2f4d6d4237bc4dfc3f3b
6ac9fa4a572df7ae8001d71bfc68fa058f4387611061b8683388d57393fa33d6
6dab13fafddfef8d2887754d708471fc16938f98760c809649b374db290e9a1a
7116e4c1e6212fdcc6af90fe98df0df8b97d02387f69235d2006b1dc7dfcdff4
78661d3e6871b6e5c37f3113d811cb3dfc69546449e3b2c28095b6e7f28d9a7d
78a688bf794d2b0344741a5bd24831d2527d999e5395b8f19055b0b82805373d
7a9d4d3245169f56ad9bc167adec56c07184e6deef4256da99d14f7ed48dbdd4
7b4cb5b0d50ec1a51d1fac881065296d7a33abccaad9b0f6e67f2a2da136a23d
7cf1f2a2ebfd5a5260aed8221a68b10b294764821c1465af0ed8ac884a882b30
7e44b89888ba69b9a2e0fbf4cf2e26389f9ecf2711df12d0d286dbbebc1281b4
81419976c7e01b2408ed407e5a7e8e505478286c3d01df8f6d206824fc45189f
823af0ed59d37ff692a804950379a09490c6418e7b18629616ab9b6bc3b7d9ce
82da7bb07cf25157db0e2a0d86abf66d4657bd3bdbf0df82c806ad37cc2f2670
83ba7707bfe79a63651504c93f7a572d83f1effea66a3e9429a4b10f26c38899
83bcf6db343ac887a1fa044213341d8aac44115fcce7d7aad16107ff0c1ea0ec
8774d6086c4c6dedfbc82571bec2656a39ad57620b3242384e9436b0c6a91eb1
8bbe6871b13980a0c8d28ad8267ab8827abb9a9eb1f80691d0e91ffb57a8a51b
8efc2ee287b42948ff9ee59c8e331d2dd0ea09541139b5bb9c282cadefe5e8a5
91bf45bb362b5ab124a381e15a1483d5617bad00a28ea887770432c2bc80b157
929f0b3618d0160011013f1e00fcc9e51defae6b76bb585af955baaec25413a7
93019ef931f847b3f88047feb3c87914c648839920dfd0482fe4d640a106372e
935650ae2b5ed7fa1c4e27c084d660e0af387e2e1eed30f61dedaebae112b10f
961f2b3e92eba06b032c090511ab8fb8b65ff7f0b471c7bd22817061288f8368
9659835bfed3392755119d8685120842003bbab1d1310625cef721d9e940a288
9822ff5ce7974082b226d2b60b5f3f5bb0d175d5595995b9d10b7c796242e3ce
9abe5f8b85053850abb6e03c4fde96e2a2ea3f1d9220fdd307f18d5c371d50cd
9b01204c367b33010f85cfd42e023acd087dd548f8dfa8e68b18cacb45e1f876
9b0bc94ed45c7af6d0990a8a8b843c9b11fcdde17149849a8c56872b77bb8183
9f2c1f3ed67f960d3ba0f120c688de9a9ac07db0a32ef8ad2eec65e703fe62f3
9f7b1c49906eae527208ba88eada86422aa8b86c2820c74c68f56a62b693333b
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a132b202e134fc5a2a9179cf72ece97a614f94ba00bce8af1778633d2337557b
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a2e285c9f7c472800ad0ac72c8085b82ed56000b1de8ad3aeb7980b98ee7d31c
a3231d9c5077d6423b7ab05c50dbb1c953d5213c24ac287793b8217985743321
a70bc682227f91025f7f306869499621b8f350c058c5ae8c070db694532dafd0
a8021cf2dae7f4997b2c1a72ffe82fe2ad7fd4299ccfd7279c8fb8892ef0c495
a81b674bedff3bff07f4f79c82d99f7fb4abc4d051725c3d370506bbfc002540
a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb
aaaca262fe6fc64fafe54bd0236329a0ad10abe3ece58da67d89725ebf0589bf
aac225fb0961062b19f4f980fb4424f22652ba2d24a50bc4190ad57476f0a11f
ae396a5a0cea065cb4430f4adb864267784154828334af3151cecf5a5020132a
af345a4f2d59d19e76d1d83ff8b22db4aed9807cc0ed64d85042629a1faf450b
aff6e5d1740b33e9611dfd5f8c9aa4bb0842270f37bca94d654ef53ac21e422b
b0f424bafe993b016ea96973894f95dfc4290608478a2d7d3fdd080d9b0a60d1
b43930561a52851efe9c47f9deef3b1343a4f280933855a288ac9952330c35da
