labs.bishopfox.com Open in urlscan Pro
2606:2c40::c73c:67fe Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui
Effective URL:
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Submission: On July 22 via api (July 22nd 2021, 3:37:54 am UTC) from US

Summary HTTP 93 Redirects Links 66 Behaviour Indicators

Summary

This website contacted 40 IPs in 4 countries across 26 domains to perform 93 HTTP transactions. The main IP is 2606:2c40::c73c:67fe, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is labs.bishopfox.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 9th 2021. Valid for: a year.

This is the only time labs.bishopfox.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 28	2606:2c40::c7... 2606:2c40::c73c:67fe	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
8	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba2a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba0a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700::68... 2606:4700::6811:f0cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:82b::2008	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:6c0... 2a02:26f0:6c00:28d::19fd	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
9	2a00:1450:400... 2a00:1450:4001:80e::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:6c0... 2a02:26f0:6c00:296::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 6	142.250.186.102 142.250.186.102	15169 (GOOGLE) (GOOGLE)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.226.146.155 13.226.146.155	16509 (AMAZON-02) (AMAZON-02)
2	104.111.234.67 104.111.234.67	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
2 2	2620:119:50e1... 2620:119:50e1:101::6cae:b25	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	108.174.10.14 108.174.10.14	14413 (LINKEDIN) (LINKEDIN)
1	2a00:1450:400... 2a00:1450:400c:c08::9a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82f::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2006	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2016	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
1	2606:4700::68... 2606:4700::6811:c8cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:70b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:15bf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:ebcc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:47b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
1	104.244.42.200 104.244.42.200	13414 (TWITTER) (TWITTER)
1	52.50.64.214 52.50.64.214	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:cbcc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
93	40

28 2606:2c40::c73c:67fe (United States) 1 redirects

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

know.bishopfox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
labs.bishopfox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a02:26f0:6c00::210:ba2a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00::210:ba0a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:f0cc (United States)

ASN13335 (CLOUDFLARENET, US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:28d::19fd (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:296::25ea (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.186.102 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f6.1e100.net

10586810.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.226.146.155 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-146-155.dus51.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.234.67 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-234-67.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:119:50e1:101::6cae:b25 (United States) 2 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.174.10.14 (United States)

ASN14413 (LINKEDIN, US)
PTR: 108-174-10-14.fwd.linkedin.com

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c08::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

yt3.ggpht.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2016 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:c8cc (United States)

ASN13335 (CLOUDFLARENET, US)

api-na1.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:70b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:15bf (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:ebcc (United States)

ASN13335 (CLOUDFLARENET, US)

js.usemessages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:47b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.200 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.50.64.214 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-50-64-214.eu-west-1.compute.amazonaws.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:cbcc (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
28	bishopfox.com 1 redirects know.bishopfox.com labs.bishopfox.com	1 MB
10	doubleclick.net 2 redirects 10586810.fls.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net static.doubleclick.net	3 KB
9	youtube.com www.youtube.com	661 KB
9	typekit.net use.typekit.net p.typekit.net	235 KB
5	google.com www.google.com adservice.google.com	13 KB
5	linkedin.com 3 redirects platform.linkedin.com px.ads.linkedin.com www.linkedin.com px4.ads.linkedin.com	58 KB
3	twitter.com platform.twitter.com syndication.twitter.com	132 KB
3	bing.com bat.bing.com	9 KB
2	hubspot.com track.hubspot.com	1 KB
2	hubapi.com api-na1.hubapi.com api.hubapi.com	2 KB
2	facebook.net connect.facebook.net	70 KB
2	google.de www.google.de	171 B
2	gstatic.com fonts.gstatic.com www.gstatic.com	17 KB
2	marketo.net munchkin.marketo.net	6 KB
2	adsrvr.org js.adsrvr.org insight.adsrvr.org	3 KB
2	google-analytics.com www.google-analytics.com	19 KB
2	googletagmanager.com www.googletagmanager.com	91 KB
1	googleadservices.com www.googleadservices.com	14 KB
1	hs-analytics.net js.hs-analytics.net	20 KB
1	usemessages.com js.usemessages.com	21 KB
1	hs-banner.com js.hs-banner.com	16 KB
1	hsadspixel.net js.hsadspixel.net	3 KB
1	ytimg.com i.ytimg.com	9 KB
1	ggpht.com yt3.ggpht.com	6 KB
1	licdn.com snap.licdn.com	2 KB
1	hubspot.net cdn2.hubspot.net	2 KB
93	26

	Domain	Requested by
26	labs.bishopfox.com	labs.bishopfox.com js.usemessages.com
9	www.youtube.com	labs.bishopfox.com www.youtube.com
8	use.typekit.net	labs.bishopfox.com use.typekit.net
6	10586810.fls.doubleclick.net	2 redirects www.googletagmanager.com labs.bishopfox.com
3	www.google.com	labs.bishopfox.com www.youtube.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com labs.bishopfox.com
2	track.hubspot.com
2	adservice.google.com	10586810.fls.doubleclick.net
2	platform.twitter.com	labs.bishopfox.com platform.twitter.com
2	connect.facebook.net	labs.bishopfox.com connect.facebook.net
2	googleads.g.doubleclick.net	www.youtube.com www.googleadservices.com
2	www.google.de	labs.bishopfox.com
2	px.ads.linkedin.com	2 redirects
2	munchkin.marketo.net	labs.bishopfox.com munchkin.marketo.net
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	www.googletagmanager.com	labs.bishopfox.com js.hsadspixel.net
2	know.bishopfox.com	1 redirects labs.bishopfox.com
1	www.googleadservices.com	www.googletagmanager.com
1	api.hubapi.com	js.hsadspixel.net
1	insight.adsrvr.org	js.adsrvr.org
1	syndication.twitter.com	platform.twitter.com
1	www.gstatic.com	www.youtube.com
1	js.hs-analytics.net	labs.bishopfox.com
1	js.usemessages.com	labs.bishopfox.com
1	js.hs-banner.com	labs.bishopfox.com
1	js.hsadspixel.net	labs.bishopfox.com
1	api-na1.hubapi.com	labs.bishopfox.com
1	i.ytimg.com	www.youtube.com
1	yt3.ggpht.com	www.youtube.com
1	static.doubleclick.net	www.youtube.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	px4.ads.linkedin.com	labs.bishopfox.com
1	www.linkedin.com	1 redirects
1	fonts.gstatic.com	www.youtube.com
1	js.adsrvr.org	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	p.typekit.net	use.typekit.net
1	cdn2.hubspot.net	labs.bishopfox.com
1	platform.linkedin.com	labs.bishopfox.com
93	39

This site contains links to these domains. Also see Links.

Domain
www.bishopfox.com
twitter.com
www.linkedin.com
github.com
www.facebook.com
www.telerik.com
www.the-s-unit.nl
codewhitesec.blogspot.com
docs.microsoft.com
www.slideshare.net
threatvector.cylance.com
www.blackhat.com
thewover.github.io
portswigger.net
docs.telerik.com
services.bishopfox.com
know.bishopfox.com
www.youtube.com

Subject Issuer	Validity	Valid
labs.bishopfox.com Cloudflare Inc ECC CA-3	`2021-06-09` - `2022-06-08`	a year	crt.sh
use.typekit.net DigiCert TLS RSA SHA256 2020 CA1	`2020-11-03` - `2021-11-07`	a year	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2020-07-03` - `2022-07-08`	2 years	crt.sh
hubspot.net Cloudflare Inc ECC CA-3	`2021-06-06` - `2022-06-05`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-06-22` - `2021-09-14`	3 months	crt.sh
*.typekit.net DigiCert TLS RSA SHA256 2020 CA1	`2021-07-16` - `2022-07-21`	a year	crt.sh
*.google.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
know.bishopfox.com Cloudflare Inc ECC CA-3	`2021-06-06` - `2022-06-05`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2021-04-30` - `2022-05-11`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-06-22` - `2021-09-14`	3 months	crt.sh
www.bing.com Microsoft RSA TLS CA 01	`2021-04-12` - `2021-10-12`	6 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2021-03-29` - `2022-04-06`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2021-04-15` - `2021-10-15`	6 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-06-22` - `2021-09-14`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-06-22` - `2021-09-14`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
edgestatic.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-05-26` - `2021-08-24`	3 months	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-05` - `2021-11-09`	a year	crt.sh
hubapi.com Cloudflare Inc ECC CA-3	`2021-06-07` - `2022-06-06`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-17` - `2022-07-16`	a year	crt.sh
syndication.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2021-06-26` - `2022-06-25`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2021-06-22` - `2021-09-14`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh

This page contains 6 frames:

Primary Page: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Frame ID: 781C89692866DEE5C09DBC63B296515B
Requests: 73 HTTP requests in this frame

Frame: https://www.youtube.com/embed/--6PiuvBGAU
Frame ID: 35C0D6E22A63A185C179EA0BEA88681C
Requests: 17 HTTP requests in this frame

Frame: https://10586810.fls.doubleclick.net/activityi;dc_pre=CMGOhY7g9fECFRz-uwgdteMKJA;src=10586810;type=conve0;cat=allpa0;ord=4438806904163;gtm=2wg7j0;auiddc=1706133924.1626925051;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui
Frame ID: 091FECE60F072E93E193D1890608D0B0
Requests: 2 HTTP requests in this frame

Frame: https://10586810.fls.doubleclick.net/activityi;dc_pre=CIeQhY7g9fECFR_Iuwgd5jYINg;src=10586810;type=conve0;cat=uniqu0;ord=1;num=1294551682148;gtm=2wg7j0;auiddc=1706133924.1626925051;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui
Frame ID: A2814C08F1FB38CD1F2EA77D26BABEAD
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Flabs.bishopfox.com
Frame ID: 03D9BF1E8508F760EC14C90BF6305291
Requests: 2 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=g03mf9d&ref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&upid=793w4qu&upv=1.1.0
Frame ID: 9918E4BBA68CE67D7320EC1C7C0A491A
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui HTTP 301
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

html //i

Linkedin (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/platform\.linkedin\.com\/in\.js/i

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/platform\.twitter\.com\/widgets\.js/i

Page Statistics

93
Requests

100 %
HTTPS

83 %
IPv6

26
Domains

39
Subdomains

40
IPs

4
Countries

2876 kB
Transfer

6831 kB
Size

14
Cookies

66 Outgoing links

These are links going to different origins than the main page.

URL: https://www.bishopfox.com/
Title: Return to BishopFox.com

Search URL Search Domain Scan URL

URL: https://twitter.com/bishopfox
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/bishop-fox/
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://github.com/BishopFox
Title: GitHub

Search URL Search Domain Scan URL

URL: https://www.facebook.com/BishopFoxConsulting/
Title: Facebook

Search URL Search Domain Scan URL

URL: https://github.com/noperator/CVE-2019-18935
Title: CVE-2019-18935 GitHub repo

Search URL Search Domain Scan URL

URL: https://www.telerik.com/products/aspnet-ajax.aspx
Title: Telerik UI for ASP.NET AJAX

Search URL Search Domain Scan URL

URL: https://www.telerik.com/support/kb/aspnet-ajax/details/allows-javascriptserializer-deserialization
Title: security advisory for CVE-2019-18935

Search URL Search Domain Scan URL

URL: https://twitter.com/mwulftange
Title: @mwulftange

Search URL Search Domain Scan URL

URL: https://github.com/bao7uo
Title: (@bao7uo

Search URL Search Domain Scan URL

URL: https://www.the-s-unit.nl/node/78
Title: CVE-2014-2217

Search URL Search Domain Scan URL

URL: https://github.com/straightblast/UnRadAsyncUpload/wiki
Title: @straightblast's write-up

Search URL Search Domain Scan URL

URL: https://www.telerik.com/support/kb/aspnet-ajax/upload-(async)/details/unrestricted-file-upload
Title: security advisory

Search URL Search Domain Scan URL

URL: https://codewhitesec.blogspot.com/2019/02/telerik-revisited.html
Title: took a closer look

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/dotnet/api/system.web.script.serialization.javascriptserializer.deserialize?view=netframework-4.8
Title: JavaScriptSerializer.Deserialize()

Search URL Search Domain Scan URL

URL: https://www.slideshare.net/frohoff1/appseccali-2015-marshalling-pickles
Title: gadget

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/dotnet/api/system.configuration.install.assemblyinstaller?view=netframework-4.8
Title: System.Configuration.Install.AssemblyInstaller

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/dotnet/api/system.configuration.install.assemblyinstaller.path?view=netframework-4.8#System_Configuration_Install_AssemblyInstaller_Path
Title: Path

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/win32/dlls/dllmain
Title: DLLMain()

Search URL Search Domain Scan URL

URL: https://threatvector.cylance.com/en_us/home/implications-of-loading-net-assemblies.html
Title: Implications of Loading .NET Assemblies

Search URL Search Domain Scan URL

URL: https://www.blackhat.com/docs/us-17/thursday/us-17-Munoz-Friday-The-13th-JSON-Attacks-wp.pdf
Title: Friday the 13th JSON Attacks

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/cpp/dotnet/mixed-native-and-managed-assemblies?view=vs-2019
Title: mixed mode assembly

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/dotnet/standard/assembly/
Title: assembly

Search URL Search Domain Scan URL

URL: https://thewover.github.io/Introducing-Donut/
Title: article about injecting .NET assemblies

Search URL Search Domain Scan URL

URL: https://thewover.github.io/Mixed-Assemblies/
Title: mixed assemblies

Search URL Search Domain Scan URL

URL: https://www.telerik.com/support/whats-new/aspnet-ajax/release-history
Title: release history

Search URL Search Domain Scan URL

URL: https://portswigger.net/burp/documentation/desktop/functions/search
Title: search

Search URL Search Domain Scan URL

URL: https://github.com/bao7uo/RAU_crypto
Title: RAU_crypto

Search URL Search Domain Scan URL

URL: https://github.com/noperator/CVE-2019-18935/blob/master/sleep.c
Title: sleep.c

Search URL Search Domain Scan URL

URL: https://github.com/noperator/CVE-2019-18935/blob/master/build_dll.bat
Title: build_dll.bat

Search URL Search Domain Scan URL

URL: https://github.com/noperator/CVE-2019-18935/blob/master/CVE-2019-18935.py
Title: CVE-2019-18935.py

Search URL Search Domain Scan URL

URL: https://github.com/noperator/CVE-2019-18935/blob/master/rev_shell.c
Title: rev_shell.c

Search URL Search Domain Scan URL

URL: https://www.telerik.com/support/whats-new/aspnet-ajax/release-history/ui-for-asp-net-ajax-r3-2019-sp1-(version-2019-3-1023)
Title: R3 2019 SP1

Search URL Search Domain Scan URL

URL: https://docs.telerik.com/devtools/aspnet-ajax/controls/asyncupload/security
Title: RadAsyncUpload security guide

Search URL Search Domain Scan URL

URL: https://docs.telerik.com/devtools/aspnet-ajax/controls/asyncupload/security#recommended-settings
Title: recommended security settings

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?original_referer=https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui&url=https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui&source=tweetbutton&text=CVE-2019-18935%3A+Remote+Code+Execution+via+Insecure+Deserialization+in+Telerik+UI
Title: Twitter

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Title: LinkedIn

Search URL Search Domain Scan URL

URL: http://www.facebook.com/share.php?u=https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.bishopfox.com/continuous-attack-surface-testing/
Title: Continuous Attack Surface Testing (CAST)

Search URL Search Domain Scan URL

URL: https://www.bishopfox.com/continuous-attack-surface-testing/how-cast-works/
Title: How CAST Works

Search URL Search Domain Scan URL

URL: https://www.bishopfox.com/continuous-attack-surface-testing/cast-use-cases/
Title: CAST Use Cases

Search URL Search Domain Scan URL

URL: https://www.bishopfox.com/services/application-penetration-testing/
Title: Application Penetration Testing

Search URL Search Domain Scan URL

URL: https://www.bishopfox.com/services/mobile-application-assessment/
Title: Mobile Application Assessment

Search URL Search Domain Scan URL

URL: https://www.bishopfox.com/services/hybrid-application-assessment/
Title: Hybrid Application Assessment

Search URL Search Domain Scan URL

URL: https://www.bishopfox.com/services/cloud-security-review/
Title: Cloud Security Review

Search URL Search Domain Scan URL

URL: https://www.bishopfox.com/services/product-security-review/
Title: Product Security Review

Search URL Search Domain Scan URL

URL: https://www.bishopfox.com/services/red-teaming/
Title: Red Teaming

Search URL Search Domain Scan URL

URL: https://www.bishopfox.com/services/external-penetration-testing/
Title: External Penetration Testing

