posts.specterops.io Open in urlscan Pro
52.1.173.203 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb
Effective URL:
https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53d...
Submission: On December 09 via api (December 9th 2020, 3:30:38 pm UTC) from US

Summary HTTP 105 Redirects Links 55 Behaviour Indicators

Summary

This website contacted 14 IPs in 3 countries across 11 domains to perform 105 HTTP transactions. The main IP is 52.1.173.203, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is posts.specterops.io.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on March 3rd 2020. Valid for: a year.

This is the only time posts.specterops.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 10	52.1.173.203 52.1.173.203	14618 (AMAZON-AES) (AMAZON-AES)
1 1	2606:4700::68... 2606:4700::6810:7c7f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:6c0... 2a02:26f0:6c00:2a0::13b8	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
66	2606:4700::68... 2606:4700::6810:7991	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:824::200e	15169 (GOOGLE) (GOOGLE)
4	2600:1901:0:7... 2600:1901:0:7a0b::	15169 (GOOGLE) (GOOGLE)
1	143.204.101.224 143.204.101.224	16509 (AMAZON-02) (AMAZON-02)
1	65.9.73.67 65.9.73.67	16509 (AMAZON-02) (AMAZON-02)
1	184.24.4.155 184.24.4.155	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2600:1f18:24e... 2600:1f18:24e6:b901:bcd0:200b:98e:2fb9	14618 (AMAZON-AES) (AMAZON-AES)
1	52.6.153.244 52.6.153.244	14618 (AMAZON-AES) (AMAZON-AES)
1	3.219.37.68 3.219.37.68	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:9000:206... 2600:9000:206f:4400:19:9934:6a80:93a1	16509 (AMAZON-02) (AMAZON-02)
10	2606:4700:e2:... 2606:4700:e2::ac40:8a24	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2600:9000:210... 2600:9000:2104:3000:11:f728:3040:93a1	16509 (AMAZON-02) (AMAZON-02)
105	14

10 52.1.173.203 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

posts.specterops.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:7c7f (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:2a0::13b8 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

cdn.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

66 2606:4700::6810:7991 (United States)

ASN13335 (CLOUDFLARENET, US)

glyph.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
miro.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-client.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:824::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:1901:0:7a0b:: (United States)

ASN15169 (GOOGLE, US)

sessions.bugsnag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.101.224 (Seattle, United States)

ASN16509 (AMAZON-02, US)

d1z2jf7jlzjs58.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.73.67 (Seattle, United States)

ASN16509 (AMAZON-02, US)

cdn.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.24.4.155 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a184-24-4-155.deploy.static.akamaitechnologies.com

a16180790160.cdn.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:24e6:b901:bcd0:200b:98e:2fb9 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

browser-http-intake.logs.datadoghq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.6.153.244 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

logx.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.219.37.68 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

srv-2020-12-09-15.pixel.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:206f:4400:19:9934:6a80:93a1 (United States)

ASN16509 (AMAZON-02, US)

app.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2606:4700:e2::ac40:8a24 (United States)

ASN13335 (CLOUDFLARENET, US)

lightstep.medium.systems	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:2104:3000:11:f728:3040:93a1 (United States)

ASN16509 (AMAZON-02, US)

api2.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
67	medium.com 1 redirects medium.com glyph.medium.com miro.medium.com cdn-client.medium.com	818 KB
10	medium.systems lightstep.medium.systems	2 KB
10	specterops.io 1 redirects posts.specterops.io	50 KB
5	branch.io cdn.branch.io api2.branch.io	25 KB
4	bugsnag.com sessions.bugsnag.com	251 B
3	google-analytics.com www.google-analytics.com	19 KB
3	optimizely.com cdn.optimizely.com a16180790160.cdn.optimizely.com logx.optimizely.com	94 KB
2	datadoghq.com browser-http-intake.logs.datadoghq.com	93 B
1	app.link app.link	739 B
1	parsely.com srv-2020-12-09-15.pixel.parsely.com	229 B
1	cloudfront.net d1z2jf7jlzjs58.cloudfront.net	19 KB
105	11

	Domain	Requested by
33	cdn-client.medium.com	posts.specterops.io cdn-client.medium.com
23	miro.medium.com	posts.specterops.io
10	lightstep.medium.systems	cdn-client.medium.com
10	glyph.medium.com	posts.specterops.io glyph.medium.com
10	posts.specterops.io	1 redirects cdn-client.medium.com
4	api2.branch.io	cdn.branch.io
4	sessions.bugsnag.com	cdn-client.medium.com
3	www.google-analytics.com	posts.specterops.io www.google-analytics.com
2	browser-http-intake.logs.datadoghq.com	cdn-client.medium.com
1	app.link	cdn.branch.io
1	srv-2020-12-09-15.pixel.parsely.com	posts.specterops.io
1	logx.optimizely.com	cdn.optimizely.com
1	a16180790160.cdn.optimizely.com	cdn.optimizely.com
1	cdn.branch.io	posts.specterops.io
1	d1z2jf7jlzjs58.cloudfront.net	cdn-client.medium.com
1	cdn.optimizely.com	posts.specterops.io
1	medium.com	1 redirects
105	17

This site contains links to these domains. Also see Links.

Domain
medium.com
rsci.app.link
www.specterops.io
mattifestation.medium.com
web.archive.org
msdn.microsoft.com
www.w3.org
schemas.datacontract.org
schemas.microsoft.com
gist.github.com
github.com
www.exploit-monday.com
social.msdn.microsoft.com
docs.microsoft.com
creativecommons.org
about.medium.com
help.medium.com
policy.medium.com
itunes.apple.com
play.google.com

Subject Issuer	Validity	Valid
posts.specterops.io Sectigo RSA Domain Validation Secure Server CA	`2020-03-03` - `2021-03-03`	a year	crt.sh
cdn.optimizely.com DigiCert SHA2 Secure Server CA	`2020-01-20` - `2021-03-20`	a year	crt.sh
*.medium.com DigiCert SHA2 Secure Server CA	`2020-08-19` - `2022-10-05`	2 years	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
*.bugsnag.com Sectigo RSA Domain Validation Secure Server CA	`2020-05-18` - `2021-05-18`	a year	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2020-05-26` - `2021-04-21`	a year	crt.sh
*.branch.io DigiCert TLS RSA SHA256 2020 CA1	`2020-11-25` - `2021-12-25`	a year	crt.sh
*.cdn.optimizely.com GeoTrust RSA CA 2018	`2020-03-05` - `2021-06-04`	a year	crt.sh
*.logs.datadoghq.com Sectigo RSA Domain Validation Secure Server CA	`2020-05-31` - `2022-05-31`	2 years	crt.sh
logx.optimizely.com Amazon	`2020-09-21` - `2021-10-21`	a year	crt.sh
*.pixel.parsely.com Let's Encrypt Authority X3	`2020-11-27` - `2021-02-25`	3 months	crt.sh
appipv4.link Amazon	`2020-07-22` - `2021-08-22`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-04` - `2021-08-04`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
Frame ID: 1269F0C59967C46DF15AD7D34E2D4EC0
Requests: 96 HTTP requests in this frame

Frame: https://a16180790160.cdn.optimizely.com/client_storage/a16180790160.html
Frame ID: 391E10063712E423A9C3C8A1DACC01CA
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-... HTTP 307
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fposts.specterops.io%2Farbitrary-... HTTP 302
https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-... Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

105
Requests

100 %
HTTPS

60 %
IPv6

11
Domains

17
Subdomains

14
IPs

3
Countries

1025 kB
Transfer

3000 kB
Size

4
Cookies

55 Outgoing links

These are links going to different origins than the main page.

URL: https://medium.com/?source=post_page-----3d9294bc5efb--------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fposts.specterops.io%2Farbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb&source=post_page-----3d9294bc5efb---------------------nav_reg-----------
Title: Sign in

Search URL Search Domain Scan URL

URL: https://rsci.app.link/?%24canonical_url=https%3A%2F%2Fmedium.com%2Fp%2F3d9294bc5efb&~feature=LoOpenInAppButton&~channel=ShowPostUnderCollection&~stage=mobileNavBar&source=post_page-----3d9294bc5efb--------------------------------
Title: Open in app

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Farbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb&source=post_page-----3d9294bc5efb---------------------nav_reg-----------
Title: Get started

Search URL Search Domain Scan URL

URL: https://www.specterops.io/?source=post_page-----3d9294bc5efb--------------------------------
Title: specterops.io

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Farbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb&source=responses-----3d9294bc5efb---------------------respond_sidebar-----------
Title: What are your thoughts?

Search URL Search Domain Scan URL

URL: https://medium.com/@john.bergbom.vara?source=responses-----3d9294bc5efb----0----------------------------
Title: JohnVara Bergbom

Search URL Search Domain Scan URL

URL: https://medium.com/@john.bergbom.vara/the-following-blog-talks-about-the-issues-in-microsoft-workflow-compiler-exe-7b958a2ee98c?source=responses-----3d9294bc5efb----0----------------------------
Title: about 2 years ago

Search URL Search Domain Scan URL

URL: https://mattifestation.medium.com/?source=post_page-----3d9294bc5efb--------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=%2F_%2Fsubscribe%2Fuser%2Fe8e64b89121&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Farbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb&source=post_page-e8e64b89121----3d9294bc5efb---------------------follow_byline-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=%2F_%2Fbookmark%2Fp%2F3d9294bc5efb&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Farbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb&source=post_actions_header--------------------------bookmark_preview-----------

Search URL Search Domain Scan URL

URL: https://web.archive.org/web/20161212224652/http://subt0x10.blogspot.com/2016/09/bypassing-application-whitelisting.html
Title: msbuild.exe bypass

Search URL Search Domain Scan URL

URL: https://msdn.microsoft.com/en-us/library/h538bck7(v=vs.110).aspx
Title: Assembly.Load(byte[])

Search URL Search Domain Scan URL

URL: http://www.w3.org/2001/XMLSchema-instance
Title: http://www.w3.org/2001/XMLSchema-instance

Search URL Search Domain Scan URL

URL: http://schemas.datacontract.org/2004/07/Microsoft.Workflow.Compiler
Title: http://schemas.datacontract.org/2004/07/Microsoft.Workflow.Compiler

Search URL Search Domain Scan URL

URL: http://schemas.microsoft.com/2003/10/Serialization/Arrays
Title: http://schemas.microsoft.com/2003/10/Serialization/Arrays

Search URL Search Domain Scan URL

URL: http://schemas.datacontract.org/2004/07/System.Workflow.ComponentModel.Compiler
Title: http://schemas.datacontract.org/2004/07/System.Workflow.ComponentModel.Compiler

Search URL Search Domain Scan URL

URL: http://schemas.datacontract.org/2004/07/System.CodeDom.Compiler
Title: http://schemas.datacontract.org/2004/07/System.CodeDom.Compiler

Search URL Search Domain Scan URL

URL: http://schemas.datacontract.org/2004/07/System.Security.Policy
Title: http://schemas.datacontract.org/2004/07/System.Security.Policy

Search URL Search Domain Scan URL

URL: http://schemas.datacontract.org/2004/07/System.Reflection
Title: http://schemas.datacontract.org/2004/07/System.Reflection

Search URL Search Domain Scan URL

URL: http://schemas.datacontract.org/2004/07/System.CodeDom
Title: http://schemas.datacontract.org/2004/07/System.CodeDom

Search URL Search Domain Scan URL

URL: http://schemas.microsoft.com/winfx/2006/xaml
Title: http://schemas.microsoft.com/winfx/2006/xaml

Search URL Search Domain Scan URL

URL: http://schemas.microsoft.com/winfx/2006/xaml/workflow
Title: http://schemas.microsoft.com/winfx/2006/xaml/workflow

Search URL Search Domain Scan URL

URL: https://gist.github.com/mattifestation/67435063004effaac02809506890c7bb
Title: crude tooling

Search URL Search Domain Scan URL

URL: https://github.com/0xd4d/dnSpy
Title: dnSpy

Search URL Search Domain Scan URL

URL: http://www.exploit-monday.com/2017/07/bypassing-device-guard-with-dotnet-methods.html
Title: here

Search URL Search Domain Scan URL

URL: https://social.msdn.microsoft.com/Forums/en-US/a2281c32-9e09-4a12-95e7-4a83b90124e3/sample-xoml-file?forum=windowsworkflowfoundation
Title: this article

Search URL Search Domain Scan URL

URL: https://gist.github.com/mattifestation/3e28d391adbd7fe3e0c722a107a25aba
Title: here

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules
Title: canonical blacklist policy

Search URL Search Domain Scan URL

URL: http://www.exploit-monday.com/2016/09/using-device-guard-to-mitigate-against.html
Title: merge into your base policy

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=%2F_%2Fsubscribe%2Fcollection%2Fspecter-ops-posts%2F3d9294bc5efb&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Farbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb&source=post_sidebar--------------------------follow_sidebar-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=%2F_%2Fvote%2Fspecter-ops-posts%2F3d9294bc5efb&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Farbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb&source=post_sidebar-----3d9294bc5efb---------------------clap_sidebar-----------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=%2F_%2Fbookmark%2Fp%2F3d9294bc5efb&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Farbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb&source=post_sidebar-----3d9294bc5efb---------------------bookmark_sidebar-----------

Search URL Search Domain Scan URL

URL: http://creativecommons.org/licenses/by/4.0/
Title: Some rights reserved

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=%2F_%2Fvote%2Fspecter-ops-posts%2F3d9294bc5efb&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Farbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb&source=post_actions_footer-----3d9294bc5efb---------------------clap_footer-----------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=%2F_%2Fbookmark%2Fp%2F3d9294bc5efb&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Farbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb&source=post_actions_footer--------------------------bookmark_footer-----------

Search URL Search Domain Scan URL

URL: https://mattifestation.medium.com/?source=follow_footer-------------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=%2F_%2Fsubscribe%2Fuser%2Fe8e64b89121%2F3d9294bc5efb&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Farbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb&source=follow_footer-e8e64b89121-------------------------follow_footer-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=%2F_%2Fsubscribe%2Fcollection%2Fspecter-ops-posts%2F3d9294bc5efb&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Farbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb&source=follow_footer--------------------------follow_footer-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/@djhohnstein?source=post_internal_links---------0----------------------------
Title: Dwight Hohnstein

Search URL Search Domain Scan URL

URL: https://medium.com/@cmaddy?source=post_internal_links---------1----------------------------
Title: Christopher Maddalena

Search URL Search Domain Scan URL

URL: https://medium.com/@hausec?source=post_internal_links---------2----------------------------
Title: Ryan Hausknecht

Search URL Search Domain Scan URL

URL: https://medium.com/@Cyb3rWard0g?source=post_internal_links---------3----------------------------
Title: Roberto Rodriguez

Search URL Search Domain Scan URL

URL: https://medium.com/@enigma0x3?source=post_internal_links---------4----------------------------
Title: Matt Nelson

Search URL Search Domain Scan URL

URL: https://medium.com/@Cyb3rWard0g?source=post_internal_links---------5----------------------------
Title: Roberto Rodriguez

Search URL Search Domain Scan URL

URL: https://medium.com/@Cyb3rWard0g?source=post_internal_links---------6----------------------------
Title: Roberto Rodriguez

Search URL Search Domain Scan URL

URL: https://medium.com/@cmaddy?source=post_internal_links---------7----------------------------
Title: Christopher Maddalena

Search URL Search Domain Scan URL

URL: https://medium.com/about?autoplay=1&source=post_page-----3d9294bc5efb--------------------------------
Title: Learn more.

