posts.specterops.io Open in urlscan Pro
52.0.16.118 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353
Effective URL:
https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
Submission: On July 24 via api (July 24th 2021, 1:59:04 pm UTC) from IN

Summary HTTP 107 Redirects Links 62 Behaviour Indicators

Summary

This website contacted 11 IPs in 2 countries across 8 domains to perform 107 HTTP transactions. The main IP is 52.0.16.118, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is posts.specterops.io.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on February 2nd 2021. Valid for: a year.

This is the only time posts.specterops.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 13	52.0.16.118 52.0.16.118	14618 (AMAZON-AES) (AMAZON-AES)
1 24	2606:4700:7::... 2606:4700:7::a29f:9904	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:6c0... 2a02:26f0:6c00:284::13b8	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
48	2606:4700:7::... 2606:4700:7::a29f:9804	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
1	13.226.145.21 13.226.145.21	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:218... 2600:9000:218d:da00:19:9934:6a80:93a1	16509 (AMAZON-02) (AMAZON-02)
10	2606:4700:303... 2606:4700:3036::ac43:b550	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2600:9000:215... 2600:9000:2156:9400:11:f728:3040:93a1	16509 (AMAZON-02) (AMAZON-02)
2	3.225.10.210 3.225.10.210	14618 (AMAZON-AES) (AMAZON-AES)
2	2600:1f18:24e... 2600:1f18:24e6:b902:48f0:a226:4e0b:1e19	14618 (AMAZON-AES) (AMAZON-AES)
107	11

13 52.0.16.118 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-0-16-118.compute-1.amazonaws.com

posts.specterops.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 2606:4700:7::a29f:9904 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
glyph.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
miro.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-client.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:284::13b8 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

cdn.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

48 2606:4700:7::a29f:9804 (United States)

ASN13335 (CLOUDFLARENET, US)

miro.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-client.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.226.145.21 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-145-21.dus51.r.cloudfront.net

cdn.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:218d:da00:19:9934:6a80:93a1 (United States)

ASN16509 (AMAZON-02, US)

app.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2606:4700:3036::ac43:b550 (United States)

ASN13335 (CLOUDFLARENET, US)

lightstep.medium.systems	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:2156:9400:11:f728:3040:93a1 (United States)

ASN16509 (AMAZON-02, US)

api2.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.225.10.210 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-225-10-210.compute-1.amazonaws.com

errors.client.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:24e6:b902:48f0:a226:4e0b:1e19 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

browser-http-intake.logs.datadoghq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
72	medium.com 1 redirects medium.com glyph.medium.com miro.medium.com cdn-client.medium.com	1 MB
13	specterops.io 1 redirects posts.specterops.io	50 KB
10	medium.systems lightstep.medium.systems	3 KB
5	branch.io cdn.branch.io api2.branch.io	26 KB
3	google-analytics.com www.google-analytics.com	19 KB
3	optimizely.com cdn.optimizely.com errors.client.optimizely.com	98 KB
2	datadoghq.com browser-http-intake.logs.datadoghq.com	93 B
1	app.link app.link	562 B
107	8

	Domain	Requested by
41	cdn-client.medium.com	posts.specterops.io cdn-client.medium.com
20	miro.medium.com	posts.specterops.io
13	posts.specterops.io	1 redirects cdn-client.medium.com
10	lightstep.medium.systems	cdn-client.medium.com
10	glyph.medium.com	posts.specterops.io glyph.medium.com
4	api2.branch.io	cdn-client.medium.com
3	www.google-analytics.com	posts.specterops.io cdn-client.medium.com
2	browser-http-intake.logs.datadoghq.com	cdn-client.medium.com
2	errors.client.optimizely.com	cdn-client.medium.com
1	app.link	cdn.branch.io
1	cdn.branch.io	posts.specterops.io
1	cdn.optimizely.com	posts.specterops.io
1	medium.com	1 redirects
107	13

This site contains links to these domains. Also see Links.

Domain
medium.com
rsci.app.link
www.specterops.io
policy.medium.com
www.symantec.com
blog.malwarebytes.com
blog.airbuscybersecurity.com
reaqta.com
technet.microsoft.com
web.archive.org
stackoverflow.com
github.com
gist.github.com
msdn.microsoft.com
alibaba-cloud.medium.com
blog.getambassador.io
isenberg-ran.medium.com
radwell-intl.medium.com
daniele-fontani.medium.com
help.medium.com
itunes.apple.com
play.google.com

Subject Issuer	Validity	Valid
posts.specterops.io Sectigo RSA Domain Validation Secure Server CA	`2021-02-02` - `2022-02-02`	a year	crt.sh
medium.com Cloudflare Inc ECC CA-3	`2021-07-04` - `2021-10-01`	3 months	crt.sh
cdn.optimizely.com DigiCert SHA2 Secure Server CA	`2021-02-17` - `2022-02-21`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
*.branch.io DigiCert TLS RSA SHA256 2020 CA1	`2020-11-25` - `2021-12-25`	a year	crt.sh
appipv4.link Amazon	`2021-06-24` - `2022-07-23`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-04` - `2022-07-03`	a year	crt.sh
errors.client.optimizely.com Amazon	`2020-09-02` - `2021-10-02`	a year	crt.sh
*.logs.datadoghq.com Sectigo RSA Domain Validation Secure Server CA	`2020-05-31` - `2022-05-31`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
Frame ID: 7B0D07B745B7937A9ACFC2DED79C1152
Requests: 100 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353 HTTP 307
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fposts.specterops.io%2Fhiding-reg... HTTP 302
https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4 Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Optimizely (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /optimizely\.com.*\.js/i

Page Statistics

107
Requests

100 %
HTTPS

73 %
IPv6

8
Domains

13
Subdomains

11
IPs

2
Countries

1256 kB
Transfer

3461 kB
Size

5
Cookies

62 Outgoing links

These are links going to different origins than the main page.

URL: https://medium.com/?source=post_page-----b18ec5ac8353--------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fposts.specterops.io%2Fhiding-registry-keys-with-psreflect-b18ec5ac8353&source=post_page-----b18ec5ac8353---------------------nav_reg-----------
Title: Sign in

Search URL Search Domain Scan URL

URL: https://rsci.app.link/?%24canonical_url=https%3A%2F%2Fmedium.com%2Fp%2Fb18ec5ac8353&~feature=LoOpenInAppButton&~channel=ShowPostUnderCollection&~stage=mobileNavBar&source=post_page-----b18ec5ac8353--------------------------------
Title: Open in app

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fhiding-registry-keys-with-psreflect-b18ec5ac8353&source=post_page-----b18ec5ac8353---------------------nav_reg-----------
Title: Get started

Search URL Search Domain Scan URL

URL: https://www.specterops.io/?source=post_page-----b18ec5ac8353--------------------------------
Title: specterops.io

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-rules-30e5502c4eb4?source=responses-----b18ec5ac8353--------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fhiding-registry-keys-with-psreflect-b18ec5ac8353&source=responses-----b18ec5ac8353---------------------respond_sidebar-----------
Title: What are your thoughts?

Search URL Search Domain Scan URL

URL: https://medium.com/@huntteaming?source=post_page-----b18ec5ac8353--------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fuser%2Fb33a1615ac42&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fhiding-registry-keys-with-psreflect-b18ec5ac8353&user=Brian%20Reitz&userId=b33a1615ac42&source=post_page-b33a1615ac42----b18ec5ac8353---------------------follow_byline-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2Fb18ec5ac8353&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fhiding-registry-keys-with-psreflect-b18ec5ac8353&source=post_actions_header--------------------------bookmark_preview-----------

Search URL Search Domain Scan URL

URL: https://www.symantec.com/connect/blogs/kovter-malware-learns-poweliks-persistent-fileless-registry-update
Title: September 2015 report from Symantec,

Search URL Search Domain Scan URL

URL: https://blog.malwarebytes.com/threat-analysis/2016/07/untangling-kovter/
Title: MalwareBytes

Search URL Search Domain Scan URL

URL: http://blog.airbuscybersecurity.com/post/2016/03/FILELESS-MALWARE-%E2%80%93-A-BEHAVIOURAL-ANALYSIS-OF-KOVTER-PERSISTENCE
Title: Airbus Cybersecurity

Search URL Search Domain Scan URL

URL: https://reaqta.com/2015/09/poweliks-file-less-malware-keeps-evolving/
Title: Reaqta

Search URL Search Domain Scan URL

URL: https://technet.microsoft.com/en-us/sysinternals/reghide.aspx
Title: RegHide

Search URL Search Domain Scan URL

URL: https://web.archive.org/web/20091104223505/http://technet.microsoft.com/en-us/sysinternals/bb897446.aspx
Title: old Sysinternals page

Search URL Search Domain Scan URL

URL: https://stackoverflow.com/questions/1721106/how-to-hide-a-value-on-the-registry-like-sysinternals-reghide-tool
Title: explaining the differences between calling the Win32 API and calling the Native API

Search URL Search Domain Scan URL

URL: https://github.com/mattifestation/PSReflect
Title: PSReflect

Search URL Search Domain Scan URL

URL: https://gist.github.com/brianreitz/feb4e14bd45dd2e4394c225b17df5741
Title: PSReflect-RegHide gist

Search URL Search Domain Scan URL

URL: https://msdn.microsoft.com/en-us/library/windows/hardware/ff560909(v=vs.85).aspx
Title: Registry Key Object Routines

Search URL Search Domain Scan URL

URL: https://msdn.microsoft.com/en-us/library/windows/hardware/ff567014(v=vs.85).aspx
Title: NtOpenKey

Search URL Search Domain Scan URL

URL: https://msdn.microsoft.com/en-us/library/windows/desktop/ms724878(v=vs.85).aspx
Title: ACCESS_MASK

Search URL Search Domain Scan URL

URL: https://msdn.microsoft.com/en-us/library/windows/hardware/ff557749(v=vs.85).aspx
Title: OBJECT_ATTRIBUTES

Search URL Search Domain Scan URL

URL: https://msdn.microsoft.com/en-us/library/windows/hardware/ff567109(v=vs.85).aspx
Title: NtSetValueKey

Search URL Search Domain Scan URL

URL: https://msdn.microsoft.com/en-us/library/windows/hardware/ff564879(v=vs.85).aspx
Title: UNICODE_STRING

Search URL Search Domain Scan URL

URL: https://github.com/jaredcatkinson/PSReflect-Functions
Title: PSReflect-Functions repo

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fcollection%2Fspecter-ops-posts%2Fb18ec5ac8353&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fhiding-registry-keys-with-psreflect-b18ec5ac8353&collection=Posts%20By%20SpecterOps%20Team%20Members&collectionId=f05f8696e3cc&source=post_sidebar--------------------------follow_sidebar-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fspecter-ops-posts%2Fb18ec5ac8353&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fhiding-registry-keys-with-psreflect-b18ec5ac8353&user=Brian%20Reitz&userId=b33a1615ac42&source=post_sidebar-----b18ec5ac8353---------------------clap_sidebar-----------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2Fb18ec5ac8353&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fhiding-registry-keys-with-psreflect-b18ec5ac8353&source=post_sidebar-----b18ec5ac8353---------------------bookmark_sidebar-----------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fspecter-ops-posts%2Fb18ec5ac8353&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fhiding-registry-keys-with-psreflect-b18ec5ac8353&user=Brian%20Reitz&userId=b33a1615ac42&source=post_actions_footer-----b18ec5ac8353---------------------clap_footer-----------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2Fb18ec5ac8353&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fhiding-registry-keys-with-psreflect-b18ec5ac8353&source=post_actions_footer--------------------------bookmark_footer-----------

Search URL Search Domain Scan URL

URL: https://medium.com/@huntteaming?source=follow_footer-------------------------------------

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fuser%2Fb33a1615ac42%2Fb18ec5ac8353&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fhiding-registry-keys-with-psreflect-b18ec5ac8353&user=Brian%20Reitz&userId=b33a1615ac42&source=follow_footer-b33a1615ac42-------------------------follow_footer-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fcollection%2Fspecter-ops-posts%2Fb18ec5ac8353&operation=register&redirect=https%3A%2F%2Fposts.specterops.io%2Fhiding-registry-keys-with-psreflect-b18ec5ac8353&collection=Posts%20By%20SpecterOps%20Team%20Members&collectionId=f05f8696e3cc&source=follow_footer--------------------------follow_footer-----------
Title: Follow

Search URL Search Domain Scan URL

URL: https://medium.com/the-prefect-blog/pipeline-pitfalls-57fe558cd76?source=post_internal_links---------0----------------------------
Title: Pipeline Pitfalls

Search URL Search Domain Scan URL

URL: https://medium.com/@josmek?source=post_internal_links---------0----------------------------
Title: Josh Meek

Search URL Search Domain Scan URL

URL: https://medium.com/the-prefect-blog?source=post_internal_links---------0----------------------------
Title: The Prefect Blog

Search URL Search Domain Scan URL

URL: https://medium.com/mesmerhq/the-bots-are-coming-to-take-your-job-writing-ui-tests-thank-goodness-580df10ae319?source=post_internal_links---------1----------------------------
Title: The bots are coming to take your job writing UI tests (thank goodness!)

Search URL Search Domain Scan URL

URL: https://medium.com/@CodingDoug?source=post_internal_links---------1----------------------------
Title: Doug Stevenson

Search URL Search Domain Scan URL

URL: https://medium.com/mesmerhq?source=post_internal_links---------1----------------------------
Title: Mesmer

Search URL Search Domain Scan URL

URL: https://medium.com/@0abdou.snik1e/saut%C3%A9-1-pound-ground-beef-1-chopped-onion-and-1-chopped-carrot-b17fde9e7b97?source=post_internal_links---------2----------------------------
Title: Sauté 1 pound ground beef, 1 chopped onion, and 1 chopped carrot

Search URL Search Domain Scan URL

URL: https://medium.com/@0abdou.snik1e?source=post_internal_links---------2----------------------------
Title: Abdou Snike

Search URL Search Domain Scan URL

URL: https://alibaba-cloud.medium.com/alibaba-makes-dragonwell-openjdk-open-source-580b0f080473?source=post_internal_links---------3----------------------------
Title: Alibaba Makes Dragonwell OpenJDK Open Source

Search URL Search Domain Scan URL

URL: https://alibaba-cloud.medium.com/?source=post_internal_links---------3----------------------------
Title: Alibaba Cloud

Search URL Search Domain Scan URL

URL: https://blog.getambassador.io/three-keys-to-full-service-ownership-on-kubernetes-58077bfcc659?source=post_internal_links---------4----------------------------
Title: Three Keys to Full Service Ownership on Kubernetes

Search URL Search Domain Scan URL

URL: https://medium.com/@rdli?source=post_internal_links---------4----------------------------
Title: Richard Li

Search URL Search Domain Scan URL

URL: https://blog.getambassador.io/?source=post_internal_links---------4----------------------------
Title: Ambassador Labs

Search URL Search Domain Scan URL

URL: https://isenberg-ran.medium.com/aws-lambda-feature-toggles-made-simple-580b0c444233?source=post_internal_links---------5----------------------------
Title: AWS Lambda Feature Toggles Made Simple

Search URL Search Domain Scan URL

URL: https://isenberg-ran.medium.com/?source=post_internal_links---------5----------------------------
Title: Ran Isenberg

Search URL Search Domain Scan URL

URL: https://radwell-intl.medium.com/industrial-automation-unites-the-best-of-ot-and-it-60120e60dbca?source=post_internal_links---------6----------------------------
Title: Industrial Automation Unites the Best of OT and IT

Search URL Search Domain Scan URL

URL: https://radwell-intl.medium.com/?source=post_internal_links---------6----------------------------
Title: Radwell International

Search URL Search Domain Scan URL

URL: https://daniele-fontani.medium.com/cloud-vendor-lock-in-risk-601abd421991?source=post_internal_links---------7----------------------------
Title: Is Cloud Vendor Lock-in the Evil, or we have to live with it?