Search URL Search Domain Scan URL

URL: https://www.bishopfox.com/services/internal-penetration-testing/
Title: Internal Penetration Testing

Search URL Search Domain Scan URL

URL: https://services.bishopfox.com/amazon-alexa-built-in-devices
Title: Alexa Built-In Devices Assessment

Search URL Search Domain Scan URL

URL: https://services.bishopfox.com/google
Title: Google Partner Gmail/Oauth Assessment

Search URL Search Domain Scan URL

URL: https://services.bishopfox.com/google-alphabet-vendor-security-assessment-vsa
Title: Google/Alphabet VSA

Search URL Search Domain Scan URL

URL: https://services.bishopfox.com/nest
Title: Nest Partner Program

Search URL Search Domain Scan URL

URL: https://services.bishopfox.com/workplace-from-facebook
Title: Workplace Partner Program

Search URL Search Domain Scan URL

URL: https://www.bishopfox.com/vulnerability-disclosure-policy/
Title: Vulnerability Disclosure Policy

Search URL Search Domain Scan URL

URL: https://www.bishopfox.com/jobs/
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.bishopfox.com/jobs/internships/
Title: Internships

Search URL Search Domain Scan URL

URL: https://know.bishopfox.com/foxtales
Title: Fox Tales

Search URL Search Domain Scan URL

URL: https://www.bishopfox.com/about/
Title: About Us

Search URL Search Domain Scan URL

URL: https://know.bishopfox.com/customer-stories
Title: Customer Stories

Search URL Search Domain Scan URL

URL: https://know.bishopfox.com/news
Title: News

Search URL Search Domain Scan URL

URL: https://know.bishopfox.com/events
Title: Events

Search URL Search Domain Scan URL

URL: http://www.bishopfox.com/privacy-statement/
Title: Bishop Fox Privacy Statement

Search URL Search Domain Scan URL

URL: https://www.facebook.com/BishopFoxConsulting

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/bishop-fox

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/Bishopfox

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui HTTP 301
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 41

https://10586810.fls.doubleclick.net/activityi;src=10586810;type=conve0;cat=allpa0;ord=4438806904163;gtm=2wg7j0;auiddc=1706133924.1626925051;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui HTTP 302
https://10586810.fls.doubleclick.net/activityi;dc_pre=CMGOhY7g9fECFRz-uwgdteMKJA;src=10586810;type=conve0;cat=allpa0;ord=4438806904163;gtm=2wg7j0;auiddc=1706133924.1626925051;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui

Request Chain 42

https://10586810.fls.doubleclick.net/activityi;src=10586810;type=conve0;cat=uniqu0;ord=1;num=1294551682148;gtm=2wg7j0;auiddc=1706133924.1626925051;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui HTTP 302
https://10586810.fls.doubleclick.net/activityi;dc_pre=CIeQhY7g9fECFR_Iuwgd5jYINg;src=10586810;type=conve0;cat=uniqu0;ord=1;num=1294551682148;gtm=2wg7j0;auiddc=1706133924.1626925051;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui

Request Chain 54

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2404668&time=1626925051192&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2404668%26time%3D1626925051192%26url%3Dhttps%253A%252F%252Flabs.bishopfox.com%252Ftech-blog%252Fcve-2019-18935-remote-code-execution-in-telerik-ui%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2404668&time=1626925051192&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2404668&time=1626925051192&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&liSync=true&e_ipv6=AQLEjCbrJ3rKJgAAAXrMSjC-49V0R9rzlmXJnsP3rTPo8xGt0eB5y3-Mfc_e9qOjah6I-j3o

93 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request cve-2019-18935-remote-code-execution-in-telerik-ui Show response
labs.bishopfox.com/tech-blog/
Redirect Chain

https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui

183 KB
30 KB

106ms
58ms

Document
text/html

2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / HubSpot

Resource Hash

0ee30e7a54d929815a5e90cec437288860efcd08700188b4fa7d277989142a81

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=0

Request headers

:method: GET
:authority: labs.bishopfox.com
:scheme: https
:path: /tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:37:30 GMT
content-type: text/html; charset=UTF-8
cache-control: s-maxage=10800, max-age=0
etag: W/"c6cff2c12f7f47cca56ff4851425310b"
last-modified: Wed, 14 Jul 2021 18:03:52 GMT
link: </hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js>; rel=preload; as=script,</hs/hsstatic/cos-i18n/static-1.37/bundles/project.js>; rel=preload; as=script,</hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js>; rel=preload; as=script,</hs/hsstatic/HubspotToolsMenu/static-1.103/js/index.js>; rel=preload; as=script,</_hcms/forms/v2.js>; rel=preload; as=script,</hs/hsstatic/AsyncSupport/static-1.94/js/comment_listing_asset.js>; rel=preload; as=script
strict-transport-security: max-age=0
cache-tag: CT-11829155136,CT-11941922563,CT-23317514002,CT-29248014118,CG-10492047050,P-5632775,L-10469805076,L-28319293718,L-28320962156,W-28178011569,CW-10478305230,CW-28294170921,CW-28294377142,CW-28295816956,CW-28509734887,CW-8297568409,CW-8297800340,CW-8297800344,CW-8302667608,CW-8302667698,CW-8303015327,CW-8303015408,DB-2620645,E-28144332160,E-28145500502,E-28550993871,E-32348863542,E-32348863607,MENU-28178011569,PGS-ALL,SW-2,GC-29551615800,GC-30358366903
content-security-policy: upgrade-insecure-requests
edge-cache-tag: CT-11829155136,CT-11941922563,CT-23317514002,CT-29248014118,CG-10492047050,P-5632775,L-10469805076,L-28319293718,L-28320962156,W-28178011569,CW-10478305230,CW-28294170921,CW-28294377142,CW-28295816956,CW-28509734887,CW-8297568409,CW-8297800340,CW-8297800344,CW-8302667608,CW-8302667698,CW-8303015327,CW-8303015408,DB-2620645,E-28144332160,E-28145500502,E-28550993871,E-32348863542,E-32348863607,MENU-28178011569,PGS-ALL,SW-2,GC-29551615800,GC-30358366903
referrer-policy: no-referrer-when-downgrade
x-hs-cache-config: BrowserCache-5s-EdgeCache-180s
x-hs-cf-cache-status: HIT
x-hs-combine-css: Disabled
x-hs-content-campaign-id: b6523efd-8992-4338-8c60-aa879679ef57
x-hs-content-id: 23317514002
x-hs-hub-id: 5632775
x-hs-prerendered: Wed, 14 Jul 2021 18:03:52 GMT
x-powered-by: HubSpot
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vCVscRjBp0gWlRhzttZACUNKV%2B0dzb%2FfrV24hWYlbACRrHrfKtvkG2jiShUkj%2B8166liqHUCuCHiDz9iiPTQYJMC%2B8QWkheLoTla%2BG5cM0XUr%2B0x5dX1EGOb2MsNB%2Fw8xYFz%2FeVTd%2FJHtuEfvASV8g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: __cfruid=fa6023a5da56304eac17fce3971353e192427765-1626925050; path=/; domain=.labs.bishopfox.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 6729a17ddb9b203f-AMS
content-encoding: br
cf-h2-pushed: </hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js>,</hs/hsstatic/cos-i18n/static-1.37/bundles/project.js>,</hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js>,</hs/hsstatic/HubspotToolsMenu/static-1.103/js/index.js>,</_hcms/forms/v2.js>,</hs/hsstatic/AsyncSupport/static-1.94/js/comment_listing_asset.js>

Redirect headers

date: Thu, 22 Jul 2021 03:37:30 GMT
location: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
cf-ray: 6729a17698a1bf3c-AMS
cache-control: no-transform, max-age=120
expires: Thu, 22 Jul 2021 03:39:30 GMT
vary: Accept-Encoding
cf-cache-status: MISS
access-control-allow-credentials: false
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-hs-mapping-id: 31405034559
x-hs-mapping-only-after-not-found: yes
x-hs-route-prefix: http://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui
x-hubspot-correlation-id: e095dd6f-deef-4476-874a-022da7489f2e
x-trace: 2BF093B5F943D63388C59C9560D3423FE0C8076324000000000000000000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VTLcH4rCNsbODlVmgGDsIVkH63gP1Src%2B9ZQikW6fBTUlWodkWLhRED40hSVGpqYv%2BmoRiQyLYYyxiKKZZICQh%2FGMYEWNr%2B%2FJJNJv2A8WfN0K3doNYKt%2FBsdauvtHOabd2zCiYt5LFn2qXdSbBwZMg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
set-cookie: __cfruid=fa6023a5da56304eac17fce3971353e192427765-1626925050; path=/; domain=.know.bishopfox.com; HttpOnly; Secure; SameSite=None
server: cloudflare

GET
H2 200 jquery-1.11.2.js Show response
labs.bishopfox.com/hs/hsstatic/jquery-libs/static-1.4/jquery/ 94 KB
36 KB 36ms
0ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.bishopfox.com/hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:37:30 GMT
via: 1.1 3649c20f8adf8628b43dbef00864e392.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 7769467
cf-ray: 6729a17e1bfe203f-AMS
x-cache: RefreshHit from cloudfront
content-encoding: br
last-modified: Thu, 08 Jan 2015 18:08:00 GMT
server: cloudflare
etag: W/"5790ead7ad3ba27397aedfa3d263b867"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Di%2Fk17kN7rCN%2BBUd15iV9XGRvoMGPimvI1XREIrUi%2BdvK86Rl02ktjnn1TkZea0GUAHZ7cRf3DDYXatGpLUVv6fgFm3U0JrMo3wHHzAcLyb10sbeoF%2FpgxdiA8EtRY0%2FleyPYcFC5LTSakgVlWfdfg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: null
cache-control: public, max-age=31536000
x-amz-cf-pop: AMS54-C1
content-type: application/javascript
x-amz-cf-id: fcRPTJ616ufZQ1eg-YDEnQmFcmiJcHJ8cW1SDiGpkPAs4kZdam7G8g==
expires: Fri, 22 Jul 2022 03:37:30 GMT

GET
H2 200 project.js Show response
labs.bishopfox.com/hs/hsstatic/cos-i18n/static-1.37/bundles/ 1 KB
1022 B 34ms
0ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.bishopfox.com/hs/hsstatic/cos-i18n/static-1.37/bundles/project.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

69aea70ed00c6297e407afc0b1ccf6db9629eedc412bf0779467f3e462d346e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:37:30 GMT
via: 1.1 60e71fe7e3db53eea86ce8b59ae62a6b.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2896287
x-amz-server-side-encryption: AES256
cf-ray: 6729a17e1bff203f-AMS
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-amz-cf-pop: BRU50-C1
content-encoding: br
last-modified: Mon, 14 Jun 2021 16:41:38 GMT
server: cloudflare
etag: W/"6c562b3f1d6a0148fda97d4847422c6f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lcpWlUGlypDhen3xWyno8W4GkVlehRznKh5ZG6XwVpAnoATix8NEGnLESgtEiMywveeDAhtEj8wtimNPfIuKsESOZ1jTffjfgirq3v0y6vZERIYbGVvjm8F6q1MTFO90RCBANaxtDxGwxcWEokEDcA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: M9oUePGbwt7hrJpARSIQzQLaIi7kmGEy
cache-control: public, max-age=31536000
set-cookie: __cfruid=fa6023a5da56304eac17fce3971353e192427765-1626925050; path=/; domain=.labs.bishopfox.com; HttpOnly; Secure; SameSite=None
content-type: application/javascript
x-amz-cf-id: UrZ9UiUBayUXrN8EiKExGHU72V-jMxKq4umPHh7kMP6j9RVPM5wUrQ==
expires: Fri, 22 Jul 2022 03:37:30 GMT

GET
H2 200 project.js Show response
labs.bishopfox.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/ 2 KB
1 KB 35ms
0ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.bishopfox.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:37:30 GMT
via: 1.1 1d1fb1f8e5e923ef7208b5a427d25d5d.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 7769464
x-amz-server-side-encryption: AES256
cf-ray: 6729a17e1c00203f-AMS
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-amz-cf-pop: AMS54-C1
content-encoding: br
last-modified: Wed, 19 Aug 2020 22:24:11 GMT
server: cloudflare
etag: W/"ef84f26c310485299d6b75777414eddb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dnXLXOfYNeo8tmUq9%2FZu%2BvSlDOHF13Fki4f0s4OiiKtKd6uK9knnlIpvBXCQVRUWB8LtVKXGZUY3JFHEUv0IyqTMhTvcblPkgDzwFVivItGtGsGtDi3Wd7kBru8JkoXwgQcVRSAJFCyTSZPoukT%2BqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: gEenO44eZUewxnIWfgj9q6LB.g9OszNv
cache-control: public, max-age=31536000
set-cookie: __cfruid=fa6023a5da56304eac17fce3971353e192427765-1626925050; path=/; domain=.labs.bishopfox.com; HttpOnly; Secure; SameSite=None
content-type: application/javascript
x-amz-cf-id: fn68TFg8ETgBVLPArP4M97IMczNPXfp8NfC6lUKUvHkRD5jRxn898w==
expires: Fri, 22 Jul 2022 03:37:30 GMT

GET
H2 200 index.js Show response
labs.bishopfox.com/hs/hsstatic/HubspotToolsMenu/static-1.103/js/ 51 KB
20 KB 26ms
0ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.bishopfox.com/hs/hsstatic/HubspotToolsMenu/static-1.103/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e4a38b04932e2ad77d85997f5cef0de384ecc1bb0b854cf619cb32501158692e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:37:30 GMT
via: 1.1 d04998a67c7a3fb6819bd5fdd0bbe125.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 5930346
x-amz-server-side-encryption: AES256
cf-ray: 6729a17e1c01203f-AMS
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-amz-cf-pop: BRU50-C1
content-encoding: br
last-modified: Fri, 14 May 2021 12:13:32 GMT
server: cloudflare
etag: W/"006946e614d6ef469f5c9e46b4836d15"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FJ205iRTQBb0xpY%2BCSvvLqOmjW%2BBYmM5Uk8%2BGdhy7KkvngOPxUrltICetOKZDRRT0m5Yx5flzvc8KDKBVPwfcmMkVEW9lbndPOMSwWBHpMRWeA7YPg8dju5dxrIm3mr7FebighKYqsnznzBLX%2FL%2Bbg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: NS5brkaR0OO1ViABjiLPNZKumB_gwu3c
cache-control: public, max-age=31536000
set-cookie: __cfruid=fa6023a5da56304eac17fce3971353e192427765-1626925050; path=/; domain=.labs.bishopfox.com; HttpOnly; Secure; SameSite=None
content-type: application/javascript
x-amz-cf-id: sFVh9rEN70xkoFcFA_v_aaIvMt4EZZgh4YiBRqwKoUfkPaEwgfb4Ig==
expires: Fri, 22 Jul 2022 03:37:30 GMT

GET
H2 200 v2.js Show response
labs.bishopfox.com/_hcms/forms/ 575 KB
145 KB 37ms
0ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.bishopfox.com/_hcms/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

284b2892385bb5d7511f2ebc221ad6fa86383c889145406732edb734a3e4dfc9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:37:30 GMT
via: 1.1 08f45c153a856ff7955174d0e6f60745.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 576
x-amz-server-side-encryption: AES256
cf-ray: 6729a17e1c02203f-AMS
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-amz-cf-pop: IAD89-C3
content-encoding: br
last-modified: Wed, 21 Jul 2021 08:15:59 UTC
server: cloudflare
etag: W/"f418c0f6e514c8682b3097d40f2b7300"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ebu5z4Guv4Unbwewt6uDrpnRNfpfBgWJX7f%2FWM749SvvmhVeoYgVjXlXiVj5spyv2bxPQmVXu06LNRB8Zq%2BAIy8dXIIoC4LTCsp99SwFy%2BX%2Fxbon%2Fqw5fKA0rzn5wAqr4qjDit4yWGv3jqPAV9mo1g%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: zs66x_0whY8Ao0sxg8zqjlq3UVsXou6A
access-control-allow-origin: *
cache-control: s-maxage=600, max-age=0
x-hs-cache-status: HIT
set-cookie: __cfruid=fa6023a5da56304eac17fce3971353e192427765-1626925050; path=/; domain=.labs.bishopfox.com; HttpOnly; Secure; SameSite=None
content-type: application/javascript; charset=utf-8
x-amz-cf-id: q3M6DdSkkl2xa8yup5uGCbZMrS4jIbKgEag0WpYgPQWyCM2LmLOzLw==
x-hs-target-asset: FormsNext/static-5.345/bundles/project_with_deps.js