Search URL Search Domain Scan URL

URL: https://medium.com/topics?source=post_page-----3d9294bc5efb--------------------------------
Title: Make Medium yours.

Search URL Search Domain Scan URL

URL: https://about.medium.com/creators/?source=post_page-----3d9294bc5efb--------------------------------
Title: Share your thinking.

Search URL Search Domain Scan URL

URL: https://help.medium.com/hc/en-us?source=post_page-----3d9294bc5efb--------------------------------
Title: Help

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-terms-of-service-9db0094a1e0f?source=post_page-----3d9294bc5efb--------------------------------
Title: Legal

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/app/medium-everyones-stories/id828256236?pt=698524&mt=8&ct=post_page&source=post_page-----3d9294bc5efb--------------------------------

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.medium.reader&source=post_page-----3d9294bc5efb--------------------------------

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-privacy-policy-f03bf92035c9
Title: Privacy Policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb HTTP 307
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fposts.specterops.io%2Farbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb HTTP 302
https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

105 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb Show response
posts.specterops.io/
Redirect Chain

https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fposts.specterops.io%2Farbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb
https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

237 KB
48 KB

770ms
769ms

Document
text/html

52.1.173.203
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.1.173.203 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

nginx /

Resource Hash

0379b91735fd842a80f3cfc2d208e7f6a532290083cbc726310a049c6a1f70c2

Security Headers

Name	Value
X-Frame-Options	allow-from medium.com

Request headers

:method: GET
:authority: posts.specterops.io
:scheme: https
:path: /arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

server: nginx
date: Wed, 09 Dec 2020 15:30:05 GMT
content-type: text/html; charset=utf-8
sepia-upstream: medium
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
etag: W/"3b56f-hN8uz//HxfHnxDGY0vn34SdBK4M"
medium-fulfilled-by: valencia/main-20201208-013012-88d9391764, lite/main-20201208-210739-83135aa44b, rito/main-20201208-222258-c24876c3c0, tutu/medium-43207
set-cookie: uid=lo_e3dfade15ff9; Path=/; Expires=Thu, 09 Dec 2021 15:30:05 GMT; HttpOnly; Secure; SameSite=None sid=1:C2oF+r1oGGD6XDP1kAo+Tu8G1ElmaQ/C+P257LrJ4z88EHP5U7Oh3ZSVDHsvagHU; Path=/; Expires=Thu, 09 Dec 2021 15:30:05 GMT; HttpOnly; Secure; SameSite=None optimizelyEndUserId=lo_e3dfade15ff9; Path=/; Expires=Thu, 09 Dec 2021 15:30:05 GMT; Secure; SameSite=None
vary: Accept-Encoding
x-envoy-upstream-service-time: 640
x-frame-options: allow-from medium.com

Redirect headers

date: Wed, 09 Dec 2020 15:30:04 GMT
content-type: application/octet-stream
content-length: 0
set-cookie: __cfduid=d4c826ca95ba36f7a81638fc26429e3541607527804; expires=Fri, 08-Jan-21 15:30:04 GMT; path=/; domain=.medium.com; HttpOnly; SameSite=Lax uid=lo_e3dfade15ff9; Path=/; Domain=medium.com; Expires=Thu, 09 Dec 2021 15:30:04 GMT; HttpOnly; Secure sid=1:TgBDalX+y7lVQvjj/PAXa7m+p/4rQimUs/ssz7lDMFwShE4Is9Q6Ij3LAszAd8aX; Path=/; Domain=medium.com; Expires=Thu, 09 Dec 2021 15:30:04 GMT; HttpOnly; Secure; SameSite=None optimizelyEndUserId=lo_e3dfade15ff9; Path=/; Domain=medium.com; Expires=Thu, 09 Dec 2021 15:30:04 GMT; Secure; SameSite=None __cfruid=00db063c1bb163ebbeef976b4c80ffc1ab875225-1607527804; path=/; domain=.medium.com; HttpOnly; Secure; SameSite=None
sepia-upstream: medium
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-security-policy: default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://medium.com https://*.medium.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
expires: Thu, 09 Sep 1999 09:09:09 GMT
link: <https://medium.com/humans.txt>; rel="humans"
location: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
medium-fulfilled-by: valencia/main-20201208-013012-88d9391764
pragma: no-cache
x-content-type-options: nosniff
x-envoy-upstream-service-time: 46
x-frame-options: sameorigin
x-obvious-info: 20201209-0113-root,68c43429
x-obvious-tid: 1607527804870:c42c9edbe5f6
x-opentracing: {"ot-tracer-spanid":"02aabda104a0927b","ot-tracer-traceid":"4a8fd78b15dce4e2","ot-tracer-sampled":"true"}
x-powered-by: Medium
x-ua-compatible: IE=edge, Chrome=1
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: DYNAMIC
cf-request-id: 06e9b8c76f0000dfcf538c6000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 5fefc3ebeddcdfcf-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 16180790160.js Show response
cdn.optimizely.com/js/ 325 KB
93 KB 31ms
7ms Script
text/javascript 2a02:26f0:6c00:2a0::13b8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.optimizely.com/js/16180790160.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:2a0::13b8 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

AmazonS3 /

Resource Hash

2ba9fcef1642dde38d96ed077bad4e64c8c1c8b82ae6e53436954fea18d6e748

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-meta-pci_enabled: False
x-amz-version-id: rzLbgdjgT6Hg2dFrHILWAl1ENjW267zY
content-encoding: gzip
etag: "9f04021c1bd818218f703a29fae41c92"
x-amz-request-id: 300F3E251786F7EE
x-amz-server-side-encryption: AES256
x-amz-meta-revision: 5345
x-amz-replication-status: PENDING
access-control-allow-methods: GET, HEAD
server-timing: cdn;desc="AkamaiION";dur=0,rtt;desc="9";dur=0,cdnip;desc="2a02:26f0:6c00:2a0::13b8";dur=0,cdnmap;desc="a5048.dsca.akamaiedge.net";dur=0,proto;desc="h2";dur=0
vary: Accept-Encoding
content-length: 94625
x-amz-id-2: oUyOboAHgOddfC7jPydWGUyxa3FguSIr6wod8tAUf1D1p30fnCsfLSbeDygVu3VwIqi1zOi6t+o=
last-modified: Tue, 08 Dec 2020 20:44:16 GMT
server: AmazonS3
date: Wed, 09 Dec 2020 15:30:05 GMT
access-control-max-age: 86400
strict-transport-security: max-age=15768000
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: x-amz-meta-revision
cache-control: max-age=120
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: *

GET
H2 200 unbound.css
glyph.medium.com/css/ 10 KB
1 KB 69ms
41ms Stylesheet
text/css 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/css/unbound.css

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

521fc7ed31a9b3bf4aaf51ad52ca16362a8535c90d242fcbc425848dd6054019

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3512
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 06e9b8cb7a00002bf67b3be000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: text/css
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=14400
access-control-allow-credentials: true
cf-ray: 5fefc3f25bb92bf6-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Wed, 09 Dec 2020 19:30:05 GMT

GET
H2 200 1*aa0HsXZL43r95TuTJlJNPw.png
miro.medium.com/max/304/ 7 KB
7 KB 199ms
40ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/304/1*aa0HsXZL43r95TuTJlJNPw.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3b1c3db72fa6da00fe30f190a2b8ac5bb0bc1f8a1aa12b79d64a35c678b62b51

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 467199
x-envoy-upstream-service-time: 43
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6883
cf-request-id: 06e9b8cc8600002bf66f8f2000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20201103-004404-ec640a6618
accept-ranges: bytes
cf-ray: 5fefc3f40fb82bf6-FRA
expires: Fri, 08 Jan 2021 15:30:06 GMT

GET
H2 200 1*rzDEywT-rGMVud0vq03qfw.jpeg
miro.medium.com/fit/c/96/96/ 7 KB
7 KB 240ms
98ms Image
image/jpeg 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/96/96/1*rzDEywT-rGMVud0vq03qfw.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

27638e3a4e36b6a4a403e0fad7c322855c9a7559a585475e7f1347a109790503

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 675851
x-envoy-upstream-service-time: 76
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 7062
cf-request-id: 06e9b8cc8700002bf67036f000000001
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20201103-004404-ec640a6618
accept-ranges: bytes
cf-ray: 5fefc3f40fbb2bf6-FRA
expires: Fri, 08 Jan 2021 15:30:06 GMT

GET
H2 200 1*PFXJbVx5g3dvP5R9Dc9NLA.png
miro.medium.com/max/60/ 2 KB
2 KB 327ms
186ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*PFXJbVx5g3dvP5R9Dc9NLA.png?q=20

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8c21871c14cb1296124e962a1688611704d907b4b315d811ccb696e7953b0995

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 60
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1907
cf-request-id: 06e9b8cc8700002bf621be9000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20201103-004404-ec640a6618
accept-ranges: bytes
cf-ray: 5fefc3f40fbe2bf6-FRA
expires: Fri, 08 Jan 2021 15:30:06 GMT

GET
H2 200 1*IK9tpDRuJOU7CLAgcQK2uQ.png
miro.medium.com/max/60/ 824 B
923 B 362ms
222ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*IK9tpDRuJOU7CLAgcQK2uQ.png?q=20

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

75fd6243808ac45ccb94fe43229591b14f419e122dbd20ef87d24ef3d92e64dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 39
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 824
cf-request-id: 06e9b8cc8700002bf63529a000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20201204-214049-50583dcc3e
accept-ranges: bytes
cf-ray: 5fefc3f40fc22bf6-FRA
expires: Fri, 08 Jan 2021 15:30:06 GMT

GET
H2 200 1*f_d9jQrIiW3vLYQsF481mw.png
miro.medium.com/max/60/ 638 B
764 B 275ms
141ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*f_d9jQrIiW3vLYQsF481mw.png?q=20

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b8f0f4f758bed7e96849e00ed834dc72157377aa438a4d1941a028a06e4df55c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 89
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 638
cf-request-id: 06e9b8cc8800002bf66906d000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20201204-214049-50583dcc3e
accept-ranges: bytes
cf-ray: 5fefc3f40fc52bf6-FRA
expires: Fri, 08 Jan 2021 15:30:06 GMT

GET
H2 200 1*7zeJerlTHQ9NLsRj3AQrsA.png
miro.medium.com/max/60/ 666 B
765 B 300ms
178ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*7zeJerlTHQ9NLsRj3AQrsA.png?q=20

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b4abaad6b4fd24cac8cab882b214bdd8ce07d37d7af4b6c36d0fbf609e334df

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 64
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 666
cf-request-id: 06e9b8cc8800002bf651b71000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20201204-214049-50583dcc3e
accept-ranges: bytes
cf-ray: 5fefc3f40fc92bf6-FRA
expires: Fri, 08 Jan 2021 15:30:06 GMT

GET
H2 200 1*f47lerhzXjZH7MAGIpkOnQ.png
miro.medium.com/max/60/ 2 KB
2 KB 558ms
230ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*f47lerhzXjZH7MAGIpkOnQ.png?q=20

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

acc037ebdd36912e9770fe3449491ee4a2a8b2b574d26ae10b59c7a582f2b6ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 30
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1839
cf-request-id: 06e9b8ce6500002bf632252000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20201103-004404-ec640a6618
accept-ranges: bytes
cf-ray: 5fefc3f708d12bf6-FRA
expires: Fri, 08 Jan 2021 15:30:06 GMT

GET
H2 200 1*A_wB5XNL2s5B07BqStVfEA.png
miro.medium.com/max/60/ 2 KB
2 KB 532ms
229ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*A_wB5XNL2s5B07BqStVfEA.png?q=20

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5b317a799d9d84b7cb4f5643a2a1a7ea3a19d0b1562ca17de87bf5da1dd26478

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 62
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1820
cf-request-id: 06e9b8ce6800002bf66f930000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20201204-214049-50583dcc3e
accept-ranges: bytes
cf-ray: 5fefc3f708d22bf6-FRA
expires: Fri, 08 Jan 2021 15:30:06 GMT

GET
H2 200 1*rzDEywT-rGMVud0vq03qfw.jpeg
miro.medium.com/fit/c/160/160/ 16 KB
17 KB 514ms
210ms Image
image/jpeg 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/160/160/1*rzDEywT-rGMVud0vq03qfw.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f69d9f12637469fe5d3814942b650313f8e5bc84b961d5a812c5ddbb69c8c078

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 675851
x-envoy-upstream-service-time: 48
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 16818
cf-request-id: 06e9b8ce6500002bf625b07000000001
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20201103-004404-ec640a6618
accept-ranges: bytes
cf-ray: 5fefc3f708d32bf6-FRA
expires: Fri, 08 Jan 2021 15:30:06 GMT

GET
H2 200 1*D-FDlfkqivRBQZoESrwtqw.png
miro.medium.com/fit/c/160/160/ 6 KB
7 KB 512ms
209ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/160/160/1*D-FDlfkqivRBQZoESrwtqw.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df55e1647aaa31dc1a9879bb336faa6f878d2af6aec095a3b0dff0bdd909218f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 470140
x-envoy-upstream-service-time: 35
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6539
cf-request-id: 06e9b8ce6500002bf6352da000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20200804-190312-d5d253b55e
accept-ranges: bytes
cf-ray: 5fefc3f708d62bf6-FRA
expires: Fri, 08 Jan 2021 15:30:06 GMT

GET
H2 200 1*rzDEywT-rGMVud0vq03qfw.jpeg
miro.medium.com/fit/c/80/80/ 5 KB
5 KB 511ms
53ms Image
image/jpeg 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/80/80/1*rzDEywT-rGMVud0vq03qfw.jpeg