Search URL Search Domain Scan URL

URL: https://daniele-fontani.medium.com/?source=post_internal_links---------7----------------------------
Title: Daniele Fontani

Search URL Search Domain Scan URL

URL: https://medium.com/about?autoplay=1&source=post_page-----b18ec5ac8353--------------------------------
Title: Learn more.

Search URL Search Domain Scan URL

URL: https://medium.com/topics?source=post_page-----b18ec5ac8353--------------------------------
Title: Make Medium yours.

Search URL Search Domain Scan URL

URL: https://medium.com/creator-tools?source=post_page-----b18ec5ac8353--------------------------------
Title: Write a story on Medium.

Search URL Search Domain Scan URL

URL: https://medium.com/new-story?source=post_page-----b18ec5ac8353--------------------------------
Title: Write

Search URL Search Domain Scan URL

URL: https://help.medium.com/hc/en-us?source=post_page-----b18ec5ac8353--------------------------------
Title: Help

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-terms-of-service-9db0094a1e0f?source=post_page-----b18ec5ac8353--------------------------------
Title: Legal

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/app/medium-everyones-stories/id828256236?pt=698524&mt=8&ct=post_page&source=post_page-----b18ec5ac8353--------------------------------

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.medium.reader&source=post_page-----b18ec5ac8353--------------------------------

Search URL Search Domain Scan URL

URL: https://policy.medium.com/medium-privacy-policy-f03bf92035c9
Title: Privacy Policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353 HTTP 307
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fposts.specterops.io%2Fhiding-registry-keys-with-psreflect-b18ec5ac8353 HTTP 302
https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

107 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request hiding-registry-keys-with-psreflect-b18ec5ac8353 Show response
posts.specterops.io/
Redirect Chain

https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fposts.specterops.io%2Fhiding-registry-keys-with-psreflect-b18ec5ac8353
https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

173 KB
38 KB

1045ms
1044ms

Document
text/html

52.0.16.118
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.0.16.118 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-0-16-118.compute-1.amazonaws.com

Software

nginx /

Resource Hash

4726f03636676671956dc5fb79511ff8db9eae716d8eee8c4318975a2cbaea70

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://medium.com

Request headers

:method: GET
:authority: posts.specterops.io
:scheme: https
:path: /hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

server: nginx
date: Sat, 24 Jul 2021 13:58:44 GMT
content-type: text/html; charset=utf-8
sepia-upstream: medium
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: frame-ancestors 'self' https://medium.com
etag: W/"2b31d-eFGZIV438mfyJAeO8ZBG2YU3JF8"
medium-fulfilled-by: valencia/main-20210723-201957-a962765faa, lite/main-20210723-214206-cb03029f42, rito/main-20210723-231812-f3ebbf05ea, tutu/main-20210723-221831-ee84164f98
medium-missing-time: 383
set-cookie: uid=lo_276fbc13bd80; Path=/; Expires=Sun, 24 Jul 2022 13:58:43 GMT; HttpOnly; Secure; SameSite=None sid=1:C2oF+r1oGGD6XDP1kAo+TmgmC1/YhBs253g7+y0sbyrOnglwS00GEnSYmQoIA5/J; Path=/; Expires=Sun, 24 Jul 2022 13:58:43 GMT; HttpOnly; Secure; SameSite=None optimizelyEndUserId=lo_276fbc13bd80; Path=/; Expires=Sun, 24 Jul 2022 13:58:43 GMT; Secure; SameSite=None
vary: Accept-Encoding
x-envoy-upstream-service-time: 932
x-request-received-at: 1627135123444

Redirect headers

date: Sat, 24 Jul 2021 13:58:43 GMT
content-type: text/plain;charset=UTF-8
content-length: 0
location: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
cf-ray: 673daa375b424eeb-FRA
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Thu, 09 Sep 1999 09:09:09 GMT
link: <https://medium.com/humans.txt>; rel="humans"
set-cookie: uid=lo_276fbc13bd80; Path=/; Domain=medium.com; Expires=Sun, 24 Jul 2022 13:58:43 GMT; HttpOnly; Secure sid=1:v6NF4SYf91r16FpnKfHvMjQhHgPAugCHlaH1W9DUY5ffiPrj8YHB+/7Pj1VZWFlx; Path=/; Domain=medium.com; Expires=Sun, 24 Jul 2022 13:58:43 GMT; HttpOnly; Secure; SameSite=None optimizelyEndUserId=lo_276fbc13bd80; Path=/; Domain=medium.com; Expires=Sun, 24 Jul 2022 13:58:43 GMT; Secure; SameSite=None __cfruid=e20eba051bc2c5ab11a16bed7ca45b076f4eac12-1627135123; path=/; domain=.medium.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: DYNAMIC
content-security-policy: default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://medium.com https://*.medium.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
medium-fulfilled-by: edgy/3, valencia/main-20210723-201957-a962765faa
pragma: no-cache
x-content-type-options: nosniff
x-envoy-upstream-service-time: 90
x-frame-options: sameorigin
x-obvious-info: 20210723-2219-root,ee84164f
x-obvious-tid: 1627135123187:94b377dc2a4e
x-opentracing: {"ot-tracer-spanid":"25d142ab4f1a7c58","ot-tracer-traceid":"f27da9a2163e819","ot-tracer-sampled":"true"}
x-powered-by: Medium
x-ua-compatible: IE=edge, Chrome=1
x-xss-protection: 1; mode=block
vary: Accept-Encoding
server: cloudflare
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H2 200 unbound.css
glyph.medium.com/css/ 12 KB
1 KB 36ms
34ms Stylesheet
text/css 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/css/unbound.css

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

23d5d5917766394d6fb54189597fcc1ad7b0fe96870e594d940a89717d8338f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 403
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: text/css
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=7200
access-control-allow-credentials: true
cf-ray: 673daa3f5c324eeb-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sat, 24 Jul 2021 15:58:44 GMT

GET
H2 200 16180790160.js Show response
cdn.optimizely.com/js/ 346 KB
97 KB 21ms
6ms Script
text/javascript 2a02:26f0:6c00:284::13b8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.optimizely.com/js/16180790160.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:284::13b8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

AmazonS3 /

Resource Hash

09b4d5865b5aeb159ba83e8d0634e73ce8808c3fb3e4bdde4765572b17a605bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-pci_enabled: False
x-amz-version-id: 9.sX0LXhDOMZDTUCW_HvSCyOPlYDjZWa
content-encoding: gzip
etag: "5f8d8e5b499535d03a548bdb5b0692a3"
x-amz-request-id: KWZ0263GBP7RG60G
x-amz-server-side-encryption: AES256
x-amz-meta-revision: 6981
x-amz-replication-status: PENDING
access-control-allow-methods: GET, HEAD
server-timing: cdn;desc="AkamaiION";dur=0,rtt;desc="4";dur=0,cdnip;desc="2a02:26f0:6c00:284::13b8";dur=0,cdnmap;desc="a5048.dsca.akamaiedge.net";dur=0,proto;desc="h2";dur=0
vary: Accept-Encoding
content-length: 98672
x-amz-id-2: bGPI7EJmuXcQrXuQ11fwFJ4EJoJe53E7ORbWWQ6AYbersyO8bM+QTpWMenehHGYUQhCPRICONHI=
last-modified: Fri, 23 Jul 2021 15:25:27 GMT
server: AmazonS3
date: Sat, 24 Jul 2021 13:58:44 GMT
access-control-max-age: 86400
strict-transport-security: max-age=15768000
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: x-amz-meta-revision
cache-control: max-age=120
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: *

GET
H2 200 1*aa0HsXZL43r95TuTJlJNPw.png
miro.medium.com/max/304/ 7 KB
7 KB 129ms
128ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/304/1*aa0HsXZL43r95TuTJlJNPw.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3b1c3db72fa6da00fe30f190a2b8ac5bb0bc1f8a1aa12b79d64a35c678b62b51

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 884
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 6883
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210524-162717-f383c62fea
accept-ranges: bytes
cf-ray: 673daa3f6c3a4eeb-FRA
expires: Mon, 23 Aug 2021 13:58:44 GMT

GET
H2 200 2*24A_LDMigIa_G-TIyKP7Kg.png
miro.medium.com/fit/c/96/96/ 3 KB
3 KB 288ms
287ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/96/96/2*24A_LDMigIa_G-TIyKP7Kg.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bb494052530b5f6e98601b9494e0efa4d07577270092e1c2d252cf375f3df1b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
x-envoy-upstream-service-time: 61
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 2633
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210709-175524-eebd6c4731
accept-ranges: bytes
cf-ray: 673daa3f6c3c4eeb-FRA
expires: Mon, 23 Aug 2021 13:58:44 GMT

GET
H3-29 200 sohne-400-normal.woff
glyph.medium.com/font/b492c44/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 19 KB
19 KB 49ms
36ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/b492c44/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9a1bb21db6c50c8c9d7931a77cba791bc9d7ecd6eef2373a66cb4cde5e6e5d16

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://posts.specterops.io
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1540452
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 673daa3fba633140-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sun, 24 Jul 2022 13:58:44 GMT

GET
H3-29 200 fell-400-normal.woff
glyph.medium.com/font/78ce731/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 24 KB
25 KB 41ms
28ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/78ce731/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/fell-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e8fed51ae35ba9d9c900b99b774df79551240e4954aa5bdd2289cf32d64c1715

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://posts.specterops.io
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 8670408
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 673daa3fba603140-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sun, 24 Jul 2022 13:58:44 GMT

GET
H3-29 200 sohne-400-normal.woff
glyph.medium.com/font/b492c44/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 28 KB
28 KB 33ms
21ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/b492c44/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/sohne-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a4234de612d23c49b753051754b4a09d58f6812aae0960fac0578cd2e8d9566d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://posts.specterops.io
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 10686764
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 673daa3fba5d3140-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sun, 24 Jul 2022 13:58:44 GMT

GET
H2 200 0*4qQm8AkN19hp-QWN.
miro.medium.com/max/60/ 1 KB
2 KB 134ms
132ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/0*4qQm8AkN19hp-QWN.?q=20

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d3915eeea61a8b4b48b0c1cc6c6c254ab06eb0aca13fb3d47265514e06316e98

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 31
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1321
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210709-175524-eebd6c4731
accept-ranges: bytes
cf-ray: 673daa402e094eeb-FRA
expires: Mon, 23 Aug 2021 13:58:44 GMT

GET
H2 200 0*5vnGKiFSi8YWnjmY.
miro.medium.com/max/60/ 615 B
783 B 208ms
207ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/0*5vnGKiFSi8YWnjmY.?q=20

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b4996fb531a84e9a9ff55e155a6564ef057b83b2ee1727d16ce8801f974d3ba4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
x-envoy-upstream-service-time: 62
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 615
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210709-175524-eebd6c4731
accept-ranges: bytes
cf-ray: 673daa402e0a4eeb-FRA
expires: Mon, 23 Aug 2021 13:58:44 GMT

GET
H2 200 0*1_QuWs2OL8iVVNWn.
miro.medium.com/max/50/ 5 KB
5 KB 190ms
188ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/50/0*1_QuWs2OL8iVVNWn.?q=20

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78c86104353823a332afe31485a3ce799b77a100c0c321348cb25bf184ef1a1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
x-envoy-upstream-service-time: 30
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 4627
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210709-175524-eebd6c4731
accept-ranges: bytes
cf-ray: 673daa402e0c4eeb-FRA
expires: Mon, 23 Aug 2021 13:58:44 GMT

GET
H2 200 2*24A_LDMigIa_G-TIyKP7Kg.png
miro.medium.com/fit/c/160/160/ 4 KB
4 KB 168ms
166ms Image
image/png 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/160/160/2*24A_LDMigIa_G-TIyKP7Kg.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0bc4fb81b00705aa031ff7a74f163bd74d07caf9efa55eb682642bf363327e6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
x-envoy-upstream-service-time: 34
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 3769
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210709-175524-eebd6c4731
accept-ranges: bytes
cf-ray: 673daa402e0e4eeb-FRA
expires: Mon, 23 Aug 2021 13:58:44 GMT

GET
H3-29 200 1*D-FDlfkqivRBQZoESrwtqw.png
miro.medium.com/fit/c/160/160/ 6 KB
7 KB 132ms
121ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/160/160/1*D-FDlfkqivRBQZoESrwtqw.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df55e1647aaa31dc1a9879bb336faa6f878d2af6aec095a3b0dff0bdd909218f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 30
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 6539
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210524-162717-f383c62fea
accept-ranges: bytes
cf-ray: 673daa404fc142e1-FRA
expires: Mon, 23 Aug 2021 13:58:44 GMT

GET
H3-29 200 2*24A_LDMigIa_G-TIyKP7Kg.png
miro.medium.com/fit/c/80/80/ 2 KB
3 KB 186ms
175ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/80/80/2*24A_LDMigIa_G-TIyKP7Kg.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ba9920472a19de504346abfc8231cb3832aa16f039a0a65b64b53dc15dbe4da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
x-envoy-upstream-service-time: 50
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 2218
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210709-175524-eebd6c4731
accept-ranges: bytes
cf-ray: 673daa404fc242e1-FRA
expires: Mon, 23 Aug 2021 13:58:44 GMT

GET
H3-29 200 1*D-FDlfkqivRBQZoESrwtqw.png
miro.medium.com/fit/c/80/80/ 3 KB
3 KB 121ms
110ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/fit/c/80/80/1*D-FDlfkqivRBQZoESrwtqw.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

386ff0e96e4564b30a3ba03e97878f71c9deccf8829ccfe73f80657a951aa572

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 61
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 2735
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210617-165854-e4900a530f
accept-ranges: bytes
cf-ray: 673daa404fbe42e1-FRA
expires: Mon, 23 Aug 2021 13:58:44 GMT

GET
H3-29 200 1*RpgDHNFOaVleS4AkQnG49w.png
miro.medium.com/max/60/ 2 KB
3 KB 152ms
141ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*RpgDHNFOaVleS4AkQnG49w.png?q=20

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a87acbab42d0c5afc15128f25c86aed5e6a16401775ad9880c3c78300f638fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 61
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 2238
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210625-142430-abd62260a9
accept-ranges: bytes
cf-ray: 673daa404fba42e1-FRA
expires: Mon, 23 Aug 2021 13:58:44 GMT

GET
H3-29 200 1*3vDVJw86u-Kjpj4E0mZwsQ.jpeg
miro.medium.com/max/60/ 858 B
1 KB 173ms
162ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*3vDVJw86u-Kjpj4E0mZwsQ.jpeg?q=20

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

233040b66004ab818eccf706a8aea9a56c3d604724a744c0d69deaa14b3a6907

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 34
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 858
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210709-175524-eebd6c4731
accept-ranges: bytes
cf-ray: 673daa404fbf42e1-FRA
expires: Mon, 23 Aug 2021 13:58:44 GMT