GET
H2 200 comment_listing_asset.js Show response
labs.bishopfox.com/hs/hsstatic/AsyncSupport/static-1.94/js/ 8 KB
3 KB 29ms
0ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.bishopfox.com/hs/hsstatic/AsyncSupport/static-1.94/js/comment_listing_asset.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3a4acc91750315f26ccfdff67b14bdc2ff153fd397500ad60a5ce9e0bafa3b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:37:30 GMT
via: 1.1 1bc76a14967a660022b25f573baec632.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 7769464
x-amz-server-side-encryption: AES256
cf-ray: 6729a17e1c04203f-AMS
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-amz-cf-pop: AMS54-C1
content-encoding: br
last-modified: Thu, 04 Feb 2021 19:41:00 GMT
server: cloudflare
etag: W/"dead139f9e90162ef18faec5c6658b27"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ba3P%2FF1hRNTW0dKNeEk34NfjvYwSEB6Zzy1ZKP%2BfVTgP0oiAOIluNDDy8f%2BIR17drHEpmDzUE%2FFW04p4RemkIwm%2BqpopI51ygh%2BaXfFSc8Ftzn21vKH5GFH1nAasyuuC%2BY00pMgC7RJaUA2Z2duFgg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: rrf8fzfUXW6uWWsBbWfcrt_M5GaKpGIN
cache-control: public, max-age=31536000
set-cookie: __cfruid=fa6023a5da56304eac17fce3971353e192427765-1626925050; path=/; domain=.labs.bishopfox.com; HttpOnly; Secure; SameSite=None
content-type: application/javascript
x-amz-cf-id: 2w5ApyXFZtTF0GiBzbQwhmNZtcDnyL4OIXtqEboxNcjMqmDfNkZILQ==
expires: Fri, 22 Jul 2022 03:37:30 GMT

GET
H2 200 comments_listing_asset.css
labs.bishopfox.com/hs/hsstatic/AsyncSupport/static-1.94/sass/ 1 KB
1020 B 33ms
32ms Stylesheet
text/css 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.bishopfox.com/hs/hsstatic/AsyncSupport/static-1.94/sass/comments_listing_asset.css

Requested by

Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

72230de642a6e6a4cc0059fd8555dcdace5fe8ca702e9e8d9f7030f0aa8e07c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

:path: /hs/hsstatic/AsyncSupport/static-1.94/sass/comments_listing_asset.css
pragma: no-cache
cookie: __cfruid=fa6023a5da56304eac17fce3971353e192427765-1626925050
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: labs.bishopfox.com
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:37:30 GMT
via: 1.1 58a361324cd2b1576fcc05c5471b9b13.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 7769463
x-amz-server-side-encryption: AES256
cf-ray: 6729a17e3c49203f-AMS
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-encoding: br
last-modified: Thu, 04 Feb 2021 19:41:00 GMT
server: cloudflare
etag: W/"b8ee8eabaab596a61f9dce917ea44a73"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PRQsxm3LVzZSvJ425q0g%2BQZ2G%2FV1jX7OSm4eKn7Vm%2FcUN1lEvb1P%2BIEsbWCn18%2FdzgRjmA%2Bi9DLQrr4rVDCkq2zj4Uj5AeyYQ1g0mHHTJZmmaW5jp3A7r2XzNe5E2kAjKIpCoRkrxZmnJLLLW28kxw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 9bHcd_ft.zS_ljDQKZIJC6FKEZ_yO.ou
cache-control: public, max-age=31536000
x-amz-cf-pop: AMS54-C1
content-type: text/css
x-amz-cf-id: oovKQJPGJld_fIyexS_CtDElVDD43kEiA06mI8PD3Fz_NF_UQQ9_rQ==
expires: Fri, 22 Jul 2022 03:37:30 GMT

GET
H2 200 module_10478305230_Social_Icons.min.css
labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/module_assets/10478305230/1587759185112/ 288 B
778 B 253ms
251ms Stylesheet
text/css 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/module_assets/10478305230/1587759185112/module_10478305230_Social_Icons.min.css
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d0665aad66140bedfae8ee86351e3123060565001e33867552dd4b0f4a5a23d1

Request headers

:path: /hs-fs/hub/5632775/hub_generated/module_assets/10478305230/1587759185112/module_10478305230_Social_Icons.min.css
pragma: no-cache
cookie: __cfruid=fa6023a5da56304eac17fce3971353e192427765-1626925050
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: labs.bishopfox.com
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:37:30 GMT
via: 1.1 baddfcb4f2a6876b4fcc03bcd62427ef.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
x-amz-request-id: 5AN0B24K0M0P5CS4
x-amz-id-2: zk4c4nU9UD1cIDEwvdUIE8Yd90p4A7lLG7xGMTTLyag15RebY8qyxAwKIQ60BPOCxJvMp+4FcTA=
last-modified: Fri, 24 Apr 2020 20:13:06 GMT
server: cloudflare
etag: W/"f9a21447ab17cc1cf5127e2a9fdef72a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BgvPrl2MRz2Ms2%2BIhj0jfrgbWDf3bSb%2FPd89UXqnx5YM38HzcUeCwgpe5C2l0QXUzO1527d27YmN2A3I%2FU36KQpvv47Mm6ziPlWKDqwLFzlrkKpRwtpZgyV4LO0Ni2ljHX2SpzTgmwRGPRzvM5JGXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: z3NVlkKDFe3SWmID3h_gz_034msu3TZx
cf-ray: 6729a17e3c4a203f-AMS
x-amz-cf-id: GpCp44Zl1EuScXAOCQZsSFbOfcvJ-HwHJ6QL2S_snK2QdJd9Et9Ytg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 eml7xva.css
use.typekit.net/ 9 KB
1 KB 167ms
139ms Stylesheet
text/css 2a02:26f0:6c00::210:ba2a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/eml7xva.css

Requested by

Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:ba2a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx /

Resource Hash

0e4330fc42b9bc471699a995039181f9a8d98deba31c84c6961c7057e23c447c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
server: nginx
date: Thu, 22 Jul 2021 03:37:30 GMT
vary: Accept-Encoding
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 1056

GET
H/1.1 200
OK in.js Show response
platform.linkedin.com/ 181 KB
55 KB 23ms
7ms Script
text/javascript 2a02:26f0:6c00::210:ba0a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.linkedin.com/in.js
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba0a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Play /
Resource Hash: da5d5742702be2fedfec398352bf443885855cffc10fb87e9c125530b0abb3de

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

X-LI-UUID: UjvDr/b+kxYQmN10SCsAAA==
Date: Thu, 22 Jul 2021 03:37:30 GMT
Content-Encoding: gzip
X-CDN-CLIENT-IP-VERSION: IPV6
Server: Play
X-Li-Pop: prod-edc2
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Cache-Control: public, max-age=3600
Connection: keep-alive
X-LI-Proto: http/1.1
Content-Length: 55565
X-CDN: AKAM
X-Li-Fabric: prod-lva1
Expires: Thu, 22 Jul 2021 04:23:45 GMT

GET
H2 200 layout.min.css
cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1626272450731/hubspot/hubspot_default/shared/responsive/ 5 KB
2 KB 71ms
35ms Stylesheet
text/css 2606:4700::6811:f0cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1626272450731/hubspot/hubspot_default/shared/responsive/layout.min.css
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f0cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 341a4d40ad1b2560db940f906716d0e9539d4c0785399d7e0348fd0d3af00170

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1626272450799
date: Thu, 22 Jul 2021 03:37:30 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 652274
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wDeygkaxhAbUVZaCDCGJiJ3OAnbVQqYUOJDisoM98PdZ8E1oJ8dZYY%2FhiuwLZiZFd4o7q3SGysFdGlv%2BmBaiZ6WxZfplUBRoGk0m0cGhZ%2BbTPCYazg5bibG3h7RAstFDOj%2FBvWQZWYzPL58QqTE%3D"}],"group":"cf-nel","max_age":604800}
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 12
last-modified: Wed, 14 Jul 2021 14:20:51 GMT
server: cloudflare
etag: W/"0b0c633d59ab0af9553a98c0e7d97349"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-cf-pop: IAD89-C1
cf-ray: 6729a17e7f8f4bfa-AMS
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 12

GET
H2 200 styles.min.css
labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/template_assets/28144332160/1597184910188/Custom/Bishop_Fox_2020/Coded_Files/ 91 KB
17 KB 255ms
254ms Stylesheet
text/css 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/template_assets/28144332160/1597184910188/Custom/Bishop_Fox_2020/Coded_Files/styles.min.css
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1701e3fa666b6218db2a8b8034f8c843270e92c7244a5028f48e26e80420591

Request headers

:path: /hs-fs/hub/5632775/hub_generated/template_assets/28144332160/1597184910188/Custom/Bishop_Fox_2020/Coded_Files/styles.min.css
pragma: no-cache
cookie: __cfruid=fa6023a5da56304eac17fce3971353e192427765-1626925050
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: labs.bishopfox.com
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1597184910188
date: Thu, 22 Jul 2021 03:37:30 GMT
via: 1.1 547c5e28f010be7961f641c3903c0954.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
x-amz-request-id: 5ANDSDWXFF22K72J
x-amz-id-2: dYtLYhR6fpywdNZMGlq+yREwV7GmUkYeGb6t0iOFoTd42WYn75IsMSHug5ErBgY5Ji/suykRtx4=
last-modified: Tue, 11 Aug 2020 22:28:31 GMT
server: cloudflare
etag: W/"17da206b34e3090886773a9125c8f744"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n2nHAr3ikgjAsuZHHi0Hw%2F%2B0H0By0s5EDcvTlg7cP31Dpey0ArWCJPZTrYj5vqI%2FJXpwi%2F4cnhn0oWGd2tpHDFa0oVLLV4WkpmVKo8fTYHwsaNXYWG8Dhb6wCPE5oWYJkYF29FKTs7Jjm7zTRguofg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: CBIjujsdV8rN8yLa7muuXN894DnV3sW6
cf-ray: 6729a17e3c4e203f-AMS
x-amz-cf-id: tdIj0e5NEctkom85NDaXqDbmsoQVWsEGEMrZsLO2LnNi5DyNKVgZQg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 prism.min.css
labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/template_assets/32348863542/1595255868968/Custom/Bishop_Fox_2020/Coded_Files/ 1 KB
2 KB 252ms
251ms Stylesheet
text/css 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/template_assets/32348863542/1595255868968/Custom/Bishop_Fox_2020/Coded_Files/prism.min.css
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 53bbbcda593dc7d2483e3225fa353d9e8cad17c46baa7088ba0db94d66f0bf9e

Request headers

:path: /hs-fs/hub/5632775/hub_generated/template_assets/32348863542/1595255868968/Custom/Bishop_Fox_2020/Coded_Files/prism.min.css
pragma: no-cache
cookie: __cfruid=fa6023a5da56304eac17fce3971353e192427765-1626925050
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: labs.bishopfox.com
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1595255868968
date: Thu, 22 Jul 2021 03:37:30 GMT
via: 1.1 547c5e28f010be7961f641c3903c0954.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
x-amz-request-id: 5AN1FR14A5JDZY3Y
x-amz-id-2: dXrZ6j47bDUJZtK4/aRlyyoEHjAKwJW0Zstyo8pKjaiJQqLBtwoXaY7za9/v9bYW/CJSZRBFzkY=
last-modified: Mon, 20 Jul 2020 14:37:49 GMT
server: cloudflare
etag: W/"a43baa16da2d3f3c255e6df5d2fcda20"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oetCq7MkOTRc6%2BsdnNHvtmuzR13%2FuWKjJTyVYyQ8Eam5LghrI85yZ57qW349cyN5tj%2Fl9leLgbyPpm4MI1Bjf9JwN%2F4tBaOf6TPN9RRRVQu3SK450t3WaqamJlBTvnJRpYXacZQbS8HFTB8FPJxRNg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: M8kW4g.fpbVz3EcLbuF7t8DRivL39XdS
cf-ray: 6729a17e3c50203f-AMS
x-amz-cf-id: ntcIqrGlmwQ7G7UvwjeYErrxq65cIkM5iaYQkiRIZM1f2WphxQ92Fg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 BishopFoxLabs-Logo-Black.svg
labs.bishopfox.com/hubfs/Logos/ 3 KB
2 KB 50ms
48ms Image
image/svg+xml 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.bishopfox.com/hubfs/Logos/BishopFoxLabs-Logo-Black.svg
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 482764a09e130bd7446e86016ab44a442d73e2b295879cbb2666f7790478b187

Request headers

:path: /hubfs/Logos/BishopFoxLabs-Logo-Black.svg
pragma: no-cache
cookie: __cfruid=fa6023a5da56304eac17fce3971353e192427765-1626925050
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: labs.bishopfox.com
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-methods: GET
date: Thu, 22 Jul 2021 03:37:30 GMT
via: 1.1 fb8f21b90b0483bdc64e7c79b3e007e0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-28955847558,FD-28955967354,P-5632775,FLS-ALL
age: 1203386
x-amz-server-side-encryption: AES256
edge-cache-tag: F-28955847558,FD-28955967354,P-5632775,FLS-ALL
x-cache: Hit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
x-amz-request-id: 0K39T122ENR5NG4P
x-amz-id-2: hKBrpUrDDPC0oad/84z6lEl4wCsQpk7e3yZP5yZl9ax2lE2TDBMZXsVsJpm1QnMB4Z9CylBFmOA=
last-modified: Thu, 30 Apr 2020 14:06:23 GMT
server: cloudflare
etag: W/"c092105e6b23817d8977a1afc51faa1e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BGOSJya42Xg%2BAWPM2jZUqYl7uUl%2BTLOqrFM9V6HLI%2BTongocjy9F1m8p0DSpknWeHzpOJCIB2binIhee1ksBYmSpfPnShm6TDdXmKVq26bmnPMFoaKQDhlPKgcIjIJAFDmBFrTj9zH7UBneWqzMWdA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: mXuZz95KgSwgTAxdzh8jlE_hq5mcuNck
x-amz-cf-pop: AMS1-C1
cf-ray: 6729a1802f6c203f-AMS
x-amz-cf-id: 66zJIs0hucgjIuUu7udv3Y50Afk3a50gNFpzYA-YsGUoWwptj4GGgg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 BishopFoxLabs-Logo-Simplified-Black.svg
labs.bishopfox.com/hubfs/Logos/ 1 KB
2 KB 49ms
48ms Image
image/svg+xml 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.bishopfox.com/hubfs/Logos/BishopFoxLabs-Logo-Simplified-Black.svg
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c34dbb609c6387f6175474daf591365e75a67780b5b5f10ca1e3a069187c694b

Request headers

:path: /hubfs/Logos/BishopFoxLabs-Logo-Simplified-Black.svg
pragma: no-cache
cookie: __cfruid=fa6023a5da56304eac17fce3971353e192427765-1626925050
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: labs.bishopfox.com
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-methods: GET
date: Thu, 22 Jul 2021 03:37:30 GMT
via: 1.1 aae0a3ddd306e11f8c3d25a657078704.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-28955848741,FD-28955967354,P-5632775,FLS-ALL
age: 1203386
x-amz-server-side-encryption: AES256
edge-cache-tag: F-28955848741,FD-28955967354,P-5632775,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
x-amz-request-id: QE19JHSPKD53SV4X
x-amz-id-2: O5OSWsdqrpf+WJlYUgYj0HsfcpnPjzArqZ0BXw/1iKx/MaGxroNJM7Jo/wMro2vk/3Dg/dyhxDw=
last-modified: Thu, 30 Apr 2020 14:27:27 GMT
server: cloudflare
etag: W/"b3c81c94ed4ebc1b8523c5a7ec33e6a7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pg%2BS0g%2BKgPeSco%2BjOolzA%2B7Sqm2ZDNNWhUQtkpc4AKpWVX6GXUm7iVCkbStaFrnvyeQ4qM10NAVD5vCDLyWWfrYfVpT8c8mw0Ak0fF3aLEw%2FFf0sAokzbaxTHkTf18%2FS%2FfLWNGSvMrCcTxQzPk7UDg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: mAlYJd53qS3J6KxX_rRFXLrBvOkX2Kle
x-amz-cf-pop: AMS1-C1
cf-ray: 6729a1802f6e203f-AMS
x-amz-cf-id: v3VE-kcxihIeFmpw67MpudzbjFJzHFyJrsPjRZCzP3zlUsz11w-VRg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 tocbot.min.js Show response
labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/template_assets/28550993871/1589569483649/Custom/Bishop_Fox_2020/Coded_Files/ 9 KB
4 KB 533ms
533ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/template_assets/28550993871/1589569483649/Custom/Bishop_Fox_2020/Coded_Files/tocbot.min.js
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c8d76f539c79c8169dd727ae8842c1dfa3513378fada30cd91dbaf26a1290801

