zeifan.my Open in urlscan Pro
185.199.110.153 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
Submission: On September 14 via api (September 14th 2020, 9:37:47 pm UTC) from FR

Summary HTTP 53 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 19 IPs in 4 countries across 15 domains to perform 53 HTTP transactions. The main IP is 185.199.110.153, located in United States and belongs to FASTLY, US. The main domain is zeifan.my.

This is the only time zeifan.my was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
15	185.199.110.153 185.199.110.153	54113 (FASTLY) (FASTLY)
2	2001:4de0:ac1... 2001:4de0:ac19::1:b:3b	20446 (HIGHWINDS3) (HIGHWINDS3)
1	2a00:1450:400... 2a00:1450:4001:814::200a	15169 (GOOGLE) (GOOGLE)
5	151.101.12.133 151.101.12.133	54113 (FASTLY) (FASTLY)
2	2606:4700:10:... 2606:4700:10::ac43:484	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:81f::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81a::200a	15169 (GOOGLE) (GOOGLE)
1	2001:4de0:ac1... 2001:4de0:ac19::1:b:1a	20446 (HIGHWINDS3) (HIGHWINDS3)
2	2a00:1450:400... 2a00:1450:4001:81a::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:801::2003	15169 (GOOGLE) (GOOGLE)
4	151.101.112.157 151.101.112.157	54113 (FASTLY) (FASTLY)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1 3	199.232.196.134 199.232.196.134	54113 (FASTLY) (FASTLY)
2	2606:4700:303... 2606:4700:3034::ac43:a60b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:801::200d	15169 (GOOGLE) (GOOGLE)
1	104.244.42.8 104.244.42.8	13414 (TWITTER) (TWITTER)
3	2606:4700::68... 2606:4700::6812:a813	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	151.101.192.134 151.101.192.134	54113 (FASTLY) (FASTLY)
1	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
53	19

15 185.199.110.153 (United States)

ASN54113 (FASTLY, US)

zeifan.my	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4de0:ac19::1:b:3b (Netherlands)

ASN20446 (HIGHWINDS3, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:814::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 151.101.12.133 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

raw.githubusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::ac43:484 (United States)

ASN13335 (CLOUDFLARENET, US)

offsec.almond.consulting	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:81f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac19::1:b:1a (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.112.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 199.232.196.134 (United States) 1 redirects

ASN54113 (FASTLY, US)

nafiezresearch.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
referrer.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3034::ac43:a60b (United States)

ASN13335 (CLOUDFLARENET, US)

ghbtns.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::200d (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.8 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:a813 (United States)

ASN13335 (CLOUDFLARENET, US)

c.disquscdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.192.134 (United States)

ASN54113 (FASTLY, US)

disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	zeifan.my zeifan.my	157 KB
5	disqus.com 1 redirects nafiezresearch.disqus.com disqus.com referrer.disqus.com	30 KB
5	twitter.com platform.twitter.com syndication.twitter.com	32 KB
5	google.com apis.google.com accounts.google.com	109 KB
5	githubusercontent.com raw.githubusercontent.com	6 MB
3	disquscdn.com c.disquscdn.com	223 KB
2	ghbtns.com ghbtns.com
2	facebook.net connect.facebook.net	64 KB
2	gstatic.com fonts.gstatic.com	22 KB
2	google-analytics.com www.google-analytics.com	18 KB
2	almond.consulting offsec.almond.consulting	117 KB
2	googleapis.com fonts.googleapis.com ajax.googleapis.com	34 KB
2	bootstrapcdn.com maxcdn.bootstrapcdn.com	77 KB
1	facebook.com www.facebook.com
1	jquery.com code.jquery.com	3 KB
53	15

	Domain	Requested by
15	zeifan.my	zeifan.my
5	raw.githubusercontent.com	zeifan.my
4	platform.twitter.com	zeifan.my platform.twitter.com
4	apis.google.com	zeifan.my apis.google.com
3	c.disquscdn.com	nafiezresearch.disqus.com
2	disqus.com	nafiezresearch.disqus.com
2	ghbtns.com	zeifan.my
2	nafiezresearch.disqus.com	1 redirects zeifan.my
2	connect.facebook.net	zeifan.my connect.facebook.net
2	fonts.gstatic.com	fonts.googleapis.com
2	www.google-analytics.com	zeifan.my www.google-analytics.com
2	offsec.almond.consulting	zeifan.my
2	maxcdn.bootstrapcdn.com	zeifan.my maxcdn.bootstrapcdn.com
1	referrer.disqus.com
1	www.facebook.com	connect.facebook.net
1	syndication.twitter.com	zeifan.my
1	accounts.google.com	apis.google.com
1	code.jquery.com	zeifan.my
1	ajax.googleapis.com	zeifan.my
1	fonts.googleapis.com	zeifan.my
53	20

This site contains links to these domains. Also see Links.

Domain
twitter.com
github.com
offsec.almond.consulting
raw.githubusercontent.com
bits.avcdn.net
nafiez.github.io

Subject Issuer	Validity	Valid
*.bootstrapcdn.com Sectigo RSA Domain Validation Secure Server CA	`2019-09-14` - `2020-10-13`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
www.github.com DigiCert SHA2 High Assurance Server CA	`2020-05-06` - `2022-04-14`	2 years	crt.sh
*.almond.consulting Let's Encrypt Authority X3	`2020-08-05` - `2020-11-03`	3 months	crt.sh
*.apis.google.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-07-21` - `2020-10-12`	3 months	crt.sh
*.disqus.com DigiCert SHA2 Secure Server CA	`2020-04-20` - `2022-05-09`	2 years	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-29` - `2021-07-29`	a year	crt.sh
*.google.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
platform.twitter.com DigiCert SHA2 High Assurance Server CA	`2020-08-13` - `2021-08-18`	a year	crt.sh
accounts.google.com GTS CA 1O1	`2020-08-26` - `2020-11-18`	3 months	crt.sh
syndication.twitter.com DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh

This page contains 9 frames:

Primary Page: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
Frame ID: 5F47D0D114FFEBAA2D4797C7E642F074
Requests: 45 HTTP requests in this frame