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

33e2f340aa38d101f7d1bd12b168f1b1fdb78b0083765a43c0600ce6518c04a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 675851
x-envoy-upstream-service-time: 42
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5069
cf-request-id: 06e9b8cee200002bf610975000000001
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20201103-004404-ec640a6618
accept-ranges: bytes
cf-ray: 5fefc3f7db0f2bf6-FRA
expires: Fri, 08 Jan 2021 15:30:06 GMT

GET
H2 200 1*D-FDlfkqivRBQZoESrwtqw.png
miro.medium.com/fit/c/80/80/ 3 KB
3 KB 37ms
26ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/80/80/1*D-FDlfkqivRBQZoESrwtqw.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

386ff0e96e4564b30a3ba03e97878f71c9deccf8829ccfe73f80657a951aa572

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1920430
x-envoy-upstream-service-time: 43
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2735
cf-request-id: 06e9b8cf9400002bf6040ab000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20201103-004404-ec640a6618
accept-ranges: bytes
cf-ray: 5fefc3f8ee2e2bf6-FRA
expires: Fri, 08 Jan 2021 15:30:06 GMT

GET
H2 200 1*m9stfP5To02Ziarv52aIRg.png
miro.medium.com/max/60/ 1 KB
2 KB 27ms
17ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*m9stfP5To02Ziarv52aIRg.png?q=20

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f803ef5c5cc5f74b0df51857edfd40092a47d82642017b3e2d4352aff819ab9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2328466
x-envoy-upstream-service-time: 36
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1240
cf-request-id: 06e9b8cf9400002bf651bc6000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20201103-004404-ec640a6618
accept-ranges: bytes
cf-ray: 5fefc3f8ee2f2bf6-FRA
expires: Fri, 08 Jan 2021 15:30:06 GMT

GET
H2 200 1*dy7MvBD79mkCTajDbSssBw.jpeg
miro.medium.com/max/60/ 993 B
1 KB 37ms
27ms Image
image/jpeg 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*dy7MvBD79mkCTajDbSssBw.jpeg?q=20

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1dd42b41715639d00fdd524dae4734968e91e05abb368514929b740af942ddb5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 464829
x-envoy-upstream-service-time: 47
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 993
cf-request-id: 06e9b8cf9400002bf60aaeb000000001
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20201103-004404-ec640a6618
accept-ranges: bytes
cf-ray: 5fefc3f8ee322bf6-FRA
expires: Fri, 08 Jan 2021 15:30:06 GMT

GET
H2 200 0*GHniN9KHMioCdUW5
miro.medium.com/max/60/ 3 KB
3 KB 454ms
444ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/0*GHniN9KHMioCdUW5?q=20

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

172f5b7d6aea73d3fb57d7638c740eeeff4b607a1aa0308d04b9b8f00ab49cc6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:07 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-envoy-upstream-service-time: 15
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2661
cf-request-id: 06e9b8cf9400002bf659986000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
cache-control: public, must-revalidate, max-age=2592000
medium-fulfilled-by: miro/main-20201205-010834-20724583e0
accept-ranges: bytes
cf-ray: 5fefc3f8ee342bf6-FRA
expires: Fri, 08 Jan 2021 15:30:07 UTC

GET
H2 200 1*ezJx8ZEu1Va14iscq_h5Gg.png
miro.medium.com/max/60/ 1 KB
1 KB 45ms
29ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*ezJx8ZEu1Va14iscq_h5Gg.png?q=20

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a373fcf6e68420792ae6977c1b7f2fe73082944f237ec333b8f45d28752507de

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 121138
x-envoy-upstream-service-time: 26
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1304
cf-request-id: 06e9b8cfbe00002bf65eb2e000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20201022-235030-74926b7bfe
accept-ranges: bytes
cf-ray: 5fefc3f93ef72bf6-FRA
expires: Fri, 08 Jan 2021 15:30:06 GMT

GET
H2 200 1*_yKdMthPwVpKYyHZnvrKJQ.png
miro.medium.com/max/60/ 4 KB
4 KB 36ms
29ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*_yKdMthPwVpKYyHZnvrKJQ.png?q=20

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a26fb182c4bdbe614059da22c59fbc361a8bcd754c9a370fdb031d16f0b29019

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1671603
x-envoy-upstream-service-time: 21
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3627
cf-request-id: 06e9b8cfbe00002bf664842000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20201103-004404-ec640a6618
accept-ranges: bytes
cf-ray: 5fefc3f93ef92bf6-FRA
expires: Fri, 08 Jan 2021 15:30:06 GMT

GET
H2 200 0*ji6keNd2kNMsDi-Z.png
miro.medium.com/max/60/ 830 B
1 KB 43ms
37ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/0*ji6keNd2kNMsDi-Z.png?q=20

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b3b4f1ce0d89e52e8e1e7e1005bd4ffd61a2124dbd2257a461520986b692a66d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 292261
x-envoy-upstream-service-time: 31
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 830
cf-request-id: 06e9b8cfc000002bf656bd4000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20201103-004404-ec640a6618
accept-ranges: bytes
cf-ray: 5fefc3f93efe2bf6-FRA
expires: Fri, 08 Jan 2021 15:30:06 GMT

GET
H2 200 1*YDlbuijY1qh1K0WhSIRFKw.png
miro.medium.com/max/60/ 4 KB
4 KB 38ms
24ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*YDlbuijY1qh1K0WhSIRFKw.png?q=20

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2d6656287fa1325f938441be0a1343b7946a17457f95f19770a8981ce392e307

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 292261
x-envoy-upstream-service-time: 50
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3749
cf-request-id: 06e9b8cfef00002bf64c1f0000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20201103-004404-ec640a6618
accept-ranges: bytes
cf-ray: 5fefc3f97fad2bf6-FRA
expires: Fri, 08 Jan 2021 15:30:06 GMT

GET
H2 200 0*yjzGtsFkfBpscrgE
miro.medium.com/max/60/ 868 B
1 KB 174ms
160ms Image
image/jpeg 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/0*yjzGtsFkfBpscrgE?q=20

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e2f8549af80d61cda0e562b2e750e07fb016c08106744ac871cf546c5695cfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:07 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-envoy-upstream-service-time: 15
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 868
cf-request-id: 06e9b8cfef00002bf667347000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, must-revalidate, max-age=2592000
medium-fulfilled-by: miro/main-20201205-010834-20724583e0
accept-ranges: bytes
cf-ray: 5fefc3f97fae2bf6-FRA
expires: Fri, 08 Jan 2021 15:30:07 UTC

GET
H2 200 1*Crl55Tm6yDNMoucPo1tvDg.png
miro.medium.com/max/270/ 10 KB
10 KB 53ms
49ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/270/1*Crl55Tm6yDNMoucPo1tvDg.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3642d3805e9ba66fb550403766a10734052136d07789afe554763dc5658d41f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 219432
x-envoy-upstream-service-time: 29
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 9821
cf-request-id: 06e9b8cfef00002bf6589f0000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20200804-190312-d5d253b55e
accept-ranges: bytes
cf-ray: 5fefc3f97faf2bf6-FRA
expires: Fri, 08 Jan 2021 15:30:06 GMT

GET
H2 200 1*W_RAPQ62h0em559zluJLdQ.png
miro.medium.com/max/270/ 7 KB
7 KB 32ms
22ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/270/1*W_RAPQ62h0em559zluJLdQ.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8b0c060701a878582fead05b30ef2d4786ef2dd4f61d58b56f1edd52fe91781b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:07 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 293346
x-envoy-upstream-service-time: 40
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6839
cf-request-id: 06e9b8d02800002bf65eb3c000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20201103-004404-ec640a6618
accept-ranges: bytes
cf-ray: 5fefc3f9d8b42bf6-FRA
expires: Fri, 08 Jan 2021 15:30:07 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
18 KB 130ms
22ms Script
text/javascript 2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Oct 2020 03:00:57 GMT
server: Golfe2
age: 2416
date: Wed, 09 Dec 2020 14:49:50 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18817
expires: Wed, 09 Dec 2020 16:49:50 GMT

GET
H2 200 manifest.d83ba023.js Show response
cdn-client.medium.com/lite/static/js/ 6 KB
4 KB 374ms
11ms Script
application/javascript 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/manifest.d83ba023.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

921bf22442dd2ef8c22225e144e08fe62dc6d8e1e94cc5a520bd08cdc3247ab9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 65079
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 507F98E6860B4F9C
x-amz-id-2: zP39+mfMwCtvA82hrDk/Oh/y7cP6+/BgeROPM7n2UBihRnTeuC8QfQwk5Iw8O4bSgBoYllts3EA=
last-modified: Tue, 08 Dec 2020 21:18:54 GMT
server: cloudflare
etag: W/"29e139b5ed24774ee8189045bf435f0a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: GEnerMbq7Bc_GFkD2n2bBdIqX3RE8F1O
cache-control: public, max-age=31536000
cf-request-id: 06e9b8cd7a00002bf61d94f000000001
cf-ray: 5fefc3f59c832bf6-FRA
expires: Thu, 09 Dec 2021 15:30:06 GMT

GET
H2 200 9121.f611c967.js Show response
cdn-client.medium.com/lite/static/js/ 637 KB
188 KB 399ms
36ms Script
application/javascript 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9121.f611c967.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c205fbcbd3d4d133275b003b64ee8b6eb1e4b60ea3c22d418cdfc704d308c1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 137146
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 4CB5635D8971D245
x-amz-id-2: 5KHyrEg8auJFMy/3UgR7LYDxTKgLhq0QGTp6WxlZP0tv5ZpjYzaRrZs+Y5OvR8SmL9owaJbLmmQ=
last-modified: Tue, 08 Dec 2020 01:17:08 GMT
server: cloudflare
etag: W/"2c0b9c3356ce7e7dc1de46f349e20ef6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: v657T44ibSOdKfJL7lLPRsjbASz.Cr.f
cache-control: public, max-age=31536000
cf-request-id: 06e9b8cd7c00002bf65113a000000001
cf-ray: 5fefc3f59c9a2bf6-FRA
expires: Thu, 09 Dec 2021 15:30:06 GMT

GET
H2 200 main.94fe47fe.js Show response
cdn-client.medium.com/lite/static/js/ 521 KB
136 KB 541ms
187ms Script
application/javascript 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/main.94fe47fe.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

375b99bf286b69b48ad9f38f5a6e43949eb9fff611985e7e05e591252099a66b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 65079
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 7FC6EA5F159A6BAA
x-amz-id-2: OydXz71yzBsffg0shVEQwqkGgE20X5Xm4L9oG++dGcI268gPbS/BYRAkB33KvrrvIJzQntRnA5w=
last-modified: Tue, 08 Dec 2020 21:18:49 GMT
server: cloudflare
etag: W/"3d54d8f5fc12b504eb0bc5ac72c1cdb6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: DD6I_ANvQQz.wwpp3gn1PT.yMr2c4WYK
cache-control: public, max-age=31536000
cf-request-id: 06e9b8cd8000002bf60aab9000000001
cf-ray: 5fefc3f59c962bf6-FRA
expires: Thu, 09 Dec 2021 15:30:06 GMT

GET
H2 200 5573.159bf40f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 62 KB
16 KB 359ms
146ms Script
application/javascript 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5573.159bf40f.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e94f5c9ab17624e0617356aa0ce9b87c16a4a62e48ff8ccaabe6963072b76ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 481276
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 9D584856367C9D21
x-amz-id-2: dCLxGReOzYie8cze7jTmxuhKT0Q4uVVp17EfYoN2lJgIGgeST5SVH5JBEhuTArEU3ydfzFjFxtM=
last-modified: Thu, 03 Dec 2020 23:15:32 GMT
server: cloudflare
etag: W/"285e9d718f6e570e00b30e966996ec1c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: ITKw14eLTdBpXYYcizy12uJ1fvpJcpCb
cache-control: public, max-age=31536000
cf-request-id: 06e9b8cd9500002bf68e8b8000000001
cf-ray: 5fefc3f5bd2a2bf6-FRA
expires: Thu, 09 Dec 2021 15:30:06 GMT

GET
H2 200 instrumentation.6c7d3023.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 5 KB
2 KB 335ms
122ms Script
application/javascript 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/instrumentation.6c7d3023.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a9f05176767df0836da32c46305c54bec4acf7f2834a20c674c697befc5facdf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 481276
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 9656D6EFDA501041
x-amz-id-2: VOKGaX0bHpDQXBfoWsGxt7va39jCkbDYd5hzYB4paqQeeia67deYzdHLXdW9u2Qc38YUubgysYM=
last-modified: Thu, 03 Dec 2020 23:15:49 GMT
server: cloudflare
etag: W/"5fd92731d5d10e1c5dbc8a61f01d5438"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: rdbclXgQJw2UH3jMm0Ma6pqyuPSbbhkQ
cache-control: public, max-age=31536000
cf-request-id: 06e9b8cd9600002bf67299e000000001
cf-ray: 5fefc3f5bd2f2bf6-FRA
expires: Thu, 09 Dec 2021 15:30:06 GMT

GET
H2 200 reporting.b50ddc2d.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 1 KB
1008 B 334ms
121ms Script
application/javascript 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/reporting.b50ddc2d.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa2dd9c6c6bee12a0cca4028e00596d648df446fbcf3a5a961f4cd623646120a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 481276
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: BEBB3E6358A682DB
x-amz-id-2: rjzPptXcROil6Ljg8jazYcOVftg/NHEaoc9NYaxs2EOtDOvN/q1c318y/87d6hVwHx7r/Hotv90=
last-modified: Wed, 02 Dec 2020 02:33:28 GMT
server: cloudflare
etag: W/"ce47107539335a2f0c2d416eaef7564c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: e511.KOBnWUWMmWLPcR5pw_K4htHU03F
cache-control: public, max-age=31536000
cf-request-id: 06e9b8cd9400002bf651b8e000000001
cf-ray: 5fefc3f5bd332bf6-FRA
expires: Thu, 09 Dec 2021 15:30:06 GMT