GET
H3-29 200 1*PtVeSN7l46t0vgbR9OKccg.png
miro.medium.com/max/60/ 6 KB
6 KB 154ms
143ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*PtVeSN7l46t0vgbR9OKccg.png?q=20

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7160de18504b64e1ca33f8097437c02a86679637d41045f511b084003da1dcff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 74
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 5759
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210709-175524-eebd6c4731
accept-ranges: bytes
cf-ray: 673daa404fc442e1-FRA
expires: Mon, 23 Aug 2021 13:58:44 GMT

GET
H3-29 200 1*hn4v1tCaJy7cWMyb0bpNpQ.png
miro.medium.com/max/60/ 3 KB
3 KB 90ms
79ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*hn4v1tCaJy7cWMyb0bpNpQ.png?q=20

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

68078ec955d9fe1ecbba1656e1f4469e2585307cfc1b5b993df6e56e5de3d359

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1351271
x-envoy-upstream-service-time: 26
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 3059
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210625-142430-abd62260a9
accept-ranges: bytes
cf-ray: 673daa404fcb42e1-FRA
expires: Mon, 23 Aug 2021 13:58:44 GMT

GET
H3-29 200 1*8l8acETDi1FX2MMsGwv0Hw.png
miro.medium.com/max/60/ 2 KB
2 KB 154ms
143ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*8l8acETDi1FX2MMsGwv0Hw.png?q=20

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b733cbc57b240ab67ad2c9b8ae8a752550e1d5506203a83fcd432932ceaa0c60

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 38
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1959
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210709-175524-eebd6c4731
accept-ranges: bytes
cf-ray: 673daa404fc942e1-FRA
expires: Mon, 23 Aug 2021 13:58:44 GMT

GET
H3-29 200 1*obWiEERTOTn5CxLEVjoVrA.png
miro.medium.com/max/60/ 1 KB
2 KB 183ms
172ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*obWiEERTOTn5CxLEVjoVrA.png?q=20

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7477072efcfaac1fe81db09eab857753051b42505f7b8074c67ec7bf40a8369b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 41
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1127
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210709-175524-eebd6c4731
accept-ranges: bytes
cf-ray: 673daa404fc742e1-FRA
expires: Mon, 23 Aug 2021 13:58:44 GMT

GET
H3-29 200 0*sX9AUEfAMdGaRcQ_.jpg
miro.medium.com/max/60/ 898 B
1 KB 155ms
144ms Image
image/jpeg 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/0*sX9AUEfAMdGaRcQ_.jpg?q=20

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f4b90acce7f7cbfeb6ac996479c98286cec49d2ed6aa10201774c5165bf83c6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 47
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 898
pragma: public
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210709-175524-eebd6c4731
accept-ranges: bytes
cf-ray: 673daa404fcd42e1-FRA
expires: Mon, 23 Aug 2021 13:58:44 GMT

GET
H3-29 200 1*pvo_6yePBvxBmq3Fw9ST3A.png
miro.medium.com/max/60/ 6 KB
6 KB 157ms
147ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/60/1*pvo_6yePBvxBmq3Fw9ST3A.png?q=20

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

477930641668f91f27e5641cb1c3eaef378d251b83c1e7508bdd6e6d5eb91768

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 61
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 5735
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210709-175524-eebd6c4731
accept-ranges: bytes
cf-ray: 673daa404fc542e1-FRA
expires: Mon, 23 Aug 2021 13:58:44 GMT

GET
H2 200 manifest.de858fc3.js Show response
cdn-client.medium.com/lite/static/js/ 8 KB
5 KB 28ms
20ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/manifest.de858fc3.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6609aad8d292c685e90ecdd9b7d3efa1f56c7d59babb1021431cb5d6b16b4992

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 57231
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 2YAYFKE8NTV0JQ40
x-amz-id-2: ZIHiHH03AyienV9X3EzyWErS1/GeXsToaIfHOMwcLXYd2ZAxuQ+dflynBe3nL555Z0bpkgyu3F8=
last-modified: Fri, 23 Jul 2021 21:56:46 GMT
server: cloudflare
etag: W/"a8e8103763194ee653fdf7d245008daf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: pAag3CnVpCr7xUZfEDCR5QZa4IlxjZZD
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 673daa405e4f4eeb-FRA
expires: Sun, 24 Jul 2022 13:58:44 GMT

GET
H2 200 9115.1a9358c4.js Show response
cdn-client.medium.com/lite/static/js/ 732 KB
228 KB 75ms
67ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

038262231160fee976d84fa8d1db80567769112008a892e0edeb76f6c1121165

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 751068
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 9WCQMJXXDY7V1E5T
x-amz-id-2: yenI6fCJLrENlkqO2VHecbdeXoIeqtf9kfQS8Gz8dMYywh2HBIP47vsCHroQtTsLhkdCQ/i4JKM=
last-modified: Thu, 15 Jul 2021 18:50:35 GMT
server: cloudflare
etag: W/"3b5c778737b6d559ce5f7a8c478f6203"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: QAH5KPPE7VyycTXphMPwmxvbaI8QEy7U
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 673daa405e584eeb-FRA
expires: Sun, 24 Jul 2022 13:58:44 GMT

GET
H2 200 main.0b4c1932.js Show response
cdn-client.medium.com/lite/static/js/ 798 KB
211 KB 79ms
71ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/main.0b4c1932.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a1018a7244a7e37c2d21cc30c2c331d1fc3834318cc74d088623bcc5ac7bb3f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 61902
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: ASYYZ7AJH13873V3
x-amz-id-2: a3CtfTl/KjVyLWiWUJn1GA3j8y30E1RWcL/2XaOizqskzt8zE4kc/XeWlEZJRyB7dniWxWOhZ/Y=
last-modified: Fri, 23 Jul 2021 19:46:07 GMT
server: cloudflare
etag: W/"a8b783b414b1a7fbfc7e7770a0965488"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: bdSzGAdXRHapaF36kReEbPBpzbBbCHRP
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 673daa405e544eeb-FRA
expires: Sun, 24 Jul 2022 13:58:44 GMT

GET
H2 200 5573.159bf40f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 62 KB
16 KB 75ms
68ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5573.159bf40f.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e94f5c9ab17624e0617356aa0ce9b87c16a4a62e48ff8ccaabe6963072b76ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1005336
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: W5EH3ZWGCATAJ0JK
x-amz-id-2: uquA+D1mKTUgmaodaYFoBDYRFjBCghvQCPgGBuwnPNqPSgEh4m7aoHPDNWRkrQ4qGn6JNGvqqTU=
last-modified: Mon, 24 May 2021 10:33:47 GMT
server: cloudflare
etag: W/"285e9d718f6e570e00b30e966996ec1c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: HmLCtdjGYWgk2SnFK4M0oX_6tJ50SNp9
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 673daa405e534eeb-FRA
expires: Sun, 24 Jul 2022 13:58:44 GMT

GET
H2 200 instrumentation.6fa29f8a.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 5 KB
2 KB 78ms
71ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/instrumentation.6fa29f8a.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f533eb639be3ba90e9031b71779c52cdc20698da99dc51b3b5ac2f91e7134aaf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 74766
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: FHA8A40J743DA5XW
x-amz-id-2: /tadu/KnxX9jH/CN5juvoR17bTIAzGfipCSVFBL/+gHr4ntd5Pywyt0YU83h2Qwwl73j2x1cPPI=
last-modified: Fri, 11 Jun 2021 03:03:38 GMT
server: cloudflare
etag: W/"2c6f1262e4dde3d463a8f6156e941f07"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 4vjabhlbU1g80tUyyLDf7tBjSbTI2iRB
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 673daa405e5a4eeb-FRA
expires: Sun, 24 Jul 2022 13:58:44 GMT

GET
H2 200 reporting.6471519f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 1 KB
1 KB 32ms
25ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/reporting.6471519f.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8bbacda37b119c290c184c6975dc0f9e7892a22c56bb572d70457e437484864d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 411446
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: Q0F7MQAAJVH2M7V8
x-amz-id-2: UGXQIw7HsYZm/FvYo7E+nq3jKishQRAFtyQb69eEX/C8myd/Yv4QrwPT9xzsKJnaEtF0J6LNuB8=
last-modified: Wed, 16 Jun 2021 18:41:31 GMT
server: cloudflare
etag: W/"69e0bbdc0c37d2f46b6be19732366a3d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 8sxb2msbxkYmtYsAbhhIRpG6q5cNmD6C
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 673daa405e594eeb-FRA
expires: Sun, 24 Jul 2022 13:58:44 GMT

GET
H3-29 200 5279.a081d25f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 6 KB
3 KB 49ms
46ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5279.a081d25f.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1bd46284abee72dbe93295f7b04a7297e851545b95fb9aa5e91237ff7b03fcf4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 761791
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 357VKND0B1MB9J43
x-amz-id-2: qypHuL7v59Qjr316foZFZMTqjc3Muzdceb1uiNOE3RnQedPCAjRp3WuDT8clbLqd105LdvrVK/s=
last-modified: Wed, 14 Jul 2021 17:47:44 GMT
server: cloudflare
etag: W/"6b6b78b0ebe6013d82a69b0804acb3ce"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: WGHdI13XLXqaDRlyjCbzo7hmZ7yJdTf8
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 673daa40785a42e1-FRA
expires: Sun, 24 Jul 2022 13:58:44 GMT

GET
H3-29 200 192.7f4b9c69.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 52 KB
16 KB 58ms
54ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/192.7f4b9c69.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d138dfff9f93a3b4c66d24db39ecdcaf7eb52f4785d155086fe487c72e7844f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 72410
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: NK60RF0R1112TQ7E
x-amz-id-2: 7/SwHYymADDhGwCdULrMQTM8m9wsXzgAX3lpyU0vyuMvfQ/L8bmcmWP06qsU/1NZv6F+J/eiLzI=
last-modified: Wed, 21 Jul 2021 16:14:43 GMT
server: cloudflare
etag: W/"b7ab112784d8b19953ce5b1f9ab2c69d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: Xj0LAgqJ_HWIJ.v8Ow3eR5M_NSMAH1zc
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 673daa40785b42e1-FRA
expires: Sun, 24 Jul 2022 13:58:44 GMT

GET
H3-29 200 1969.1fbf6133.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
5 KB 58ms
55ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1969.1fbf6133.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c18f0f46697f44e01385f68538d386db35c436a56fab78e78d4c0aa8a0cb422a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 73507
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: XTCQ5Q127NB0KCM3
x-amz-id-2: BsTJay/gLGCyGzBwOV+XsVyGoug3HYWlKBEkNS3y36YRAheGdv9e+1t1GxS4tfd/qwPSFEnVsuQ=
last-modified: Fri, 23 Jul 2021 01:01:32 GMT
server: cloudflare
etag: W/"2d4223a0d81104511b8f68de78d66fd4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: R44NG9dB3Op25a2P_yF2gvC7v3Av._3F
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 673daa40785c42e1-FRA
expires: Sun, 24 Jul 2022 13:58:44 GMT

GET
H3-29 200 7648.31e753ba.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 15 KB
6 KB 49ms
46ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7648.31e753ba.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

93384bf842a2cae6c63aa8979f3dfdbef5945682d2fc52610e43fb100d17de9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 241424
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 1P4K0T1FQ0Z6MY8S
x-amz-id-2: Gkz/Rl0cpLq4DvYekSd7mD77Bgx7h7RdF7XJuCjUsyFa8+6bAXnbN1vl6XPDXNHMJY29cWWexEk=
last-modified: Wed, 21 Jul 2021 17:06:17 GMT
server: cloudflare
etag: W/"4106fdcf6bbfaff3a254ae152c368c57"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: IUzZzzj_3LR3LoJwBi86c7A0JDLMVPnm
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 673daa40785e42e1-FRA
expires: Sun, 24 Jul 2022 13:58:44 GMT

GET
H3-29 200 1645.9072abeb.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
4 KB 73ms
29ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1645.9072abeb.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b8aecc772988b29a46774bb5c5e2dd3373fca5cfab4122338414f41cfb6b656e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 766289
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 8Y1BZDP093PPSAHS
x-amz-id-2: FIjGFaY4sJcupp5iVHBqOlAWX9tg1vCb61BmTjtSS2e7RTCrB015u7nrEYkK0srxsFUQL8seKBI=
last-modified: Thu, 15 Jul 2021 16:24:49 GMT
server: cloudflare
etag: W/"553495539d619e8ee0e59ed00fbcb539"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 1VQTPBA3r6hhPyXFbJwQveM5ukBLc7iI
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 673daa40b92442e1-FRA
expires: Sun, 24 Jul 2022 13:58:44 GMT

GET
H3-29 200 4586.57274e03.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
4 KB 74ms
29ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4586.57274e03.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c641cb179c8381b2c690df8ecd3ad0497617941b337051c3b939fd1e33bea533

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 160378
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: Q70FA25KVP98J1HH
x-amz-id-2: SdKBF5LGo8/jY5fvKLmCmTkg7t9ilaNMvmoderF5XmZXT9kvMP9Wm2BvZlybCJT+BLOcAi0jRBs=
last-modified: Wed, 07 Jul 2021 16:52:37 GMT
server: cloudflare
etag: W/"e5f40c299d067fa0452860bc9bd66a17"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: fFC5i.wY2cDHy2bdVwagxHwti8RG5ZVu
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 673daa40b92742e1-FRA
expires: Sun, 24 Jul 2022 13:58:44 GMT

GET
H3-29 200 3930.7dfd9fbe.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 23 KB
8 KB 90ms
46ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3930.7dfd9fbe.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

70b2d4d61d80e2deb5aca5d10fca76cf153e8b028b11361a1e34d729de6f8b38

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 93940
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: PACHT0QE0VVW6VCG
x-amz-id-2: qAod96JFTdD1+3oxiZz4+NFAmlsVLH6A+4L2HOBD7plDBh7LZX0Rc0ZTcLYq+6Bm5jYElrhY8Jw=
last-modified: Thu, 08 Jul 2021 13:53:23 GMT
server: cloudflare
etag: W/"0101787eb2236a8fd767c457373b7b00"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 0d59W_ynYtXFzdXlnlV2gWMvY5BC7h3C
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 673daa40b92942e1-FRA
expires: Sun, 24 Jul 2022 13:58:44 GMT

GET
H3-29 200 6753.479da1c3.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
4 KB 64ms
20ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6753.479da1c3.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aabff986a0e8445df7ead588ab1eb063241926064362e29038cd1869769b41e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 265316
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: HJ6F5502SKMZYEC4
x-amz-id-2: r4LT5DfziOkRBoB6Z2yzxnLl/3qPChh9i0Yf5KUFMI7Ctmiz0iWwM+vAbVo0WvSX8rocvc/I3Tk=
last-modified: Wed, 21 Jul 2021 10:56:28 GMT
server: cloudflare
etag: W/"4f96925c4f94529af94ffb00bf6a9ac3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: U4WXN2VTAlWJruOE_bJjtCpXGDn.N1PL
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 673daa40b92a42e1-FRA
expires: Sun, 24 Jul 2022 13:58:44 GMT

GET
H3-29 200 7296.82e328e5.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 55 KB
15 KB 69ms
25ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7296.82e328e5.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f071a96409e341d51a317df2cf25d8e4ef1916d8ca80e253be980c53bbab178