Frame: https://ghbtns.com/github-btn.html?user=agusmakmun&repo=agusmakmun.github.io&type=star&count=true
Frame ID: 212E03006FDA2CEC585334173A56E143
Requests: 1 HTTP requests in this frame

Frame: https://ghbtns.com/github-btn.html?user=agusmakmun&repo=agusmakmun.github.io&type=fork&count=true
Frame ID: C2272C5A02F19B9F20E3634345B5559B
Requests: 1 HTTP requests in this frame

Frame: https://apis.google.com/se/0/_/+1/sharebutton?plusShare=true&usegapi=1&action=share&annotation=bubble&origin=http%3A%2F%2Fzeifan.my&url=http%3A%2F%2Fzeifan.my%2Fsecurity%2Farbitrary%2520file%2Feop%2F2020%2F07%2F21%2Favast-secureline-vpn-arb-file-eop.html&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.hc3rLxj9u8o.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCMtAagp6kGxB19Nep_bTJunj37kww%2Fm%3D__features__
Frame ID: 9D0D911A94B94D55CD4D3AD10EE604CF
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2d7d9a6d04538bf11c7b23641e75738c.html?origin=http%3A%2F%2Fzeifan.my
Frame ID: 7CFE6C5F9E3C5C69183344CA885483AF
Requests: 1 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/postmessageRelay?parent=http%3A%2F%2Fzeifan.my&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.hc3rLxj9u8o.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCMtAagp6kGxB19Nep_bTJunj37kww%2Fm%3D__features__
Frame ID: 9679B947114C3B6C63582E88B68C4B07
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2d7d9a6d04538bf11c7b23641e75738c.en.html
Frame ID: 2D744AC398E9830D2C06254F0569F017
Requests: 1 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=nafiezresearch&t_i=https%3A%2F%2Fnafiez.github.io_CVE-2020-25289%20-%20AVAST%20SecureLine%20VPN%20-%20Arbitrary%20File%20Creation%20Vulnerability&t_u=http%3A%2F%2Fzeifan.my%2Fsecurity%2Farbitrary%2520file%2Feop%2F2020%2F07%2F21%2Favast-secureline-vpn-arb-file-eop.html&t_e=CVE-2020-25289%20-%20AVAST%20SecureLine%20VPN%20-%20Arbitrary%20File%20Creation%20Vulnerability&t_d=CVE-2020-25289%20-%20AVAST%20SecureLine%20VPN%20-%20Arbitrary%20File%20Creation%20Vulnerability&t_t=CVE-2020-25289%20-%20AVAST%20SecureLine%20VPN%20-%20Arbitrary%20File%20Creation%20Vulnerability&s_o=default
Frame ID: BD1509D477A133E6278035AD47FDB3AE
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v2.6/plugins/share_button.php?app_id=1749788565247320&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1e5aa9e155df78%26domain%3Dzeifan.my%26origin%3Dhttp%253A%252F%252Fzeifan.my%252Ff357e38db170f48%26relation%3Dparent.parent&container_width=710&href=https%3A%2F%2Fnafiez.github.io%2Fsecurity%2Farbitrary%2520file%2Feop%2F2020%2F07%2F21%2Favast-secureline-vpn-arb-file-eop.html&layout=button_count&locale=en_US&sdk=joey
Frame ID: CE19D9EE30E7D243FE2B9D144006EA9F
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Ruby (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /^GitHub\.com$/i

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i

Varnish (Cache Tools) Expand

Overall confidence: 100%
Detected patterns

headers via /varnish(?: $Varnish\/([\d.]+)$)?/i

Ruby on Rails (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

headers server /^GitHub\.com$/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

GitHub Pages (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^GitHub\.com$/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/platform\.twitter\.com\/widgets\.js/i

Page Statistics

53
Requests

66 %
HTTPS

68 %
IPv6

15
Domains

20
Subdomains

19
IPs

4
Countries

6986 kB
Transfer

7728 kB
Size

4
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://twitter.com/zeifan

Search URL Search Domain Scan URL

URL: https://github.com/nafiez

Search URL Search Domain Scan URL

URL: https://offsec.almond.consulting/intro-to-file-operation-abuse-on-Windows.html
Title: blog

Search URL Search Domain Scan URL

URL: https://raw.githubusercontent.com/nafiez/Vulnerability-Research/master/avast_secureline_vpn_poc.c
Title: here

Search URL Search Domain Scan URL

URL: https://github.com/googleprojectzero/symboliclink-testing-tools
Title: Symbolic Link Toolkit

Search URL Search Domain Scan URL

URL: https://bits.avcdn.net/productfamily_VPN/insttype_PRO/platform_WIN/installertype_ONLINE/build_RELEASE/cookie_mmm_scl_003_999_a4g_m
Title: here

Search URL Search Domain Scan URL

URL: https://nafiez.github.io/security/rce/heap/2020/09/03/wps-rce-heap.html
Title: CVE-2020-25291 - Kingsoft WPS Office Remote Heap Corruption Vulnerability

Search URL Search Domain Scan URL

URL: https://nafiez.github.io/security/privesc/2020/08/26/hideme-vpn-privesc.html
Title: hide.me VPN Windows Client Privilege Escalation Vulnerability

Search URL Search Domain Scan URL

URL: https://nafiez.github.io/security/vulnerability/corruption/fuzzing/2020/03/05/fuzzing-heap-corruption-nitro-pdf-vulnerability.html
Title: Nitro Pro 13 - From Fuzzing to Multiple Heap Corruption (CVE-2020-10222 & CVE-2020-10223)

Search URL Search Domain Scan URL

URL: https://nafiez.github.io/security/vulnerability/remote/2019/12/12/multiple-nitro-pdf-vulnerability.html
Title: Nitro PDF 12 - Multiple Remote Code Execution Vulnerability

Search URL Search Domain Scan URL

URL: https://nafiez.github.io/security/vulnerability/2019/12/04/kyrol-internet-security-invalid-pointer-vulnerability.html
Title: (0-Day) Kyrol Internet Security (2015) - kyrld.sys Driver Invalid Pointer Vulnerability

Search URL Search Domain Scan URL

URL: https://nafiez.github.io/security/poc/2019/11/22/POC-conference-present.html
Title: POC Conference 2019 - Hunting Vulnerability of Antivirus product