Request headers

:path: /hs-fs/hub/5632775/hub_generated/template_assets/28550993871/1589569483649/Custom/Bishop_Fox_2020/Coded_Files/tocbot.min.js
pragma: no-cache
cookie: __cfruid=fa6023a5da56304eac17fce3971353e192427765-1626925050
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: labs.bishopfox.com
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:37:31 GMT
via: 1.1 7a99ed3f39c18af8fe138a695e5f657d.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 12
content-encoding: br
x-amz-request-id: QMPA7MR45VC2270S
x-amz-id-2: dTxpKs5qokJN/qHLW+aFZN4/tnHkq3W9u+ubebiWiQaeHV1/qNfKhu696AxI8LwrJ8k3IudCThA=
last-modified: Fri, 15 May 2020 19:04:44 GMT
server: cloudflare
etag: W/"6b37b978ab743d97ee63b9d31ef21556"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5%2F9VkxSGzAiqjXa4bE40vrT8HJdYJGCKdkiPYzl%2B5xgg3w3eElfA7O4kOYDoEZRLk%2F%2Bq97cPU13p%2FKFFSmrC6QNXT1R0C9g2r7LMJz233QXB2%2Fzf2GAcwZllsdVunqD%2B0pfL%2F6kwmPeKFG3EN10dMw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: 4HTBarBewLbln.aAV_20fQkSKYnW.Z7p
cf-ray: 6729a17fdeed203f-AMS
x-amz-cf-id: A9KxdvRXCuK1WRyqnRP76HZ991mJao544x3R9sBgOJebF1reU_GFqw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 12

GET
H2 200 main.min.js Show response
labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/template_assets/28145500502/1589569486311/Custom/Bishop_Fox_2020/Coded_Files/ 1 KB
1 KB 282ms
282ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/template_assets/28145500502/1589569486311/Custom/Bishop_Fox_2020/Coded_Files/main.min.js
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 07d59d11e10a2e559c0ce70c86b9736aed6a46a3b0b55c6cab658215ecb3ba57

Request headers

:path: /hs-fs/hub/5632775/hub_generated/template_assets/28145500502/1589569486311/Custom/Bishop_Fox_2020/Coded_Files/main.min.js
pragma: no-cache
cookie: __cfruid=fa6023a5da56304eac17fce3971353e192427765-1626925050
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: labs.bishopfox.com
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:37:31 GMT
via: 1.1 041a4887d523cabe8177e269cc358163.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
x-amz-request-id: DTSK1WQNJS9M30BV
x-amz-id-2: yDqLDQv+FyvGoxvobm82b/tmwMRmJlBFnUEFr3eF+bbXwuoIXFb7f5v2pxWXXAPd3PKNGmPF7HM=
last-modified: Fri, 15 May 2020 19:04:47 GMT
server: cloudflare
etag: W/"a039532aed6a100a7d84cba1d22eb293"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DbCf7mrhcFb7NPiKloU%2BtqKFQ%2BSx%2BwRJy5vmHtIRNJgpI%2BOfB3zX32nDYOA2Xq%2FfMEQsH7Lj%2F7%2F9Hd1EkkQmoZCfwxEogVQNNXbtnwUVhxMczP53B2nHJWhdpUVhYGkhtDtiyvITykab2mDFc2ehVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: .ih4zeutrPQaWWEAOA_M53biY2uOb9Qg
cf-ray: 6729a17fff2b203f-AMS
x-amz-cf-id: gozrGIlzJkWlu7MKdEqa2Y70cBVPw_8XGHK_tataoCMsrvdhVnMNFg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 prism.min.js Show response
labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/template_assets/32348863607/1595255713736/Custom/Bishop_Fox_2020/Coded_Files/ 439 KB
162 KB 279ms
277ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/template_assets/32348863607/1595255713736/Custom/Bishop_Fox_2020/Coded_Files/prism.min.js
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 397ea9453748b35f255a67e3d8e3b4ea0451490297295b643d6cbcd01764885a

Request headers

:path: /hs-fs/hub/5632775/hub_generated/template_assets/32348863607/1595255713736/Custom/Bishop_Fox_2020/Coded_Files/prism.min.js
pragma: no-cache
cookie: __cfruid=fa6023a5da56304eac17fce3971353e192427765-1626925050
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: labs.bishopfox.com
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1595255713737
date: Thu, 22 Jul 2021 03:37:31 GMT
via: 1.1 71f1cca040033ebffc591cf9392d1528.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
x-amz-request-id: AWM94ZSDJG55FQEW
x-amz-id-2: 52AMrwgSmckq2iXPGpyq4/zG3a5UY4Yst93pzkEdnbIlizMWDhwW/k64lQ9eCTrLMttl+0jv0M0=
last-modified: Mon, 20 Jul 2020 14:35:14 GMT
server: cloudflare
etag: W/"7cb7749663fb165d3803c8bbcc284e55"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JP2HQi3mIW9SvjbMtCfRaIckDcM8yZ1k%2BEYceDZIk0HJ8SW8pBd1vKYflfuxSlXpezJ4S64D0LQep1VoFlrMOzdSiMUhDo4HSwuhvb1CuyzaBn0Yvb7%2BKtxqazqlBupEAoLEkSvrAwQ0ezRvRonCQg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: jiSK5D.JQHVI.2.XQsiW63K.Y7e23I8c
cf-ray: 6729a1802f67203f-AMS
x-amz-cf-id: WgQ4f9SWs5Ty4xDvhczL85Va9FKsgBhQ0PXXq3LAPqj0NB3Xj14piw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 module_28294170921_2020_Hub_-_Header_-_Search.js Show response
labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/module_assets/1588605389426/ 6 KB
3 KB 284ms
282ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/module_assets/1588605389426/module_28294170921_2020_Hub_-_Header_-_Search.js
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 72ad15be9ebaf0ccb9f542bd82398a4ec5f69f1f30593eff9807473af1a907e7

Request headers

:path: /hs-fs/hub/5632775/hub_generated/module_assets/1588605389426/module_28294170921_2020_Hub_-_Header_-_Search.js
pragma: no-cache
cookie: __cfruid=fa6023a5da56304eac17fce3971353e192427765-1626925050
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: labs.bishopfox.com
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:37:31 GMT
via: 1.1 547c5e28f010be7961f641c3903c0954.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
x-amz-request-id: 0WB3Q2VG15E715PK
x-amz-id-2: ZXnDTq38YO61aCYcfVmudV5AugrZN30xzie2d6EuBX+TttAC7JCC5PDvIffz146mP8++JGGjB+0=
last-modified: Mon, 04 May 2020 15:16:30 GMT
server: cloudflare
etag: W/"97a06edce2100b01bbbe4d2cfb7421da"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2OukZ6mWqd8dy7ulzxHOHgp3CqJWvpxuntFc6zI7X%2BZaJxTy56CCuHcqnEYO2%2BHtzf5zPf6gZLNdwMEfKnrQlexUNRh2x9Mt5SP9sHG1kgJCGyrczeC%2B4oHVYkyBUbabmGAGQDaaiZTH4w9CDRkbIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: 8EiDD8763pINn_VkZJo4ueKMFK8LI78T
cf-ray: 6729a1802f6a203f-AMS
x-amz-cf-id: oTv15GO6M4J8W4qfGEA-DS_fk_zaISicDz_dg03BJfqVUk2bdiuOJA==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 module_28295816956_2020_Hub_-_Header_-_Hamburger_Menu.min.js Show response
labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/module_assets/28295816956/1588605379768/ 367 B
988 B 234ms
233ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/module_assets/28295816956/1588605379768/module_28295816956_2020_Hub_-_Header_-_Hamburger_Menu.min.js
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: afee3609c2d320fbe4ff5a90eaccd92d9628453944181649631dee0081de9d9b

Request headers

:path: /hs-fs/hub/5632775/hub_generated/module_assets/28295816956/1588605379768/module_28295816956_2020_Hub_-_Header_-_Hamburger_Menu.min.js
pragma: no-cache
cookie: __cfruid=fa6023a5da56304eac17fce3971353e192427765-1626925050
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: labs.bishopfox.com
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:37:31 GMT
via: 1.1 dd169cfdbbafbb3da513bede6bc6640e.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
x-amz-request-id: NA5JE6WMHKYF6MTA
x-amz-id-2: KQKzTJSBy0FDO9H2URaAXjY2TZHXeKdeC3hjEk91TuI0+/B+qnPmoxwERvLb/qJA2dsVpcR4g6k=
last-modified: Mon, 04 May 2020 15:16:20 GMT
server: cloudflare
etag: W/"18321dc2c6d1bd60c0c3f15d9b6d02e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eHs372cma3zl3Mk%2FgN15Zsov5fc1%2BsXvjsM0lqh%2Bt0l5Y9N7FQv8jCAGrUOYZGNgck6clhLTb2VaAlGX%2FwL5flgXCtBB%2F0g4JIizyFlbFGfMZ4Z4AYkwqlfxRS1VDRhx1W5FiO4ZS2RCYQ6C2i9OZg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: Otv2h8oRWUzZyogF.jSbKepn8wtGXreV
cf-ray: 6729a1802f6b203f-AMS
x-amz-cf-id: NA2uQ7LJ0LxLxCvX9zSMLcgiMiMzSPBVPTwjxDFjj4AfEnMB8LiDuw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 5632775.js Show response
labs.bishopfox.com/hs/scriptloader/ 2 KB
1 KB 430ms
429ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.bishopfox.com/hs/scriptloader/5632775.js
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c537487e41dbee98cd3f7f1e6f651dfff83fd8de408bd94063823c8f3c94a81f

Request headers

:path: /hs/scriptloader/5632775.js
pragma: no-cache
cookie: __cfruid=fa6023a5da56304eac17fce3971353e192427765-1626925050
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: labs.bishopfox.com
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:37:31 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: EXPIRED
nel: {"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 48bef9ee-7d6e-4c7e-bbaa-1e941fd6c924
server: cloudflare
x-trace: 2B476C2B652B6E71EFCCF7586E27853A44E361C879000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rjMBQ7MUFuSV80GjFRI2RFwV%2FpQ8QOEGrsHkrhjZKfeNV%2F2OI9cCvrZU20eNas7BvxSCcaxgAVyZoHvc63ZqNQJCW59GW9G2qEvypFinQFZx9SeSN6W1Mhm6ISdqImgLGtFrrm4GwQyfvd7%2BUgg6Ig%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 6729a1802f6f203f-AMS
expires: Thu, 22 Jul 2021 03:38:31 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 154 KB
54 KB 35ms
35ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TCFGBGH

Requested by

Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e2ee6d6f69609bea89523711226e83e44c0d4e2f90f699c11300f5e5e25d5afe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:37:30 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54995
x-xss-protection: 0
last-modified: Thu, 22 Jul 2021 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 22 Jul 2021 03:37:30 GMT

GET
H2 200 p.css
p.typekit.net/ 5 B
162 B 20ms
6ms Stylesheet
text/css 2a02:26f0:6c00:28d::19fd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=eml7xva&ht=tk&f=139.140.173.174.175.176.143.144.145.146.147.148&a=16561858&app=typekit&e=css
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/eml7xva.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28d::19fd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

Referer: https://use.typekit.net/eml7xva.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:37:30 GMT
last-modified: Thu, 05 Nov 2020 13:49:42 GMT
server: nginx
etag: "5fa402f6-5"
content-type: text/css
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 5

GET
H2 200 --6PiuvBGAU Show response
www.youtube.com/embed/ Frame 35C0 55 KB
23 KB 56ms
56ms Document
text/html 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/--6PiuvBGAU

Requested by

Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

00a477d1f92a381e084e20f6d5100ceb7f0f3933bd5c60c67db1a450431e0161

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/--6PiuvBGAU
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Response headers

content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 22 Jul 2021 03:37:30 GMT
strict-transport-security: max-age=31536000
permissions-policy: ch-ua-full-version=*, ch-ua-platform=*, ch-ua-platform-version=*, ch-ua-arch=*, ch-ua-model=*
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=z9W_xwNX_X4; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none VISITOR_INFO1_LIVE=cFcdHlwD-FE; Domain=.youtube.com; Expires=Tue, 18-Jan-2022 03:37:30 GMT; Path=/; Secure; HttpOnly; SameSite=none CONSENT=PENDING+644; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 BishopFox-Labs-Background.svg
know.bishopfox.com/hubfs/Backgrounds/ 621 KB
457 KB 46ms
46ms Image
image/svg+xml 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://know.bishopfox.com/hubfs/Backgrounds/BishopFox-Labs-Background.svg
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/template_assets/28144332160/1597184910188/Custom/Bishop_Fox_2020/Coded_Files/styles.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: f60e5f09897f9af1a4190159019fa7617df27856207b153888844ffc5ac3790b

Request headers

Referer: https://labs.bishopfox.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-methods: GET
date: Thu, 22 Jul 2021 03:37:30 GMT
via: 1.1 05ec74146f636de45e985d09f62976dd.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-28956062666,P-5632775,FLS-ALL
age: 1016522
x-amz-server-side-encryption: AES256
edge-cache-tag: F-28956062666,P-5632775,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 12
content-encoding: br
x-amz-request-id: 829AYXJJQ9YTE2MT
x-amz-id-2: kslO1Q1eNCyHO9hNgKkZJz5zlMbNHVush7UrYzVFWMiLmJXKMMHQ1g9vc4ENcipx05rZV+HlTqc=
last-modified: Thu, 30 Apr 2020 14:15:22 GMT
server: cloudflare
etag: W/"33d52a645e21be569cf58f161c039515"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JkL3XBRWXlLxF7sTqc2cb8qOHxzKQxsjnu8LGmZ0Uv0%2FSrTFH1gzpEl4SOqHWD6YQFhL08aersV9KENVGf1iNjdLG39vkr1j2pKauqXF241N8I4nmx%2BTePsYJFmzP5NMfRGAMlBVRAnFNRVyFD1GGA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: OwVJGcfkYdK8E.fT1cEyLmumLb895CnU
x-amz-cf-pop: AMS1-C1
cf-ray: 6729a1803a63bf3c-AMS
x-amz-cf-id: MdTzpLnSQy0Q63pxFNn-zet1w9jnrCazHmZnJ2x3Dkz8ZIvTq9oMBA==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 12

GET
DATA 200
OK truncated
/ 700 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 09c4cb3040f901cc5a13fb0be1cd920cbb7a8d6dc2b3774f745ccac459462e19

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 650 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9c9b17aaa6d7189ffe7cd7623f61f63b60df3178aaa8ced604a464c237178bce

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 Caleb%20%20-%20Profile.jpg
labs.bishopfox.com/hs-fs/hubfs/ 580 B
1 KB 32ms
32ms Image
image/webp 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.bishopfox.com/hs-fs/hubfs/Caleb%20%20-%20Profile.jpg?width=32&name=Caleb%20%20-%20Profile.jpg
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: a86b8c1fa9a765b51d4954ea0ca03f07280c044c999d11609689d044eee7eb24

Request headers

:path: /hs-fs/hubfs/Caleb%20%20-%20Profile.jpg?width=32&name=Caleb%20%20-%20Profile.jpg
pragma: no-cache
cookie: __cfruid=fa6023a5da56304eac17fce3971353e192427765-1626925050
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: labs.bishopfox.com
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:37:30 GMT
via: 1.1 841dfa6074cf4b3b0718988f088a4ac2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 495449
cf-polished: qual=85, origFmt=jpeg, origSize=1649
edge-cache-tag: F-30821200118,FD-9004383487,P-5632775,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="Caleb%20%20-%20Profile.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 12
content-length: 580
x-amz-server-side-encryption: AES256
last-modified: Thu, 15 Jul 2021 21:25:12 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "293489825efda97ca899500dbf71c155"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FzwG82o2zcV24zlRXKx0q4KNmFw9KUrL7Od1prkyMMF8d%2BWkLyu%2Be7NcPu47uC%2FSuDPg7AfFLhWJWepj%2FeKUTF%2FUnTf%2BnX5u5q1qqRnT63oikIOzwYs9t78vtjOZ4QBr4ncPxLedCgLG5nUDrqwJvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C1
accept-ranges: bytes
cf-ray: 6729a1804faa203f-AMS
x-amz-cf-id: ELVm7gyEQu8rNJW3FAyJAhpxtmmcxTxrlrjHIOys0iC6aUPBak8VWA==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 12