GET
H2 200 1826.f1c2fa77.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 24 KB
11 KB 68ms
23ms Script
application/javascript 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1826.f1c2fa77.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

de734b8e6595ce48b70090b3d1b0cc145dd958ad7a6ae5f0e70b25a113a90968

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 481276
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 861894AB7BE83874
x-amz-id-2: nKrCPAkwnYLPJqrtP7C6X8yQT6PzIRBY9/aXpF2MQAcmKZZK6g0nVsxbmk8QHtOPM6YA4j+NMR0=
last-modified: Wed, 02 Dec 2020 02:33:01 GMT
server: cloudflare
etag: W/"8b3f85470be88b2a575fc6fd6cc1ccc0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: oCKXpQ17eTS3Cg.PCGotxBa7WdqzOGF1
cache-control: public, max-age=31536000
cf-request-id: 06e9b8cf8d00002bf630093000000001
cf-ray: 5fefc3f8ee142bf6-FRA
expires: Thu, 09 Dec 2021 15:30:06 GMT

GET
H2 200 4464.c01c0ad8.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
4 KB 62ms
18ms Script
application/javascript 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4464.c01c0ad8.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7c641f892f22057d280574902211a972b66f21887b9605d6373420616c2998b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 481276
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 05A6FF98BD07242E
x-amz-id-2: wOx4GfF2VOlUrCDB/1k8a9MPM0Nj6l7AYB3Vgof8UgB+qYxPd7T6AOl/YNIwQY4Nyv8Dg1j2/WA=
last-modified: Wed, 02 Dec 2020 02:33:01 GMT
server: cloudflare
etag: W/"be8b2bc1f024eb0a68f616793b7f8507"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: NkqEyknZNpQQsnJ_0Ysu16usgj0oaHmU
cache-control: public, max-age=31536000
cf-request-id: 06e9b8cf8d00002bf6293f1000000001
cf-ray: 5fefc3f8ee162bf6-FRA
expires: Thu, 09 Dec 2021 15:30:06 GMT

GET
H2 200 8342.6aa0b45e.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 120 KB
34 KB 49ms
23ms Script
application/javascript 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8342.6aa0b45e.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0e86fe8c1606e924a4e97954c26536fa5e607a8e80245236f29fc2dd94451107

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 481276
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 774A3BAC62216CA5
x-amz-id-2: 1lgy8xHDqskYRzC4HqpJV59M2FHYLLmGwWXIbjyyTJZqtz5EldZM3d7oE7xsdHkZ21g+q48pXn4=
last-modified: Fri, 04 Dec 2020 01:36:09 GMT
server: cloudflare
etag: W/"5daacb41c4e6b401be87ada016250ea8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: qonxwwJqyV0gWQau_ewBCZXsv6ZIxVW0
cache-control: public, max-age=31536000
cf-request-id: 06e9b8cf8e00002bf61a919000000001
cf-ray: 5fefc3f8ee1d2bf6-FRA
expires: Thu, 09 Dec 2021 15:30:06 GMT

GET
H2 200 1148.bd3f861a.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 6 KB
3 KB 43ms
17ms Script
application/javascript 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1148.bd3f861a.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

05e2a61e03d7cd3341d529c3b9ea6f8c30c4df7a7e9df38f3c5360c74d6cf0ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 138966
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: BE7282E4FC1F1DE5
x-amz-id-2: KrOtGWZUR+BvLSJvcEcgoxU3r4pny7DYCmVKlO1CNJlSUnsWOj6/WiKotiuzbyhtyhS8QHwS5Tg=
last-modified: Tue, 08 Dec 2020 00:44:16 GMT
server: cloudflare
etag: W/"8e2ab5eb6245ca29ec029494d14c8d6d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: _Kb9V3rHdAmlJ5rMzMUiWMiZW3T2R8LT
cache-control: public, max-age=31536000
cf-request-id: 06e9b8cf8f00002bf6758b1000000001
cf-ray: 5fefc3f8ee1e2bf6-FRA
expires: Thu, 09 Dec 2021 15:30:06 GMT

GET
H2 200 5064.b66b3976.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 115 KB
32 KB 47ms
31ms Script
application/javascript 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5064.b66b3976.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9f93ade7ba52de8154c7d07ac989e165c725afc95fb79f894e1bafd2beeca98d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 137145
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 9A64B78AD0F5B670
x-amz-id-2: HHnRelIoj6tFmLUvwOn9yaZXoASaKDKBnxelAO3BVdYirOCsS6MJsqapGpT9atMzdhfeLM1kZos=
last-modified: Tue, 08 Dec 2020 01:17:07 GMT
server: cloudflare
etag: W/"086a8226a555f770d721bdea0fc002a5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: 3yfFYgpdUnThqQoxjw0r6jJ_jZd4JHXq
cache-control: public, max-age=31536000
cf-request-id: 06e9b8cfbe00002bf6472f5000000001
cf-ray: 5fefc3f92eed2bf6-FRA
expires: Thu, 09 Dec 2021 15:30:06 GMT

GET
H2 200 9274.d44d5b08.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 18 KB
6 KB 44ms
28ms Script
application/javascript 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9274.d44d5b08.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cd8d4595c6aa6146c192d1701bcf30e71760118c403dd9fd4a22b5c72471f48f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 137145
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 8ED5ECAAB871C2F3
x-amz-id-2: Dxbqu5FQIHYAbK9Bf53bJdvLbrOD63LYy58IqJqkneDZ7DRYPnyCa/wxzgKvhWf3LpS6/Dh7OGE=
last-modified: Tue, 08 Dec 2020 01:17:08 GMT
server: cloudflare
etag: W/"ab802e02ab74b1e1da29daaac037b0b3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: y3ysaVTadJw_erEVpT8k1xxRBOvnkR44
cache-control: public, max-age=31536000
cf-request-id: 06e9b8cfbd00002bf67883b000000001
cf-ray: 5fefc3f92eee2bf6-FRA
expires: Thu, 09 Dec 2021 15:30:06 GMT

GET
H2 200 2846.b6dc3679.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 17 KB
6 KB 52ms
36ms Script
application/javascript 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2846.b6dc3679.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

46320e3ddfbb772e11661cb7a039e4225aa47a96940ff45a2a0e31ac9a3278e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 481276
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 1A9A299E860FD29B
x-amz-id-2: JxiEE+2p/LWBeWq2OYbcLOYjMpPrAeajqVLNpJ1v/Mrh+IXMfZMp0KbdVQGuRcyxp+Jvr5Quunk=
last-modified: Fri, 04 Dec 2020 01:36:08 GMT
server: cloudflare
etag: W/"b576ece1fa1decc0429aaa0baafb9826"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: 0gkLcOpKS9EyCguiFQpnmSisHbxwOYor
cache-control: public, max-age=31536000
cf-request-id: 06e9b8cfbe00002bf64c1e9000000001
cf-ray: 5fefc3f92ef02bf6-FRA
expires: Thu, 09 Dec 2021 15:30:06 GMT

GET
H2 200 2427.93761ab1.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 54 KB
15 KB 38ms
35ms Script
application/javascript 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2427.93761ab1.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9c7a99ac8d20b5481ec24f11df06075866f9d31cc30a4040b6a57742a6b73de8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 65078
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: D9F94FAC6A6D9D25
x-amz-id-2: m9onP/Snx4qyk0nqf7gZQkZlvB3b5tDqAX5sndfjpqnKK2HhwS15PuWNZxHhtp4gtLgqY/KtnlA=
last-modified: Tue, 08 Dec 2020 21:18:30 GMT
server: cloudflare
etag: W/"14950befca58fe56558154d71a2aae41"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: svfea0h2YY8fDnbzsfKi_3c4u5B4eeIP
cache-control: public, max-age=31536000
cf-request-id: 06e9b8cfbf00002bf61d999000000001
cf-ray: 5fefc3f93efc2bf6-FRA
expires: Thu, 09 Dec 2021 15:30:06 GMT

GET
H2 200 7993.94bd472b.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 24 KB
8 KB 40ms
26ms Script
application/javascript 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7993.94bd472b.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b47e5c3a0abcc6848d2c50e27ef7a019b273428c52b0ccaadb4dba57190a08fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 137145
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 9603FF6D1A184926
x-amz-id-2: Wj1rjFydnTY60vBnjoFNZ1bNYhPiB04jyai/fe5nHCmU1Z6Vvf7QhkIYm1TliMSG1kdj3P/XhvQ=
last-modified: Tue, 08 Dec 2020 01:17:07 GMT
server: cloudflare
etag: W/"f35964ab268a245336d600aa291bab59"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: 3eRB6QWUt0NKeyOOCTN8L1h0PVQjemzq
cache-control: public, max-age=31536000
cf-request-id: 06e9b8cfee00002bf661268000000001
cf-ray: 5fefc3f97fa02bf6-FRA
expires: Thu, 09 Dec 2021 15:30:06 GMT

GET
H2 200 6839.59bfb996.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 11 KB
4 KB 31ms
27ms Script
application/javascript 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6839.59bfb996.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be412aedb38637bb0a7bccc01291c97a071a6080b711df06bdc798a8296afcda

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 481276
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 642B516223857DBD
x-amz-id-2: aEsFjqHJdcPg+BtSs+hYqVU5I1k2bv9UaYVPsQFfUrYZWsUl5P/5cY4TOX8b/NT/e0WiKR8Vf0M=
last-modified: Fri, 04 Dec 2020 01:36:09 GMT
server: cloudflare
etag: W/"6e1a6cc88843865c8a4f84d091a121f9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: wjewdVpj6QcMlnJI2mWREymatGe16G3o
cache-control: public, max-age=31536000
cf-request-id: 06e9b8cfee00002bf6729de000000001
cf-ray: 5fefc3f97fa32bf6-FRA
expires: Thu, 09 Dec 2021 15:30:06 GMT

GET
H2 200 353.b88f9693.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 25 KB
9 KB 54ms
50ms Script
application/javascript 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/353.b88f9693.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

77e22a09aedc61668bda8af4b4194d107d5ad1d5248c6d2a402865fa743557b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 137145
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: F47187FE2ABAEEE5
x-amz-id-2: 2ZpxSNdnV6ogDOER2sbHQTzxexP8mx6QwdG4Eqm3S6UftqFaomTYv1vqbGofiEIfN3E58yPjdMs=
last-modified: Tue, 08 Dec 2020 01:17:07 GMT
server: cloudflare
etag: W/"15206cd162ed8ca036b24d146ccf97ca"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: eooBPUrlhz8Nn5GoSFGHhpUDPY_WgmIx
cache-control: public, max-age=31536000
cf-request-id: 06e9b8cfee00002bf60f8b1000000001
cf-ray: 5fefc3f97fa52bf6-FRA
expires: Thu, 09 Dec 2021 15:30:06 GMT

GET
H2 200 8751.54f859e5.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 15 KB
6 KB 28ms
26ms Script
application/javascript 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8751.54f859e5.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8a7f42635e0ba9814cc6000cd375cf7b335e59988b2c354e19ee80fe39259bfe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 137145
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 3Q2G9YAGEJDR2QBR
x-amz-id-2: wRxqblmsXurla3oKSZskGNDI0SJCEF6yqyxqjKXWI3AuF3gFqq+JNp/uQ6IHx6l8Mk6cRm/tg3w=
last-modified: Tue, 08 Dec 2020 01:17:08 GMT
server: cloudflare
etag: W/"856c18ead7de175e1db6f0b538ec7f72"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: hXXWZU3uL9S4yc7.keLuPEP17vn9eAl7
cache-control: public, max-age=31536000
cf-request-id: 06e9b8cfee00002bf6472fa000000001
cf-ray: 5fefc3f97fa92bf6-FRA
expires: Thu, 09 Dec 2021 15:30:06 GMT

GET
H2 200 2054.be496b55.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 21 KB
7 KB 36ms
26ms Script
application/javascript 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2054.be496b55.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8202f90ce272dc04bed1e8adcc3f24d62cd2f53e249ba4e4026e7d6f569d5787

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 137146
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 9E001E2472E41C81
x-amz-id-2: R1ii/UmZJbSXfofrL+EMYbttDunkzqvBRFvFRMFjW0j/jTAlhjcItpizNNtA/eyF9nBzvvAIlk4=
last-modified: Tue, 08 Dec 2020 01:17:06 GMT
server: cloudflare
etag: W/"4ba614db6fb46f2377b98a74dd537493"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: KQBdTgF3s6zQHQ9dAOvR_Hr9J8kblRNY
cache-control: public, max-age=31536000
cf-request-id: 06e9b8d02700002bf625b32000000001
cf-ray: 5fefc3f9d8ab2bf6-FRA
expires: Thu, 09 Dec 2021 15:30:07 GMT

GET
H2 200 8127.ae5a6560.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 11 KB
5 KB 35ms
25ms Script
application/javascript 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8127.ae5a6560.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d795430051b0a0d7cd648375d2d0b7d56d2fba6a05748db819e3d69e57f30313

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 137146
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 7HFX7ZAQ0P9K0N4R
x-amz-id-2: +doPKV4fQR0YFCc9EvtMyjVRybvLTt+dDxw8Qse1stfS2jXN7VBnTy9x0FPOtv25MAJsSCKxXSE=
last-modified: Tue, 08 Dec 2020 01:17:07 GMT
server: cloudflare
etag: W/"7eafd2c8e589634866df83303824f5e3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: vPh_gRD6Z4bZBOgmyv.xCp.srBn0z10Q
cache-control: public, max-age=31536000
cf-request-id: 06e9b8d02700002bf61b338000000001
cf-ray: 5fefc3f9d8ae2bf6-FRA
expires: Thu, 09 Dec 2021 15:30:07 GMT

GET
H2 200 7131.89356e3f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 18 KB
6 KB 32ms
23ms Script
application/javascript 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7131.89356e3f.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d6434b51d97ca50ddf5e1836b63da8a9bb69584e67d060b741f69693c29dca86

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 433706
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 72C4686E75B819F9
x-amz-id-2: l0ebTK/jNMCP+l2wz8Hvol8oQM/tlKbnnX4BgSZmXN3JYqZT/hkOaueZXsT8qS1zNFJ1wcIujvQ=
last-modified: Fri, 04 Dec 2020 01:36:09 GMT
server: cloudflare
etag: W/"a9327310a734c7db1ebe54ffcdb0656b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: KPL4Cbf30ANEXgbydS6z0VMxBttssk7T
cache-control: public, max-age=31536000
cf-request-id: 06e9b8d02800002bf6703cd000000001
cf-ray: 5fefc3f9d8b02bf6-FRA
expires: Thu, 09 Dec 2021 15:30:07 GMT