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 72400
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: NK654BMS6Q3GG7SW
x-amz-id-2: aMJJSa3mu3MXb8Duz8YlyFlnmCXRz8PW2R24DpjxpZt6vB2VuqQZH45+NUhPTl3sefwNT7g5H0Y=
last-modified: Wed, 21 Jul 2021 16:14:48 GMT
server: cloudflare
etag: W/"a438c616304cd22f1e44f97b8cecfb2c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: W6HfJkx63xK_SUI4..jW0rVQZknD4Oyg
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 673daa40b92c42e1-FRA
expires: Sun, 24 Jul 2022 13:58:44 GMT

GET
H3-29 200 4881.687aa6c4.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
4 KB 71ms
27ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/4881.687aa6c4.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

31841c0553a88ef72572428c8afe8696d589e27364b961199d15589399f73b50

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 72400
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: NK67K342SA6YYTAR
x-amz-id-2: On4arbvR6g51l4FOq4cJmxqXkJEXxO+Gu512tt7xEkNADMBzOZ75wWMnw11vgT+OQUXUe8ZzfTg=
last-modified: Wed, 21 Jul 2021 16:14:47 GMT
server: cloudflare
etag: W/"0481b64d50d6bd6b3fc2018599c76a5c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: fKTjf6wOuvUm13ec8leMYVP4xZAgopPD
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 673daa40b92d42e1-FRA
expires: Sun, 24 Jul 2022 13:58:44 GMT

GET
H3-29 200 8275.ba7ae579.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 11 KB
4 KB 66ms
21ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8275.ba7ae579.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd6ae63e9057ae825638418ec7dab6f6e56757af6313d4acb2069106cf5b113e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 851433
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: VMK99CPAVQCCY4WK
x-amz-id-2: UHPLtjndM4aVo0+HzKF3CgQJOhU0QYeQIY9tkHsNeAc3aq99HBq6gIfLZQnM/zKt0idMkqI/T0A=
last-modified: Wed, 14 Jul 2021 00:25:01 GMT
server: cloudflare
etag: W/"84c6187d464a760eabc09ae2162b3237"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 8bFywd0LqRDBaZ6EKGzMfPyNzajwd0Me
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 673daa40b93042e1-FRA
expires: Sun, 24 Jul 2022 13:58:44 GMT

GET
H3-29 200 5727.8c32a0a2.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 13 KB
5 KB 63ms
18ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5727.8c32a0a2.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8d1f284928f13cdec7b8185b66c2827c65f0a093f58e6e9aae2b030b9583579a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1024415
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: V8BGPT5P3Y731K28
x-amz-id-2: Ri54cGpgGD63sxol8xtj/iQuBaguwFLAnxVmB1jYACacyNINC2tSyzpcdj4UqOF3ZEmsF39FwT0=
last-modified: Mon, 12 Jul 2021 12:23:55 GMT
server: cloudflare
etag: W/"b5b5700cd1085211b1106867ce648df4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: aLEla.jHfC3x6XucihOC5u9SyhmFyJVf
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 673daa40b93342e1-FRA
expires: Sun, 24 Jul 2022 13:58:44 GMT

GET
H3-29 200 3810.5da23cd2.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 14 KB
5 KB 64ms
20ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3810.5da23cd2.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e039a45cebc2581d5b9a67fbe4b2b00abfcbc22e3640f50f803b0eb578c886c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 72396
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: NK6C88HK2KWPTK0C
x-amz-id-2: 6m0ZViNKsoLuVdGYAENeiKyppSLVg161HccX39Fxv++h3gOBwqdTsCzJqUYajp5hboQijHdzdro=
last-modified: Wed, 21 Jul 2021 16:14:46 GMT
server: cloudflare
etag: W/"bfd57986e4a22ed65a95db2641a09ef8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: yJ9jA9qiz0v2.hJh7tiPLHZqVYgGRy8M
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 673daa40b93642e1-FRA
expires: Sun, 24 Jul 2022 13:58:44 GMT

GET
H3-29 200 8710.890112f0.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
5 KB 73ms
29ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8710.890112f0.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

85c018e4c154a7d3accbeba646ada9374a74bf900ae1122d178db1bc20b0f4d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 93940
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: PACKV5BCY19VJ297
x-amz-id-2: Jd5CbuOL76Gxc9KzpXr2+0pMj5eK6LCnrGCInn+PgqhE66rpAYpJXhecd/G/+JUSPIgG5Co61Yk=
last-modified: Fri, 09 Jul 2021 07:13:30 GMT
server: cloudflare
etag: W/"b5f89ee07478951da5703d5ed39cd3a2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: BPVOjXysB2vskFg6AkE1B1TY5gii86ZN
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 673daa40b93a42e1-FRA
expires: Sun, 24 Jul 2022 13:58:44 GMT

GET
H3-29 200 7001.85fe76b0.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 18 KB
7 KB 72ms
27ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7001.85fe76b0.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff9c6e1289121eb2965730e7f788666427f0c86802494f6197af3262fbb59764

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 680597
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: DT8Q80DKZ1SECG03
x-amz-id-2: sW2FYII+nJWztMJHhhwIj2e3GvSOhWlpR/++FiJUE4098ccBP/mt3m9b06D/J4A5x+qFBFg+4KI=
last-modified: Thu, 15 Jul 2021 23:51:11 GMT
server: cloudflare
etag: W/"ba70e489f45dec06b79d13ebc170dd49"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: scyZwakuCXKRJN8VIDx9xt_1x1HGWSk3
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 673daa40b93c42e1-FRA
expires: Sun, 24 Jul 2022 13:58:44 GMT

GET
H3-29 200 8607.8d594a54.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 18 KB
7 KB 65ms
20ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8607.8d594a54.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

00e018098af8f7496079dcae428fe8c03e6d655d93398b3a2811f6feed09e779

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 103014
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 7VYNGPRWJ7DQPVS1
x-amz-id-2: b5ICDBDF7R8Y0rEfZNvxdaF/34NRdrLCRks7tVqkNM7NnXN5SzgFy3/iirg6naXQW/deYnqPF3Y=
last-modified: Thu, 22 Jul 2021 13:01:18 GMT
server: cloudflare
etag: W/"eabde69bc27eb9e3d9a80b39e9d603c4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: JTsATGqIHcuN7RaOT8D_F5CBLBJYaOvh
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 673daa40b93e42e1-FRA
expires: Sun, 24 Jul 2022 13:58:44 GMT

GET
H3-29 200 1479.cf0f679d.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 55 KB
18 KB 72ms
28ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1479.cf0f679d.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c403dd2a06b7762ca54f0fba1b48f0881ee2462e681a703d50e400b99dbbba14

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 72395
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: NK62BED28AMQZ0ST
x-amz-id-2: 2cmKj0+87STHK0GItUG7pZRro5xVEnoAMuYIY7Zlo1x7trhhF+rPXFPLl2SaKBdjZ7mwrOZaI1c=
last-modified: Fri, 23 Jul 2021 17:42:16 GMT
server: cloudflare
etag: W/"5cd64132286a006d3a1e44b22f0b5765"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: rutNjHisTD.QmWoI8fLH27g0L2u_XtPE
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 673daa40b94042e1-FRA
expires: Sun, 24 Jul 2022 13:58:44 GMT

GET
H3-29 200 7883.27cc2c5f.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 17 KB
6 KB 77ms
33ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7883.27cc2c5f.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f701c887b2e25cd543a5a533fcecf7ba585c4adbadf14463a9ff998a6ab3c7d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 851433
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 704DGPR8022S1VF7
x-amz-id-2: Gc2sA9RfN8/sigvyv5szJXdKJLU/1pu9Kr5/lUh0x89wVcKxKd8ONlq3AwAgheC2T3Icd944Z4o=
last-modified: Wed, 14 Jul 2021 17:03:53 GMT
server: cloudflare
etag: W/"3beeb202573ad14f06fd500687d99bb6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: sGgHdQ8DNnm1p1dVx60vcMQVICtr7zlP
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 673daa40b94242e1-FRA
expires: Sun, 24 Jul 2022 13:58:44 GMT

GET
H3-29 200 609.dc20663b.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 12 KB
5 KB 79ms
34ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/609.dc20663b.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0bffd86a9718f167caf12cd9a4f24b3e86f7789f918d472249976fb90122e654

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 72351
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: NK6539Y16GK8THAJ
x-amz-id-2: YZtfgiOAJAYFebtZZFpDReVuXW8DiJDhgGmKTG5nTaa0ufWlokIuQW6ge/DPPuni49//JzsVr3k=
last-modified: Fri, 23 Jul 2021 17:42:20 GMT
server: cloudflare
etag: W/"181af4f105c53d7e4ea024fd18d5e674"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: p.fqF7.e5FOI6075a_MM1XMSh8qeN73Q
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 673daa40b94442e1-FRA
expires: Sun, 24 Jul 2022 13:58:44 GMT

GET
H3-29 200 8886.c12d0b01.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 9 KB
4 KB 80ms
35ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8886.c12d0b01.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1e1fe8bf6596a9d50a1bcec78ac5323c0c7adc44317312513e349ae955bb61d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 448437
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 7WMZHFBV1CEZD8A0
x-amz-id-2: iNKyPaFKcSWF4tLCrBsyinuNPiqIQ7JsUeKo8hbar34eyBl0qX9otT7NVt+CF+OpRNWt0lIyKLY=
last-modified: Fri, 16 Jul 2021 17:01:46 GMT
server: cloudflare
etag: W/"105783a65501e03a83c52344cfe6775c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: KY5o1mtnpDGzf3txfkVlsRz4_UB70_V1
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 673daa40b94542e1-FRA
expires: Sun, 24 Jul 2022 13:58:44 GMT

GET
H3-29 200 6297.b3e3438d.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
4 KB 80ms
36ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6297.b3e3438d.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

046b63e87de2c1a2348ac72a42d9919b307b0daa5da84a92ee4cd685401c43b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 70936
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: CTHSKNMSRN6WQTGS
x-amz-id-2: Gjt4aX79B5a2j6nPoIIrQ4TyHBA2Uu3+w6i3pr5n6NyAGZqHsZCgYB9IVJeLwG0Ey++hL+dOREk=
last-modified: Fri, 23 Jul 2021 02:52:26 GMT
server: cloudflare
etag: W/"1bbb71d949eb0d1543de09eeb135724b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: ulsJ6A5CER4.T_U5fc9Ym0tlNbrhEdKe
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 673daa40b94842e1-FRA
expires: Sun, 24 Jul 2022 13:58:44 GMT

GET
H3-29 200 9972.370e8bc2.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 11 KB
4 KB 82ms
37ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9972.370e8bc2.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f645c0679c81df44a885fe643440b95b9c14237f81923935f99e8954ebae9fd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 72351
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 82MKDV602DQA2XAP
x-amz-id-2: ftpqZfjFT2U3V5vN8HbQ1q7E/J0Jzay7w/LCk//8Tbe4NFmpH6TRgn5qBkClceqB362TlaEu2lA=
last-modified: Thu, 22 Jul 2021 23:37:26 GMT
server: cloudflare
etag: W/"ad7d3f6819ecac572db8d9d9a91bc9dd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: Xj5beO1shnnuMY8yvlODgYYJeIttPDFr
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 673daa40b94a42e1-FRA
expires: Sun, 24 Jul 2022 13:58:44 GMT

GET
H3-29 200 6209.357b32f1.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
5 KB 90ms
45ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/6209.357b32f1.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1f2a0477e4b32c901600da275fb8742fb0bdf982c25bfdd7b22da3d0cd33c677

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 159615
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: CEGNN69XGNEZGNJA
x-amz-id-2: kU+qTCiQMvSdp/XiUGVO3YsBXwTCxBZCWIRBCn2Luy+NAZPytmDPhQE0h7Dt2XBzDNNmo4xsxc0=
last-modified: Wed, 21 Jul 2021 20:06:04 GMT
server: cloudflare
etag: W/"d097a06d3415eff4bfa0a0d3326a5a21"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: Qo3LtjRepaNgCK4Xl2yHlUXahjtTLTcF
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 673daa40b94b42e1-FRA
expires: Sun, 24 Jul 2022 13:58:44 GMT

GET
H3-29 200 7515.07df192e.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 41 KB
13 KB 81ms
36ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/7515.07df192e.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6e460f38859c2b0e7def63f07524fd7f40786587cae4ece137dc5ef6618cbd8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 72351
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 82MVJQ8EHYPCWXB6
x-amz-id-2: 0K0AgBZ1A6Byvf8o9/761+63wmlg0Ln/qgXsYnx5TBsf8IL/7xvl1HQzxr9T4sbHLokimq/W8xw=
last-modified: Fri, 23 Jul 2021 17:42:21 GMT
server: cloudflare
etag: W/"9dae40852c49e14223bfc13aa053a283"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: fgJbpwbwaSETrX_rYvcYhJtqm0aoMINr
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 673daa40b94c42e1-FRA
expires: Sun, 24 Jul 2022 13:58:44 GMT

GET
H3-29 200 2182.90b75066.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 14 KB
6 KB 95ms
50ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/2182.90b75066.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cdb975e32fec11ab1bd1df3de6b2a237a99f34f91d4a1003ecfac8533038f949

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 103014
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 7VYYXJHJ93EZKP54
x-amz-id-2: 1vZbn5Yr0wtG0XCr5zxhT4Qhf6d2tS/MggGMZ4o7LBSCqxEtqljKlQ33vZ7M54EU5AxJ3/wrL8U=
last-modified: Thu, 22 Jul 2021 12:06:13 GMT
server: cloudflare
etag: W/"68b973c6bb510794da5c351a03432b2f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: R6OhpMH32qOfKSwuaVi.L9Aty1ZKVU_I
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 673daa40b94e42e1-FRA
expires: Sun, 24 Jul 2022 13:58:44 GMT

GET
H3-29 200 5435.61b05a8d.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 47 KB
15 KB 82ms
37ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/5435.61b05a8d.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

05e14ed543d43d892711ac17f34f7e8ec67d6adccd3267c2fe5c9a9e180a1b67

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 72351
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 82MQP7KRR3KATCY9
x-amz-id-2: 1FqCyAkkIWeoCYN9XsfTY3UbtXGYuLzQRHgKr/k5mt829hCaUnJL4/oepFHciTX6DvNpgAKcAfU=
last-modified: Wed, 21 Jul 2021 16:14:47 GMT
server: cloudflare
etag: W/"8052b28a0d8330a495d3b89d19eaab1c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: diRb57deVb3M4_TFcDSN737IGJDyEctV
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 673daa40b95042e1-FRA
expires: Sun, 24 Jul 2022 13:58:44 GMT

GET
H3-29 200 499.8ebd9851.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 38 KB
8 KB 83ms
38ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/499.8ebd9851.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

69ddf50a27f7d92397724e90079d5d899c20488b4bfa138be742398bf6629d7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 72351
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 82MP4XT1BVFYP7N7
x-amz-id-2: ih9MIWKrt2KkCtso3+QaiN4xQCZL6UiaGDorz2XyqNL/GoULBBIedNT0J+S7Hh4nv3wX4RVFj90=
last-modified: Wed, 21 Jul 2021 16:14:47 GMT
server: cloudflare
etag: W/"23a4b057df4bb7f3c6b528bf9c16eb54"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: _9suw9zyZ6zcHIgCqLp4WnyEt4dQvmGB
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 673daa40b95142e1-FRA
expires: Sun, 24 Jul 2022 13:58:44 GMT