GET
DATA 200
OK truncated
/ 388 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cfe0094ec9c1e414159e1f064b9004d6af663e7b3c2d61c20a18e40e63d6a647

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 Research%20&%20Tools%20Listing%20-%20Sliver.png
labs.bishopfox.com/hubfs/Labs-Implementation/ 22 KB
23 KB 881ms
880ms Image
image/png 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.bishopfox.com/hubfs/Labs-Implementation/Research%20&%20Tools%20Listing%20-%20Sliver.png
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 77d3580baee5db2e7cffd2f03fde4352d7caddaef9a5b36804e0507624942bd2

Request headers

:path: /hubfs/Labs-Implementation/Research%20&%20Tools%20Listing%20-%20Sliver.png
pragma: no-cache
cookie: __cfruid=fa6023a5da56304eac17fce3971353e192427765-1626925050
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: labs.bishopfox.com
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-methods: GET
date: Thu, 22 Jul 2021 03:37:31 GMT
via: 1.1 4e4c50c641418e6aad9ec09cb0f22845.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-31205322673,P-5632775,FLS-ALL
x-amz-cf-pop: AMS54-C1
x-amz-server-side-encryption: AES256
cf-ray: 6729a1805fbc203f-AMS
edge-cache-tag: F-31205322673,P-5632775,FLS-ALL
x-amz-meta-index-tag: all
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 12
x-amz-request-id: 7DCR0W1FM5RTXPYF
x-amz-id-2: iFNbSOr0T496eKc0uT2MVlFXLRHT6rlHDuoSHhCq51mDPpWyLORZzFIJ6+Uvb9l8UrtQ6KXiwSs=
accept-ranges: bytes
last-modified: Wed, 24 Jun 2020 23:58:42 GMT
server: cloudflare
etag: "3f9beb6eb7236974d55a296467bfe708"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fr3LMyBVy3oSISd2bPqYmOGIsQsbPvRbHo2gaJIXu9w2ZJiBBislcrOakMIkU%2Bc2sE3IeI9gmfvejFzeylRRQhqoiD8VnQvajF8l%2B4CUh8mICvkNhbN5TQ64yw7ctLhVzna3fPjMz8X2RlvTD0elWA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: CnUWBJO3v81VYrhgg0y8tPsZZJBsRtS7
content-length: 22679
x-robots-tag: all
x-amz-cf-id: fKuQ3nYUYh-l56oNsDOfTBtHUilS4D9jD1qYP8g_g6iUUDIe1QrYDA==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 12

GET
H2 200 Bishop-Fox-Labs-ZIGDIGGITY.jpg
labs.bishopfox.com/hubfs/Logos/ 441 KB
443 KB 953ms
952ms Image
image/jpeg 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.bishopfox.com/hubfs/Logos/Bishop-Fox-Labs-ZIGDIGGITY.jpg
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8e76c258de5ff336dbe47f183c1acde33442b3dbee808d813a57984fb4a3d9b6

Request headers

:path: /hubfs/Logos/Bishop-Fox-Labs-ZIGDIGGITY.jpg
pragma: no-cache
cookie: __cfruid=fa6023a5da56304eac17fce3971353e192427765-1626925050
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: labs.bishopfox.com
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-methods: GET
date: Thu, 22 Jul 2021 03:37:31 GMT
via: 1.1 fe106b75368b4a44b0461d7e712cd360.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-29912613070,P-5632775,FLS-ALL
x-amz-cf-pop: AMS54-C1
x-amz-server-side-encryption: AES256
cf-ray: 6729a1805fbf203f-AMS
edge-cache-tag: F-29912613070,P-5632775,FLS-ALL
x-amz-meta-index-tag: all
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 12
x-amz-request-id: 7DCHK9QD98QXYD3C
x-amz-id-2: UmBsfLf1C1qfTm0buJQaKIfzWQO6bnxKBu1beSgOuzUp3Cfbiw1+p7PVlMIc7509+EogsoLZJ3I=
accept-ranges: bytes
last-modified: Mon, 01 Jun 2020 20:40:38 GMT
server: cloudflare
etag: "618d3970d5bf4c25d91f2b8dbc92d7dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5%2BAd6m1wVU99J%2FBpmbsqC4RZI3zAQuxdaJkXzgUAWuZiCA0rNrHObEjIhAvFkdp%2FiagD9%2FlhK6IvLNdgeJggJq2bqMU5nvgcqOjlYMltF3BiQsQm2EwrLaspkbDkkcq0dT%2FGZtXuyZ3D8EPh6Dx1Qw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: 4vVOICHuAgKKTPicsNLS1xZtieadTeJC
content-length: 452053
x-robots-tag: all
x-amz-cf-id: mtHkxCcb0E4V0aeghpM2-nnvq844P2ClEJoiUr4K7L6V3yre-Mt2XQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 12

GET
H2 200 200508-Twitter-01-RMIScout.png
labs.bishopfox.com/hubfs/Research/ 102 KB
103 KB 47ms
47ms Image
image/webp 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.bishopfox.com/hubfs/Research/200508-Twitter-01-RMIScout.png
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d80a514d4ff6c64bab3d3c0a422e32ca989a0af6e05a0c6c4b721176ef08d16

Request headers

:path: /hubfs/Research/200508-Twitter-01-RMIScout.png
pragma: no-cache
cookie: __cfruid=fa6023a5da56304eac17fce3971353e192427765-1626925050
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: labs.bishopfox.com
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-29915756613,P-5632775,FLS-ALL
age: 158166
x-amz-server-side-encryption: AES256
edge-cache-tag: F-29915756613,P-5632775,FLS-ALL
content-disposition: inline; filename="200508-Twitter-01-RMIScout.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 12
x-amz-request-id: 1B1YX3CVHVFW9HRP
cf-bgj: imgq:85,h2pri
etag: "ed74b184547ace51869044bbbdd96ca0"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 12
date: Thu, 22 Jul 2021 03:37:30 GMT
via: 1.1 f9d671af272d3b5b3c683203ae8f4cc8.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: AMS54-C1
cf-polished: origFmt=png, origSize=152798
x-cache: Miss from cloudfront
x-amz-meta-index-tag: all
content-length: 104106
x-amz-id-2: cJnMiOkaC2eqooOzacgHibncY2aXVdiUgli7+/pPvljziic+BasOFUQFGvzcY42cvbtxIL5gQck=
last-modified: Fri, 05 Jun 2020 22:37:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y9P3%2FTGsCowZy831VYxLz6wxmxumRQu%2BkkCVGPPOyZFAg1dFeV4%2BG2qoA3GY0fr49MjPJ7mppBx9J1fgOYtxz9T7bf09ShxvBhBLXzV3IqlwWMhH7O4QRAn2%2BbjjoNnQiowfyhxZ48SBOnJzvqo4nQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: o4Hbu1kotL9lspjRwe_z1FKpepli2bzq
accept-ranges: bytes
cf-ray: 6729a1805fc0203f-AMS
x-amz-cf-id: MBzkvpHRfZ7JUxCC-EZyRcH6PWhO_nHtP7cgL7DJzmraKLRHSmDTzg==

GET
H2 200 l
use.typekit.net/af/705e94/00000000000000003b9b3062/27/ 33 KB
33 KB 30ms
6ms Font
application/font-woff2 2a02:26f0:6c00::210:ba2a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/705e94/00000000000000003b9b3062/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/eml7xva.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba2a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: f37e21c653607facbf39ad55a0d09b23fbda4ee1be8202257bd4c218eb1544ee

Request headers

Origin: https://labs.bishopfox.com
Referer: https://use.typekit.net/eml7xva.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:37:30 GMT
server: nginx
etag: "79fea02668402fc378c129193093131a2db2577c"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 33568

GET
H2 200 l
use.typekit.net/af/949f99/00000000000000003b9b3068/27/ 34 KB
34 KB 37ms
13ms Font
application/font-woff2 2a02:26f0:6c00::210:ba2a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/949f99/00000000000000003b9b3068/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/eml7xva.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba2a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 3302ef568a096b5d784190fc4a27a5360a9e0a22c069d90253c6341e311024d8

Request headers

Origin: https://labs.bishopfox.com
Referer: https://use.typekit.net/eml7xva.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:37:30 GMT
server: nginx
etag: "b5fef031a96fc670f9c3b1b64dd52243a29d7531"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 34344

GET
H2 200 l
use.typekit.net/af/0ff5e1/00000000000000003b9b3078/27/ 33 KB
34 KB 41ms
18ms Font
application/font-woff2 2a02:26f0:6c00::210:ba2a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/0ff5e1/00000000000000003b9b3078/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/eml7xva.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba2a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: f1e795a81ef9726704c4c4c7176d2853aef32a7afd9d2aa7da1b4ebdf93cd7af

Request headers

Origin: https://labs.bishopfox.com
Referer: https://use.typekit.net/eml7xva.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:37:30 GMT
server: nginx
etag: "5604717ace233ade2de274e8019e41d7eecd75db"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 34104

GET
H2 200 l
use.typekit.net/af/8e2bbd/00000000000000003b9b3072/27/ 33 KB
33 KB 30ms
7ms Font
application/font-woff2 2a02:26f0:6c00::210:ba2a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/8e2bbd/00000000000000003b9b3072/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/eml7xva.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba2a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 25df7745c61ea8874fe9ec932de0beafff58b79398cc5fbdf304b87d5ba1fc11

Request headers

Origin: https://labs.bishopfox.com
Referer: https://use.typekit.net/eml7xva.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:37:30 GMT
server: nginx
etag: "dd3ed5a051a56eebcd930c279014a0f1613402d5"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 33344

GET
H2 200 l
use.typekit.net/af/5c70f2/00000000000000003b9b3063/27/ 34 KB
35 KB 40ms
17ms Font
application/font-woff2 2a02:26f0:6c00::210:ba2a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/5c70f2/00000000000000003b9b3063/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/eml7xva.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba2a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: f685d36f3f62589ffc7cb9633a82850958978f8803780ece24c613ca6f8cf563

Request headers

Origin: https://labs.bishopfox.com
Referer: https://use.typekit.net/eml7xva.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:37:30 GMT
server: nginx
etag: "d9c559430b0162ff50e16cf6dad5514fa963f9ff"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 35116

GET
H2 200 l
use.typekit.net/af/30f4b6/00000000000000003b9b3070/27/ 33 KB
33 KB 31ms
11ms Font
application/font-woff2 2a02:26f0:6c00::210:ba2a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/30f4b6/00000000000000003b9b3070/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/eml7xva.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba2a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: b16d98329e42d0a88591acdde3183e9eb4265d23be18534b6bfba20332fb4483

Request headers

Origin: https://labs.bishopfox.com
Referer: https://use.typekit.net/eml7xva.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:37:30 GMT
server: nginx
etag: "ef4723cacc2d2381040becd10eea57a772fb6a45"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 33332

GET
H2 200 l
use.typekit.net/af/576d53/00000000000000003b9b3066/27/ 33 KB
33 KB 29ms
16ms Font
application/font-woff2 2a02:26f0:6c00::210:ba2a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/576d53/00000000000000003b9b3066/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n6&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/eml7xva.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba2a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: e08069362721d144d84f24395fd827901ad1eb93254333b4090971e4bad7a4a6

Request headers

Origin: https://labs.bishopfox.com
Referer: https://use.typekit.net/eml7xva.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:37:30 GMT
server: nginx
etag: "fa333b49edecc210478c16168adee736b2ad6c1f"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 33280

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TCFGBGH

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Jun 2021 17:36:57 GMT
server: Golfe2
age: 5413
date: Thu, 22 Jul 2021 02:07:18 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19661
expires: Thu, 22 Jul 2021 04:07:18 GMT

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 5 KB
2 KB 22ms
6ms Script
application/x-javascript 2a02:26f0:6c00:296::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TCFGBGH
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:296::25ea Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 6e6e6a03e72a528c28884b50bf296425667f38dd0aaf1dd17ce89199ffc85271

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 22 Jul 2021 03:37:31 GMT
Content-Encoding: gzip
Last-Modified: Tue, 15 Jun 2021 01:25:13 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=11433
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2079

GET
H3-29

200

activityi;dc_pre=CMGOhY7g9fECFRz-uwgdteMKJA;src=10586810;type=conve0;cat=allpa0;ord=4438806904163;gtm=2wg7j0;auiddc=1706133924.1626925051;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fc... Show response
10586810.fls.doubleclick.net/ Frame 091F
Redirect Chain

https://10586810.fls.doubleclick.net/activityi;src=10586810;type=conve0;cat=allpa0;ord=4438806904163;gtm=2wg7j0;auiddc=1706133924.1626925051;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%...
https://10586810.fls.doubleclick.net/activityi;dc_pre=CMGOhY7g9fECFRz-uwgdteMKJA;src=10586810;type=conve0;cat=allpa0;ord=4438806904163;gtm=2wg7j0;auiddc=1706133924.1626925051;ps=1;~oref=https%3A%2F...

462 B
407 B

83ms
43ms

Document
text/html

142.250.186.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10586810.fls.doubleclick.net/activityi;dc_pre=CMGOhY7g9fECFRz-uwgdteMKJA;src=10586810;type=conve0;cat=allpa0;ord=4438806904163;gtm=2wg7j0;auiddc=1706133924.1626925051;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TCFGBGH

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f6.1e100.net

Software

cafe /

Resource Hash

a2fcab9b0f044752f4d66987711b25700a8e98a19e08913a1409d163bc5abc22

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 10586810.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=CMGOhY7g9fECFRz-uwgdteMKJA;src=10586810;type=conve0;cat=allpa0;ord=4438806904163;gtm=2wg7j0;auiddc=1706133924.1626925051;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: about:blank

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 22 Jul 2021 03:37:31 GMT
expires: Thu, 22 Jul 2021 03:37:31 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 382
x-xss-protection: 0
set-cookie: IDE=AHWqTUmlKutRfuJNEGWNcaRWoKNypne1JBGe5CycOoa0ryzpIDxg-Kh8wQq1-tKWDZo; expires=Tue, 16-Aug-2022 03:37:31 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 22 Jul 2021 03:37:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://10586810.fls.doubleclick.net/activityi;dc_pre=CMGOhY7g9fECFRz-uwgdteMKJA;src=10586810;type=conve0;cat=allpa0;ord=4438806904163;gtm=2wg7j0;auiddc=1706133924.1626925051;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29

200

activityi;dc_pre=CIeQhY7g9fECFR_Iuwgd5jYINg;src=10586810;type=conve0;cat=uniqu0;ord=1;num=1294551682148;gtm=2wg7j0;auiddc=1706133924.1626925051;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-bl... Show response
10586810.fls.doubleclick.net/ Frame A281
Redirect Chain

https://10586810.fls.doubleclick.net/activityi;src=10586810;type=conve0;cat=uniqu0;ord=1;num=1294551682148;gtm=2wg7j0;auiddc=1706133924.1626925051;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech...
https://10586810.fls.doubleclick.net/activityi;dc_pre=CIeQhY7g9fECFR_Iuwgd5jYINg;src=10586810;type=conve0;cat=uniqu0;ord=1;num=1294551682148;gtm=2wg7j0;auiddc=1706133924.1626925051;ps=1;~oref=https...