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 29

http://connect.facebook.net/en_US/sdk.js HTTP 307
https://connect.facebook.net/en_US/sdk.js

Request Chain 30

http://nafiezresearch.disqus.com/embed.js HTTP 301
https://nafiezresearch.disqus.com/embed.js

53 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request avast-secureline-vpn-arb-file-eop.html Show response
zeifan.my/security/arbitrary%20file/eop/2020/07/21/ 19 KB
7 KB 818ms
120ms Document
text/html 185.199.110.153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
Protocol: HTTP/1.1
Server: 185.199.110.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: GitHub.com /
Resource Hash: e649e65672b965127b1dab8fac1e82a57f654d661ab4b88e564cea67fa925166

Request headers

Host: zeifan.my
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: text/html; charset=utf-8
Server: GitHub.com
Last-Modified: Mon, 14 Sep 2020 02:22:12 GMT
ETag: W/"5f5ed3d4-4cbe"
Access-Control-Allow-Origin: *
Expires: Mon, 14 Sep 2020 21:47:29 GMT
Cache-Control: max-age=600
Content-Encoding: gzip
X-Proxy-Cache: MISS
X-GitHub-Request-Id: 3392:B330:44170D2:48AA1FB:5F5FE298
Content-Length: 6690
Accept-Ranges: bytes
Date: Mon, 14 Sep 2020 21:37:29 GMT
Via: 1.1 varnish
Age: 0
Connection: keep-alive
X-Served-By: cache-ams21043-AMS
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1600119450.722960,VS0,VE97
Vary: Accept-Encoding
X-Fastly-Request-ID: 0671ed0292c8683a1c0a86b20ee2b184eb83b9a2

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/ 28 KB
7 KB 30ms
10ms Stylesheet
text/css 2001:4de0:ac19::1:b:3b
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css

Requested by

Host: zeifan.my
URL: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4de0:ac19::1:b:3b , Netherlands, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

Resource Hash

008a1d103902f15fdb1c191fcb1ce8954330e7b8de43d09abb08555ba609f420

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: http://zeifan.my
Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 21:37:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 12 Dec 2018 18:35:20 GMT
status: 200
etag: "1544639720"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 6662

GET
H/1.1 200
OK syntax.css
zeifan.my/static/css/ 3 KB
1 KB 116ms
114ms Stylesheet
text/css 185.199.110.153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://zeifan.my/static/css/syntax.css
Requested by: Host: zeifan.my
URL: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
Protocol: HTTP/1.1
Server: 185.199.110.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: GitHub.com /
Resource Hash: 5b27344b10b8d05fcc1bba8dde99c972c3b7bf98eb33203301c3965f0ed3c6b5

Request headers

Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Fastly-Request-ID: ce0cb1c06239ef67418b89477a1bdd4961d27c0e
Date: Mon, 14 Sep 2020 21:37:29 GMT
Content-Encoding: gzip
Age: 0
X-Cache: MISS
Connection: keep-alive
Content-Length: 729
X-Served-By: cache-ams21043-AMS
Access-Control-Allow-Origin: *
Last-Modified: Mon, 14 Sep 2020 02:22:08 GMT
Server: GitHub.com
X-GitHub-Request-Id: 676C:79D8:2B17D94:2E7AD82:5F5FE298
X-Timer: S1600119450.845985,VS0,VE95
ETag: W/"5f5ed3d0-d03"
Vary: Accept-Encoding
Content-Type: text/css; charset=utf-8
Via: 1.1 varnish
Expires: Mon, 14 Sep 2020 21:47:29 GMT
Cache-Control: max-age=600
Accept-Ranges: bytes
X-Origin-Cache: HIT
X-Proxy-Cache: MISS
X-Cache-Hits: 0

GET
H/1.1 200
OK bootstrap.min.css
zeifan.my/static/css/ 98 KB
18 KB 133ms
117ms Stylesheet
text/css 185.199.110.153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://zeifan.my/static/css/bootstrap.min.css
Requested by: Host: zeifan.my
URL: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
Protocol: HTTP/1.1
Server: 185.199.110.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: GitHub.com /
Resource Hash: e9503448692b738dd260fbd7f7cabf2e11f09b600fa97e6eb3a56eba5b1a7e9b

Request headers

Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Fastly-Request-ID: 5c680a91ccb794f92e26e8b9a41c052ab728b04d
Date: Mon, 14 Sep 2020 21:37:29 GMT
Content-Encoding: gzip
Age: 0
X-Cache: MISS
Connection: keep-alive
Content-Length: 17444
X-Served-By: cache-ams21043-AMS
Access-Control-Allow-Origin: *
Last-Modified: Mon, 14 Sep 2020 02:22:08 GMT
Server: GitHub.com
X-GitHub-Request-Id: 31E2:79D7:110FBFA:12AEDA0:5F5FE299
X-Timer: S1600119450.864330,VS0,VE94
ETag: W/"5f5ed3d0-18679"
Vary: Accept-Encoding
Content-Type: text/css; charset=utf-8
Via: 1.1 varnish
Expires: Mon, 14 Sep 2020 21:47:29 GMT
Cache-Control: max-age=600
Accept-Ranges: bytes
X-Proxy-Cache: MISS
X-Cache-Hits: 0

GET
H2 200 css
fonts.googleapis.com/ 13 KB
1 KB 16ms
14ms Stylesheet
text/css 2a00:1450:4001:814::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto+Condensed:400,300italic,300,400italic,700&subset=latin,latin-ext

Requested by

Host: zeifan.my
URL: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

82508f0d04c9d936c38c6a25735b6846b797d096d49418bc0994991dc5b866d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 14 Sep 2020 21:37:29 GMT
server: ESF
date: Mon, 14 Sep 2020 21:37:29 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 14 Sep 2020 21:37:29 GMT

GET
H/1.1 200
OK super-search.css
zeifan.my/static/css/ 732 B
1 KB 130ms
115ms Stylesheet
text/css 185.199.110.153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://zeifan.my/static/css/super-search.css
Requested by: Host: zeifan.my
URL: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
Protocol: HTTP/1.1
Server: 185.199.110.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: GitHub.com /
Resource Hash: 02202c50b04a181948689b152b611ea16bdb1baa30af000c3153497dcad79472