GET
H3-29 200 1794.352c336e.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 10 KB
4 KB 83ms
38ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/1794.352c336e.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f35ff60ed98c7d2d3a27a9b8749a5bbf68abeeddac20fd9008cda90c8c58ca9e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1007166
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: G4KDAEYGX3WC3VMY
x-amz-id-2: Ps6Pqu78W96NBb+B5ZXYwOXSV2bJf63tY2ep8JKPiaXstbGs1C3l4QEEZiJHbdElNiIaczRi1fc=
last-modified: Mon, 28 Jun 2021 18:51:06 GMT
server: cloudflare
etag: W/"720d34cd38d4cbbe7aa6e6312394d7db"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: 8BxFNbk7CDAkRYEr9NTne6vczPvlmaVa
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 673daa40b95342e1-FRA
expires: Sun, 24 Jul 2022 13:58:44 GMT

GET
H3-29 200 3209.f53d2567.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 42 KB
14 KB 84ms
39ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/3209.f53d2567.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b7432864e05e099a6114eea50ebbf05bb6816c95cd0aca14b51da3c74e951d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 72351
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 82MZZX1CQ4XSV7HP
x-amz-id-2: R5p9ru1W1XJlOIWcjtMHPJ3nC8xER5P5/6ndkKYhwe4QRXWiR3Bj3MLJQDqjH7IxJGALs4+Ri4I=
last-modified: Fri, 23 Jul 2021 17:42:18 GMT
server: cloudflare
etag: W/"a2ebf3221abe01543470e46c9a538266"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: MjGaFj.2ABnxUQs1o.CwARkPuEQEYXsd
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 673daa40b95542e1-FRA
expires: Sun, 24 Jul 2022 13:58:44 GMT

GET
H3-29 200 Post.9df377e7.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 15 KB
6 KB 116ms
72ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/Post.9df377e7.chunk.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f67d490239e98164bc4304ae4f91e5f0b6f23dc10b5866fb98653df050b77112

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 72351
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 82MQCMQQAGXFET4Q
x-amz-id-2: lSakefE1EMD6ujic2gE7+ZwvdxUcOt1SnQhDU4QHfr4ui/DpdjqnVbLc4BQvej4dxswzo6GFKfs=
last-modified: Thu, 22 Jul 2021 23:37:37 GMT
server: cloudflare
etag: W/"f8d7b69a43ac8cc0ecf333e1c169aee1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: tLmX.tF7Vul6msWWNnVhSM1TSfUbCAgh
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 673daa40b95642e1-FRA
expires: Sun, 24 Jul 2022 13:58:44 GMT

GET
H3-29 200 sohne-500-normal.woff
glyph.medium.com/font/df9ba7f/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 18 KB
19 KB 58ms
58ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/df9ba7f/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-500-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

37df73af877e88b767044bae0ec895370689d3f1986a7b84d5325ab9c7287c55

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://posts.specterops.io
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 8656030
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 673daa406b953140-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sun, 24 Jul 2022 13:58:44 GMT

GET
H3-29 200 charter-400-normal.woff
glyph.medium.com/font/be78681/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 15 KB
16 KB 57ms
57ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/be78681/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/charter-400-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff4c91bf9cb91b2fb2e0344577754e3f2ade240aa8d8d8db0171901c9115feb1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://posts.specterops.io
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 10686763
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 673daa406b993140-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sun, 24 Jul 2022 13:58:44 GMT

GET
H3-29 200 charter-700-normal.woff
glyph.medium.com/font/f50d520/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 15 KB
16 KB 57ms
57ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/f50d520/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/charter-700-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

582a04757d62c3d9ad1c9cc5d7e40787a900fd02b3aeace43d41008a7658d071

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://posts.specterops.io
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 10686763
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 673daa406b9c3140-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sun, 24 Jul 2022 13:58:44 GMT

GET
H3-29 200 charter-400-italic.woff
glyph.medium.com/font/81d2bf1/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 16 KB
17 KB 60ms
60ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/81d2bf1/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/charter-400-italic.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5653275fd2234822f5aab4c7fb5bc5325e4991570295998f1ab5a83287c7f285

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://posts.specterops.io
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 10686763
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 673daa406b9e3140-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sun, 24 Jul 2022 13:58:44 GMT

GET
H3-29 200 sohne-500-normal.woff
glyph.medium.com/font/df9ba7f/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 27 KB
28 KB 24ms
24ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/df9ba7f/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/sohne-500-normal.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

61df1c691c169e5eee23e389d4746fd846ffc7746356cba2e924d83445181a15

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://posts.specterops.io
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 8656030
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 673daa415d4e3140-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sun, 24 Jul 2022 13:58:44 GMT

POST
H2 200 graphql Show response
posts.specterops.io/_/ 141 B
452 B 186ms
186ms Fetch
application/json 52.0.16.118
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.0.16.118 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-0-16-118.compute-1.amazonaws.com

Software

nginx /

Resource Hash

66ad1d27346f108dacf4e38c834f5c2f5f018f74d1c96da2c4d92b675eb07971

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

sec-fetch-mode: cors
medium-frontend-route: post
origin: https://posts.specterops.io
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
ot-tracer-spanid: 14bf59637acbebe1
cookie: uid=lo_276fbc13bd80; sid=1:C2oF+r1oGGD6XDP1kAo+TmgmC1/YhBs253g7+y0sbyrOnglwS00GEnSYmQoIA5/J; optimizelyEndUserId=lo_276fbc13bd80
sec-fetch-dest: empty
medium-frontend-app: lite/main-20210723-214206-cb03029f42
content-length: 195
:path: /_/graphql
pragma: no-cache
sec-fetch-site: same-origin
ot-tracer-sampled: true
ot-tracer-traceid: 68828f28923a48f
medium-frontend-path: /hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
graphql-operation: VisitorQuery
content-type: application/json
accept: */*
cache-control: no-cache
:authority: posts.specterops.io
referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
:scheme: https
apollographql-client-version: main-20210723-214206-cb03029f42
apollographql-client-name: lite
:method: POST
apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
ot-tracer-traceid: 68828f28923a48f
Medium-Frontend-Path: /hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
Graphql-Operation: VisitorQuery
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
Medium-Frontend-App: lite/main-20210723-214206-cb03029f42
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
apollographql-client-version: main-20210723-214206-cb03029f42
ot-tracer-spanid: 14bf59637acbebe1

Response headers

date: Sat, 24 Jul 2021 13:58:45 GMT
sepia-upstream: medium
server: nginx
etag: W/"8d-BlnJtmQN2v33krePQ1ltEBMBcBU"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20210723-201957-a962765faa, rito/main-20210723-231812-f3ebbf05ea
x-envoy-upstream-service-time: 73
medium-missing-time: 0
content-length: 141
x-xss-protection: 0
x-request-received-at: 1627135125330

POST
H2 200 graphql Show response
posts.specterops.io/_/ 29 KB
7 KB 244ms
244ms Fetch
application/json 52.0.16.118
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.0.16.118 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-0-16-118.compute-1.amazonaws.com

Software

nginx /

Resource Hash

28ebfbf40a56948111effbf2412787f26e2034dddfa0ea60d720e816f7ce8d14

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

sec-fetch-mode: cors
medium-frontend-route: post
origin: https://posts.specterops.io
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
ot-tracer-spanid: 14bf59637acbebe1
cookie: uid=lo_276fbc13bd80; sid=1:C2oF+r1oGGD6XDP1kAo+TmgmC1/YhBs253g7+y0sbyrOnglwS00GEnSYmQoIA5/J; optimizelyEndUserId=lo_276fbc13bd80
sec-fetch-dest: empty
medium-frontend-app: lite/main-20210723-214206-cb03029f42
content-length: 5242
:path: /_/graphql
pragma: no-cache
sec-fetch-site: same-origin
ot-tracer-sampled: true
ot-tracer-traceid: 68828f28923a48f
medium-frontend-path: /hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
graphql-operation: PostViewerEdgeContent
content-type: application/json
accept: */*
cache-control: no-cache
:authority: posts.specterops.io
referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
:scheme: https
apollographql-client-version: main-20210723-214206-cb03029f42
apollographql-client-name: lite
:method: POST
apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
ot-tracer-traceid: 68828f28923a48f
Medium-Frontend-Path: /hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
Graphql-Operation: PostViewerEdgeContent
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
Medium-Frontend-App: lite/main-20210723-214206-cb03029f42
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
apollographql-client-version: main-20210723-214206-cb03029f42
ot-tracer-spanid: 14bf59637acbebe1

Response headers

date: Sat, 24 Jul 2021 13:58:45 GMT
content-encoding: gzip
sepia-upstream: medium
server: nginx
etag: W/"7340-oWX4syjUSc76O5ZpHQanl9UwTkM"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20210723-201957-a962765faa, rito/main-20210723-231812-f3ebbf05ea, tutu/main-20210723-221831-ee84164f98
x-envoy-upstream-service-time: 126
medium-missing-time: 2
x-xss-protection: 0
x-request-received-at: 1627135125549

POST
H2 200 graphql Show response
posts.specterops.io/_/ 443 B
784 B 254ms
254ms Fetch
application/json 52.0.16.118
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.0.16.118 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-0-16-118.compute-1.amazonaws.com

Software

nginx /

Resource Hash

99ffb57e038c84c5ef8b45d2b748935e67b6e9b69818b44cb62e01713b2d5529

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

sec-fetch-mode: cors
medium-frontend-route: post
origin: https://posts.specterops.io
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
ot-tracer-spanid: 14bf59637acbebe1
cookie: uid=lo_276fbc13bd80; sid=1:C2oF+r1oGGD6XDP1kAo+TmgmC1/YhBs253g7+y0sbyrOnglwS00GEnSYmQoIA5/J; optimizelyEndUserId=lo_276fbc13bd80
sec-fetch-dest: empty
medium-frontend-app: lite/main-20210723-214206-cb03029f42
content-length: 603
:path: /_/graphql
pragma: no-cache
sec-fetch-site: same-origin
ot-tracer-sampled: true
ot-tracer-traceid: 68828f28923a48f
medium-frontend-path: /hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
graphql-operation: UserViewerEdge
content-type: application/json
accept: */*
cache-control: no-cache
:authority: posts.specterops.io
referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
:scheme: https
apollographql-client-version: main-20210723-214206-cb03029f42
apollographql-client-name: lite
:method: POST
apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
ot-tracer-traceid: 68828f28923a48f
Medium-Frontend-Path: /hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
Graphql-Operation: UserViewerEdge
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
Medium-Frontend-App: lite/main-20210723-214206-cb03029f42
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
apollographql-client-version: main-20210723-214206-cb03029f42
ot-tracer-spanid: 14bf59637acbebe1

Response headers

date: Sat, 24 Jul 2021 13:58:45 GMT
sepia-upstream: medium
server: nginx
etag: W/"1bb-8Wdit3RdZ9stLqX2uPxOD+R/CfY"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20210723-201957-a962765faa, rito/main-20210723-231812-f3ebbf05ea, tutu/main-20210723-183214-a005b524c6
x-envoy-upstream-service-time: 140
medium-missing-time: 1
content-length: 443
x-xss-protection: 0
x-request-received-at: 1627135125539

POST
H2 200 graphql Show response
posts.specterops.io/_/ 281 B
623 B 245ms
244ms Fetch
application/json 52.0.16.118
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.0.16.118 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-0-16-118.compute-1.amazonaws.com

Software

nginx /

Resource Hash

2fc564718ce7aa7af43d22f7db2ba51f0f95b8faeb440f2cbf6f15df8a38137b

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

sec-fetch-mode: cors
medium-frontend-route: post
origin: https://posts.specterops.io
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
ot-tracer-spanid: 14bf59637acbebe1
cookie: uid=lo_276fbc13bd80; sid=1:C2oF+r1oGGD6XDP1kAo+TmgmC1/YhBs253g7+y0sbyrOnglwS00GEnSYmQoIA5/J; optimizelyEndUserId=lo_276fbc13bd80
sec-fetch-dest: empty
medium-frontend-app: lite/main-20210723-214206-cb03029f42
content-length: 451
:path: /_/graphql
pragma: no-cache
sec-fetch-site: same-origin
ot-tracer-sampled: true
ot-tracer-traceid: 68828f28923a48f
medium-frontend-path: /hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
graphql-operation: PostViewerEdge
content-type: application/json
accept: */*
cache-control: no-cache
:authority: posts.specterops.io
referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
:scheme: https
apollographql-client-version: main-20210723-214206-cb03029f42
apollographql-client-name: lite
:method: POST
apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
ot-tracer-traceid: 68828f28923a48f
Medium-Frontend-Path: /hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
Graphql-Operation: PostViewerEdge
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
Medium-Frontend-App: lite/main-20210723-214206-cb03029f42
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
apollographql-client-version: main-20210723-214206-cb03029f42
ot-tracer-spanid: 14bf59637acbebe1

Response headers

date: Sat, 24 Jul 2021 13:58:45 GMT
sepia-upstream: medium
server: nginx
etag: W/"119-nW1O9aJMA6ymS+099tC5q2cG7bM"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20210723-201957-a962765faa, rito/main-20210723-231812-f3ebbf05ea, tutu/main-20210723-221831-ee84164f98
x-envoy-upstream-service-time: 134
medium-missing-time: 11
content-length: 281
x-xss-protection: 0
x-request-received-at: 1627135125555

POST
H2 200 graphql Show response
posts.specterops.io/_/ 395 B
735 B 175ms
175ms Fetch
application/json 52.0.16.118
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.0.16.118 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-0-16-118.compute-1.amazonaws.com

Software

nginx /

Resource Hash

983632a81a91e0f4640d9f43b184d87e466460949b82299830275bc1d1130426

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

sec-fetch-mode: cors
medium-frontend-route: post
origin: https://posts.specterops.io
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
ot-tracer-spanid: 14bf59637acbebe1
cookie: uid=lo_276fbc13bd80; sid=1:C2oF+r1oGGD6XDP1kAo+TmgmC1/YhBs253g7+y0sbyrOnglwS00GEnSYmQoIA5/J; optimizelyEndUserId=lo_276fbc13bd80
sec-fetch-dest: empty
medium-frontend-app: lite/main-20210723-214206-cb03029f42
content-length: 599
:path: /_/graphql
pragma: no-cache
sec-fetch-site: same-origin
ot-tracer-sampled: true
ot-tracer-traceid: 68828f28923a48f
medium-frontend-path: /hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
graphql-operation: CollectionViewerEdge
content-type: application/json
accept: */*
cache-control: no-cache
:authority: posts.specterops.io
referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
:scheme: https
apollographql-client-version: main-20210723-214206-cb03029f42
apollographql-client-name: lite
:method: POST
apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
ot-tracer-traceid: 68828f28923a48f
Medium-Frontend-Path: /hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
Graphql-Operation: CollectionViewerEdge
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
Medium-Frontend-App: lite/main-20210723-214206-cb03029f42
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
apollographql-client-version: main-20210723-214206-cb03029f42
ot-tracer-spanid: 14bf59637acbebe1

Response headers

date: Sat, 24 Jul 2021 13:58:45 GMT
sepia-upstream: medium
server: nginx
etag: W/"18b-i27QgIQgHFm7T5xDdxcqkpB3zeY"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20210723-201957-a962765faa, rito/main-20210723-231812-f3ebbf05ea, tutu/main-20210723-221831-ee84164f98
x-envoy-upstream-service-time: 65
medium-missing-time: 0
content-length: 395
x-xss-protection: 0
x-request-received-at: 1627135125555