468 B
412 B

83ms
43ms

Document
text/html

142.250.186.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10586810.fls.doubleclick.net/activityi;dc_pre=CIeQhY7g9fECFR_Iuwgd5jYINg;src=10586810;type=conve0;cat=uniqu0;ord=1;num=1294551682148;gtm=2wg7j0;auiddc=1706133924.1626925051;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TCFGBGH

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f6.1e100.net

Software

cafe /

Resource Hash

22a2a12701cd3a206ecc9f541096d94faf16f53909a97184b6c42a9de945b017

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 10586810.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=CIeQhY7g9fECFR_Iuwgd5jYINg;src=10586810;type=conve0;cat=uniqu0;ord=1;num=1294551682148;gtm=2wg7j0;auiddc=1706133924.1626925051;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: about:blank

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 22 Jul 2021 03:37:31 GMT
expires: Thu, 22 Jul 2021 03:37:31 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 387
x-xss-protection: 0
set-cookie: IDE=AHWqTUnbuxn1AyTNBqg8bS5yvYjrJRv6kXTjoNYCf5rMEDUV-dDVpm1Sd30ZH3gpHQQ; expires=Tue, 16-Aug-2022 03:37:31 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 22 Jul 2021 03:37:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://10586810.fls.doubleclick.net/activityi;dc_pre=CIeQhY7g9fECFR_Iuwgd5jYINg;src=10586810;type=conve0;cat=uniqu0;ord=1;num=1294551682148;gtm=2wg7j0;auiddc=1706133924.1626925051;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 bat.js Show response
bat.bing.com/ 30 KB
9 KB 49ms
32ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TCFGBGH
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 6e9e8d16e703a71a0020912bb5435e8af2e5b41bbd4661905471f84dfb52e1d3

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:37:30 GMT
content-encoding: gzip
last-modified: Tue, 20 Jul 2021 18:24:21 GMT
x-msedge-ref: Ref A: 51BC34B4AB0946B1824BC1916BCB4B50 Ref B: FRAEDGE1216 Ref C: 2021-07-22T03:37:31Z
etag: "80b87575947dd71:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 9014

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 4 KB
2 KB 114ms
37ms Script
application/x-javascript 13.226.146.155
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TCFGBGH
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.146.155 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-146-155.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 21 Jul 2021 03:47:12 GMT
Content-Encoding: gzip
Last-Modified: Thu, 24 Sep 2020 15:15:34 GMT
Server: AmazonS3
Age: 85820
ETag: W/"98d98b3499058b76d58073cf8ede2f10"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/x-javascript
Via: 1.1 d47fba004c254adb4e354d0cef499808.cloudfront.net (CloudFront)
Connection: keep-alive
Transfer-Encoding: chunked
X-Amz-Cf-Pop: DUS51-C1
X-Amz-Cf-Id: teajXaLzmhQCp_TRZuPNRdlFiuPcGLk9D75r048FBqu_awA4yghLog==

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 107ms
35ms Script
application/x-javascript 104.111.234.67
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.234.67 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-234-67.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 026c5db877da222d2316bf1197b8947a96c7623d51a4d462c91bf927dece3429

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 22 Jul 2021 03:37:31 GMT
Content-Encoding: gzip
Last-Modified: Fri, 28 May 2021 01:40:41 GMT
Server: AkamaiNetStorage
ETag: "5379c4a40ff8ae9d2fc6484dd1c57349:1622166041.794746"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 753

GET
H2 200 activityi;register_conversion=1;src=10586810;type=conve0;cat=allpa0;ord=4438806904163;gtm=2wg7j0;auiddc=1706133924.1626925051;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-1893...
10586810.fls.doubleclick.net/ 0
0 124ms
41ms Image
text/html 142.250.186.102
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://10586810.fls.doubleclick.net/activityi;register_conversion=1;src=10586810;type=conve0;cat=allpa0;ord=4438806904163;gtm=2wg7j0;auiddc=1706133924.1626925051;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui?
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.186.102 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s06-in-f6.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 activityi;register_conversion=1;src=10586810;type=conve0;cat=uniqu0;ord=1;num=1294551682148;gtm=2wg7j0;auiddc=1706133924.1626925051;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-201...
10586810.fls.doubleclick.net/ 0
0 124ms
42ms Image
text/html 142.250.186.102
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://10586810.fls.doubleclick.net/activityi;register_conversion=1;src=10586810;type=conve0;cat=uniqu0;ord=1;num=1294551682148;gtm=2wg7j0;auiddc=1706133924.1626925051;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui?
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.186.102 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s06-in-f6.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 www-player-webp.css
www.youtube.com/s/player/375e32fd/ Frame 35C0 324 KB
45 KB 19ms
16ms Stylesheet
text/css 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/375e32fd/www-player-webp.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/--6PiuvBGAU

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d815775f36de7cf811a67054ef9b292cf0b7730c61faba018c5756fda850f136

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/--6PiuvBGAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 21 Jul 2021 19:11:04 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 19 Jul 2021 22:02:38 GMT
server: sffe
age: 30387
vary: Accept-Encoding, Origin
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45807
x-xss-protection: 0
expires: Thu, 21 Jul 2022 19:11:04 GMT

GET
H3-29 200 www-embed-player.js Show response
www.youtube.com/s/player/375e32fd/www-embed-player.vflset/ Frame 35C0 193 KB
64 KB 16ms
14ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/375e32fd/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/--6PiuvBGAU

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1f615b1fabd2cf1d98aaf41bdfd08132dffd9fc1dc18ab64405dbb46dd485ead

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/--6PiuvBGAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 21 Jul 2021 09:38:47 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 19 Jul 2021 22:02:38 GMT
server: sffe
age: 64724
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 65187
x-xss-protection: 0
expires: Thu, 21 Jul 2022 09:38:47 GMT

GET
H3-29 200 base.js Show response
www.youtube.com/s/player/375e32fd/player_ias.vflset/en_US/ Frame 35C0 2 MB
490 KB 26ms
24ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/375e32fd/player_ias.vflset/en_US/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/--6PiuvBGAU

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d86523be80d02b9c4cee80c7b97d0cdd370735bdbbdb29b4da019b0227b1d715

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/--6PiuvBGAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Jul 2021 01:05:18 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 19 Jul 2021 22:02:38 GMT
server: sffe
age: 181933
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 501483
x-xss-protection: 0
expires: Wed, 20 Jul 2022 01:05:18 GMT

GET
H3-29 200 fetch-polyfill.js Show response
www.youtube.com/s/player/375e32fd/fetch-polyfill.vflset/ Frame 35C0 8 KB
3 KB 27ms
25ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/375e32fd/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/--6PiuvBGAU

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/--6PiuvBGAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 21 Jul 2021 08:55:26 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 19 Jul 2021 22:02:38 GMT
server: sffe
age: 67325
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2830
x-xss-protection: 0
expires: Thu, 21 Jul 2022 08:55:26 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 35C0 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/--6PiuvBGAU

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.youtube.com
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Jul 2021 21:27:21 GMT
x-content-type-options: nosniff
age: 195010
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 19 Jul 2022 21:27:21 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 27ms
13ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j91&a=1593375026&t=pageview&_s=1&dl=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&ul=en-us&de=UTF-8&dt=CVE-2019-18935%3A%20Remote%20Code%20Execution%20via%20Insecure%20Deserialization%20in%20Telerik%20UI&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=2037427725&gjid=636184068&cid=1840417011.1626925051&tid=UA-41346121-1&_gid=712979210.1626925051&_r=1&gtm=2wg7j0TCFGBGH&z=389179279

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 22 Jul 2021 03:37:31 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://labs.bishopfox.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2404668&time=1626925051192&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2404668%26time%3D1626925051192%26url%3Dhttps%253A%252F%252Flabs.bishopfox.com%252...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2404668&time=1626925051192&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2404668&time=1626925051192&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&liSync=true&e_ip...

0
156 B

609ms
396ms

Image
application/javascript

108.174.10.14
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2404668&time=1626925051192&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&liSync=true&e_ipv6=AQLEjCbrJ3rKJgAAAXrMSjC-49V0R9rzlmXJnsP3rTPo8xGt0eB5y3-Mfc_e9qOjah6I-j3o
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.174.10.14 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS: 108-174-10-14.fwd.linkedin.com
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:37:32 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-proto: http/2
x-li-pop: prod-edc2
content-type: application/javascript
content-length: 0
x-li-uuid: V5XeIrf/kxbgCMZUlSsAAA==

Redirect headers

date: Thu, 22 Jul 2021 03:37:32 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2404668&time=1626925051192&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&liSync=true&e_ipv6=AQLEjCbrJ3rKJgAAAXrMSjC-49V0R9rzlmXJnsP3rTPo8xGt0eB5y3-Mfc_e9qOjah6I-j3o
x-li-proto: http/2
x-li-pop: prod-esv5
content-length: 0
x-li-uuid: BiLUDLf/kxYQaZIv1yoAAA==

GET
H2 204 134000327.js Show response
bat.bing.com/p/action/ 0
126 B 135ms
135ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/p/action/134000327.js
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ARR/3.0
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 22 Jul 2021 03:37:30 GMT
cache-control: private,max-age=86400
x-msedge-ref: Ref A: 298C094C223F4FC1823F6B5904FF2604 Ref B: FRAEDGE1216 Ref C: 2021-07-22T03:37:31Z
x-powered-by: ARR/3.0
x-cache: CONFIG_NOCACHE

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
90 B 15ms
15ms XHR
text/plain 2a00:1450:400c:c08::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j91&tid=UA-41346121-1&cid=1840417011.1626925051&jid=2037427725&gjid=636184068&_gid=712979210.1626925051&_u=YEBAAEAAAAAAAC~&z=1648014460

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c08::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 22 Jul 2021 03:37:31 GMT
content-type: text/plain
access-control-allow-origin: https://labs.bishopfox.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 18ms
17ms Image
image/gif 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j91&tid=UA-41346121-1&cid=1840417011.1626925051&jid=2037427725&_u=YEBAAEAAAAAAAC~&z=306345387

Requested by

Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jul 2021 03:37:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 17ms
16ms Image
image/gif 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j91&tid=UA-41346121-1&cid=1840417011.1626925051&jid=2037427725&_u=YEBAAEAAAAAAAC~&z=306345387

Requested by

Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jul 2021 03:37:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/160/ 11 KB
5 KB 35ms
35ms Script
application/x-javascript 104.111.234.67
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/160/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.234.67 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-234-67.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 99fa5a280296b5fc7b63433ee121a359fc68c4a37f04a87d363e751164b96ff1

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 22 Jul 2021 03:37:31 GMT
Content-Encoding: gzip
Last-Modified: Fri, 19 Feb 2021 02:54:38 GMT
Server: AkamaiNetStorage
ETag: "19a9335fd71267d56e65bc19390f3100:1613703278.138281"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 4811
Expires: Sat, 30 Oct 2021 03:37:31 GMT

GET
H2 200 id Show response
googleads.g.doubleclick.net/pagead/ Frame 35C0 113 B
446 B 14ms
14ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/375e32fd/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7d2c0543185435c8941bd11a2ce50d36859a31a5e8b22e33aeda46123a7ce8a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:37:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame 35C0 29 B
92 B 6ms
5ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/375e32fd/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:25:38 GMT
x-content-type-options: nosniff
age: 713
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-doubleclick-media
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29
x-xss-protection: 0
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 22 Jul 2021 03:40:38 GMT

GET
H3-29 200 remote.js Show response
www.youtube.com/s/player/375e32fd/player_ias.vflset/en_US/ Frame 35C0 95 KB
29 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/375e32fd/player_ias.vflset/en_US/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/375e32fd/player_ias.vflset/en_US/base.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3ef81173757647db7c44ab67076b68daf17ead7d7ab5d07e5896697b96ff200e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/--6PiuvBGAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Jul 2021 01:05:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 181932
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/youtube
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29774
x-xss-protection: 0
last-modified: Mon, 19 Jul 2021 22:02:38 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Jul 2022 01:05:19 GMT

GET
H3-29 200 obqfQMEp_iilTINLCPZSXqKgALNC6hI-3FXIIX-05jc.js Show response
www.google.com/js/th/ Frame 35C0 35 KB
13 KB 15ms
13ms Script
text/javascript 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/obqfQMEp_iilTINLCPZSXqKgALNC6hI-3FXIIX-05jc.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/375e32fd/player_ias.vflset/en_US/base.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a1ba9f40c129fe28a54c834b08f6525ea2a000b342ea123edc55c8217fb4e637

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 18 Jul 2021 07:33:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 331437
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13214
x-xss-protection: 0
last-modified: Tue, 06 Jul 2021 09:00:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 18 Jul 2022 07:33:34 GMT

GET
H3-29 200 embed.js Show response
www.youtube.com/s/player/375e32fd/player_ias.vflset/en_US/ Frame 35C0 25 KB
7 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/375e32fd/player_ias.vflset/en_US/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/375e32fd/player_ias.vflset/en_US/base.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0231a5775008747835c6685144722b57d04eeb0d1ce2aa15dea643db580d89db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/--6PiuvBGAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Jul 2021 01:05:19 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 19 Jul 2021 22:02:38 GMT
server: sffe
age: 181932
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7481
x-xss-protection: 0
expires: Wed, 20 Jul 2022 01:05:19 GMT

GET
DATA 200
OK truncated
/ Frame 35C0 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 AKedOLTnNTrlvH5lxMBnziStuFcUPvuj94BWnqOw3CIM=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ytc/ Frame 35C0 6 KB
6 KB 201ms
201ms Image
image/jpeg 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/ytc/AKedOLTnNTrlvH5lxMBnziStuFcUPvuj94BWnqOw3CIM=s68-c-k-c0x00ffffff-no-rj

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/--6PiuvBGAU

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

feaa7992ef35861b8d44154637994e457998e2a27617f7e179e8302238e23cd4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:37:31 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5843
x-xss-protection: 0
server: fife
etag: "v9"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 07 Jul 2021 15:42:01 GMT

GET
H2 200 sddefault.webp
i.ytimg.com/vi_webp/--6PiuvBGAU/ Frame 35C0 9 KB
9 KB 19ms
19ms Image
image/webp 2a00:1450:4001:80e::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi_webp/--6PiuvBGAU/sddefault.webp

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/--6PiuvBGAU

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1943f3b04a44d0c87b27581e293ae88f0550384fdedb54719cd3959251b39cac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:37:31 GMT
x-content-type-options: nosniff
server: sffe
age: 0
etag: "0"
vary: Origin
content-type: image/webp
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8740
x-xss-protection: 0
expires: Thu, 22 Jul 2021 05:37:31 GMT

GET
H2 200 bf7cf23a-dadb-44fe-a34a-8298a231677f Show response
labs.bishopfox.com/_hcms/forms//embed/v3/form/5632775/ 20 KB
5 KB 160ms
160ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.bishopfox.com/_hcms/forms//embed/v3/form/5632775/bf7cf23a-dadb-44fe-a34a-8298a231677f?callback=hs_reqwest_0&hutk=

Requested by

Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/_hcms/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e17c92b62c316731fd4f844afa063d84af6c174a21cd31c15a300bad7fefa59e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /_hcms/forms//embed/v3/form/5632775/bf7cf23a-dadb-44fe-a34a-8298a231677f?callback=hs_reqwest_0&hutk=
pragma: no-cache
cookie: __cfruid=fa6023a5da56304eac17fce3971353e192427765-1626925050; _gcl_au=1.1.1706133924.1626925051; _ga=GA1.2.1840417011.1626925051; _gid=GA1.2.712979210.1626925051; _gat_UA-41346121-1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: labs.bishopfox.com
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:37:31 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 62dd8722-e7e3-45c3-af20-aeaa152ac401
content-disposition: attachment; filename=no-rfd.txt
vary: Accept-Encoding
server: cloudflare
x-trace: 2BC40D1176C8DC98774C2054BB06D5DD35F193EDDD000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V6fWp01Nc8nXV9ezIkcCloINz%2B1ZG%2F6zF7MsrJayjt7XZyk5qfr96qLOPLFf9DSL%2B0oXr0Q%2FlReUDppjkW0D4Cg3bCzZnUj%2FKdGW7XF8MQwC63WUhsuQSl6NwoaM%2BWGm8nS82gqoZ8CYuY8xzjdcTA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
cf-ray: 6729a184be6c203f-AMS

GET
H2 200 all.js Show response
connect.facebook.net/en_GB/ 3 KB
2 KB 19ms
7ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/all.js

Requested by

Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

119130079501fbf39b1dfefebd924c636d097c502cfe0dc5280eb1129a18ac7f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: eGAfKB9/7tc+3zwmfRX90g==
cross-origin-resource-policy: cross-origin
expires: Thu, 22 Jul 2021 03:48:21 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1684
x-fb-rlafr: 0
x-fb-debug: an1rHBXGue6bJZAhyx88tdZV9erapXMQKt+a6lzhFwzTeL/gJVLA9FWTTmMRUDX3Yk8fk5Ggnn13plX6bHYhxw==
x-fb-trip-id: 686109401
x-fb-content-md5: e847bb7fe21686762d42647d5f7c4b79
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coop_report"
date: Thu, 22 Jul 2021 03:37:31 GMT
x-frame-options: DENY
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coop_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "2895e890e00e9916ed9d565f47b9d2cc"
timing-allow-origin: *
priority: u=3,i
access-control-expose-headers: X-FB-Content-MD5

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 95 KB
29 KB 29ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BA) /
Resource Hash: a12b87855b6403c6f73092396d80541a6984aae03097a637769291d9cad15d19

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 22 Jul 2021 03:37:31 GMT
Content-Encoding: gzip
Last-Modified: Wed, 28 Apr 2021 17:57:32 GMT
Server: ECS (frb/67BA)
Age: 880
Etag: "9eb59e5602fef4b3ebf6090856ff21db+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 28779

GET
H2 200 public Show response
api-na1.hubapi.com/comments/v3/comments/thread/ 232 B
906 B 455ms
408ms Script
application/javascript 2606:4700::6811:c8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api-na1.hubapi.com/comments/v3/comments/thread/public?portalId=5632775&offset=0&limit=10000&contentId=23317514002&collectionId=10492047050&callback=jsonp_1626925051640_33884