GET
H2 200 8825.76331130.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 13 KB
5 KB 23ms
21ms Script
application/javascript 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8825.76331130.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1502b693292e36b887e4d95fd6fa224da26f533c0b3e209ca60fd33ba14f630f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 433706
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 27A3D49962FA5E4F
x-amz-id-2: xiZyCQHKtFni/SMaqP/m4VfyEW5t8gDzANEgc1Aje6vDHmGX2ofBFpSwDhG5UPmBfar1Xd/LP/Q=
last-modified: Fri, 04 Dec 2020 01:36:10 GMT
server: cloudflare
etag: W/"9361e637ed4c75a5da01a0f7ce1811de"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: s78uT023PcOzuheOL4gkBq_Aqt5YjqOF
cache-control: public, max-age=31536000
cf-request-id: 06e9b8d02800002bf678846000000001
cf-ray: 5fefc3f9d8b22bf6-FRA
expires: Thu, 09 Dec 2021 15:30:07 GMT

GET
H2 200 5279.aea5f010.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 14 KB
6 KB 51ms
40ms Script
application/javascript 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5279.aea5f010.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

007a3ceeeacb855b57044d7f63cca341b9b3d6acce28fb5fde47509bcf261830

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 137146
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: E4A5DDB7AF70566E
x-amz-id-2: dRVArz1SIheeDk6ULUEpss8ze6CmGAKOUxoPLDaeaCyFMYcoKZtXfP0qPxFnKsVE+G4W7Rt9USI=
last-modified: Tue, 08 Dec 2020 01:17:07 GMT
server: cloudflare
etag: W/"09e6ad5957e73faa8aa2f74f4ead5490"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: Pa_cgbccWagALEFMjOsZwO3g1faVO_cP
cache-control: public, max-age=31536000
cf-request-id: 06e9b8d04f00002bf6182d3000000001
cf-ray: 5fefc3fa09282bf6-FRA
expires: Thu, 09 Dec 2021 15:30:07 GMT

GET
H2 200 9978.f67bbc2b.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 11 KB
4 KB 33ms
23ms Script
application/javascript 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9978.f67bbc2b.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f3db187198f5639dd6a8c4b5115f41a220cbe3bee687701eaa7df100a0db01c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 137146
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: F28F6FD68B7E1AD1
x-amz-id-2: EdaJyaTnBRLQgUygSV9lzpO5J9GnDQASINbCasdFe4T50U0sEgBKEjyolbuCc+wzx48z03fzy/k=
last-modified: Tue, 08 Dec 2020 01:17:08 GMT
server: cloudflare
etag: W/"69336e33ca864d1a4e62aba81c526075"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: LqSiew6mVzVEUXHegV8C0Q4TfYOQOKP6
cache-control: public, max-age=31536000
cf-request-id: 06e9b8d04900002bf61d9a7000000001
cf-ray: 5fefc3fa092b2bf6-FRA
expires: Thu, 09 Dec 2021 15:30:07 GMT

GET
H2 200 3721.79b84c1f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 73 KB
21 KB 62ms
61ms Script
application/javascript 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3721.79b84c1f.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

36571b71f03f6c752b60a00763b40704c6f448114da84b45dc25e7fbf88110ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 137146
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: B1D3D88E1959CA23
x-amz-id-2: 4j+v8BPnpLlboMbO9RUr3bPDLHeWwhV42CW+K4TODGlLS/5eYf5X7jYv7PG/vYsNtL/f6cgeKMI=
last-modified: Tue, 08 Dec 2020 01:17:07 GMT
server: cloudflare
etag: W/"395a5a628d83cd3f01d0e2fbdf76b284"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: Y_UUj0zsUJ9RXPrsiiTVqAGX3rnTUEkJ
cache-control: public, max-age=31536000
cf-request-id: 06e9b8d04a00002bf6051c7000000001
cf-ray: 5fefc3fa19312bf6-FRA
expires: Thu, 09 Dec 2021 15:30:07 GMT

GET
H2 200 2514.754d3e0a.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 17 KB
6 KB 31ms
30ms Script
application/javascript 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2514.754d3e0a.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7475c87abd172266d9e131895bf48b8861f35a6d0820dfaf3e052a84734fde08

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 137146
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: EB4D15F76B0CD085
x-amz-id-2: skiH/O9bKjJZ7AhwzplyFIYJ3mqppEBsnlr5oyCBTMiNjIshxwo73jxIrmD+kGnb0CV1emXLUKc=
last-modified: Tue, 08 Dec 2020 01:17:07 GMT
server: cloudflare
etag: W/"4b3db3a03c6e8a0ac7a692a1bd878506"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: dYUx_aPLwSwOn7WxTUnj2zpUT8lHQV5t
cache-control: public, max-age=31536000
cf-request-id: 06e9b8d04e00002bf67b053000000001
cf-ray: 5fefc3fa19332bf6-FRA
expires: Thu, 09 Dec 2021 15:30:07 GMT

GET
H2 200 2602.c7baa923.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 14 KB
5 KB 37ms
36ms Script
application/javascript 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2602.c7baa923.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f6ab7b69191afc5c8e89a49bc892211503579ea0e01474a022f642dec04b70bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 137146
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 3T0X9WDW5RFG3R9G
x-amz-id-2: yUMX0BqDK9Sb0GwiduoD4/KltKeLXGBzpkCBpLen/MdwNeEgSH0dKPfd/LZv9wEwDdjc5qIN204=
last-modified: Tue, 08 Dec 2020 01:17:07 GMT
server: cloudflare
etag: W/"79911092c67eba5ea944931b02441fb4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: X2Q4F81LEn_vnsI_chPQHmBPiXz6f_6N
cache-control: public, max-age=31536000
cf-request-id: 06e9b8d06200002bf64306b000000001
cf-ray: 5fefc3fa39a52bf6-FRA
expires: Thu, 09 Dec 2021 15:30:07 GMT

GET
H2 200 6585.a1fe0211.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 14 KB
5 KB 80ms
22ms Script
application/javascript 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6585.a1fe0211.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3f402b2b32ac29ecfbb38a4c3fab29cdffc9e438b22471f275a7b464816fc989

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 481277
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: E78B310B102F5F0E
x-amz-id-2: JHUeNNycJos2GgeFTn60uL7NgoR08NdfojPZeoKLEN/eBbOCt+3sU5Uzd6mQl1pFpLE/9DSNaD8=
last-modified: Fri, 04 Dec 2020 01:36:09 GMT
server: cloudflare
etag: W/"a9f67946ea6c7c848063f470feb66037"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: uJ0og.RH9T4XU3Zb4DcfjOH9To7gP2rc
cache-control: public, max-age=31536000
cf-request-id: 06e9b8d0af00002bf651bee000000001
cf-ray: 5fefc3faaad62bf6-FRA
expires: Thu, 09 Dec 2021 15:30:07 GMT

GET
H2 200 1838.61bb009f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 134 KB
36 KB 44ms
29ms Script
application/javascript 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1838.61bb009f.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dd3fa87bf1e3e1ac8c550d89c12ebf990b70d09836f4ceb7f1db43655b5d08fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 82911
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 1Q3V0REGDHFT7YDR
x-amz-id-2: rlvyCubRL7iv+F7Q4HBFBQX7XSbxQFPg6Uh246Y9k/sY3qY1aer67oCoayGjvMQtd09cy5jZx0A=
last-modified: Tue, 08 Dec 2020 16:21:01 GMT
server: cloudflare
etag: W/"704ea93075e2579169510f6f080d8747"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: c5U.7xA1bbNztvOs6XyClBvGm8bM2wid
cache-control: public, max-age=31536000
cf-request-id: 06e9b8d0b000002bf661281000000001
cf-ray: 5fefc3fabaef2bf6-FRA
expires: Thu, 09 Dec 2021 15:30:07 GMT

GET
H2 200 9889.31e1bb58.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 18 KB
7 KB 46ms
31ms Script
application/javascript 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9889.31e1bb58.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

17421cfc9f306901b8e02e7c647ac4c2a3e600f9fd37a21215cedfda0fe1ffdc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 65078
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 4E788D7A4526209F
x-amz-id-2: isnd+0sv+lnMvcoNMTeYzyH978CdPb3M+MufLAuJeX8aEb035mPNt3ldoLScXRuVKCFYw5KRVxo=
last-modified: Tue, 08 Dec 2020 21:18:32 GMT
server: cloudflare
etag: W/"9942f82faea74e27e7f63373e18a2ece"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: am8vtxulaJXzWs_oM1jfOr8Rz05i1fks
cache-control: public, max-age=31536000
cf-request-id: 06e9b8d0b100002bf60f8cc000000001
cf-ray: 5fefc3fabaf52bf6-FRA
expires: Thu, 09 Dec 2021 15:30:07 GMT

GET
H2 200 3981.88ac0bd8.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
4 KB 32ms
28ms Script
application/javascript 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3981.88ac0bd8.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cd9760ce392adefbd4579cad6467434ac8e9088ffa9fe11e3482411f7bf0e643

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 481277
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: F78FCF8C97BBC7FE
x-amz-id-2: AoT4/Ijodgi80e9YtB206rrp6vx2xe7cRD6jXud0SWYYrcfbDRsV84q7+yFu/+ncwBFup5S5B6Y=
last-modified: Fri, 04 Dec 2020 01:36:09 GMT
server: cloudflare
etag: W/"690d3890f15ae31baf924d5a3c0417f3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: fKq60cL3pu9Yr9v_skanzQp66SUOB08w
cache-control: public, max-age=31536000
cf-request-id: 06e9b8d0b100002bf61a939000000001
cf-ray: 5fefc3fabaf62bf6-FRA
expires: Thu, 09 Dec 2021 15:30:07 GMT

GET
H2 200 Post.de9e5e5f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 2 KB
1 KB 26ms
25ms Script
application/javascript 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/Post.de9e5e5f.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

992db340e99786515f634e0bc51616e3a8f9db8be0bb8a248d6daedda8ead28b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 481277
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 741ED1D578FF10F1
x-amz-id-2: fUM3z2N1okIMZCs5m28Av2XQosfrHEKAko0vgDTFtJ1TW8OT4vlsi1XFuSHfOk6X/fr8nVZ8XvE=
last-modified: Thu, 03 Dec 2020 23:15:42 GMT
server: cloudflare
etag: W/"21825070da83393f39ee9bc6288e8ad3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: 9ZPflPnVdHTreFWXz2MS4HvsmaiBX3YU
cache-control: public, max-age=31536000
cf-request-id: 06e9b8d0c600002bf678859000000001
cf-ray: 5fefc3fadb4b2bf6-FRA
expires: Thu, 09 Dec 2021 15:30:07 GMT

GET
H2 200 sohne-400-normal.woff
glyph.medium.com/font/b492c44/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 12 KB
13 KB 324ms
32ms Font
application/font-woff 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/b492c44/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

387b4e6c558481b50671dfc3fc34b5eba703960fd2e5327776783ea4874358e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://posts.specterops.io
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2874526
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 06e9b8cd7c000097defa1b9000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 5fefc3f59aa497de-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Thu, 09 Dec 2021 15:30:06 GMT

GET
H2 200 fell-400-normal.woff
glyph.medium.com/font/78ce731/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 14 KB
14 KB 457ms
165ms Font
application/font-woff 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/78ce731/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/fell-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f57137897a4e676f0d2199b79def1a95b253a1a938dff9d8ba10519f3beb2b08

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://posts.specterops.io
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3059027
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 06e9b8cd7c000097de02208000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 5fefc3f59aa697de-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Thu, 09 Dec 2021 15:30:06 GMT

GET
H2 200 sohne-400-normal.woff
glyph.medium.com/font/b492c44/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 18 KB
18 KB 477ms
186ms Font
application/font-woff 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/b492c44/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/sohne-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3f967640b084b03c8f25fc52173114d976c173fc273d31c128cf2c553e15b89c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://posts.specterops.io
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2699387
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 06e9b8cd88000097de28170000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 5fefc3f59ab097de-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Thu, 09 Dec 2021 15:30:06 GMT

GET
H2 200 sohne-500-normal.woff
glyph.medium.com/font/df9ba7f/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 12 KB
12 KB 330ms
39ms Font
application/font-woff 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/df9ba7f/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-500-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c91611bbeba53d744d5533e444174ec2cc59f1955bbd9480374073fd92842737

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://posts.specterops.io
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2618621
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 06e9b8cd7d000097de11bdf000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 5fefc3f59aaa97de-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Thu, 09 Dec 2021 15:30:06 GMT

GET
H2 200 charter-400-normal.woff
glyph.medium.com/font/be78681/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 10 KB
10 KB 486ms
212ms Font
application/font-woff 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/be78681/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/charter-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3d669b687929b3aa777fdd2c400c2b8c6b794978536a64d7e1f71edcf8037e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://posts.specterops.io
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 334065
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 06e9b8cd7e000097de10bf7000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 5fefc3f59aad97de-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Thu, 09 Dec 2021 15:30:06 GMT

GET
H2 200 charter-400-italic.woff
glyph.medium.com/font/81d2bf1/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 10 KB
11 KB 306ms
34ms Font
application/font-woff 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/81d2bf1/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/charter-400-italic.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f0b9a9e4ea994c106a4fc595828ca1332b2cd0435d5d159d26d1773344d97367

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://posts.specterops.io
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3137343
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 06e9b8cd80000097de1729b000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 5fefc3f59aab97de-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Thu, 09 Dec 2021 15:30:06 GMT

GET
H2 200 charter-700-normal.woff
glyph.medium.com/font/f50d520/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 10 KB
11 KB 303ms
31ms Font
application/font-woff 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/f50d520/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/charter-700-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

41532aec4c3a3a0747ca853b064ef7a96483a95798a6526974ec043997e2ccf9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://posts.specterops.io
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 466682
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 06e9b8cd7e000097de33058000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 5fefc3f59aae97de-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Thu, 09 Dec 2021 15:30:06 GMT

GET
H2 200 sohne-500-normal.woff
glyph.medium.com/font/df9ba7f/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 17 KB
18 KB 40ms
39ms Font
application/font-woff 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/df9ba7f/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/sohne-500-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e5d00d6b95e13e69bac3bf967aa85cb6eab7c1eafe8a249ed5e1f1a81a3f96ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://posts.specterops.io
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2618622
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 06e9b8d227000097de33096000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 5fefc3fd080497de-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Thu, 09 Dec 2021 15:30:07 GMT

OPTIONS
H2 200 /
sessions.bugsnag.com/ Frame 0
0 183ms
145ms Other 2600:1901:0:7a0b::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sessions.bugsnag.com/
Protocol: H2
Server: 2600:1901:0:7a0b:: , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: bugsnag-api-key,bugsnag-payload-version,bugsnag-sent-at,content-type
Origin: https://posts.specterops.io
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-headers: Origin, Content-Type, Accept, Authorization, User-Agent, Referer, X-Forwarded-For, Bugsnag-Api-Key, Bugsnag-Payload-Version, Bugsnag-Sent-At
access-control-allow-methods: POST
access-control-allow-origin: *
date: Wed, 09 Dec 2020 15:30:11 GMT
content-length: 0
via: 1.1 google
alt-svc: clear