Request headers

Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Fastly-Request-ID: a8ddc6e32c32181c0b95370f6fd431eb3d1b2a16
Date: Mon, 14 Sep 2020 21:37:29 GMT
Content-Encoding: gzip
Age: 0
X-Cache: MISS
Connection: keep-alive
Content-Length: 401
X-Served-By: cache-ams21059-AMS
Access-Control-Allow-Origin: *
Last-Modified: Mon, 14 Sep 2020 02:22:08 GMT
Server: GitHub.com
X-GitHub-Request-Id: 19CE:B1B1:A761A4:B5A53D:5F5FE299
X-Timer: S1600119450.863626,VS0,VE92
ETag: W/"5f5ed3d0-2dc"
Vary: Accept-Encoding
Content-Type: text/css; charset=utf-8
Via: 1.1 varnish
Expires: Mon, 14 Sep 2020 21:47:29 GMT
Cache-Control: max-age=600
Accept-Ranges: bytes
X-Proxy-Cache: MISS
X-Cache-Hits: 0

GET
H/1.1 200
OK thickbox.css
zeifan.my/static/css/ 3 KB
2 KB 131ms
115ms Stylesheet
text/css 185.199.110.153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://zeifan.my/static/css/thickbox.css
Requested by: Host: zeifan.my
URL: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
Protocol: HTTP/1.1
Server: 185.199.110.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: GitHub.com /
Resource Hash: df02043042ddb4712851d47e53d4f308ec1c05c0edd66a731869bf97bd4b44cd

Request headers

Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Fastly-Request-ID: d99a8e7ccda53ad6138d36ffb3a713bfb611274c
Date: Mon, 14 Sep 2020 21:37:29 GMT
Content-Encoding: gzip
Age: 0
X-Cache: MISS
Connection: keep-alive
Content-Length: 1025
X-Served-By: cache-ams21064-AMS
Access-Control-Allow-Origin: *
Last-Modified: Mon, 14 Sep 2020 02:22:08 GMT
Server: GitHub.com
X-GitHub-Request-Id: 126A:B1CC:27B3A7C:2A79231:5F5FE299
X-Timer: S1600119450.864379,VS0,VE92
ETag: W/"5f5ed3d0-c31"
Vary: Accept-Encoding
Content-Type: text/css; charset=utf-8
Via: 1.1 varnish
Expires: Mon, 14 Sep 2020 21:47:29 GMT
Cache-Control: max-age=600
Accept-Ranges: bytes
X-Proxy-Cache: MISS
X-Cache-Hits: 0

GET
H/1.1 200
OK projects.css
zeifan.my/static/css/ 1 KB
1 KB 131ms
116ms Stylesheet
text/css 185.199.110.153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://zeifan.my/static/css/projects.css
Requested by: Host: zeifan.my
URL: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
Protocol: HTTP/1.1
Server: 185.199.110.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: GitHub.com /
Resource Hash: bd7ce42d90f892c4bba5eb7e49de728579ad86a63bb23b76847ebb4b3df55cd0

Request headers

Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Fastly-Request-ID: b1535b5ae658911a10995a3c792713b0cf260c75
Date: Mon, 14 Sep 2020 21:37:29 GMT
Content-Encoding: gzip
Age: 0
X-Cache: MISS
Connection: keep-alive
Content-Length: 544
X-Served-By: cache-ams21080-AMS
Access-Control-Allow-Origin: *
Last-Modified: Mon, 14 Sep 2020 02:22:08 GMT
Server: GitHub.com
X-GitHub-Request-Id: 5E36:B97F:509F869:564B4BC:5F5FE298
X-Timer: S1600119450.864042,VS0,VE93
ETag: W/"5f5ed3d0-52e"
Vary: Accept-Encoding
Content-Type: text/css; charset=utf-8
Via: 1.1 varnish
Expires: Mon, 14 Sep 2020 21:47:29 GMT
Cache-Control: max-age=600
Accept-Ranges: bytes
X-Proxy-Cache: MISS
X-Cache-Hits: 0

GET
H/1.1 200
OK main.css
zeifan.my/static/css/ 3 KB
2 KB 129ms
114ms Stylesheet
text/css 185.199.110.153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://zeifan.my/static/css/main.css
Requested by: Host: zeifan.my
URL: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
Protocol: HTTP/1.1
Server: 185.199.110.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: GitHub.com /
Resource Hash: f6408d3c58b33f3fa8ed24f47cc888799393627aaeccd6f71f3da01c82ffcdf3

Request headers

Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Fastly-Request-ID: 1109fd54b498429998dd5e19409a35abc21b2062
Date: Mon, 14 Sep 2020 21:37:29 GMT
Content-Encoding: gzip
Age: 0
X-Cache: MISS
Connection: keep-alive
Content-Length: 1020
X-Served-By: cache-ams21081-AMS
Access-Control-Allow-Origin: *
Last-Modified: Mon, 14 Sep 2020 02:22:08 GMT
Server: GitHub.com
X-GitHub-Request-Id: 8D9A:B1B2:1535E7A:16C9492:5F5FE297
X-Timer: S1600119450.864133,VS0,VE90
ETag: W/"5f5ed3d0-ad5"
Vary: Accept-Encoding
Content-Type: text/css; charset=utf-8
Via: 1.1 varnish
Expires: Mon, 14 Sep 2020 21:47:29 GMT
Cache-Control: max-age=600
Accept-Ranges: bytes
X-Origin-Cache: HIT
X-Proxy-Cache: MISS
X-Cache-Hits: 0

GET
H/1.1 200
OK khpcN6z__400x400.jpg
zeifan.my/static/img/ 19 KB
19 KB 117ms
115ms Image
image/jpeg 185.199.110.153
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://zeifan.my/static/img/khpcN6z__400x400.jpg
Requested by: Host: zeifan.my
URL: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
Protocol: HTTP/1.1
Server: 185.199.110.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: GitHub.com /
Resource Hash: e87e02e82a49944df94b814a11a01d83f09a87832bef388071c30eeecf4120e3