GET
H3-29 200 8342.6aa0b45e.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 120 KB
34 KB 23ms
22ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8342.6aa0b45e.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.de858fc3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0e86fe8c1606e924a4e97954c26536fa5e607a8e80245236f29fc2dd94451107

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 998935
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: XZ1MCW81DYX4XYRA
x-amz-id-2: JBq2v1mt0X2gMH7anuTD0L29hBl6YEbcNFuFx4UcXyhBHZAwmrTku09UuVijG7UrHr9mRGJu58E=
last-modified: Fri, 14 May 2021 07:49:57 GMT
server: cloudflare
etag: W/"5daacb41c4e6b401be87ada016250ea8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: QtuMS.aBLj19jleyzZwgHGYQHQ8_ziQc
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 673daa485db442e1-FRA
expires: Sun, 24 Jul 2022 13:58:45 GMT

GET
H3-29 200 8698.667348ec.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 29 KB
10 KB 24ms
23ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/8698.667348ec.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.de858fc3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7906af2d894a3d44ff1ec06feeb68e2ba73592d352ea46f750a7812b8b077541

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 954449
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 30813J4S0STW673X
x-amz-id-2: 2ddoy/2Fb51xGEb2qofa1xM+yuUjfP43WXegzF8YHH2z10vgXWvjNRSQ1zKP+136CUxhwowOIvk=
last-modified: Thu, 24 Jun 2021 19:29:13 GMT
server: cloudflare
etag: W/"4685017117f36eac810ca87a483defc9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: qOAyiPiHU69qia3mybHyZEGEgfKbYk_I
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 673daa485db742e1-FRA
expires: Sun, 24 Jul 2022 13:58:45 GMT

GET
H3-29 200 9590.e3855909.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 42 KB
12 KB 87ms
87ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/9590.e3855909.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.de858fc3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bd8617725a6147671bc25cd4075bc72b2932f5501a79421d8c9536be0d289c56

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 163664
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 5MYQ6E6BH64PWJ84
x-amz-id-2: ef0Wm8d2r2RTkL3DigMnocR6uMRW2oelI6qpvyNLccwm7w49b+prcM5NaNjbDQgBKC4sSE3gTXc=
last-modified: Wed, 21 Jul 2021 10:52:52 GMT
server: cloudflare
etag: W/"8d96347a0e7766382d5935d431b2c3e7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: tlS8ngpT9SHEeImocquc4HkjtFdGqHyb
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 673daa485dba42e1-FRA
expires: Sun, 24 Jul 2022 13:58:45 GMT

GET
H3-29 200 ThreadedResponsesSidebar.c67a9196.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 59 KB
19 KB 24ms
24ms Script
application/javascript 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/ThreadedResponsesSidebar.c67a9196.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.de858fc3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0f9f241f99f5c3398aa94ffa754fd1d870c071ca5d2a67a1027dbcf64f5f27ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 103014
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: QQR4SCDNTW4M9CK9
x-amz-id-2: ulCDKg3H1I69sIM0ZS2v6LCfNFTiY4hDWSr8ZWc+aHrKafs8sVLxaBTsoXXlwoJSu/FEvijjo4c=
last-modified: Thu, 22 Jul 2021 12:06:34 GMT
server: cloudflare
etag: W/"289da674f32d82d932fe842e4e1a761d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: Pdl9M0BtU11OhyqLoHF19kIPFzYnXSN6
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 673daa485dbb42e1-FRA
expires: Sun, 24 Jul 2022 13:58:45 GMT

POST
H2 200 graphql Show response
posts.specterops.io/_/ 94 B
431 B 271ms
270ms Fetch
application/json 52.0.16.118
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.0.16.118 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-0-16-118.compute-1.amazonaws.com

Software

nginx /

Resource Hash

12a3439f45d72ec879f855c5a5ee3f30b875143671ceb662d0355f9642c8f8c3

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

sec-fetch-mode: cors
medium-frontend-route: post
origin: https://posts.specterops.io
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
ot-tracer-spanid: 14bf59637acbebe1
cookie: uid=lo_276fbc13bd80; sid=1:C2oF+r1oGGD6XDP1kAo+TmgmC1/YhBs253g7+y0sbyrOnglwS00GEnSYmQoIA5/J; optimizelyEndUserId=lo_276fbc13bd80; _dd_s=rum=0&expire=1627136025835; dd_cookie_test_e571322e-b16a-43c6-b970-78b05c0008f4=test; dd_cookie_test_dedd620c-6c10-4e86-82e6-6cb497de0d2a=test
sec-fetch-dest: empty
medium-frontend-app: lite/main-20210723-214206-cb03029f42
content-length: 5605
:path: /_/graphql
pragma: no-cache
sec-fetch-site: same-origin
ot-tracer-sampled: true
ot-tracer-traceid: 68828f28923a48f
medium-frontend-path: /hiding-registry-keys-with-psreflect-b18ec5ac8353
graphql-operation: InteractivePostBodyQuery
content-type: application/json
accept: */*
cache-control: no-cache
:authority: posts.specterops.io
referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353
:scheme: https
apollographql-client-version: main-20210723-214206-cb03029f42
apollographql-client-name: lite
:method: POST
apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
ot-tracer-traceid: 68828f28923a48f
Medium-Frontend-Path: /hiding-registry-keys-with-psreflect-b18ec5ac8353
Graphql-Operation: InteractivePostBodyQuery
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353
Medium-Frontend-App: lite/main-20210723-214206-cb03029f42
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
apollographql-client-version: main-20210723-214206-cb03029f42
ot-tracer-spanid: 14bf59637acbebe1

Response headers

date: Sat, 24 Jul 2021 13:58:46 GMT
sepia-upstream: medium
server: nginx
etag: W/"5e-2r/xgmV8JNeagZLYqAUSx7MqIPs"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20210723-201957-a962765faa, rito/main-20210723-231812-f3ebbf05ea, tutu/main-20210723-221831-ee84164f98
x-envoy-upstream-service-time: 152
medium-missing-time: 4
content-length: 94
x-xss-protection: 0
x-request-received-at: 1627135126203

GET
H3-29 200 0*4qQm8AkN19hp-QWN.
miro.medium.com/max/700/ 49 KB
49 KB 648ms
648ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/700/0*4qQm8AkN19hp-QWN.

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

75aea3e1a478270e7e2e74ffd00ea11099df4c7a04cfaaafa60cffead9b12049

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:46 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
x-envoy-upstream-service-time: 480
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 49739
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210709-175524-eebd6c4731
accept-ranges: bytes
cf-ray: 673daa4b0c5d42e1-FRA
expires: Mon, 23 Aug 2021 13:58:46 GMT

POST
H2 200 /
posts.specterops.io/_/clientele/reports/performance/ 0
0 113ms
113ms Fetch
application/octet-stream 52.0.16.118
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://posts.specterops.io/_/clientele/reports/performance/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.0b4c1932.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.0.16.118 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-0-16-118.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

sec-fetch-mode: cors
origin: https://posts.specterops.io
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
content-length: 194
:path: /_/clientele/reports/performance/
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json
accept: */*
cache-control: no-cache
:authority: posts.specterops.io
referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 24 Jul 2021 13:58:46 GMT
sepia-upstream: medium
server: nginx
content-type: application/octet-stream
medium-fulfilled-by: valencia/main-20210723-201957-a962765faa, clientele/main-20210709-175524-eebd6c4731
x-envoy-upstream-service-time: 5
set-cookie: uid=lo_345c6d845bfa; Path=/; Expires=Sun, 24 Jul 2022 13:58:46 GMT; HttpOnly; Secure
content-length: 0

POST
H2 200 /
posts.specterops.io/_/clientele/reports/performance/ 0
0 118ms
118ms Fetch
application/octet-stream 52.0.16.118
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://posts.specterops.io/_/clientele/reports/performance/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.0b4c1932.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.0.16.118 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-0-16-118.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

sec-fetch-mode: cors
origin: https://posts.specterops.io
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: dd_cookie_test_8e341315-4771-4fb8-b984-fc9fbe59f814=test
content-length: 221
:path: /_/clientele/reports/performance/
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json
accept: */*
cache-control: no-cache
:authority: posts.specterops.io
referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 24 Jul 2021 13:58:46 GMT
sepia-upstream: medium
server: nginx
content-type: application/octet-stream
medium-fulfilled-by: valencia/main-20210723-201957-a962765faa, clientele/main-20210709-175524-eebd6c4731
x-envoy-upstream-service-time: 7
set-cookie: uid=lo_bc9af8db256f; Path=/; Expires=Sun, 24 Jul 2022 13:58:46 GMT; HttpOnly; Secure
content-length: 0

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Jun 2021 17:36:57 GMT
server: Golfe2
age: 3835
date: Sat, 24 Jul 2021 12:54:51 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19661
expires: Sat, 24 Jul 2021 14:54:51 GMT

GET
H2 200 branch-latest.min.js Show response
cdn.branch.io/ 79 KB
24 KB 124ms
53ms Script
text/javascript 13.226.145.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.branch.io/branch-latest.min.js
Requested by: Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353?gi=be1926de59f4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.145.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-145-21.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 00ea178cbba5d3f907ab88426a2380ee06fc6267ea1e7e9815e4063fcdd8d8ac

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: qarmcwXsLN.jA_Lr9PtDBnGJTnfPptaQ
content-encoding: gzip
last-modified: Mon, 24 May 2021 20:22:06 GMT
server: AmazonS3
age: 122
etag: "611960e84a5f2287a232699af98b27d9"
x-cache: Hit from cloudfront
content-type: text/javascript
via: 1.1 4678033b564719cfa85dd7af417223ab.cloudfront.net (CloudFront)
cache-control: max-age=300
date: Sat, 24 Jul 2021 13:56:48 GMT
x-amz-cf-pop: DUS51-C1
content-length: 23842
x-amz-cf-id: PjLleyRjBY-LqdYjFs-qRsKLD5DXlqaKwCqQSWajueD7B4CwqBLyYQ==

GET
H3-29 200 1*Crl55Tm6yDNMoucPo1tvDg.png
miro.medium.com/max/135/ 4 KB
5 KB 43ms
43ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/135/1*Crl55Tm6yDNMoucPo1tvDg.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

971c28b0d1f472873001dc7dc6a2cccb67ae422fd00cd6a12e753fbc1ff1e2ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:47 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1916017
x-envoy-upstream-service-time: 29
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cached-on: Fri, 02 Jul 2021 09:34:39 GMT, Fri, 02 Jul 2021 09:40:57 GMT
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 4048
pragma: public
sepia-upstream: medium
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210610-161437-d086756654
accept-ranges: bytes
cf-ray: 673daa50acd842e1-FRA
expires: Mon, 23 Aug 2021 13:58:47 GMT

GET
H3-29 200 1*W_RAPQ62h0em559zluJLdQ.png
miro.medium.com/max/135/ 4 KB
5 KB 36ms
35ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/135/1*W_RAPQ62h0em559zluJLdQ.png

Requested by

Host: posts.specterops.io
URL: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8a16399be3dd5a77dab492b09571656ea17bcab138b1422484312c761aecbf2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:47 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1915609
x-envoy-upstream-service-time: 35
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cached-on: Wed, 30 Jun 2021 07:14:29 GMT, Fri, 02 Jul 2021 09:40:57 GMT
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 4354
pragma: public
sepia-upstream: medium
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210617-165854-e4900a530f
accept-ranges: bytes
cf-ray: 673daa50acda42e1-FRA
expires: Mon, 23 Aug 2021 13:58:47 GMT

GET
H2 200 responses.editor.fb17105b.chunk.js Show response
cdn-client.medium.com/lite/static/js/ 8 KB
4 KB 18ms
17ms Script
application/javascript 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-client.medium.com/lite/static/js/responses.editor.fb17105b.chunk.js

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/manifest.de858fc3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8828434c0825be94eb52c8f0473cc263bd55c15acf261b5f05843cb51f05a09e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 74729
content-type: application/javascript
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 221PBCW8B659EZXE
x-amz-id-2: BOkGY7cILlqDtsInEBjbBuGZXIn/FFI+5g7htxtn1/BYqkaLzx9ZXVUOxSg+gV+GirMRVeUGM/4=
last-modified: Fri, 11 Jun 2021 03:03:49 GMT
server: cloudflare
etag: W/"c7cdc4ef26dc36d2accf527cc19f682b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: h52ew18U6r72B4kfKmuXOqzcT2Xs2iWo
vary: Accept-Encoding
cache-control: public, max-age=31536000
cf-ray: 673daa50ca694eeb-FRA
expires: Sun, 24 Jul 2022 13:58:47 GMT

POST
H2 200 graphql Show response
posts.specterops.io/_/ 462 B
801 B 235ms
235ms Fetch
application/json 52.0.16.118
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://posts.specterops.io/_/graphql

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.0.16.118 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-0-16-118.compute-1.amazonaws.com

Software

nginx /

Resource Hash

deebdda916cddfc3d838d06b864598c341b6f0ccabf929db23c3e8df90f66afa

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

sec-fetch-mode: cors
medium-frontend-route: post
origin: https://posts.specterops.io
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
ot-tracer-spanid: 14bf59637acbebe1
cookie: uid=lo_bc9af8db256f
sec-fetch-dest: empty
medium-frontend-app: lite/main-20210723-214206-cb03029f42
content-length: 7136
:path: /_/graphql
pragma: no-cache
sec-fetch-site: same-origin
ot-tracer-sampled: true
ot-tracer-traceid: 68828f28923a48f
medium-frontend-path: /hiding-registry-keys-with-psreflect-b18ec5ac8353
graphql-operation: PagedThreadedPostResponsesQuery
content-type: application/json
accept: */*
cache-control: no-cache
:authority: posts.specterops.io
referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353
:scheme: https
apollographql-client-version: main-20210723-214206-cb03029f42
apollographql-client-name: lite
:method: POST
apollographql-client-name: lite
Medium-Frontend-Route: post
ot-tracer-sampled: true
ot-tracer-traceid: 68828f28923a48f
Medium-Frontend-Path: /hiding-registry-keys-with-psreflect-b18ec5ac8353
Graphql-Operation: PagedThreadedPostResponsesQuery
content-type: application/json
accept: */*
Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353
Medium-Frontend-App: lite/main-20210723-214206-cb03029f42
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
apollographql-client-version: main-20210723-214206-cb03029f42
ot-tracer-spanid: 14bf59637acbebe1

Response headers

date: Sat, 24 Jul 2021 13:58:47 GMT
sepia-upstream: medium
server: nginx
etag: W/"1ce-jXO6MG7go6S4g1KqgXqBqeDC90I"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
medium-fulfilled-by: valencia/main-20210723-201957-a962765faa, rito/main-20210723-231812-f3ebbf05ea, tutu/main-20210723-221831-ee84164f98
x-envoy-upstream-service-time: 112
medium-missing-time: 4
content-length: 462
x-xss-protection: 0
x-request-received-at: 1627135127249

GET
H2 200 _r Show response
app.link/ 90 B
562 B 221ms
168ms Script
text/javascript 2600:9000:218d:da00:19:9934:6a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.link/_r?sdk=web2.58.2&branch_key=key_live_ofxXr2qTrrU9NqURK8ZwEhknBxiI6KBm&callback=branch_callback__0