Requested by

Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/hs/hsstatic/AsyncSupport/static-1.94/js/comment_listing_asset.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:c8cc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ede0eded9069941a6a59ec14b3bb476213ec5a29f7ef2e95fc826d73f869288a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:37:32 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-hubspot-correlation-id: c14d8cc7-a669-417e-845f-be679b865ed2
x-trace: 2BD0D18173A0B1D75D44C404815DCD744C856F6318000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WGvEPYxQ1vBElkG026ez9ayoBobOohCp3GHBy%2FGrSnyA5jZdcGCMuvADGiWOc5GfI1QEo47rGxYtu8r1XYE9orSCHE83N0N4JUfp9xtXaPz5ID8%2FKTA3Sl3dzfuS%2BUQFnxz4QIC7RTVkv4YKuHk23A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6729a1850b4f00b2-AMS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H2 204 0
bat.bing.com/action/ 0
172 B 38ms
34ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=134000327&tm=gtm001&Ver=2&mid=4305d4b9-0fbf-477c-ad75-339142486f6a&sid=254cfe00ea9e11ebb2d07fd90154d653&vid=254d13c0ea9e11eba251b3755e46f304&vids=1&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=CVE-2019-18935%3A%20Remote%20Code%20Execution%20via%20Insecure%20Deserialization%20in%20Telerik%20UI&p=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&r=&lt=2326&evt=pageLoad&msclkid=N&sv=1&rn=902698
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Thu, 22 Jul 2021 03:37:31 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 9B4367FB83D748A89174347404D0BAA8 Ref B: FRAEDGE1216 Ref C: 2021-07-22T03:37:31Z
x-cache: CONFIG_NOCACHE
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
3 KB 62ms
25ms Script
application/javascript 2606:4700::6811:70b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hsadspixel.net/fb.js
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/hs/scriptloader/5632775.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:70b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4c91959cba13f585a90c75338d4648c4a85ba1fa37bebc831ddc5570bb31b553

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:37:31 GMT
via: 1.1 613faec4b883bfe2ebdd8a74d5006f4c.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 486
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=adsscriptloaderstatic/static-1.239/bundles/pixels-release.js&cfRay=672995a36c234c0d-AMS
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
x-amz-replication-status: COMPLETED
content-encoding: br
last-modified: Wed, 21 Jul 2021 02:37:54 UTC
server: cloudflare
etag: W/"e44498e40f8702c62c71cd0534a32a9f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: g5yPrf7s3oYLkRu1P6pmcpnvL8S03uLm
cache-control: max-age=600
x-hs-cache-status: HIT
x-amz-cf-pop: IAD89-C3
cf-ray: 6729a1851ad80c8d-AMS
x-amz-cf-id: t8APRSbfzse_LSLE6haTguNleg8HqEfrEs2TiJMQE3cIGe19BWIMlQ==
x-hs-target-asset: adsscriptloaderstatic/static-1.239/bundles/pixels-release.js

GET
H2 200 5632775.js Show response
js.hs-banner.com/ 60 KB
16 KB 564ms
528ms Script
text/javascript 2606:4700::6812:15bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/5632775.js
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/hs/scriptloader/5632775.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:15bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7fb8b3a958a39baa00cea459b26bcf33c2ff6f2407f1d6d5ae8b3efdaed0533b

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:37:32 GMT
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: B5WT4X531958Y2K1
x-amz-server-side-encryption: AES256
content-type: text/javascript; charset=UTF-8
access-control-max-age: 604800
x-amz-id-2: MRW3hUGLFOIZsrWljH/bV/y3ozuWMccKpjxBtjXspL13vVdkDkSP570nLfcU77NMENriD0iBkBs=
timing-allow-origin: *
last-modified: Wed, 14 Jul 2021 15:16:46 GMT
server: cloudflare
etag: W/"06a35bdb53cc0d2901d7923dc1ea2048"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-amz-version-id: Ne0f5vMO79sOOoDCUdkSVJh4lfLXKWgp
access-control-allow-origin: https://labs.bishopfox.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300, public
access-control-allow-credentials: true
cf-ray: 6729a1851d06008f-AMS
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires: Thu, 22 Jul 2021 03:42:32 GMT

GET
H2 200 conversations-embed.js Show response
js.usemessages.com/ 81 KB
21 KB 67ms
29ms Script
application/javascript 2606:4700::6811:ebcc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.usemessages.com/conversations-embed.js
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/hs/scriptloader/5632775.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:ebcc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3311c5fc9923e040a645ded86a5aa4f4624a999e99e1deb35721eaab0393b05e

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:37:31 GMT
via: 1.1 20579d8c7e6a7d159f211e9ee1d4003c.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 528
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=conversations-embed/static-1.9069/bundles/project.js&cfRay=6729949dc8709bfd-AMS
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
x-amz-replication-status: PENDING
content-encoding: br
last-modified: Wed, 21 Jul 2021 05:57:38 UTC
server: cloudflare
etag: W/"371c6640a06181d7fdc480717e3fbf3d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: C2IWLUWBVVUl0_72BuM6pup7Z2UNzL2R
cache-control: max-age=600
x-hs-cache-status: EXPIRED
x-amz-cf-pop: IAD89-C3
cf-ray: 6729a1851cd8bdf0-AMS
x-amz-cf-id: INv7BxzxwtxavmK5SMLOjCNHPtjCbqxyRffPOi2LkObUO-ULEJh7dg==
x-hs-target-asset: conversations-embed/static-1.9069/bundles/project.js

GET
H2 200 5632775.js Show response
js.hs-analytics.net/analytics/1626924900000/ 62 KB
20 KB 149ms
114ms Script
text/javascript 2606:4700::6811:47b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1626924900000/5632775.js
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/hs/scriptloader/5632775.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:47b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6ee10a591b0a0848531baa06c5996e740e8d7bc77a0589bc625e21c0c7777682

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:37:31 GMT
content-encoding: br
cf-cache-status: MISS
x-guploader-uploadid: ADPycdsZf_tdnsqVswSrDOYscxv6BV_dePqqyWZ-R_5p4SJhPMnfcinm1ZRIFde7O1M3ZCqfRYJjbv28VCnyXrJ3nkoPjNE5pw
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: text/javascript
last-modified: Mon, 19 Jul 2021 15:14:42 GMT
server: cloudflare
etag: W/"0d7f731cdd93d14a5d4ada92f54258ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=eCX/dw==, md5=DX9zHN2T0UpdStqS9UJYug==
x-goog-generation: 1626707682255765
cache-control: max-age=300, public
access-control-allow-credentials: false
x-goog-stored-content-length: 63403
cf-ray: 6729a1851b0872a5-AMS
expires: Thu, 22 Jul 2021 03:42:31 GMT

GET
H2 200 dc_pre=CIeQhY7g9fECFR_Iuwgd5jYINg;src=10586810;type=conve0;cat=uniqu0;ord=1;num=1294551682148;gtm=2wg7j0;auiddc=*;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-cod...
adservice.google.com/ddm/fls/z/ Frame A281 42 B
262 B 17ms
16ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CIeQhY7g9fECFR_Iuwgd5jYINg;src=10586810;type=conve0;cat=uniqu0;ord=1;num=1294551682148;gtm=2wg7j0;auiddc=*;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui

Requested by

Host: 10586810.fls.doubleclick.net
URL: https://10586810.fls.doubleclick.net/activityi;dc_pre=CIeQhY7g9fECFR_Iuwgd5jYINg;src=10586810;type=conve0;cat=uniqu0;ord=1;num=1294551682148;gtm=2wg7j0;auiddc=1706133924.1626925051;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10586810.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jul 2021 03:37:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pre=CMGOhY7g9fECFRz-uwgdteMKJA;src=10586810;type=conve0;cat=allpa0;ord=4438806904163;gtm=2wg7j0;auiddc=*;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-exec...
adservice.google.com/ddm/fls/z/ Frame 091F 42 B
107 B 17ms
16ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CMGOhY7g9fECFRz-uwgdteMKJA;src=10586810;type=conve0;cat=allpa0;ord=4438806904163;gtm=2wg7j0;auiddc=*;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui

Requested by

Host: 10586810.fls.doubleclick.net
URL: https://10586810.fls.doubleclick.net/activityi;dc_pre=CMGOhY7g9fECFRz-uwgdteMKJA;src=10586810;type=conve0;cat=allpa0;ord=4438806904163;gtm=2wg7j0;auiddc=1706133924.1626925051;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10586810.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jul 2021 03:37:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame 35C0 4 KB
2 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/375e32fd/player_ias.vflset/en_US/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:37:31 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
x-content-type-options: nosniff
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2007
x-xss-protection: 0
expires: Thu, 22 Jul 2021 03:37:31 GMT

GET
H3-29 204 generate_204
www.youtube.com/ Frame 35C0 0
9 B 6ms
5ms Image
text/plain 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?eGMGCQ
Requested by: Host: www.youtube.com
URL: https://www.youtube.com/embed/--6PiuvBGAU
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.youtube.com/embed/--6PiuvBGAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:37:31 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3-29 200 all.js Show response
connect.facebook.net/en_GB/ 233 KB
68 KB 8ms
7ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/all.js?hash=46e2a58f895e9eb3ff3dd79e33dd7ffb

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/all.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

1d3f4af2b5ef17b67540f59d76196f89b18fa80ba8c0662840e21f072064d557

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://labs.bishopfox.com
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: Y7dXXa0vlCD+WXzbCAS0zw==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 69114
x-fb-rlafr: 0
x-fb-debug: Lai/vvWXUIm3qJA6QxuvHp0cNU46fmjhQ0EFVV95RCZ+dZrhSY8BacrRNurfeH+FFzDpwhTJ1zdFh2CmXpbNTA==
x-fb-content-md5: 47f9b3b6566e94e4f0e2d4ca323257bf
x-frame-options: DENY
date: Thu, 22 Jul 2021 03:37:31 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "4ba91b263c3cbcc18b7918d109e65c72"
timing-allow-origin: *
priority: u=3,i
expires: Fri, 22 Jul 2022 02:55:09 GMT

GET
H/1.1 200
OK widget_iframe.06c6ee58c3810956b7509218508c7b56.html Show response
platform.twitter.com/widgets/ Frame 03D9 319 KB
103 KB 6ms
6ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Flabs.bishopfox.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BA) /
Resource Hash: 5f789ea36ae4671282524bda454709578d63b915b782c1e041132a7e726ff1c3

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 32395
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Thu, 22 Jul 2021 03:37:31 GMT
Etag: "dab7ee9ff99366614e06e117bab5e542+gzip"
Last-Modified: Wed, 28 Apr 2021 17:56:54 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/67BA)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 105298

GET
H2 200 widget Show response
labs.bishopfox.com/_hcms/livechat/ 296 B
1009 B 184ms
184ms XHR
application/json 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.bishopfox.com/_hcms/livechat/widget?portalId=5632775&conversations-embed=static-1.9069&mobile=false&messagesUtk=db8ab616e7264199ba66fe2803992ec9&traceId=db8ab616e7264199ba66fe2803992ec9

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

61899dcdd7ae151fb8ac304c95b10b9574846c5688fa68b1bf2860435e00d250

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-fetch-mode: cors
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: __cfruid=fa6023a5da56304eac17fce3971353e192427765-1626925050; _gcl_au=1.1.1706133924.1626925051; _ga=GA1.2.1840417011.1626925051; _gid=GA1.2.712979210.1626925051; _gat_UA-41346121-1=1; _uetsid=254cfe00ea9e11ebb2d07fd90154d653; _uetvid=254d13c0ea9e11eba251b3755e46f304
x-hubspot-messages-uri: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:path: /_hcms/livechat/widget?portalId=5632775&conversations-embed=static-1.9069&mobile=false&messagesUtk=db8ab616e7264199ba66fe2803992ec9&traceId=db8ab616e7264199ba66fe2803992ec9
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: labs.bishopfox.com
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
X-HubSpot-Messages-Uri: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Response headers

date: Thu, 22 Jul 2021 03:37:32 GMT
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 62d37ea3-d8fe-4a6b-8f10-c9e1f7fe86db
server: cloudflare
x-trace: 2B2AEF071AF9C73AC0EE150C1F7C42457CEE1E1C93000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=35a4W8NRqP76jL3kCoJQsqqwJ9%2FlHHiBc3kK57y27uZxsOmYwoMGbO1ULfPWLjSwgXZLOdfAxDbeveusSVADkpWCrmicgEf459tbBvWIZKzT%2Bgmef2DfnPwU8c0RK6T3Wx2Sg2DGqPafr%2B9VHgEGXg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials: false
cf-ray: 6729a185f859203f-AMS
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 03D9 183 B
417 B 218ms
142ms Fetch
application/json 104.244.42.200
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=973c422c8f2b7f13a6dbf81d1a2a30a0c67d8422

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Flabs.bishopfox.com

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.200 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ced34f591157438ef47695f979ac95f8758408e8d9b88e63aee8b382ec975785

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:37:31 GMT
content-encoding: gzip
last-modified: Thu, 22 Jul 2021 03:37:32 GMT
server: tsa_o
vary: Origin
strict-transport-security: max-age=631138519
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
x-connection-hash: fb464c7dd637edfdb5ae8dcd38aa1303cdb2f450f86e2c857cc3eb79a7df8ffe
content-length: 152

GET
H2 200 up Show response
insight.adsrvr.org/track/ Frame 9918 0
182 B 146ms
48ms Document
text/html 52.50.64.214
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=g03mf9d&ref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&upid=793w4qu&upv=1.1.0
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.50.64.214 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-50-64-214.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: insight.adsrvr.org
:scheme: https
:path: /track/up?adv=g03mf9d&ref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&upid=793w4qu&upv=1.1.0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Response headers

date: Thu, 22 Jul 2021 03:37:32 GMT
content-type: text/html
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
366 B 85ms
56ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2736934676&v=1.1&a=5632775&pi=23317514002&ct=blog-post&ccu=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&cpi=23317514002&cgi=10492047050&lpi=23317514002&lvi=23317514002&lvc=en&pu=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&t=CVE-2019-18935%3A+Remote+Code+Execution+via+Insecure+Deserialization+in+Telerik+UI&cts=1626925052807&vi=ec96343f2237c011a9f17be2cdd6d6ad&nc=true&ce=false&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:37:32 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 19d4b4bc-3b3c-415c-bd59-325eeb857c31
cf-ray: 6729a18c481a4c92-AMS
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JCk2peljR2PleWTm12zY%2BFGttDK2w%2FwvL00SKlNXLYMRum3FhTo59Y6gMpieZHZJ%2BDvvk3K%2BrI%2B3Udz%2FF6Pe8A%2BVDncMwoANhAUnzGsWu92TdcY1vfmEhGpRGJG%2BHFp%2FGoXwzXTKHtID65Avjm8c"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
793 B 83ms
54ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=bf7cf23a-dadb-44fe-a34a-8298a231677f&fci=76927f41-a078-452e-aad2-7080d41ee95c&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2736934676&v=1.1&a=5632775&pi=23317514002&ct=blog-post&ccu=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&cpi=23317514002&cgi=10492047050&lpi=23317514002&lvi=23317514002&lvc=en&pu=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&t=CVE-2019-18935%3A+Remote+Code+Execution+via+Insecure+Deserialization+in+Telerik+UI&cts=1626925052812&vi=ec96343f2237c011a9f17be2cdd6d6ad&nc=true&ce=false&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:37:32 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 992df795-3872-4aa7-bdb9-6348dd4ad374
cf-ray: 6729a18c481e4c92-AMS
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hLXXWmNK9%2BhvNe99M5%2FNOeAYRE2UGplvQMNPJHVk35MeRFvfiFNeR%2FdjwN5E50my3QqNRX%2FGB2RlGT79%2B5adQoonRcIaXbOcngDZmS7u%2Fn3h%2BzUWfSaxeaNHsWlzzfxme7F3oENKF%2B8NPQT1xGX0"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 json Show response
api.hubapi.com/hs-script-loader-public/v1/config/pixel/ 67 B
930 B 164ms
135ms XHR
application/json 2606:4700::6811:cbcc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/hs-script-loader-public/v1/config/pixel/json?portalId=5632775

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:cbcc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