OPTIONS
H2 200 /
sessions.bugsnag.com/ Frame 0
0 150ms
149ms Other 2600:1901:0:7a0b::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sessions.bugsnag.com/
Protocol: H2
Server: 2600:1901:0:7a0b:: , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: bugsnag-api-key,bugsnag-payload-version,bugsnag-sent-at,content-type
Origin: https://posts.specterops.io
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-headers: Origin, Content-Type, Accept, Authorization, User-Agent, Referer, X-Forwarded-For, Bugsnag-Api-Key, Bugsnag-Payload-Version, Bugsnag-Sent-At
access-control-allow-methods: POST
access-control-allow-origin: *
date: Wed, 09 Dec 2020 15:30:13 GMT
content-length: 0
via: 1.1 google
alt-svc: clear

POST
H2 202 / Show response
sessions.bugsnag.com/ 21 B
140 B 147ms
147ms XHR
application/json 2600:1901:0:7a0b::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sessions.bugsnag.com/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9121.f611c967.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:7a0b:: , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: 0ba7c0356149946bf0642fab4ef85b95e7090f6f785d0fb84323d0c442e5190a

Request headers

Bugsnag-Payload-Version: 1
Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
Bugsnag-Sent-At: 2020-12-09T15:30:11.096Z
Bugsnag-Api-Key: 39f69ce10b9bd0e6c60910cfa37f66af
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Wed, 09 Dec 2020 15:30:11 GMT
via: 1.1 google
bugsnag-session-uuid: 782db3c3-93da-44ab-acbd-57da63962960
alt-svc: clear
content-length: 21
content-type: application/json

POST
H2 200 graphql Show response
posts.specterops.io/_/ 94 B
458 B 291ms
290ms Fetch
application/json 52.1.173.203
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://posts.specterops.io/_/graphql
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9121.f611c967.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.1.173.203 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: 58d43bea64f80618d0d49d163c50df4e0446437ceb595e9476b061c085127b00

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
ot-tracer-traceid: 1436ca1af885e857
Medium-Frontend-Path: /arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
Graphql-Operation: InteractivePostBodyQuery
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
Medium-Frontend-App: lite/main-20201208-210739-83135aa44b
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
apollographql-client-version: main-20201208-210739-83135aa44b
ot-tracer-spanid: 243057df212fefd8

Response headers

date: Wed, 09 Dec 2020 15:30:12 GMT
sepia-upstream: medium
server: nginx
etag: W/"5e-KW2OpOyLhuaPxx1hrn4QXJ972cA"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20201208-013012-88d9391764, rito/main-20201208-222258-c24876c3c0, tutu/medium-43207
x-envoy-upstream-service-time: 158
content-length: 94
x-request-received-at: 1607527812552

POST
H2 202 / Show response
sessions.bugsnag.com/ 21 B
111 B 150ms
150ms XHR
application/json 2600:1901:0:7a0b::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sessions.bugsnag.com/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9121.f611c967.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:7a0b:: , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: 0ba7c0356149946bf0642fab4ef85b95e7090f6f785d0fb84323d0c442e5190a

Request headers

Bugsnag-Payload-Version: 1
Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
Bugsnag-Sent-At: 2020-12-09T15:30:13.501Z
Bugsnag-Api-Key: 39f69ce10b9bd0e6c60910cfa37f66af
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Wed, 09 Dec 2020 15:30:13 GMT
via: 1.1 google
bugsnag-session-uuid: d5da334d-9161-408c-adc3-a394ccd0babb
alt-svc: clear
content-length: 21
content-type: application/json

GET
H/1.1 200
OK p.js Show response
d1z2jf7jlzjs58.cloudfront.net/keys/medium.com/ 48 KB
19 KB 111ms
48ms Script
application/x-javascript 143.204.101.224
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1z2jf7jlzjs58.cloudfront.net/keys/medium.com/p.js
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.94fe47fe.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.101.224 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: f69fb1f1bdac04c805e171640feeb26af4c57592cf81f5bbfb4421403e4c9c62

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 08 Dec 2020 21:04:56 GMT
Content-Encoding: gzip
Age: 66284
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Pragma: public
Last-Modified: Thu, 02 Apr 2020 00:28:20 GMT
Server: nginx
ETag: "5e8531a4-c079"
Content-Type: application/x-javascript
Via: 1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront)
Cache-Control: max-age=86400, public
X-Amz-Cf-Pop: FRA50-C1
X-Amz-Cf-Id: Fd6_MA8RI9ugpa_EcuhIHYqe-5j8UFvNXgHPGWbiuRFaZRXrYlXOVQ==
Expires: Wed, 09 Dec 2020 21:04:56 GMT

POST
H2 200 /
posts.specterops.io/_/clientele/reports/performance/ 0
0 125ms
125ms Fetch
application/octet-stream 52.1.173.203
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://posts.specterops.io/_/clientele/reports/performance/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.94fe47fe.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.1.173.203 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 09 Dec 2020 15:30:13 GMT
medium-fulfilled-by: valencia/main-20201208-013012-88d9391764, clientele/main-20201205-010834-20724583e0
x-envoy-upstream-service-time: 5
sepia-upstream: medium
server: nginx
content-length: 0
content-type: application/octet-stream

GET
H/1.1 200
OK branch-latest.min.js Show response
cdn.branch.io/ 78 KB
24 KB 70ms
17ms Script
text/javascript 65.9.73.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.branch.io/branch-latest.min.js
Requested by: Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb?gi=a53dbab77fb8
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.73.67 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3ff0169292598bec1751fce80d0024e2c9e55c406b7456ef3aefae30bf3a4efb

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: c7Vvzbb8uKgHcC4eD_pqp123QB.GvKI.
Content-Encoding: gzip
Connection: keep-alive
Last-Modified: Thu, 19 Nov 2020 17:43:28 GMT
Server: AmazonS3
Age: 128
ETag: "d4ba055ba82c0baa510053e92eb83211"
X-Cache: Hit from cloudfront
Content-Type: text/javascript
Via: 1.1 3c5f93efb24b4927140dd52806f3d1e1.cloudfront.net (CloudFront)
Cache-Control: max-age=300
Date: Wed, 09 Dec 2020 15:28:09 GMT
X-Amz-Cf-Pop: AMS1-C1
Content-Length: 23541
X-Amz-Cf-Id: b04zuvHkrnHL4rl0DfuSCLhJXAHmvtUe_zqMx-n3Qx5oOIpLQ5H4cQ==

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
89 B 15ms
14ms XHR
text/plain 2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&a=476690362&t=pageview&_s=1&dl=https%3A%2F%2Fposts.specterops.io%2Farbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb&ul=en-us&de=UTF-8&dt=Arbitrary%2C%20Unsigned%20Code%20Execution%20Vector%20in%20Microsoft.Workflow.Compiler.exe%20%7C%20by%20Matt%20Graeber%20%7C%20Posts%20By%20SpecterOps%20Team%20Members&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1357734734&gjid=327425214&cid=773532767.1607527817&tid=UA-24232453-2&_gid=1864839755.1607527817&_r=1&_slc=1&z=581787808

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 09 Dec 2020 15:30:16 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://posts.specterops.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
128 B 14ms
13ms XHR
text/plain 2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&a=476690362&t=pageview&_s=1&dl=https%3A%2F%2Fposts.specterops.io%2Farbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb&ul=en-us&de=UTF-8&dt=Arbitrary%2C%20Unsigned%20Code%20Execution%20Vector%20in%20Microsoft.Workflow.Compiler.exe%20%7C%20by%20Matt%20Graeber%20%7C%20Posts%20By%20SpecterOps%20Team%20Members&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEDAAEABAAAAAC~&jid=352146706&gjid=663126246&cid=773532767.1607527817&tid=UA-102239211-2&_gid=1864839755.1607527817&_r=1&_slc=1&z=1736509294

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 09 Dec 2020 15:30:17 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://posts.specterops.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 /
posts.specterops.io/_/clientele/reports/performance/ 0
0 122ms
122ms Fetch
application/octet-stream 52.1.173.203
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://posts.specterops.io/_/clientele/reports/performance/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.94fe47fe.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.1.173.203 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 09 Dec 2020 15:30:17 GMT
medium-fulfilled-by: valencia/main-20201208-013012-88d9391764, clientele/main-20201205-010834-20724583e0
x-envoy-upstream-service-time: 5
sepia-upstream: medium
server: nginx
content-length: 0
content-type: application/octet-stream

POST
H2 200 /
posts.specterops.io/_/clientele/reports/performance/ 0
0 125ms
125ms Fetch
application/octet-stream 52.1.173.203
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://posts.specterops.io/_/clientele/reports/performance/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.94fe47fe.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.1.173.203 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 09 Dec 2020 15:30:17 GMT
medium-fulfilled-by: valencia/main-20201208-013012-88d9391764, clientele/main-20201205-010834-20724583e0
x-envoy-upstream-service-time: 9
sepia-upstream: medium
server: nginx
content-length: 0
content-type: application/octet-stream

GET
H2 200 a16180790160.html
a16180790160.cdn.optimizely.com/client_storage/ Frame 391E 0
0 86ms
21ms Document
text/html 184.24.4.155
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://a16180790160.cdn.optimizely.com/client_storage/a16180790160.html

Requested by

Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/16180790160.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.24.4.155 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-4-155.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

:method: GET
:authority: a16180790160.cdn.optimizely.com
:scheme: https
:path: /client_storage/a16180790160.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb

Response headers

x-amz-id-2: 9Awkrvo5RaS9wwtK57YEtlpD3oK7zTZ+29Pftyhznb/dYkzUmY62XX7XGrtnGBs1eDx4AGlTC0s=
x-amz-request-id: 299D7D6E53C04C65
x-amz-replication-status: PENDING
last-modified: Tue, 08 Dec 2020 20:44:05 GMT
etag: "dd0431f9704e67052122ce494e8fbba0"
x-amz-server-side-encryption: AES256
x-amz-meta-pci_enabled: False
content-encoding: gzip
x-amz-version-id: XOiEU1PfaoGfgQdWukjQLAiAvNCcnfvi
accept-ranges: bytes
content-type: text/html; charset=utf-8
content-length: 781
server: AmazonS3
vary: Accept-Encoding
cache-control: max-age=120
date: Wed, 09 Dec 2020 15:30:17 GMT
server-timing: cdn;desc="AkamaiION";dur=0,rtt;desc="7";dur=0,cdnip;desc="184.24.4.155";dur=0,cdnmap;desc="a4343.x.akamaiedge.net";dur=0,proto;desc="h2";dur=0
strict-transport-security: max-age=15768000

OPTIONS
H2 200 pub853ea8d17ad6821d9f8f11861d23dfed
browser-http-intake.logs.datadoghq.com/v1/input/ Frame 0
0 298ms
89ms Other 2600:1f18:24e6:b901:bcd0:200b:98e:2fb9
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://browser-http-intake.logs.datadoghq.com/v1/input/pub853ea8d17ad6821d9f8f11861d23dfed
Protocol: H2
Server: 2600:1f18:24e6:b901:bcd0:200b:98e:2fb9 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://posts.specterops.io
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 09 Dec 2020 15:30:19 GMT
content-length: 0
access-control-allow-origin: *
access-control-allow-methods: POST
access-control-allow-headers: x-logmatic-add-useragent,x-logmatic-add-ip,content-type
access-control-max-age: 0

POST
H2 200 pub853ea8d17ad6821d9f8f11861d23dfed Show response
browser-http-intake.logs.datadoghq.com/v1/input/ 2 B
93 B 103ms
103ms Fetch
application/json 2600:1f18:24e6:b901:bcd0:200b:98e:2fb9
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://browser-http-intake.logs.datadoghq.com/v1/input/pub853ea8d17ad6821d9f8f11861d23dfed
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.94fe47fe.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:24e6:b901:bcd0:200b:98e:2fb9 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Wed, 09 Dec 2020 15:30:19 GMT
content-length: 2
content-type: application/json

POST
H2 200 batch Show response
posts.specterops.io/_/ 17 B
245 B 184ms
183ms Fetch
application/json 52.1.173.203
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://posts.specterops.io/_/batch
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.94fe47fe.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.1.173.203 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb
x-xsrf-token: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
content-type: application/json

Response headers

date: Wed, 09 Dec 2020 15:30:19 GMT
medium-fulfilled-by: valencia/main-20201208-013012-88d9391764
x-envoy-upstream-service-time: 58
sepia-upstream: medium
server: nginx
content-length: 17
content-type: application/json

POST
H/1.1 204
No Content events Show response
logx.optimizely.com/v1/ 0
364 B 459ms
127ms XHR
text/plain 52.6.153.244
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://logx.optimizely.com/v1/events
Requested by: Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/16180790160.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.6.153.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx/1.17.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Wed, 09 Dec 2020 15:30:19 GMT
Server: nginx/1.17.2
Content-Type: text/plain
Access-Control-Allow-Origin: https://posts.specterops.io
Access-Control-Expose-Headers: X-Results-Data-Source
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *
X-Request-Id: 860068af-edc6-4a7d-8efd-818869ea0dd0

GET
H/1.1 200
OK /
srv-2020-12-09-15.pixel.parsely.com/plogger/ 43 B
229 B 428ms
110ms Image
image/gif 3.219.37.68
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://srv-2020-12-09-15.pixel.parsely.com/plogger/?rand=1607527819926&plid=40431924&idsite=medium.com&url=https%3A%2F%2Fposts.specterops.io%2Farbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%22viewerStatus%22%3A%22visitor%22%7D&sid=1&surl=https%3A%2F%2Fposts.specterops.io%2Farbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb&sref=&sts=1607527819908&slts=0&title=Arbitrary%2C+Unsigned+Code+Execution+Vector+in+Microsoft.Workflow.Compiler.exe+%7C+by+Matt+Graeber+%7C+Posts+By+SpecterOps+Team+Members&date=Wed+Dec+09+2020+16%3A30%3A19+GMT%2B0100+(Central+European+Standard+Time)&action=pageview&js=1&pvid=91509004&u=pid%3D0397a51f2f2879e550bda8c69c0aba98
Requested by: Host: posts.specterops.io
URL: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.219.37.68 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 09 Dec 2020 15:30:20 GMT
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H/1.1 200
OK _r Show response
app.link/ 90 B
739 B 268ms
178ms Script
text/javascript 2600:9000:206f:4400:19:9934:6a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.link/_r?sdk=web2.57.1&branch_key=key_live_ofxXr2qTrrU9NqURK8ZwEhknBxiI6KBm&callback=branch_callback__0