Requested by

Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:218d:da00:19:9934:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

openresty / Express

Resource Hash

2e6aa38989417705a8e56898cdf6c555d853c2056592d5cf70582284022b413a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:47 GMT
via: 1.1 c55964596762daa758331d3e6fe008a8.cloudfront.net (CloudFront)
x-content-type-options: nosniff
server: openresty
x-amz-cf-pop: CDG50-P2
x-powered-by: Express
x-cache: Miss from cloudfront
content-type: text/javascript; charset=utf-8
content-length: 90
etag: W/"5a-bWYUTu3Glwd+cwJKwKsJ9/kHAD0"
x-amz-cf-id: fJaBwPu69B9W17_ExbcoYtx3Ivpj7e3W2RBNz3dguI-ZA7WyGOnZ1Q==

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 13ms
13ms XHR
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j91&a=911546239&t=pageview&_s=1&dl=https%3A%2F%2Fposts.specterops.io%2Fhiding-registry-keys-with-psreflect-b18ec5ac8353&ul=en-us&de=UTF-8&dt=Hiding%20Registry%20keys%20with%20PSReflect%20%7C%20by%20Brian%20Reitz%20%7C%20Posts%20By%20SpecterOps%20Team%20Members&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1395772408&gjid=1283278162&cid=481402440.1627135127&tid=UA-24232453-2&_gid=359780790.1627135127&_r=1&_slc=1&z=2047676716

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 24 Jul 2021 13:58:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://posts.specterops.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 13ms
13ms XHR
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j91&a=911546239&t=pageview&_s=1&dl=https%3A%2F%2Fposts.specterops.io%2Fhiding-registry-keys-with-psreflect-b18ec5ac8353&ul=en-us&de=UTF-8&dt=Hiding%20Registry%20keys%20with%20PSReflect%20%7C%20by%20Brian%20Reitz%20%7C%20Posts%20By%20SpecterOps%20Team%20Members&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEDAAEABAAAAAC~&jid=697154493&gjid=890833151&cid=481402440.1627135127&tid=UA-102239211-2&_gid=359780790.1627135127&_r=1&_slc=1&z=853497823

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 24 Jul 2021 13:58:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://posts.specterops.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sohne-400-italic.woff
glyph.medium.com/font/3887986/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 19 KB
20 KB 46ms
26ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/3887986/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-400-italic.woff

Requested by

Host: glyph.medium.com
URL: https://glyph.medium.com/css/unbound.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78f3247a4ee16f29508798e228c2f1cfe7d0406cee82a94cf2c34a25cb0a41ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://posts.specterops.io
Referer: https://glyph.medium.com/css/unbound.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 13:58:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 7980304
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 673daa529cafc2c7-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sun, 24 Jul 2022 13:58:47 GMT

POST
H3-29 200 reports Show response
lightstep.medium.systems/api/v0/ 96 B
696 B 178ms
168ms XHR
application/json 2606:4700:3036::ac43:b550
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:b550 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e93e5bc6a08e2c75e2485b05824a5ac3da8a03ee5847ca46458abe5105bc38ca

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 24 Jul 2021 13:58:47 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=smD8%2Bu6ySPeOFRNm2uo7IaPBRBB%2FtX40L7ld5uQO%2F7ykeeWGjEYYoYL9j%2FX4olN88brU8KGmbgKiiIzAdd38zqRgNcKrnvFAYgJ%2F5uao933Cxmb9UNipg51j%2Bg3naxOwpWy2crD6Lv8GzmoJuXmUu3NdHCiPAd8%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
x-envoy-upstream-service-time: 53
cf-ray: 673daa53baba0eb7-FRA
access-control-allow-headers: LightStep-Access-Token, Content-Type
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

OPTIONS
H2 200 reports
lightstep.medium.systems/api/v0/ 0
0 154ms
132ms Preflight 2606:4700:3036::ac43:b550
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Protocol: H2
Server: 2606:4700:3036::ac43:b550 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,lightstep-access-token
Origin: https://posts.specterops.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Sat, 24 Jul 2021 13:58:47 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
x-envoy-upstream-service-time: 17
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yCyy6hHrRghx7rMQ67bxf6IK7kqkfa92wNLxNag6ottsyzE1podmRIRaTBTppUwG4PLIGg2A48NCF52Cp2Mv47J%2BoXUBVwj4MnXUHgWhZYnfDnXYyGny2YBFaLJVuiLBSzLeGKifMim9oY9RHt1Wobx80VWYuWg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 673daa52cb2a1f41-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

POST
H2 200 open Show response
api2.branch.io/v1/ 312 B
628 B 216ms
192ms XHR
application/json 2600:9000:2156:9400:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/open
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:9400:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: b9168680335bf04a2c4746f0355dab9c6d2e270315fa7c05394b4728dcb5bbfe

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sat, 24 Jul 2021 13:58:47 GMT
via: 1.1 d55780b776b171387055eca956ae29a9.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache
x-branch-request-id: 7b3ddaf7600b487587bc4467838e0f37-2021072413
content-length: 312
x-amz-cf-id: RqNQ_Ux5OFSlz3aQn3LCCKxqwOxF-9V5M2G6TgqaJpiLZ8xyG9gHtQ==

OPTIONS
H/1.1 200
OK log
errors.client.optimizely.com/ 0
0 415ms
100ms Preflight
text/plain 3.225.10.210
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://errors.client.optimizely.com/log
Protocol: HTTP/1.1
Server: 3.225.10.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-225-10-210.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://posts.specterops.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Accept,Origin
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: https://posts.specterops.io
Access-Control-Max-Age: 1800
Allow: POST,OPTIONS
Content-Type: text/plain
Date: Sat, 24 Jul 2021 13:58:47 GMT
Content-Length: 13
Connection: keep-alive

POST
H/1.1 204
No Content log Show response
errors.client.optimizely.com/ 0
245 B 101ms
100ms XHR
text/plain 3.225.10.210
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://errors.client.optimizely.com/log
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.225.10.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-225-10-210.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

Access-Control-Allow-Origin: https://posts.specterops.io
Access-Control-Expose-Headers
Access-Control-Allow-Credentials: true
Connection: keep-alive
Date: Sat, 24 Jul 2021 13:58:47 GMT
Content-Type: text/plain

POST
H2 200 /
posts.specterops.io/_/clientele/reports/performance/ 0
0 117ms
117ms Fetch
application/octet-stream 52.0.16.118
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://posts.specterops.io/_/clientele/reports/performance/
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.0b4c1932.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.0.16.118 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-0-16-118.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

sec-fetch-mode: cors
origin: https://posts.specterops.io
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: uid=lo_bc9af8db256f; _ga=GA1.2.481402440.1627135127; _gid=GA1.2.359780790.1627135127; _gat=1; _gat_tracker0=1
content-length: 1440
:path: /_/clientele/reports/performance/
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json
accept: */*
cache-control: no-cache
:authority: posts.specterops.io
referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 24 Jul 2021 13:58:47 GMT
medium-fulfilled-by: valencia/main-20210723-201957-a962765faa, clientele/main-20210709-175524-eebd6c4731
x-envoy-upstream-service-time: 7
sepia-upstream: medium
server: nginx
content-length: 0
content-type: application/octet-stream

POST
H2 200 pub853ea8d17ad6821d9f8f11861d23dfed Show response
browser-http-intake.logs.datadoghq.com/v1/input/ 2 B
93 B 169ms
169ms Fetch
application/json 2600:1f18:24e6:b902:48f0:a226:4e0b:1e19
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://browser-http-intake.logs.datadoghq.com/v1/input/pub853ea8d17ad6821d9f8f11861d23dfed
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.0b4c1932.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:24e6:b902:48f0:a226:4e0b:1e19 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Sat, 24 Jul 2021 13:58:47 GMT
content-length: 2
content-type: application/json

OPTIONS
H2 200 pub853ea8d17ad6821d9f8f11861d23dfed
browser-http-intake.logs.datadoghq.com/v1/input/ 0
0 290ms
94ms Preflight 2600:1f18:24e6:b902:48f0:a226:4e0b:1e19
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://browser-http-intake.logs.datadoghq.com/v1/input/pub853ea8d17ad6821d9f8f11861d23dfed
Protocol: H2
Server: 2600:1f18:24e6:b902:48f0:a226:4e0b:1e19 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://posts.specterops.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Sat, 24 Jul 2021 13:58:47 GMT
content-length: 0
access-control-allow-origin: *
access-control-allow-methods: POST
access-control-allow-headers: x-logmatic-add-useragent,x-logmatic-add-ip,content-type
access-control-max-age: 0

POST
H2 200 profile Show response
api2.branch.io/v1/ 180 B
564 B 191ms
191ms XHR
application/json 2600:9000:2156:9400:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api2.branch.io/v1/profile

Requested by

Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2156:9400:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

/ Express

Resource Hash

60c293f1d7fef7f467e5459664c1ffdfe3314abbbe9978545ebb9a67d5f958e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sat, 24 Jul 2021 13:58:47 GMT
via: 1.1 d55780b776b171387055eca956ae29a9.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA50-C1
x-powered-by: Express
etag: W/"b4-bcfY0Jg621LNWHY7fUyWEg7HtOU"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: 7986829d61fa498ebbebbdb02bc6e33e-2021072413
content-length: 180
x-amz-cf-id: pCqI3nvMHeGUek76sIhSrDRFr1KRjsaSY4Ws7jRsg-3vTeDrzptZ5Q==

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
389 B 231ms
230ms XHR
application/json 2600:9000:2156:9400:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/pageview
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:9400:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: / Express
Resource Hash: a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sat, 24 Jul 2021 13:58:48 GMT
via: 1.1 d55780b776b171387055eca956ae29a9.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: bf613293ff8643e29908ff71026f25c7-2021072413
content-length: 28
x-amz-cf-id: yZ4T5E0iIXmbOgbKKq6NeOgtC87SLFG7C0EAN9OSiqu6x35_WrzdWA==

POST
H3-29 200 reports Show response
lightstep.medium.systems/api/v0/ 96 B
655 B 104ms
104ms XHR
application/json 2606:4700:3036::ac43:b550
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:b550 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0d62bd5e2c08fef7d4aa112407cca96ba823e0e07b75486b66198be5b12d03ba

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 24 Jul 2021 13:58:48 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qIfSVxld8kApRQ4dxkO8ej5Co6m0LktniSdL40yUnLaRvEi53AIHGZuhFNSxTdPW0tLiK0cwJdPXWLKPw8jr3wgBSEYtOcav7KTEASq31T0%2BXxi5AmLSHgdcoI23wx6W5dOrs%2FkznZaIZjDtL5v7oFRf8k8Hhho%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
x-envoy-upstream-service-time: 0
cf-ray: 673daa5789b80eb7-FRA
access-control-allow-headers: LightStep-Access-Token, Content-Type
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

OPTIONS
H3-29 200 reports
lightstep.medium.systems/api/v0/ 0
0 149ms
148ms Preflight 2606:4700:3036::ac43:b550
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Protocol: H3-29
Server: 2606:4700:3036::ac43:b550 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,lightstep-access-token
Origin: https://posts.specterops.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Sat, 24 Jul 2021 13:58:48 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
x-envoy-upstream-service-time: 23
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dKg%2F4iUGxAwr9%2F%2BZ%2FlMl0jeuHHo1v0A35ZgPdIfxIXM0i4%2BaNkNqyz%2FADEGWbxhG%2B47GSMvbzTh7ozl%2BghBj00MHuMGieMVxHpRHsMXPencD4eVIU6rJS9fXBmpR6eIOf93Ok5KgtSqomhb2dWZJrH1ngO6EBZY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 673daa5698650eb7-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
388 B 365ms
365ms XHR
application/json 2600:9000:2156:9400:11:f728:3040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/pageview
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:9400:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: / Express
Resource Hash: a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sat, 24 Jul 2021 13:58:48 GMT
via: 1.1 d55780b776b171387055eca956ae29a9.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-branch-request-id: c21e65f5217d457d96319076a8d61c48-2021072413
content-length: 28
x-amz-cf-id: FkVTloDRxgHSd-FQxsQpZqsarEHmmB6qwwobUh50gtFVQOtyfSuIaQ==

POST
H3-29 200 reports Show response
lightstep.medium.systems/api/v0/ 96 B
663 B 104ms
104ms XHR
application/json 2606:4700:3036::ac43:b550
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:b550 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7b6f23f66a9d0a4ecb556ec3f9efb9347289daa3aa5ada8f851084e66da33dbc

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 24 Jul 2021 13:58:48 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LE%2Fa8DvhHkpdthDKoDlkNUdJmpkj3hDW%2BRMdUNH13dfl9PFUfNMDjdd4icojnM6m7o%2Bs5dadEXKjVtKurfJQS1R%2BewDoWZV7kTNIAN4%2FwBk0%2BrTkd0RLiXQhtXNNBHP%2F5hp5pbXxiAOxiza4aX0uRuYgaSZ7abc%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
x-envoy-upstream-service-time: 0
cf-ray: 673daa5b0f0b0eb7-FRA
access-control-allow-headers: LightStep-Access-Token, Content-Type
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

OPTIONS
H3-29 200 reports
lightstep.medium.systems/api/v0/ 0
0 168ms
167ms Preflight 2606:4700:3036::ac43:b550
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Protocol: H3-29
Server: 2606:4700:3036::ac43:b550 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,lightstep-access-token
Origin: https://posts.specterops.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Sat, 24 Jul 2021 13:58:48 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
x-envoy-upstream-service-time: 64
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4uUFydKorgKe8qk7wZ2LXTULr0kvJ4ewDjetycCiWtO%2B5ZKgE45aP6s7UIyfSrFhQ63Q6Ys%2BOplU1md%2F7CKpdfkj3k7ya4pU2lBjOTxx9ba%2Fq9FFsdQCvJloCoulMPFI1dcT6jSSZCA6uSaRzV%2Bxs3jul17uOls%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 673daa5a0d890eb7-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

POST
H3-29 200 reports Show response
lightstep.medium.systems/api/v0/ 96 B
660 B 111ms
111ms XHR
application/json 2606:4700:3036::ac43:b550
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:b550 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 98b97b9f6ddbc825b651b85ab9121d4749b2e37f9e13806ff85113011d4e272f

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 24 Jul 2021 13:58:49 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Eh10w3zJ1QNddehIzBaG3cQ5w7VYV%2F5Tm4GojdXLK0jkdagkuplAk3q%2B0wc4y9Jmy85OEWfnGLI3uK8Jun4rkWY%2BbxAytsLK1EpZntc2LQ5dKLm7BjM4U5eCkv4gIxXLOTmTofb3EbCkqebvCjpuRhCFWHwYmzo%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
x-envoy-upstream-service-time: 0
cf-ray: 673daa5e6bc90eb7-FRA
access-control-allow-headers: LightStep-Access-Token, Content-Type
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

OPTIONS
H3-29 200 reports
lightstep.medium.systems/api/v0/ 0
0 105ms
105ms Preflight 2606:4700:3036::ac43:b550
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Protocol: H3-29
Server: 2606:4700:3036::ac43:b550 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,lightstep-access-token
Origin: https://posts.specterops.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Sat, 24 Jul 2021 13:58:49 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
x-envoy-upstream-service-time: 0
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Uww6SRsa5S%2FTSmp4HfL6o1%2B97IAdgi7acXTS1P2WZfRM%2FJ0u3FSyEVykiLpKgq7dNaqNija7JsHU2ykro6TsmLDiV27uZzyIN4wMvGIs9nG0pbi2iewrmBYqMv8c7NJ8SpXQq548UngLZRyKidBV6m0JZ1PYua0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 673daa5dcadd0eb7-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