b8abac313c0dae8e2709ed36c1c1676d1a8a86c8e3a3965a179442e669c25afa
bf59f57ab858e8d4970262473de4f5a7e7fa18b836c9827e579af4654fb94b92
bfc89bb7b75673e8e83d8aa5ff747a0a069ed5b2a44a2a732a5353eb2f2e3198
c3996ced907a09be9c8cbac17bde56953fa8f5000dc8759ac8b692ab8e2c2c7a
c4d015fba7da1c2d0896be66eec8d84c1d73231aa050d8da4836a8ad638e259f
c62910cdaa9ca3408e925cac99b9f4368f73a9d8de089ba25471a9aefa9476d9
c7472f7ddd48154cafa5966a38a523318a4c9463190594712195bfaba962220a
c8055d0abce3e3194f05d9b67751bd4096a9cd8573c31539c6f3316ca45bf7b0
c91ebb44296a087c6734815b767b2631cf21cbb446757abe01d92ebb97323a4a
c98433e98decfbc9278b45b95d83623746fcdb2662870afdbc0d9cd6d84caf54
cab28dad12eb8b08a7c631e7f242d82922990d144b39444bf8a008aa2add19c6
cef387bd6938302d335cab8ac0f319e04575f1844f7762ef2e129852187d263c
cf9b8a68d7b854c401d427fd8fd5f1c49b5a5eeb23a878171529f810852cdd49
da5995c95c7f9a202fda3d0122954b75c75a3ea2b83156699118fb87a2f400d5
e0ca095aa0521c0bdeed5db0ab7bba91d4876f02f8a734e448c5d957ad4e47c1
e12e786013197aef083989a0591e05cd3fe5314a5ee838f224225069df5d2ccb
e46ae7646156ceff7f10d7adf0ce70c42fe739a24a769c52b7377f7985d56ecb
e4cb950f759cf04de04b107cf1a1d3d7beb457c57abbb06ba0e53353d6854435
e5bf597a0df391a0b7cab2127f1733e84b4a40185bcf3b1e08f776ab625c1cb4
e5c7d6eec6793799ee5594da6b8f51b2f2e5b49d6744ffca0e250613481ab452
e94f5c9ab17624e0617356aa0ce9b87c16a4a62e48ff8ccaabe6963072b76ef8
eb3be15be82444084b3a2ce9dec8ed35416cbd237cbf6904454fb56c896d0b01
eb8eb3e0c49d3f68ed782a41959bc3a0262ea4025b553bd30069beecc0d537b7
ec7121b47a89c0f8c46fc497009d41ebd3f25601b5485753d11bc366050a8e0e
ed75ede75b5c0944c5d43581211b6d17951dd92a4f11932dccaa56fd7636094d
edd2545f35d67cbed67c28c7f44e2b33856c359a5f8a54b6aa513d35776b5d0c
ee6184aa8ad5fa680d2808790bb04a001d8369d143b313da43af3794ab7ea3e5
f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
f33ca66db72fb7e064d1c6f1c45c697f45af3263f31baa271d41cb036acd1f1e
f5fa5d264f847e3bcd45c3aedbf330f93c59e6fe473ef54ff9f6aa59c3afffa0
f6da58ca59f2d4d96243cad2a0e35cdef45ded2eaa9f2288080cbb8f1a6b2e82
f95215165ee8d307ad2fc71dd85d719a5c746678925d6609897b9a969aeafbed
fccf5ac15c1f87152527ac52f878c87c370b0f101316ad1868338d9e645df70f
fcd5ede73d71dc3c5ad03d804457853cb598e1721f92c94603ccf084272c97a8
fd0087577c271b36d8fc5d37717b676f7a217bec2fb4bd5136768159ded5d46c

posts.specterops.io Open in urlscan Pro 52.0.16.118 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

146 Requests

100 %HTTPS

71 %IPv6

5 Domains

9 Subdomains

7 IPs

2 Countries

1693 kBTransfer

4021 kBSize

11 Cookies

86 Outgoing links

Page URL History

Redirected requests

146 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

posts.specterops.io Open in urlscan Pro
52.0.16.118 Public Scan

Screenshot
Live screenshot

Full Image

146
Requests

100 %
HTTPS

71 %
IPv6

5
Domains

9
Subdomains

7
IPs

2
Countries

1693 kB
Transfer

4021 kB
Size

11
Cookies

146 HTTP transactions
0 data transactions