Request headers

Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Fastly-Request-ID: 1cef5c02295b3d2948a0bcc816468ca5e72ccfa4
Date: Mon, 14 Sep 2020 21:37:30 GMT
Via: 1.1 varnish
Age: 0
X-Cache: MISS
Connection: keep-alive
Content-Length: 19015
X-Served-By: cache-ams21081-AMS
Last-Modified: Mon, 14 Sep 2020 02:22:08 GMT
Server: GitHub.com
X-GitHub-Request-Id: 19CE:B1B1:A761A5:B5A53E:5F5FE299
X-Timer: S1600119450.002548,VS0,VE96
ETag: "5f5ed3d0-4a47"
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Mon, 14 Sep 2020 21:47:30 GMT
Cache-Control: max-age=600
Accept-Ranges: bytes
X-Origin-Cache: HIT
X-Proxy-Cache: MISS
X-Cache-Hits: 0

GET
H/1.1 200
OK acl.png
raw.githubusercontent.com/nafiez/nafiez.github.io/master/static/img/ 19 KB
19 KB 269ms
197ms Image
image/png 151.101.12.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://raw.githubusercontent.com/nafiez/nafiez.github.io/master/static/img/acl.png

Requested by

Host: zeifan.my
URL: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.12.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

9f3191218fc9d5c56ac0e46b1def938c2302ab8eca1942fe0c648e480d1fe30f

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'unsafe-inline'; sandbox
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Fastly-Request-ID: d5ce10442898c6c5b4247f29ad710374e95b7c61
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Via: 1.1 varnish (Varnish/6.0), 1.1 varnish
X-Content-Type-Options: nosniff
X-Cache: MISS, MISS
X-Cache-Hits: 0, 0
Connection: keep-alive
Vary: Authorization,Accept-Encoding, Accept-Encoding
Content-Length: 19021
X-XSS-Protection: 1; mode=block
X-Served-By: cache-fra19143-FRA
X-GitHub-Request-Id: 2816:B485:448D4B9:48847C5:5F5FE299
X-Timer: S1600119450.075930,VS0,VE172
X-Frame-Options: deny
Date: Mon, 14 Sep 2020 21:37:30 GMT
Source-Age: 0
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: max-age=300
ETag: W/"40ae83436b4ee72481aa4f39b2c497bd296279d5d54cb5b0b4d8095aa49ebcfe"
Accept-Ranges: bytes
Expires: Mon, 14 Sep 2020 21:42:30 GMT

GET
H2 200 object_manager_symbolic_links.png
offsec.almond.consulting/images/intro-to-file-operation-abuse-on-Windows/ 46 KB
46 KB 138ms
79ms Image
image/png 2606:4700:10::ac43:484
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://offsec.almond.consulting/images/intro-to-file-operation-abuse-on-Windows/object_manager_symbolic_links.png
Requested by: Host: zeifan.my
URL: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:484 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 11ec0b5d661dc821d7f64d279c0f4d5f12d55a278cf4096d06378c03a3d518c9

Request headers

Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 21:37:30 GMT
cf-cache-status: REVALIDATED
last-modified: Mon, 16 Mar 2020 15:06:33 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=1800
accept-ranges: bytes
cf-ray: 5d2d3fe2d823062d-FRA
content-length: 47034
cf-request-id: 05302641c50000062dc4272200000001
expires: Mon, 14 Sep 2020 21:52:30 GMT

GET
H2 200 product_x_exploit_symlink.png
offsec.almond.consulting/images/intro-to-file-operation-abuse-on-Windows/ 71 KB
71 KB 144ms
85ms Image
image/png 2606:4700:10::ac43:484
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://offsec.almond.consulting/images/intro-to-file-operation-abuse-on-Windows/product_x_exploit_symlink.png
Requested by: Host: zeifan.my
URL: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:484 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d3075062966e6b11fc5c7e07de7b273b669b992ee03d98762f2f1da1e9cd51a2

Request headers

Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 21:37:30 GMT
cf-cache-status: REVALIDATED
last-modified: Mon, 16 Mar 2020 15:06:33 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=1800
accept-ranges: bytes
cf-ray: 5d2d3fe2d825062d-FRA
content-length: 72501
cf-request-id: 05302641c50000062dc4273200000001
expires: Mon, 14 Sep 2020 21:52:30 GMT

GET
H/1.1 200
OK delete_logs.png
raw.githubusercontent.com/nafiez/nafiez.github.io/master/static/img/ 6 KB
7 KB 292ms
190ms Image
image/png 151.101.12.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://raw.githubusercontent.com/nafiez/nafiez.github.io/master/static/img/delete_logs.png

Requested by

Host: zeifan.my
URL: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.12.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

613c908d7a928c3f1be4327f4933dd90f83726167a03af9dbef2e8290d3d5a5b

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'unsafe-inline'; sandbox
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Fastly-Request-ID: 7d27cc5a05596888f497bfc62c5847013f74b86b
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Via: 1.1 varnish (Varnish/6.0), 1.1 varnish
X-Content-Type-Options: nosniff
X-Cache: MISS, MISS
X-Cache-Hits: 0, 0
Connection: keep-alive
Vary: Authorization,Accept-Encoding, Accept-Encoding
Content-Length: 5936
X-XSS-Protection: 1; mode=block
X-Served-By: cache-fra19130-FRA
X-GitHub-Request-Id: BA82:2EE6:5BC06AB:617FBE7:5F5FE29A
X-Timer: S1600119450.107931,VS0,VE164
X-Frame-Options: deny
Date: Mon, 14 Sep 2020 21:37:30 GMT
Source-Age: 0
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: max-age=300
ETag: W/"b0bb3c12020d8968f7ab7f0d676e245162e0681ab2d0ce6ff745dfedfbaaea08"
Accept-Ranges: bytes
Expires: Mon, 14 Sep 2020 21:42:30 GMT

GET
H/1.1 200
OK createsymlink.png
raw.githubusercontent.com/nafiez/nafiez.github.io/master/static/img/ 7 KB
8 KB 258ms
178ms Image
image/png 151.101.12.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://raw.githubusercontent.com/nafiez/nafiez.github.io/master/static/img/createsymlink.png