128456fa800b42cb5aaa2abfb7ea0b40f2ddac958d693581a57785ae1f50e7d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:37:32 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: bf1699fa-a17b-443b-adb9-c535c411e3f2
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server: cloudflare
x-trace: 2B0CDF2AFF1EB8FABDDACDE2AA715ABD07AE304179000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cROc%2Bw%2BloWyjZyZ5Xq%2FCYElCyCeln46nLviKS8sqQ7nBLDDXgJ%2FYcJe0jIATGUEH5lybaqOziXE4XeAnY4LojQWCr8Rm24ckd%2Fl8zYxATk1XQZJdlEDLgzPiDN1NCY210NTgmquo77NHj2xp"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
access-control-allow-origin: https://labs.bishopfox.com
access-control-allow-credentials: false
cf-ray: 6729a18c4d6f0109-AMS
access-control-allow-headers: *

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 94 KB
37 KB 45ms
31ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-730614786

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f6c04eed3cc9cf7d6bdd9999030fbd1fcd750080a930de0565bc86d501309f0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:37:33 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38010
x-xss-protection: 0
last-modified: Thu, 22 Jul 2021 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 22 Jul 2021 03:37:33 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 36 KB
14 KB 116ms
43ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-730614786

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

8069956acb4c566506ff71f7a23c8e23f75ce9443384fe3393ed5c846924026e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Jul 2021 03:37:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13910
x-xss-protection: 0
server: cafe
etag: 8154934153164151798
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 22 Jul 2021 03:37:33 GMT

GET
H3-29 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/730614786/ 2 KB
1 KB 28ms
27ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/730614786/?random=1626925053174&cv=9&fst=1626925053174&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7j0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&tiba=CVE-2019-18935%3A%20Remote%20Code%20Execution%20via%20Insecure%20Deserialization%20in%20Telerik%20UI&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c9c061dc3f183e03ca1cd0798c86bcdf8b8c7079b834fb8499edd6e5c8fc85e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jul 2021 03:37:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1104
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.com/pagead/1p-user-list/730614786/ 42 B
64 B 19ms
19ms Image
image/gif 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/730614786/?random=1626925053174&cv=9&fst=1626922800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7j0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&tiba=CVE-2019-18935%3A%20Remote%20Code%20Execution%20via%20Insecure%20Deserialization%20in%20Telerik%20UI&async=1&fmt=3&is_vtc=1&random=2132331213&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jul 2021 03:37:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.de/pagead/1p-user-list/730614786/ 42 B
64 B 25ms
24ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/730614786/?random=1626925053174&cv=9&fst=1626922800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7j0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&tiba=CVE-2019-18935%3A%20Remote%20Code%20Execution%20via%20Insecure%20Deserialization%20in%20Telerik%20UI&async=1&fmt=3&is_vtc=1&random=2132331213&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Jul 2021 03:37:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-29 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame 35C0 28 B
54 B 21ms
21ms XHR
application/json 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/375e32fd/www-embed-player.vflset/www-embed-player.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json
X-YouTube-Utc-Offset: 120
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/--6PiuvBGAU
X-YouTube-Client-Version: 1.20210718.0.1
X-YouTube-Time-Zone: Europe/Berlin
X-Goog-Visitor-Id: CgtjRmNkSGx3RC1GRSj6z-OHBg%3D%3D
X-YouTube-Ad-Signals: dt=1626925051222&flash=0&frm=2&u_tz=120&u_his=2&u_java&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug&u_nmime&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C560%2C315&vis=1&wgl=true&ca_type=image&bid=ANyPxKqtCbWadA9oB_dPS23ekAjIxgOvtNbQIi0Jj7JbsrpjLQt5eZw0nHun5A0HU0kIgw-KtNVqx0KpK_R8Mh6h18R-5tMVzA

Response headers

date: Thu, 22 Jul 2021 03:37:33 GMT
content-encoding: br
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31
x-xss-protection: 0
expires: Thu, 22 Jul 2021 03:37:33 GMT

POST
H2 200 perf Show response
labs.bishopfox.com/_hcms/ 2 B
515 B 146ms
146ms XHR
text/plain 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.bishopfox.com/_hcms/perf
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

sec-fetch-mode: cors
origin: https://labs.bishopfox.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
content-length: 827
:path: /_hcms/perf
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json
accept: */*
cache-control: no-cache
:authority: labs.bishopfox.com
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: application/json

Response headers

cf-ray: 6729a19eb818203f-AMS
date: Thu, 22 Jul 2021 03:37:35 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-hubspot-correlation-id: 03669e3e-e9ea-4cb1-9187-f71d684ed325
x-trace: 2BD1C1A95054B910422913E58B199914045A04FCF8000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BXxsRQ2oR4AWI7gQ0hT2%2B4OupnBVBFgHYzNRuR5Sv94WO0dY5%2Fo9zBzNIuN9rpYz%2BKxgB%2F3K7mqjgSHCwyBa0KBkPxm9EDFqosWw8ih5d3tPX0%2FR4vqCPgeIQTgcE1NB2hMpv%2BgI%2BNoCxTxxOJ7Niw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
access-control-allow-credentials: false
set-cookie: __cfruid=ca8aea1bab9e89de86d7b25e9587e489981a6e85-1626925055; path=/; domain=.labs.bishopfox.com; HttpOnly; Secure; SameSite=None
x-robots-tag: none
content-length: 2

Verdicts & Comments Add Verdict or Comment

118 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

14 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: z9W_xwNX_X4
.bishopfox.com/	1970-01-20 13:26:37	Name: _ga Value: GA1.2.1840417011.1626925051
.bishopfox.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.youtube.com/	1970-01-20 00:14:37	Name: VISITOR_INFO1_LIVE Value: cFcdHlwD-FE
.bishopfox.com/	1970-01-20 05:17:01	Name: hubspotutk Value: ec96343f2237c011a9f17be2cdd6d6ad
.bishopfox.com/	1970-01-20 05:17:01	Name: __hstc Value: 24978341.ec96343f2237c011a9f17be2cdd6d6ad.1626925052804.1626925052804.1626925052804.1
.bishopfox.com/	1970-01-19 22:05:01	Name: _gcl_au Value: 1.1.1706133924.1626925051
.bishopfox.com/	1970-01-20 05:17:01	Name: _uetvid Value: 254d13c0ea9e11eba251b3755e46f304
.bishopfox.com/	1970-01-19 19:56:51	Name: _uetsid Value: 254cfe00ea9e11ebb2d07fd90154d653
.doubleclick.net/	1970-01-20 05:17:01	Name: IDE Value: AHWqTUmlKutRfuJNEGWNcaRWoKNypne1JBGe5CycOoa0ryzpIDxg-Kh8wQq1-tKWDZo
.bishopfox.com/	1970-01-19 19:55:26	Name: __hssc Value: 24978341.1.1626925052805
.bishopfox.com/	1970-01-19 19:55:25	Name: _gat_UA-41346121-1 Value: 1
.bishopfox.com/	1970-01-19 19:56:51	Name: _gid Value: GA1.2.712979210.1626925051
.labs.bishopfox.com/	1969-12-31 23:59:59	Name: __cfruid Value: fa6023a5da56304eac17fce3971353e192427765-1626925050

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10586810.fls.doubleclick.net
adservice.google.com
api-na1.hubapi.com
api.hubapi.com
bat.bing.com
cdn2.hubspot.net
connect.facebook.net
fonts.gstatic.com
googleads.g.doubleclick.net
i.ytimg.com
insight.adsrvr.org
js.adsrvr.org
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.usemessages.com
know.bishopfox.com
labs.bishopfox.com
munchkin.marketo.net
p.typekit.net
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
px4.ads.linkedin.com
snap.licdn.com
static.doubleclick.net
stats.g.doubleclick.net
syndication.twitter.com
track.hubspot.com
use.typekit.net
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
www.youtube.com
yt3.ggpht.com
104.111.234.67
104.244.42.200
108.174.10.14
13.226.146.155
142.250.186.102
142.250.186.34
2606:2800:234:59:254c:406:2366:268c
2606:2c40::c73c:67fe
2606:4700::6811:47b0
2606:4700::6811:70b0
2606:4700::6811:c8cc
2606:4700::6811:cbcc
2606:4700::6811:ebcc
2606:4700::6811:f0cc
2606:4700::6812:15bf
2606:4700::6813:9a53
2620:119:50e1:101::6cae:b25
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:800::2003
2a00:1450:4001:801::2002
2a00:1450:4001:80e::2002
2a00:1450:4001:80e::2003
2a00:1450:4001:80e::200e
2a00:1450:4001:80e::2016
2a00:1450:4001:80f::2001
2a00:1450:4001:80f::200e
2a00:1450:4001:810::2003
2a00:1450:4001:811::2006
2a00:1450:4001:813::2003
2a00:1450:4001:828::200e
2a00:1450:4001:82b::2008
2a00:1450:4001:82f::2004
2a00:1450:4001:830::2002
2a00:1450:400c:c08::9a
2a02:26f0:6c00:28d::19fd
2a02:26f0:6c00:296::25ea
2a02:26f0:6c00::210:ba0a
2a02:26f0:6c00::210:ba2a
2a03:2880:f01c:8012:face:b00c:0:3
52.50.64.214
00a477d1f92a381e084e20f6d5100ceb7f0f3933bd5c60c67db1a450431e0161
0231a5775008747835c6685144722b57d04eeb0d1ce2aa15dea643db580d89db
026c5db877da222d2316bf1197b8947a96c7623d51a4d462c91bf927dece3429
07d59d11e10a2e559c0ce70c86b9736aed6a46a3b0b55c6cab658215ecb3ba57
09c4cb3040f901cc5a13fb0be1cd920cbb7a8d6dc2b3774f745ccac459462e19
0e4330fc42b9bc471699a995039181f9a8d98deba31c84c6961c7057e23c447c
0ee30e7a54d929815a5e90cec437288860efcd08700188b4fa7d277989142a81
119130079501fbf39b1dfefebd924c636d097c502cfe0dc5280eb1129a18ac7f
128456fa800b42cb5aaa2abfb7ea0b40f2ddac958d693581a57785ae1f50e7d3
1943f3b04a44d0c87b27581e293ae88f0550384fdedb54719cd3959251b39cac
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1d3f4af2b5ef17b67540f59d76196f89b18fa80ba8c0662840e21f072064d557
1f615b1fabd2cf1d98aaf41bdfd08132dffd9fc1dc18ab64405dbb46dd485ead
22a2a12701cd3a206ecc9f541096d94faf16f53909a97184b6c42a9de945b017
25df7745c61ea8874fe9ec932de0beafff58b79398cc5fbdf304b87d5ba1fc11
284b2892385bb5d7511f2ebc221ad6fa86383c889145406732edb734a3e4dfc9
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
3302ef568a096b5d784190fc4a27a5360a9e0a22c069d90253c6341e311024d8
3311c5fc9923e040a645ded86a5aa4f4624a999e99e1deb35721eaab0393b05e
341a4d40ad1b2560db940f906716d0e9539d4c0785399d7e0348fd0d3af00170
397ea9453748b35f255a67e3d8e3b4ea0451490297295b643d6cbcd01764885a
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3ef81173757647db7c44ab67076b68daf17ead7d7ab5d07e5896697b96ff200e
482764a09e130bd7446e86016ab44a442d73e2b295879cbb2666f7790478b187
4c91959cba13f585a90c75338d4648c4a85ba1fa37bebc831ddc5570bb31b553
53bbbcda593dc7d2483e3225fa353d9e8cad17c46baa7088ba0db94d66f0bf9e
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5d80a514d4ff6c64bab3d3c0a422e32ca989a0af6e05a0c6c4b721176ef08d16
5f789ea36ae4671282524bda454709578d63b915b782c1e041132a7e726ff1c3
61899dcdd7ae151fb8ac304c95b10b9574846c5688fa68b1bf2860435e00d250
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2
69aea70ed00c6297e407afc0b1ccf6db9629eedc412bf0779467f3e462d346e3
6e6e6a03e72a528c28884b50bf296425667f38dd0aaf1dd17ce89199ffc85271
6e9e8d16e703a71a0020912bb5435e8af2e5b41bbd4661905471f84dfb52e1d3
6ee10a591b0a0848531baa06c5996e740e8d7bc77a0589bc625e21c0c7777682
72230de642a6e6a4cc0059fd8555dcdace5fe8ca702e9e8d9f7030f0aa8e07c0
72ad15be9ebaf0ccb9f542bd82398a4ec5f69f1f30593eff9807473af1a907e7
73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89
77d3580baee5db2e7cffd2f03fde4352d7caddaef9a5b36804e0507624942bd2
7d2c0543185435c8941bd11a2ce50d36859a31a5e8b22e33aeda46123a7ce8a5
7fb8b3a958a39baa00cea459b26bcf33c2ff6f2407f1d6d5ae8b3efdaed0533b
8069956acb4c566506ff71f7a23c8e23f75ce9443384fe3393ed5c846924026e
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8e76c258de5ff336dbe47f183c1acde33442b3dbee808d813a57984fb4a3d9b6
99fa5a280296b5fc7b63433ee121a359fc68c4a37f04a87d363e751164b96ff1
9c9b17aaa6d7189ffe7cd7623f61f63b60df3178aaa8ced604a464c237178bce
a12b87855b6403c6f73092396d80541a6984aae03097a637769291d9cad15d19
a1ba9f40c129fe28a54c834b08f6525ea2a000b342ea123edc55c8217fb4e637
a2fcab9b0f044752f4d66987711b25700a8e98a19e08913a1409d163bc5abc22
a3a4acc91750315f26ccfdff67b14bdc2ff153fd397500ad60a5ce9e0bafa3b1
a86b8c1fa9a765b51d4954ea0ca03f07280c044c999d11609689d044eee7eb24
afee3609c2d320fbe4ff5a90eaccd92d9628453944181649631dee0081de9d9b
b16d98329e42d0a88591acdde3183e9eb4265d23be18534b6bfba20332fb4483
b1701e3fa666b6218db2a8b8034f8c843270e92c7244a5028f48e26e80420591
c34dbb609c6387f6175474daf591365e75a67780b5b5f10ca1e3a069187c694b
c537487e41dbee98cd3f7f1e6f651dfff83fd8de408bd94063823c8f3c94a81f
c8d76f539c79c8169dd727ae8842c1dfa3513378fada30cd91dbaf26a1290801
c9c061dc3f183e03ca1cd0798c86bcdf8b8c7079b834fb8499edd6e5c8fc85e5
ced34f591157438ef47695f979ac95f8758408e8d9b88e63aee8b382ec975785
cfe0094ec9c1e414159e1f064b9004d6af663e7b3c2d61c20a18e40e63d6a647
d0665aad66140bedfae8ee86351e3123060565001e33867552dd4b0f4a5a23d1
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
d815775f36de7cf811a67054ef9b292cf0b7730c61faba018c5756fda850f136
d86523be80d02b9c4cee80c7b97d0cdd370735bdbbdb29b4da019b0227b1d715
da5d5742702be2fedfec398352bf443885855cffc10fb87e9c125530b0abb3de
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980
e08069362721d144d84f24395fd827901ad1eb93254333b4090971e4bad7a4a6
e17c92b62c316731fd4f844afa063d84af6c174a21cd31c15a300bad7fefa59e
e2ee6d6f69609bea89523711226e83e44c0d4e2f90f699c11300f5e5e25d5afe
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4a38b04932e2ad77d85997f5cef0de384ecc1bb0b854cf619cb32501158692e
ede0eded9069941a6a59ec14b3bb476213ec5a29f7ef2e95fc826d73f869288a
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1e795a81ef9726704c4c4c7176d2853aef32a7afd9d2aa7da1b4ebdf93cd7af
f37e21c653607facbf39ad55a0d09b23fbda4ee1be8202257bd4c218eb1544ee
f60e5f09897f9af1a4190159019fa7617df27856207b153888844ffc5ac3790b
f685d36f3f62589ffc7cb9633a82850958978f8803780ece24c613ca6f8cf563
f6c04eed3cc9cf7d6bdd9999030fbd1fcd750080a930de0565bc86d501309f0f
fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5
feaa7992ef35861b8d44154637994e457998e2a27617f7e179e8302238e23cd4

labs.bishopfox.com Open in urlscan Pro 2606:2c40::c73c:67fe Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

93 Requests

100 %HTTPS

83 %IPv6

26 Domains

39 Subdomains

40 IPs

4 Countries

2876 kBTransfer

6831 kBSize

14 Cookies

66 Outgoing links

Page URL History

Redirected requests

93 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

labs.bishopfox.com Open in urlscan Pro
2606:2c40::c73c:67fe Public Scan

Screenshot
Live screenshot

Full Image

93
Requests

100 %
HTTPS

83 %
IPv6

26
Domains

39
Subdomains

40
IPs

4
Countries

2876 kB
Transfer

6831 kB
Size

14
Cookies

93 HTTP transactions
4 data transactions