POST
H2 200 batch Show response
posts.specterops.io/_/ 17 B
173 B 262ms
261ms Fetch
application/json 52.0.16.118
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://posts.specterops.io/_/batch
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/main.0b4c1932.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.0.16.118 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-0-16-118.compute-1.amazonaws.com
Software: nginx /
Resource Hash: f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4

Request headers

sec-fetch-mode: cors
origin: https://posts.specterops.io
x-xsrf-token: 1
accept-language: en-US
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
cookie: uid=lo_bc9af8db256f; _ga=GA1.2.481402440.1627135127; _gid=GA1.2.359780790.1627135127; _gat=1; _gat_tracker0=1
content-length: 6717
:path: /_/batch
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json
accept: */*
cache-control: no-cache
:authority: posts.specterops.io
referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353
x-xsrf-token: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json

Response headers

date: Sat, 24 Jul 2021 13:58:51 GMT
medium-fulfilled-by: valencia/main-20210723-201957-a962765faa
x-envoy-upstream-service-time: 146
sepia-upstream: medium
server: nginx
content-length: 17
content-type: application/json

POST
H3-29 200 reports Show response
lightstep.medium.systems/api/v0/ 96 B
665 B 137ms
137ms XHR
application/json 2606:4700:3036::ac43:b550
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Requested by: Host: cdn-client.medium.com
URL: https://cdn-client.medium.com/lite/static/js/9115.1a9358c4.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:b550 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b410fd613cfe647f157f507bb80e1b12d9a8e234be47d90c74c68e5c9226c5d8

Request headers

Referer: https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 24 Jul 2021 13:58:51 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AmWl%2BisXJu9mWAOtFAfl5ikl%2FeVXP2hCW7dAHZ5%2BBvn8kyL0Lu%2Ff7VF%2BVGNwoAZjYrt9LYAj6oaziiBhQ5%2FhwIYYw1%2BJ6CJQFvk3X7nD%2Fnj9TeB8UB4aZyrFMUYfjxa2GqA04ZdgvGtQqytF2hxAxwuevBLfj1g%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
x-envoy-upstream-service-time: 20
cf-ray: 673daa6e1a7d0eb7-FRA
access-control-allow-headers: LightStep-Access-Token, Content-Type
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

OPTIONS
H3-29 200 reports
lightstep.medium.systems/api/v0/ 0
0 135ms
135ms Preflight 2606:4700:3036::ac43:b550
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lightstep.medium.systems/api/v0/reports
Protocol: H3-29
Server: 2606:4700:3036::ac43:b550 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,lightstep-access-token
Origin: https://posts.specterops.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Sat, 24 Jul 2021 13:58:51 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
x-envoy-upstream-service-time: 23
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aC9R87Y%2BI7N06LdDvXzesmvll41jmXgjO3TfXhAAyPlcQurZNvPYxVvpd%2BCcUomFQPMEXYZc1SFtRIge%2FHt%2FLYS1bQ6C01rDVxqZhPPtDCwKfU2pceYBjd8glhMXgev6ltnastX3R0AfLGxCamiVCBDAoAB1JN8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 673daa6d491f0eb7-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

31 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.specterops.io/	1970-01-19 19:58:55	Name: _gat_tracker0 Value: 1
.specterops.io/	1970-01-19 20:00:21	Name: _gid Value: GA1.2.359780790.1627135127
.specterops.io/	1970-01-20 13:30:07	Name: _ga Value: GA1.2.481402440.1627135127
.specterops.io/	1970-01-19 19:58:55	Name: _gat Value: 1
posts.specterops.io/	1970-01-20 04:44:31	Name: uid Value: lo_bc9af8db256f

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://cdn-client.medium.com/lite/static/js/main.0b4c1932.js(Line 1) Message: ... .,ok000Oxc. 'oxo, .' ,kWMMMMMMMMXo;. ;KMWMX: lK, ,0MMMMMMMMMMMWNd'xMMMMMO;xWl lWMMMMMMMMMMMMM0lOMMMMMKoOMo cNMMMMMMMMMMMMMk:OMMMMM0lkWl .dNMMMMMMMMMMKx; lWMMMWd.dN: ;kXWMMMMWKd' .oXWXx. ;o. .;ccc:,. .,.
console-api	log	URL: https://cdn-client.medium.com/lite/static/js/main.0b4c1932.js(Line 1) Message: We're hiring! https://medium.com/jobs-at-medium/work-at-medium-959d1a85284e

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' https://medium.com

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api2.branch.io
app.link
browser-http-intake.logs.datadoghq.com
cdn-client.medium.com
cdn.branch.io
cdn.optimizely.com
errors.client.optimizely.com
glyph.medium.com
lightstep.medium.systems
medium.com
miro.medium.com
posts.specterops.io
www.google-analytics.com
13.226.145.21
2600:1f18:24e6:b902:48f0:a226:4e0b:1e19
2600:9000:2156:9400:11:f728:3040:93a1
2600:9000:218d:da00:19:9934:6a80:93a1
2606:4700:3036::ac43:b550
2606:4700:7::a29f:9804
2606:4700:7::a29f:9904
2a00:1450:4001:828::200e
2a02:26f0:6c00:284::13b8
3.225.10.210
52.0.16.118
00e018098af8f7496079dcae428fe8c03e6d655d93398b3a2811f6feed09e779
00ea178cbba5d3f907ab88426a2380ee06fc6267ea1e7e9815e4063fcdd8d8ac
038262231160fee976d84fa8d1db80567769112008a892e0edeb76f6c1121165
046b63e87de2c1a2348ac72a42d9919b307b0daa5da84a92ee4cd685401c43b9
05e14ed543d43d892711ac17f34f7e8ec67d6adccd3267c2fe5c9a9e180a1b67
09b4d5865b5aeb159ba83e8d0634e73ce8808c3fb3e4bdde4765572b17a605bf
0bc4fb81b00705aa031ff7a74f163bd74d07caf9efa55eb682642bf363327e6f
0bffd86a9718f167caf12cd9a4f24b3e86f7789f918d472249976fb90122e654
0d62bd5e2c08fef7d4aa112407cca96ba823e0e07b75486b66198be5b12d03ba
0e86fe8c1606e924a4e97954c26536fa5e607a8e80245236f29fc2dd94451107
0f9f241f99f5c3398aa94ffa754fd1d870c071ca5d2a67a1027dbcf64f5f27ad
12a3439f45d72ec879f855c5a5ee3f30b875143671ceb662d0355f9642c8f8c3
1bd46284abee72dbe93295f7b04a7297e851545b95fb9aa5e91237ff7b03fcf4
1e1fe8bf6596a9d50a1bcec78ac5323c0c7adc44317312513e349ae955bb61d6
1f2a0477e4b32c901600da275fb8742fb0bdf982c25bfdd7b22da3d0cd33c677
233040b66004ab818eccf706a8aea9a56c3d604724a744c0d69deaa14b3a6907
23d5d5917766394d6fb54189597fcc1ad7b0fe96870e594d940a89717d8338f7
28ebfbf40a56948111effbf2412787f26e2034dddfa0ea60d720e816f7ce8d14
2e6aa38989417705a8e56898cdf6c555d853c2056592d5cf70582284022b413a
2fc564718ce7aa7af43d22f7db2ba51f0f95b8faeb440f2cbf6f15df8a38137b
31841c0553a88ef72572428c8afe8696d589e27364b961199d15589399f73b50
37df73af877e88b767044bae0ec895370689d3f1986a7b84d5325ab9c7287c55
386ff0e96e4564b30a3ba03e97878f71c9deccf8829ccfe73f80657a951aa572
3b1c3db72fa6da00fe30f190a2b8ac5bb0bc1f8a1aa12b79d64a35c678b62b51
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4726f03636676671956dc5fb79511ff8db9eae716d8eee8c4318975a2cbaea70
477930641668f91f27e5641cb1c3eaef378d251b83c1e7508bdd6e6d5eb91768
4a87acbab42d0c5afc15128f25c86aed5e6a16401775ad9880c3c78300f638fd
4b7432864e05e099a6114eea50ebbf05bb6816c95cd0aca14b51da3c74e951d8
4f071a96409e341d51a317df2cf25d8e4ef1916d8ca80e253be980c53bbab178
5653275fd2234822f5aab4c7fb5bc5325e4991570295998f1ab5a83287c7f285
582a04757d62c3d9ad1c9cc5d7e40787a900fd02b3aeace43d41008a7658d071
60c293f1d7fef7f467e5459664c1ffdfe3314abbbe9978545ebb9a67d5f958e7
61df1c691c169e5eee23e389d4746fd846ffc7746356cba2e924d83445181a15
6609aad8d292c685e90ecdd9b7d3efa1f56c7d59babb1021431cb5d6b16b4992
66ad1d27346f108dacf4e38c834f5c2f5f018f74d1c96da2c4d92b675eb07971
68078ec955d9fe1ecbba1656e1f4469e2585307cfc1b5b993df6e56e5de3d359
69ddf50a27f7d92397724e90079d5d899c20488b4bfa138be742398bf6629d7e
6e460f38859c2b0e7def63f07524fd7f40786587cae4ece137dc5ef6618cbd8c
70b2d4d61d80e2deb5aca5d10fca76cf153e8b028b11361a1e34d729de6f8b38
7160de18504b64e1ca33f8097437c02a86679637d41045f511b084003da1dcff
73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89
7477072efcfaac1fe81db09eab857753051b42505f7b8074c67ec7bf40a8369b
75aea3e1a478270e7e2e74ffd00ea11099df4c7a04cfaaafa60cffead9b12049
78c86104353823a332afe31485a3ce799b77a100c0c321348cb25bf184ef1a1d
78f3247a4ee16f29508798e228c2f1cfe7d0406cee82a94cf2c34a25cb0a41ee
7906af2d894a3d44ff1ec06feeb68e2ba73592d352ea46f750a7812b8b077541
7b6f23f66a9d0a4ecb556ec3f9efb9347289daa3aa5ada8f851084e66da33dbc
85c018e4c154a7d3accbeba646ada9374a74bf900ae1122d178db1bc20b0f4d7
8828434c0825be94eb52c8f0473cc263bd55c15acf261b5f05843cb51f05a09e
8a16399be3dd5a77dab492b09571656ea17bcab138b1422484312c761aecbf2d
8bbacda37b119c290c184c6975dc0f9e7892a22c56bb572d70457e437484864d
8d1f284928f13cdec7b8185b66c2827c65f0a093f58e6e9aae2b030b9583579a
8e039a45cebc2581d5b9a67fbe4b2b00abfcbc22e3640f50f803b0eb578c886c
93384bf842a2cae6c63aa8979f3dfdbef5945682d2fc52610e43fb100d17de9f
971c28b0d1f472873001dc7dc6a2cccb67ae422fd00cd6a12e753fbc1ff1e2ea
983632a81a91e0f4640d9f43b184d87e466460949b82299830275bc1d1130426
98b97b9f6ddbc825b651b85ab9121d4749b2e37f9e13806ff85113011d4e272f
99ffb57e038c84c5ef8b45d2b748935e67b6e9b69818b44cb62e01713b2d5529
9a1bb21db6c50c8c9d7931a77cba791bc9d7ecd6eef2373a66cb4cde5e6e5d16
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a1018a7244a7e37c2d21cc30c2c331d1fc3834318cc74d088623bcc5ac7bb3f1
a4234de612d23c49b753051754b4a09d58f6812aae0960fac0578cd2e8d9566d
a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb
aabff986a0e8445df7ead588ab1eb063241926064362e29038cd1869769b41e6
b410fd613cfe647f157f507bb80e1b12d9a8e234be47d90c74c68e5c9226c5d8
b4996fb531a84e9a9ff55e155a6564ef057b83b2ee1727d16ce8801f974d3ba4
b733cbc57b240ab67ad2c9b8ae8a752550e1d5506203a83fcd432932ceaa0c60
b8aecc772988b29a46774bb5c5e2dd3373fca5cfab4122338414f41cfb6b656e
b9168680335bf04a2c4746f0355dab9c6d2e270315fa7c05394b4728dcb5bbfe
ba9920472a19de504346abfc8231cb3832aa16f039a0a65b64b53dc15dbe4da8
bb494052530b5f6e98601b9494e0efa4d07577270092e1c2d252cf375f3df1b8
bd8617725a6147671bc25cd4075bc72b2932f5501a79421d8c9536be0d289c56
c18f0f46697f44e01385f68538d386db35c436a56fab78e78d4c0aa8a0cb422a
c403dd2a06b7762ca54f0fba1b48f0881ee2462e681a703d50e400b99dbbba14
c641cb179c8381b2c690df8ecd3ad0497617941b337051c3b939fd1e33bea533
cdb975e32fec11ab1bd1df3de6b2a237a99f34f91d4a1003ecfac8533038f949
d138dfff9f93a3b4c66d24db39ecdcaf7eb52f4785d155086fe487c72e7844f4
d3915eeea61a8b4b48b0c1cc6c6c254ab06eb0aca13fb3d47265514e06316e98
deebdda916cddfc3d838d06b864598c341b6f0ccabf929db23c3e8df90f66afa
df55e1647aaa31dc1a9879bb336faa6f878d2af6aec095a3b0dff0bdd909218f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8fed51ae35ba9d9c900b99b774df79551240e4954aa5bdd2289cf32d64c1715
e93e5bc6a08e2c75e2485b05824a5ac3da8a03ee5847ca46458abe5105bc38ca
e94f5c9ab17624e0617356aa0ce9b87c16a4a62e48ff8ccaabe6963072b76ef8
f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
f35ff60ed98c7d2d3a27a9b8749a5bbf68abeeddac20fd9008cda90c8c58ca9e
f4b90acce7f7cbfeb6ac996479c98286cec49d2ed6aa10201774c5165bf83c6a
f533eb639be3ba90e9031b71779c52cdc20698da99dc51b3b5ac2f91e7134aaf
f645c0679c81df44a885fe643440b95b9c14237f81923935f99e8954ebae9fd6
f67d490239e98164bc4304ae4f91e5f0b6f23dc10b5866fb98653df050b77112
f701c887b2e25cd543a5a533fcecf7ba585c4adbadf14463a9ff998a6ab3c7d5
fd6ae63e9057ae825638418ec7dab6f6e56757af6313d4acb2069106cf5b113e
ff4c91bf9cb91b2fb2e0344577754e3f2ade240aa8d8d8db0171901c9115feb1
ff9c6e1289121eb2965730e7f788666427f0c86802494f6197af3262fbb59764

posts.specterops.io Open in urlscan Pro 52.0.16.118 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

107 Requests

100 %HTTPS

73 %IPv6

8 Domains

13 Subdomains

11 IPs

2 Countries

1256 kBTransfer

3461 kBSize

5 Cookies

62 Outgoing links

Page URL History

Redirected requests

107 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

posts.specterops.io Open in urlscan Pro
52.0.16.118 Public Scan

Screenshot
Live screenshot

Full Image

107
Requests

100 %
HTTPS

73 %
IPv6

8
Domains

13
Subdomains

11
IPs

2
Countries

1256 kB
Transfer

3461 kB
Size

5
Cookies

107 HTTP transactions
0 data transactions