Requested by

Host: zeifan.my
URL: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.12.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

b575b80688c74aba614e724a3c69947e381c82fbd414a54b27e65174d14af639

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'unsafe-inline'; sandbox
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Fastly-Request-ID: 42354a6f283235e171fcaa4cf89056296d6bcf79
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Via: 1.1 varnish (Varnish/6.0), 1.1 varnish
X-Content-Type-Options: nosniff
X-Cache: MISS, MISS
X-Cache-Hits: 0, 0
Connection: keep-alive
Vary: Authorization,Accept-Encoding, Accept-Encoding
Content-Length: 7568
X-XSS-Protection: 1; mode=block
X-Served-By: cache-fra19133-FRA
X-GitHub-Request-Id: 5900:BA2D:50515B:596C53:5F5FE299
X-Timer: S1600119450.126705,VS0,VE153
X-Frame-Options: deny
Date: Mon, 14 Sep 2020 21:37:30 GMT
Source-Age: 0
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: max-age=300
ETag: W/"ca2ddcbb96116daf4afbdd5127267faa13a431dc7e2aa5d34828da7f6cdaf69f"
Accept-Ranges: bytes
Expires: Mon, 14 Sep 2020 21:42:30 GMT

GET
H/1.1 200
OK success_arb_create.png
raw.githubusercontent.com/nafiez/nafiez.github.io/master/static/img/ 24 KB
25 KB 329ms
270ms Image
image/png 151.101.12.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://raw.githubusercontent.com/nafiez/nafiez.github.io/master/static/img/success_arb_create.png

Requested by

Host: zeifan.my
URL: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.12.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

987c4485d7d8f2ab599b7e24d325aa81a2004354496364607e94e1f0d8312266

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'unsafe-inline'; sandbox
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Fastly-Request-ID: 41509352f7007cd6889f3bb8e879fdd095f5d17f
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Via: 1.1 varnish (Varnish/6.0), 1.1 varnish
X-Content-Type-Options: nosniff
X-Cache: MISS, MISS
X-Cache-Hits: 0, 0
Connection: keep-alive
Vary: Authorization,Accept-Encoding, Accept-Encoding
Content-Length: 24902
X-XSS-Protection: 1; mode=block
X-Served-By: cache-fra19140-FRA
X-GitHub-Request-Id: 4EF0:2EE5:2DD93AB:30F192D:5F5FE299
X-Timer: S1600119450.127846,VS0,VE245
X-Frame-Options: deny
Date: Mon, 14 Sep 2020 21:37:30 GMT
Source-Age: 0
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: max-age=300
ETag: W/"be3e517851684e5049379b24a65cf8a08d45712e71d24860645e89021cce70f4"
Accept-Ranges: bytes
Expires: Mon, 14 Sep 2020 21:42:30 GMT

GET
H/1.1 200
OK avast-pwned-eop.gif
raw.githubusercontent.com/nafiez/nafiez.github.io/master/static/img/ 6 MB
6 MB 471ms
399ms Image
application/octet-stream 151.101.12.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://raw.githubusercontent.com/nafiez/nafiez.github.io/master/static/img/avast-pwned-eop.gif

Requested by

Host: zeifan.my
URL: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.12.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

3299587193571f5e3505dfc7ce6c0c4f79e35941d0afac67c9bb880f65ed8616

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'unsafe-inline'; sandbox
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Fastly-Request-ID: f670fa372d813eda2710f80ab76b6b06f3830b3a
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Via: 1.1 varnish (Varnish/6.0), 1.1 varnish
X-Content-Type-Options: nosniff
X-Cache: MISS, MISS
X-Cache-Hits: 0, 0
Connection: keep-alive
Vary: Authorization,Accept-Encoding, Accept-Encoding
Content-Length: 6184200
X-XSS-Protection: 1; mode=block
X-Served-By: cache-fra19129-FRA
X-GitHub-Request-Id: 49B8:B485:448D4BC:4884763:5F5FE298
X-Timer: S1600119450.140373,VS0,VE373
X-Frame-Options: deny
Date: Mon, 14 Sep 2020 21:37:30 GMT
Source-Age: 0
Strict-Transport-Security: max-age=31536000
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Cache-Control: max-age=300
ETag: W/"1637acb4abdd9c06f561e7e543d4814deb52f1adda44fe2d1e3077707ca5960d"
Accept-Ranges: bytes, bytes
Expires: Mon, 14 Sep 2020 21:42:30 GMT

GET
H2 200 platform.js Show response
apis.google.com/js/ 49 KB
19 KB 38ms
36ms Script
application/javascript 2a00:1450:4001:81f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/platform.js

Requested by

Host: zeifan.my
URL: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

092f3201317b7ef608f6a899d395d36cffcca4d6824f00bc50120e84341c76f2

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-FG1fTuFwZTQ3qtmG+qfjrA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 21:37:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
status: 200
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge, chrome=1
server: ESF
etag: "81b6c5d10475fc4c0084a56d3b41af80"
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
content-security-policy: script-src 'report-sample' 'nonce-FG1fTuFwZTQ3qtmG+qfjrA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin: *
expires: Mon, 14 Sep 2020 21:37:30 GMT

GET
H/1.1 200
OK jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.11.0/ 94 KB
33 KB 11ms
5ms Script
text/javascript 2a00:1450:4001:81a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js

Requested by

Host: zeifan.my
URL: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html

Protocol

HTTP/1.1

Server

2a00:1450:4001:81a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 14 Sep 2020 09:08:34 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
Server: sffe
Age: 44935
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 33576
X-XSS-Protection: 0
Expires: Tue, 14 Sep 2021 09:08:34 GMT

GET
H/1.1 200
OK jquery-migrate-1.2.1.min.js Show response
code.jquery.com/ 7 KB
3 KB 14ms
8ms Script
application/javascript 2001:4de0:ac19::1:b:1a
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: http://code.jquery.com/jquery-migrate-1.2.1.min.js
Requested by: Host: zeifan.my
URL: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
Protocol: HTTP/1.1
Server: 2001:4de0:ac19::1:b:1a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: 1e67d8dbcca1f6fd94e077c85c2fb40fa1c2756c99238daa8da882144260a68d

Request headers

Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 14 Sep 2020 21:37:29 GMT
Content-Encoding: gzip
Last-Modified: Fri, 24 Oct 2014 00:16:08 GMT
Server: nginx
ETag: W/"54499a48-1c1f"
Vary: Accept-Encoding
X-HW: 1600119449.dop013.fr8.t,1600119449.cds161.fr8.c
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 3063