Requested by

Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:206f:4400:19:9934:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

openresty / Express

Resource Hash

ba9b17ffc422dc3f33244807a9f54a67d65eb56451aa90e4aa4b86ecc6a14dcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 09 Dec 2020 15:30:20 GMT
Via: 1.1 47a7b8b932d91b0edbfc42f1ba94ebc1.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
Server: openresty
X-Amz-Cf-Pop: FRA56-C1
X-Powered-By: Express
X-Cache: Miss from cloudfront
Content-Type: text/javascript; charset=utf-8
Connection: keep-alive
Content-Length: 90
ETag: W/"5a-vzdVxqjc59wiSd1NfaCPe02rN4g"
X-Amz-Cf-Id: 9IsMYnxCZi0H3sX4kM7ydnFjE9AqNx1ZgwfquECEJDoofHzrf6iDHg==

POST
H2 200 reports Show response
lightstep.medium.systems/api/v0/ 96 B
389 B 129ms
129ms XHR
application/json 2606:4700:e2::ac40:8a24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/5573.159bf40f.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8a24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c77396e5de3a3f78abc87d32a3c971cdd984c358df0645d2ea5a70c253b8ed57

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 09 Dec 2020 15:30:20 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=m48kb%2F8%2BqtfgHpOFApQV5iyojnCx6QgTWyat93mrCfncKqCZDvK%2Bjy5tr%2FtPjMHnixn6qIsUfih5ZnkunH7Ea%2BhpNRSgWmEh81P2sSQeRg%2FIW8pHfEO7kk6eMjTW1W9LST1oQQc%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
x-envoy-upstream-service-time: 0
cf-ray: 5fefc44c4f612074-AMS
access-control-allow-headers: LightStep-Access-Token, Content-Type
cf-request-id: 06e9b903ab0000207432a42000000001

OPTIONS
H2 200 reports
lightstep.medium.systems/api/v0/ Frame 0
0 174ms
116ms Other 2606:4700:e2::ac40:8a24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Protocol: H2
Server: 2606:4700:e2::ac40:8a24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,lightstep-access-token
Origin: https://posts.specterops.io
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 09 Dec 2020 15:30:20 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
x-envoy-upstream-service-time: 0
cf-cache-status: DYNAMIC
cf-request-id: 06e9b903300000207496187000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=DiGHocX2XD9s0Vm1jAG1Dh6GAe9uLC5BmWtpH6%2FCtTUxXvqW8LnXewlU8V97GgTcIv8RXNZ9ACUswoGrpzVRSgffAFq%2FlilW6h7UTaXlvgYEnn7rPM8sBvjnUvlgVvI226GdE3U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 5fefc44b8d162074-AMS

POST
H2 200 open Show response
api2.branch.io/v1/ 312 B
625 B 208ms
171ms XHR
application/json 2600:9000:2104:3000:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/open
Requested by: Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2104:3000:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 42d4d8c492270c162f707382b6e353bfd49e1e7d3901b5f5ac38e56675aee6a5

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 09 Dec 2020 15:30:20 GMT
via: 1.1 4d43f2ff38c53dabf47263f1495ad9c0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-C1
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache
x-branch-request-id: 81c0f9223f2e4e5eb67cc146e13b520b-2020120915
content-length: 312
x-amz-cf-id: ZE0Z8WbHG-9YV2YUCp_o49Gtz31Ook93sOQn_GckYKiinu0DK7LXIg==

POST
H2 200 /
posts.specterops.io/_/clientele/reports/performance/ 0
0 124ms
123ms Fetch
application/octet-stream 52.1.173.203
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://posts.specterops.io/_/clientele/reports/performance/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.94fe47fe.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.1.173.203 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 09 Dec 2020 15:30:20 GMT
medium-fulfilled-by: valencia/main-20201208-013012-88d9391764, clientele/main-20201205-010834-20724583e0
x-envoy-upstream-service-time: 5
sepia-upstream: medium
server: nginx
content-length: 0
content-type: application/octet-stream

POST
H2 200 reports Show response
lightstep.medium.systems/api/v0/ 96 B
368 B 110ms
110ms XHR
application/json 2606:4700:e2::ac40:8a24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/5573.159bf40f.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8a24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8d3b8b9cd6b5ee592b93523aa7bf0509fdd52a68f9816417e1ae529d4eee83ad

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 09 Dec 2020 15:30:20 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=XyhzD0W9FfMG3IMxb2t%2FPe0OOhiYVGeUXLAzhDygCrAb8Fiycmb3xsceyjc2gNvd1tGOxUkI0MYqVPONJb7%2BLpEAc6As4W49R4Xz5vZwhOnBJdYi8PmgWAx90Z%2BiYBfk1oxLduM%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
x-envoy-upstream-service-time: 0
cf-ray: 5fefc44fb9812074-AMS
access-control-allow-headers: LightStep-Access-Token, Content-Type
cf-request-id: 06e9b905d9000020749221e000000001

OPTIONS
H2 200 reports
lightstep.medium.systems/api/v0/ Frame 0
0 112ms
111ms Other 2606:4700:e2::ac40:8a24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Protocol: H2
Server: 2606:4700:e2::ac40:8a24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,lightstep-access-token
Origin: https://posts.specterops.io
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 09 Dec 2020 15:30:20 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
x-envoy-upstream-service-time: 0
cf-cache-status: DYNAMIC
cf-request-id: 06e9b90564000020744eae9000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=8r5AwEN6Lg6Ba4YxAG9uZaXg%2BJJ08e6Lr1UQ9Vd7Wm3BJMh59L4PRImWVI11vmGNYXcNnmok9ClAFWeg4Xo9E8Mq8IXSEOzR%2BUJgrWAnlMvnhLZsq758Sp0mMiwf3mkU1aJXjz8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 5fefc44f0ec82074-AMS

GET
H2 200 responses.editor.8099e191.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 11 KB
4 KB 34ms
34ms Script
application/javascript 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/responses.editor.8099e191.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.d83ba023.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0cc6d50aabe8e82f9f34f357a1661bc63614c13d9a3a16f3773113d3280db223

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 481281
content-type: application/javascript
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 061AE62D8D69B135
x-amz-id-2: tqwkkPvGlWCI7cMkJosuY/bZjtPVOlrB2nltnLrJoZJQ2VviA6Xx2IihveKehmi3z2F0qSErHqs=
last-modified: Fri, 04 Dec 2020 01:36:34 GMT
server: cloudflare
etag: W/"9102e3e7e0f426f1352fd8174904a575"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: 1BMGA5bMA3sbeTASBNgwnYRI4aASGTeM
cache-control: public, max-age=31536000
cf-request-id: 06e9b9067300002bf675af1000000001
cf-ray: 5fefc450b9ad2bf6-FRA
expires: Thu, 09 Dec 2021 15:30:20 GMT

GET
H2 200 sohne-400-italic.woff
glyph.medium.com/font/3887986/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 13 KB
13 KB 26ms
26ms Font
application/font-woff 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/3887986/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-400-italic.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d89fe2a311259082cd33278005e53e6e1da24c19665a9fcf832005f615808bf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://posts.specterops.io
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 336894
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 06e9b90799000097de17226000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 5fefc4528f8a97de-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Thu, 09 Dec 2021 15:30:21 GMT

POST
H2 200 graphql Show response
posts.specterops.io/_/ 1 KB
1 KB 297ms
297ms Fetch
application/json 52.1.173.203
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://posts.specterops.io/_/graphql
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9121.f611c967.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.1.173.203 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: 755801c22dbed90a0fae977574b1dade824460ac7e8c08e639e7b6acb45be8b4

Request headers

apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
ot-tracer-traceid: 1436ca1af885e857
Medium-Frontend-Path: /arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb
Graphql-Operation: PostResponsesQuery
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb
Medium-Frontend-App: lite/main-20201208-210739-83135aa44b
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
apollographql-client-version: main-20201208-210739-83135aa44b
ot-tracer-spanid: 243057df212fefd8

Response headers

date: Wed, 09 Dec 2020 15:30:21 GMT
content-encoding: gzip
sepia-upstream: medium
server: nginx
etag: W/"5bb-xGaCvXM1xHDXmC6Ain5lzNwXb8w"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20201208-013012-88d9391764, rito/main-20201208-222258-c24876c3c0, tutu/medium-43207
x-envoy-upstream-service-time: 178
x-request-received-at: 1607527821386

POST
H2 200 profile Show response
api2.branch.io/v1/ 180 B
564 B 197ms
197ms XHR
application/json 2600:9000:2104:3000:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/profile

Requested by

Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2104:3000:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ Express

Resource Hash

abca3ab89551a5fb811db5621a0dd09300fbcaec4388f5641db13971d30a646c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 09 Dec 2020 15:30:21 GMT
via: 1.1 4d43f2ff38c53dabf47263f1495ad9c0.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: AMS1-C1
x-powered-by: Express
etag: W/"b4-CS04ZWXhoKGgRypS/aCFP2Rg6Lo"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: b084ba32774d49c5b3e435f477d55bc8-2020120915
content-length: 180
x-amz-cf-id: 0ndWUpcVQQIBL4PuvrM9Ps1dzw9Q7d7nFdn6HzqfjTBDSpdJy1jWpA==

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
386 B 327ms
326ms XHR
application/json 2600:9000:2104:3000:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/pageview
Requested by: Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2104:3000:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: / Express
Resource Hash: a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 09 Dec 2020 15:30:21 GMT
via: 1.1 4d43f2ff38c53dabf47263f1495ad9c0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-C1
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: 02c6e0f8aa1a454bab2a1353708364f8-2020120915
content-length: 28
x-amz-cf-id: rgsAlKglsAX0wKuFdp6GxFE0ZJypbckkrG0YRANhRVmo31XrcEchuQ==

GET
H2 200 0*Hp12_901nwrrg1Gx
miro.medium.com/fit/c/32/32/ 381 B
719 B 156ms
156ms Image
image/png 2606:4700::6810:7991
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/32/32/0*Hp12_901nwrrg1Gx

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f19077a58ecdcc133005b8b82d99959588d97a7873a9916877e18132f6933132

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 09 Dec 2020 15:30:21 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-envoy-upstream-service-time: 27
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 381
cf-request-id: 06e9b909aa00002bf656a23000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
cache-control: public, must-revalidate, max-age=2592000
medium-fulfilled-by: miro/main-20201205-010834-20724583e0
accept-ranges: bytes
cf-ray: 5fefc455df582bf6-FRA
expires: Fri, 08 Jan 2021 15:30:21 UTC

OPTIONS
H2 200 reports
lightstep.medium.systems/api/v0/ Frame 0
0 108ms
107ms Other 2606:4700:e2::ac40:8a24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Protocol: H2
Server: 2606:4700:e2::ac40:8a24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,lightstep-access-token
Origin: https://posts.specterops.io
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 09 Dec 2020 15:30:21 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
x-envoy-upstream-service-time: 0
cf-cache-status: DYNAMIC
cf-request-id: 06e9b909e1000020745c008000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=LZ1QCKQzHb%2F%2FS7ObG7w0WXecJAZ0QBg6HXrHL9kbv8oVaUiGupYV9gWLdiKUAYQhppixRvnCI2lSN%2FlIaYMc9tdicYcIHNiavs6sqDSBLhM0AM%2FsU8k7Cm%2FPT%2BkXfY%2FChsDevIU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 5fefc4563c942074-AMS

POST
H2 200 reports Show response
lightstep.medium.systems/api/v0/ 96 B
394 B 110ms
108ms XHR
application/json 2606:4700:e2::ac40:8a24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/5573.159bf40f.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8a24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: de8dda426b734663f9df770f2c52c65798927d26a0b7a7eb45169f883e1f5600

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 09 Dec 2020 15:30:22 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2Fu0HiJAS36Zj5BRLbLSS6zwJaUNYfFUvSmM41HArIZwUM5gyF208kgaYxiMxKWkgamfSpaSpjXqi3eEwJYT3dSwlW2Xmqesf1VpI5iINjDouU95twEk2HjaPUJX%2B5LmxBrWtHK8%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
x-envoy-upstream-service-time: 0
cf-ray: 5fefc456ee9f2074-AMS
access-control-allow-headers: LightStep-Access-Token, Content-Type
cf-request-id: 06e9b90a53000020748e3e8000000001

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
390 B 366ms
366ms XHR
application/json 2600:9000:2104:3000:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/pageview
Requested by: Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2104:3000:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: / Express
Resource Hash: a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 09 Dec 2020 15:30:22 GMT
via: 1.1 4d43f2ff38c53dabf47263f1495ad9c0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-C1
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: 3974db0ffe1245989d4d85ca6a5c77fd-2020120915
content-length: 28
x-amz-cf-id: TtV2WLqwqlpxykNaVaA_FLVhOFdJbZUboV5EHC_ygK6FjUwXXEYRxQ==

POST
H2 200 reports Show response
lightstep.medium.systems/api/v0/ 96 B
631 B 109ms
108ms XHR
application/json 2606:4700:e2::ac40:8a24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/5573.159bf40f.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8a24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 60fe17cab5616474a6d05feeb0309f80384041b236a2f43e72e3896fbbaa38e0

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 09 Dec 2020 15:30:22 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=TWHCouLwauLrMALLKlEK3N1HdZoTatQVo17nYO7GzmXvQnB7EV7I3gHoBsVhxfCJiOZsIDaKsetNXyErWJImIoF9uk4NYsttzG0AiT96EUtup%2FFEz5S15Iyt71d2x%2BkWxoQsx2o%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
x-envoy-upstream-service-time: 0
cf-ray: 5fefc45b2a522074-AMS
access-control-allow-headers: LightStep-Access-Token, Content-Type
cf-request-id: 06e9b90cfc000020745185c000000001

OPTIONS
H2 200 reports
lightstep.medium.systems/api/v0/ Frame 0
0 143ms
111ms Other 2606:4700:e2::ac40:8a24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Protocol: H2
Server: 2606:4700:e2::ac40:8a24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,lightstep-access-token
Origin: https://posts.specterops.io
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 09 Dec 2020 15:30:22 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
x-envoy-upstream-service-time: 0
cf-cache-status: DYNAMIC
cf-request-id: 06e9b90c8b000020749913a000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ixp4vjYu25u1tOkgj6BjxXeHFtsZlJZ3jZZHwnETHBfC32XoOjTFfuXkTkDT2AgYEs6wuG0mDnWqVMl%2FMmvtRT45zJ31vgdOH3s3g%2BfdmtvpjR%2BP%2BCktaT769kt9qyOaVpv68FA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 5fefc45a781f2074-AMS

OPTIONS
H2 200 reports
lightstep.medium.systems/api/v0/ Frame 0
0 127ms
127ms Other 2606:4700:e2::ac40:8a24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Protocol: H2
Server: 2606:4700:e2::ac40:8a24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,lightstep-access-token
Origin: https://posts.specterops.io
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 09 Dec 2020 15:30:25 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
x-envoy-upstream-service-time: 0
cf-cache-status: DYNAMIC
cf-request-id: 06e9b91750000020742f341000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=uRXeChonjXPiRb8B2hzj5sj7y9Z0BdHmqGHjBRWEzqEsm%2FgmrqdjCDA3ijDHigfCRm%2BwNvZypUeoUIlvK3tGP25PYcU6jf1urvIfr9qNoU870E%2FBZJKzftiHJVkT9PqYN7mnVJA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 5fefc46bbb172074-AMS

POST
H2 200 reports Show response
lightstep.medium.systems/api/v0/ 96 B
383 B 117ms
116ms XHR
application/json 2606:4700:e2::ac40:8a24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/5573.159bf40f.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8a24 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 35b7af046c6f35521941c3fe6be21dadf23f15818485922900e16efef2a36622

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 09 Dec 2020 15:30:25 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=NN0MoNN0UEtpLRQJRltRhSBCut8Odk9AZETKr5JmE0rKcxcI1jiEIb3eNk8tXqhkSxOBdieWg5SfoaEvY0Lu6Yn6T4g1H3GKvnORPqBDkLxGqkEwg275lniSsGiZVYZ3bDQT17M%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1
cf-ray: 5fefc46c9d512074-AMS
access-control-allow-headers: LightStep-Access-Token, Content-Type
cf-request-id: 06e9b917da0000207444332000000001

POST
H2 200 batch Show response
posts.specterops.io/_/ 17 B
172 B 146ms
144ms Fetch
application/json 52.1.173.203
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://posts.specterops.io/_/batch
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.94fe47fe.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.1.173.203 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4

Request headers

Referer: https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb
x-xsrf-token: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
content-type: application/json

Response headers

date: Wed, 09 Dec 2020 15:30:25 GMT
medium-fulfilled-by: valencia/main-20201208-013012-88d9391764
x-envoy-upstream-service-time: 31
sepia-upstream: medium
server: nginx
content-length: 17
content-type: application/json

Verdicts & Comments Add Verdict or Comment

36 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
posts.specterops.io/	1970-01-19 23:17:43	Name: uid Value: lo_bb1a13043320
.specterops.io/	1970-01-19 14:32:09	Name: _parsely_session Value: {%22sid%22:1%2C%22surl%22:%22https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb%22%2C%22sref%22:%22%22%2C%22sts%22:1607527819908%2C%22slts%22:0}
.specterops.io/	1970-01-20 00:01:31	Name: _parsely_visitor Value: {%22id%22:%22pid=0397a51f2f2879e550bda8c69c0aba98%22%2C%22session_count%22:1%2C%22last_session_ts%22:1607527819908}
posts.specterops.io/	1969-12-31 23:59:59	Name: Value: test

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://cdn-client.medium.com/lite/static/js/main.94fe47fe.js(Line 1) Message: ... .,ok000Oxc. 'oxo, .' ,kWMMMMMMMMXo;. ;KMWMX: lK, ,0MMMMMMMMMMMWNd'xMMMMMO;xWl lWMMMMMMMMMMMMM0lOMMMMMKoOMo cNMMMMMMMMMMMMMk:OMMMMM0lkWl .dNMMMMMMMMMMKx; lWMMMWd.dN: ;kXWMMMMWKd' .oXWXx. ;o. .;ccc:,. .,.
console-api	log	URL: https://cdn-client.medium.com/lite/static/js/main.94fe47fe.js(Line 1) Message: We're hiring! https://medium.com/jobs-at-medium/work-at-medium-959d1a85284e
console-api	debug	URL: https://cdn-client.medium.com/lite/static/js/9121.f611c967.js(Line 2) Message: [bugsnag] Loaded!

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	allow-from medium.com

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a16180790160.cdn.optimizely.com
api2.branch.io
app.link
browser-http-intake.logs.datadoghq.com
cdn-client.medium.com
cdn.branch.io
cdn.optimizely.com
d1z2jf7jlzjs58.cloudfront.net
glyph.medium.com
lightstep.medium.systems
logx.optimizely.com
medium.com
miro.medium.com
posts.specterops.io
sessions.bugsnag.com
srv-2020-12-09-15.pixel.parsely.com
www.google-analytics.com
143.204.101.224
184.24.4.155
2600:1901:0:7a0b::
2600:1f18:24e6:b901:bcd0:200b:98e:2fb9
2600:9000:206f:4400:19:9934:6a80:93a1
2600:9000:2104:3000:11:f728:3040:93a1
2606:4700::6810:7991
2606:4700::6810:7c7f
2606:4700:e2::ac40:8a24
2a00:1450:4001:824::200e
2a02:26f0:6c00:2a0::13b8
3.219.37.68
52.1.173.203
52.6.153.244
65.9.73.67
007a3ceeeacb855b57044d7f63cca341b9b3d6acce28fb5fde47509bcf261830
0379b91735fd842a80f3cfc2d208e7f6a532290083cbc726310a049c6a1f70c2
05e2a61e03d7cd3341d529c3b9ea6f8c30c4df7a7e9df38f3c5360c74d6cf0ff
0b4abaad6b4fd24cac8cab882b214bdd8ce07d37d7af4b6c36d0fbf609e334df
0ba7c0356149946bf0642fab4ef85b95e7090f6f785d0fb84323d0c442e5190a
0cc6d50aabe8e82f9f34f357a1661bc63614c13d9a3a16f3773113d3280db223
0e86fe8c1606e924a4e97954c26536fa5e607a8e80245236f29fc2dd94451107
1502b693292e36b887e4d95fd6fa224da26f533c0b3e209ca60fd33ba14f630f
172f5b7d6aea73d3fb57d7638c740eeeff4b607a1aa0308d04b9b8f00ab49cc6
17421cfc9f306901b8e02e7c647ac4c2a3e600f9fd37a21215cedfda0fe1ffdc
1dd42b41715639d00fdd524dae4734968e91e05abb368514929b740af942ddb5
27638e3a4e36b6a4a403e0fad7c322855c9a7559a585475e7f1347a109790503
2ba9fcef1642dde38d96ed077bad4e64c8c1c8b82ae6e53436954fea18d6e748
2d6656287fa1325f938441be0a1343b7946a17457f95f19770a8981ce392e307
33e2f340aa38d101f7d1bd12b168f1b1fdb78b0083765a43c0600ce6518c04a9
35b7af046c6f35521941c3fe6be21dadf23f15818485922900e16efef2a36622
3642d3805e9ba66fb550403766a10734052136d07789afe554763dc5658d41f0
36571b71f03f6c752b60a00763b40704c6f448114da84b45dc25e7fbf88110ff
375b99bf286b69b48ad9f38f5a6e43949eb9fff611985e7e05e591252099a66b
386ff0e96e4564b30a3ba03e97878f71c9deccf8829ccfe73f80657a951aa572
387b4e6c558481b50671dfc3fc34b5eba703960fd2e5327776783ea4874358e3
3b1c3db72fa6da00fe30f190a2b8ac5bb0bc1f8a1aa12b79d64a35c678b62b51
3f402b2b32ac29ecfbb38a4c3fab29cdffc9e438b22471f275a7b464816fc989
3f967640b084b03c8f25fc52173114d976c173fc273d31c128cf2c553e15b89c
3ff0169292598bec1751fce80d0024e2c9e55c406b7456ef3aefae30bf3a4efb
41532aec4c3a3a0747ca853b064ef7a96483a95798a6526974ec043997e2ccf9
42d4d8c492270c162f707382b6e353bfd49e1e7d3901b5f5ac38e56675aee6a5
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
46320e3ddfbb772e11661cb7a039e4225aa47a96940ff45a2a0e31ac9a3278e9
521fc7ed31a9b3bf4aaf51ad52ca16362a8535c90d242fcbc425848dd6054019
58d43bea64f80618d0d49d163c50df4e0446437ceb595e9476b061c085127b00
5b317a799d9d84b7cb4f5643a2a1a7ea3a19d0b1562ca17de87bf5da1dd26478
5c205fbcbd3d4d133275b003b64ee8b6eb1e4b60ea3c22d418cdfc704d308c1e
60fe17cab5616474a6d05feeb0309f80384041b236a2f43e72e3896fbbaa38e0
6f803ef5c5cc5f74b0df51857edfd40092a47d82642017b3e2d4352aff819ab9
7475c87abd172266d9e131895bf48b8861f35a6d0820dfaf3e052a84734fde08
755801c22dbed90a0fae977574b1dade824460ac7e8c08e639e7b6acb45be8b4
75fd6243808ac45ccb94fe43229591b14f419e122dbd20ef87d24ef3d92e64dc
77e22a09aedc61668bda8af4b4194d107d5ad1d5248c6d2a402865fa743557b9
7c641f892f22057d280574902211a972b66f21887b9605d6373420616c2998b3
8202f90ce272dc04bed1e8adcc3f24d62cd2f53e249ba4e4026e7d6f569d5787
8a7f42635e0ba9814cc6000cd375cf7b335e59988b2c354e19ee80fe39259bfe
8b0c060701a878582fead05b30ef2d4786ef2dd4f61d58b56f1edd52fe91781b
8c21871c14cb1296124e962a1688611704d907b4b315d811ccb696e7953b0995
8d3b8b9cd6b5ee592b93523aa7bf0509fdd52a68f9816417e1ae529d4eee83ad
8e2f8549af80d61cda0e562b2e750e07fb016c08106744ac871cf546c5695cfb
921bf22442dd2ef8c22225e144e08fe62dc6d8e1e94cc5a520bd08cdc3247ab9
992db340e99786515f634e0bc51616e3a8f9db8be0bb8a248d6daedda8ead28b
9c7a99ac8d20b5481ec24f11df06075866f9d31cc30a4040b6a57742a6b73de8
9f93ade7ba52de8154c7d07ac989e165c725afc95fb79f894e1bafd2beeca98d
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a26fb182c4bdbe614059da22c59fbc361a8bcd754c9a370fdb031d16f0b29019
a373fcf6e68420792ae6977c1b7f2fe73082944f237ec333b8f45d28752507de
a3d669b687929b3aa777fdd2c400c2b8c6b794978536a64d7e1f71edcf8037e8
a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb
a9f05176767df0836da32c46305c54bec4acf7f2834a20c674c697befc5facdf
aa2dd9c6c6bee12a0cca4028e00596d648df446fbcf3a5a961f4cd623646120a
abca3ab89551a5fb811db5621a0dd09300fbcaec4388f5641db13971d30a646c
acc037ebdd36912e9770fe3449491ee4a2a8b2b574d26ae10b59c7a582f2b6ff
b3b4f1ce0d89e52e8e1e7e1005bd4ffd61a2124dbd2257a461520986b692a66d
b47e5c3a0abcc6848d2c50e27ef7a019b273428c52b0ccaadb4dba57190a08fd
b8f0f4f758bed7e96849e00ed834dc72157377aa438a4d1941a028a06e4df55c
ba9b17ffc422dc3f33244807a9f54a67d65eb56451aa90e4aa4b86ecc6a14dcf
be412aedb38637bb0a7bccc01291c97a071a6080b711df06bdc798a8296afcda
c77396e5de3a3f78abc87d32a3c971cdd984c358df0645d2ea5a70c253b8ed57
c91611bbeba53d744d5533e444174ec2cc59f1955bbd9480374073fd92842737
cd8d4595c6aa6146c192d1701bcf30e71760118c403dd9fd4a22b5c72471f48f
cd9760ce392adefbd4579cad6467434ac8e9088ffa9fe11e3482411f7bf0e643
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d6434b51d97ca50ddf5e1836b63da8a9bb69584e67d060b741f69693c29dca86
d795430051b0a0d7cd648375d2d0b7d56d2fba6a05748db819e3d69e57f30313
d89fe2a311259082cd33278005e53e6e1da24c19665a9fcf832005f615808bf7
dd3fa87bf1e3e1ac8c550d89c12ebf990b70d09836f4ceb7f1db43655b5d08fa
de734b8e6595ce48b70090b3d1b0cc145dd958ad7a6ae5f0e70b25a113a90968
de8dda426b734663f9df770f2c52c65798927d26a0b7a7eb45169f883e1f5600
df55e1647aaa31dc1a9879bb336faa6f878d2af6aec095a3b0dff0bdd909218f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
e5d00d6b95e13e69bac3bf967aa85cb6eab7c1eafe8a249ed5e1f1a81a3f96ba
e94f5c9ab17624e0617356aa0ce9b87c16a4a62e48ff8ccaabe6963072b76ef8
f0b9a9e4ea994c106a4fc595828ca1332b2cd0435d5d159d26d1773344d97367
f19077a58ecdcc133005b8b82d99959588d97a7873a9916877e18132f6933132
f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
f3db187198f5639dd6a8c4b5115f41a220cbe3bee687701eaa7df100a0db01c5
f57137897a4e676f0d2199b79def1a95b253a1a938dff9d8ba10519f3beb2b08
f69d9f12637469fe5d3814942b650313f8e5bc84b961d5a812c5ddbb69c8c078
f69fb1f1bdac04c805e171640feeb26af4c57592cf81f5bbfb4421403e4c9c62
f6ab7b69191afc5c8e89a49bc892211503579ea0e01474a022f642dec04b70bd

posts.specterops.io Open in urlscan Pro 52.1.173.203 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

105 Requests

100 %HTTPS

60 %IPv6

11 Domains

17 Subdomains

14 IPs

3 Countries

1025 kBTransfer

3000 kBSize

4 Cookies

55 Outgoing links

Page URL History

Redirected requests

105 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

posts.specterops.io Open in urlscan Pro
52.1.173.203 Public Scan

Screenshot
Live screenshot

Full Image

105
Requests

100 %
HTTPS

60 %
IPv6

11
Domains

17
Subdomains

14
IPs

3
Countries

1025 kB
Transfer

3000 kB
Size

4
Cookies

105 HTTP transactions
0 data transactions