GET
H/1.1 200
OK bootstrap.min.js Show response
zeifan.my/static/js/ 28 KB
8 KB 112ms
109ms Script
application/javascript 185.199.110.153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://zeifan.my/static/js/bootstrap.min.js
Requested by: Host: zeifan.my
URL: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
Protocol: HTTP/1.1
Server: 185.199.110.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: GitHub.com /
Resource Hash: 898d05a17f2cfc5120ddcdba47a885c378c0b466f30f0700e502757e24b403a1

Request headers

Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Fastly-Request-ID: cc98d7671548502a09189820bd8f7ecc510d7a3c
Date: Mon, 14 Sep 2020 21:37:30 GMT
Content-Encoding: gzip
Age: 0
X-Cache: MISS
Connection: keep-alive
Content-Length: 7731
X-Served-By: cache-ams21043-AMS
Access-Control-Allow-Origin: *
Last-Modified: Mon, 14 Sep 2020 02:22:08 GMT
Server: GitHub.com
X-GitHub-Request-Id: A3EC:B1CD:446CB26:490FD44:5F5FE299
X-Timer: S1600119450.002504,VS0,VE90
ETag: W/"5f5ed3d0-71b6"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Via: 1.1 varnish
Expires: Mon, 14 Sep 2020 21:47:30 GMT
Cache-Control: max-age=600
Accept-Ranges: bytes
X-Origin-Cache: HIT
X-Proxy-Cache: MISS
X-Cache-Hits: 0

GET
H/1.1 200
OK super-search.js Show response
zeifan.my/static/js/ 5 KB
2 KB 136ms
133ms Script
application/javascript 185.199.110.153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://zeifan.my/static/js/super-search.js
Requested by: Host: zeifan.my
URL: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
Protocol: HTTP/1.1
Server: 185.199.110.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: GitHub.com /
Resource Hash: f5998d51815e804f2b09c6156e9b0320d9d6dc15b8ae5d10eba71e45ae6b00c3

Request headers

Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Fastly-Request-ID: 2a6a5c39248168195ec99031e077694a6c2b338a
Date: Mon, 14 Sep 2020 21:37:30 GMT
Content-Encoding: gzip
Age: 0
X-Cache: MISS
Connection: keep-alive
Content-Length: 1715
X-Served-By: cache-ams21080-AMS
Access-Control-Allow-Origin: *
Last-Modified: Mon, 14 Sep 2020 02:22:08 GMT
Server: GitHub.com
X-GitHub-Request-Id: 57D0:5DC7:5529A27:5B8497F:5F5FE29A
X-Timer: S1600119450.002627,VS0,VE114
ETag: W/"5f5ed3d0-14df"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Via: 1.1 varnish
Expires: Mon, 14 Sep 2020 21:47:30 GMT
Cache-Control: max-age=600
Accept-Ranges: bytes
X-Origin-Cache: HIT
X-Proxy-Cache: MISS
X-Cache-Hits: 0

GET
H/1.1 200
OK thickbox-compressed.js Show response
zeifan.my/static/js/ 6 KB
4 KB 112ms
110ms Script
application/javascript 185.199.110.153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://zeifan.my/static/js/thickbox-compressed.js
Requested by: Host: zeifan.my
URL: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
Protocol: HTTP/1.1
Server: 185.199.110.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: GitHub.com /
Resource Hash: aaa6ab83b216040a340f50bce132d4ca7c40c711574191ad22858aec6a4ba67f

Request headers

Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Fastly-Request-ID: e86d22ce0121c44ceec7ddff699a6e149878eece
Date: Mon, 14 Sep 2020 21:37:30 GMT
Content-Encoding: gzip
Age: 0
X-Cache: MISS
Connection: keep-alive
Content-Length: 2957
X-Served-By: cache-ams21064-AMS
Access-Control-Allow-Origin: *
Last-Modified: Mon, 14 Sep 2020 02:22:08 GMT
Server: GitHub.com
X-GitHub-Request-Id: 351C:598B:5C11620:62CDB55:5F5FE299
X-Timer: S1600119450.002947,VS0,VE91
ETag: W/"5f5ed3d0-175c"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Via: 1.1 varnish
Expires: Mon, 14 Sep 2020 21:47:30 GMT
Cache-Control: max-age=600
Accept-Ranges: bytes
X-Origin-Cache: HIT
X-Proxy-Cache: MISS
X-Cache-Hits: 0

GET
H/1.1 200
OK projects.js Show response
zeifan.my/static/js/ 945 B
1 KB 110ms
108ms Script
application/javascript 185.199.110.153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://zeifan.my/static/js/projects.js
Requested by: Host: zeifan.my
URL: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
Protocol: HTTP/1.1
Server: 185.199.110.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: GitHub.com /
Resource Hash: c9e6a013f26b21ac48e840a2a6f205d159d730aadab2e417a6858be658c309c4

Request headers

Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Fastly-Request-ID: 0a2b03a43c0cd8854cc53c23a349fd73b99f60b6
Date: Mon, 14 Sep 2020 21:37:30 GMT
Content-Encoding: gzip
Age: 0
X-Cache: MISS
Connection: keep-alive
Content-Length: 407
X-Served-By: cache-ams21059-AMS
Access-Control-Allow-Origin: *
Last-Modified: Mon, 14 Sep 2020 02:22:08 GMT
Server: GitHub.com
X-GitHub-Request-Id: CFB8:598B:5C11620:62CDADC:5F5FE297
X-Timer: S1600119450.002184,VS0,VE89
ETag: W/"5f5ed3d0-3b1"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Via: 1.1 varnish
Expires: Mon, 14 Sep 2020 21:47:30 GMT
Cache-Control: max-age=600
Accept-Ranges: bytes
X-Origin-Cache: HIT
X-Proxy-Cache: MISS
X-Cache-Hits: 0

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 7ms
5ms Script
text/javascript 2a00:1450:4001:81a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: zeifan.my
URL: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1fbd06d98ff87713eb030669571c929ab75539f05252f04ae1df807c28b20e95

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 19 Aug 2020 20:46:40 GMT
server: Golfe2
age: 1310
date: Mon, 14 Sep 2020 21:15:40 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18323
expires: Mon, 14 Sep 2020 23:15:40 GMT

GET
H/1.1 200
OK subtle_dots.png
zeifan.my/static/img/ 82 B
730 B 108ms
108ms Image
image/png 185.199.110.153
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://zeifan.my/static/img/subtle_dots.png
Requested by: Host: zeifan.my
URL: http://zeifan.my/static/css/main.css
Protocol: HTTP/1.1
Server: 185.199.110.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: GitHub.com /
Resource Hash: 532d9ab6bd0c56dd768ec80a67aa52a65d480c5368ba3f9c0a9201d8ed8034a8

Request headers

Referer: http://zeifan.my/static/css/main.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Fastly-Request-ID: 39202ff33c810fba47fdf40b7b748e7c6d7202ea
Date: Mon, 14 Sep 2020 21:37:30 GMT
Via: 1.1 varnish
Age: 0
X-Cache: MISS
Connection: keep-alive
Content-Length: 82
X-Served-By: cache-ams21043-AMS
Last-Modified: Mon, 14 Sep 2020 02:22:08 GMT
Server: GitHub.com
X-GitHub-Request-Id: 9554:B330:44170E3:48AA21D:5F5FE299
X-Timer: S1600119450.066353,VS0,VE89
ETag: "5f5ed3d0-52"
Vary: Accept-Encoding
Content-Type: image/png
Access-Control-Allow-Origin: *
Expires: Mon, 14 Sep 2020 21:47:30 GMT
Cache-Control: max-age=600
Accept-Ranges: bytes
X-Origin-Cache: HIT
X-Proxy-Cache: MISS
X-Cache-Hits: 0

GET
H2 200 ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQk6YvM.woff2
fonts.gstatic.com/s/robotocondensed/v18/ 11 KB
11 KB 44ms
5ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotocondensed/v18/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQk6YvM.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Condensed:400,300italic,300,400italic,700&subset=latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

49a1b4e1296645aa2f513c87a0e5fe56a305a7ed678c2f6499631ec1f3b35856

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: http://zeifan.my
Referer: https://fonts.googleapis.com/css?family=Roboto+Condensed:400,300italic,300,400italic,700&subset=latin,latin-ext
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 09:06:19 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 03:48:22 GMT
server: sffe
age: 45071
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10968
x-xss-protection: 0
expires: Tue, 14 Sep 2021 09:06:19 GMT

GET
H2 200 ieVi2ZhZI2eCN5jzbjEETS9weq8-33mZGCQYb9lecyU.woff2
fonts.gstatic.com/s/robotocondensed/v18/ 11 KB
11 KB 8ms
6ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotocondensed/v18/ieVi2ZhZI2eCN5jzbjEETS9weq8-33mZGCQYb9lecyU.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Condensed:400,300italic,300,400italic,700&subset=latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac42e86ff1d0fc78a7870a72cf5d1bbf0a509a852dba1d8abdc734892b0d4844

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: http://zeifan.my
Referer: https://fonts.googleapis.com/css?family=Roboto+Condensed:400,300italic,300,400italic,700&subset=latin,latin-ext
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 09:06:39 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 03:48:04 GMT
server: sffe
age: 45051
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11052
x-xss-protection: 0
expires: Tue, 14 Sep 2021 09:06:39 GMT

GET
H2 200 fontawesome-webfont.woff2
maxcdn.bootstrapcdn.com/font-awesome/4.6.3/fonts/ 70 KB
70 KB 11ms
9ms Font
font/woff2 2001:4de0:ac19::1:b:3b
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/fonts/fontawesome-webfont.woff2?v=4.6.3

Requested by

Host: maxcdn.bootstrapcdn.com
URL: https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4de0:ac19::1:b:3b , Netherlands, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

Resource Hash

7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: http://zeifan.my
Referer: https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 21:37:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 12 Dec 2018 18:36:18 GMT
status: 200
etag: "1544639778"
vary: Accept-Encoding
x-cache: HIT
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 71903

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 95 KB
29 KB 43ms
27ms Script
application/javascript 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://platform.twitter.com/widgets.js
Requested by: Host: zeifan.my
URL: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
Protocol: HTTP/1.1
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: a761b426004caba495cdac2c93ce7dd306c47bc4d7bdc63c4840c3d8182396a9

Request headers

Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 14 Sep 2020 21:37:30 GMT
Content-Encoding: gzip
X-Cache: HIT, HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Connection: keep-alive
Content-Length: 28881
X-Served-By: cache-bwi5132-BWI, cache-hhn4060-HHN
Last-Modified: Tue, 01 Sep 2020 20:40:54 GMT
Etag: "a58136137a93f33c1d165df7d4d973f8+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800
Accept-Ranges: bytes
TW-CDN: FT

GET
H2

200

sdk.js Show response
connect.facebook.net/en_US/
Redirect Chain

http://connect.facebook.net/en_US/sdk.js
https://connect.facebook.net/en_US/sdk.js

3 KB
2 KB

6ms
6ms

Script
application/x-javascript

2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: zeifan.my
URL: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3f333b5fea53cbe5dde34fcbd8e46410fa7594ec0a73e6d56cb798951800c7a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 1crt2m3HPZzIh2MO1pMLMw==
status: 200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1779
etag: "819829e069c52870e87ef8d77bc0c267"
x-fb-debug: PD5G2NMjXFjf2klPMIxHwN6EIPEgEzU8SSoxK+9hunWQH+6F8LTaFGcUwkc+hl0THs/r4bv2BTpetgSItPvrqA==
x-fb-trip-id: 664085054
x-fb-content-md5: e030340299878b7b68676247696ff47e
x-frame-options: DENY
date: Mon, 14 Sep 2020 21:37:30 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 14 Sep 2020 21:40:20 GMT

Redirect headers

Location: https://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v2.6&appId=1749788565247320
Non-Authoritative-Reason: HSTS

GET
H/1.1

200
OK

embed.js Show response
nafiezresearch.disqus.com/
Redirect Chain

http://nafiezresearch.disqus.com/embed.js
https://nafiezresearch.disqus.com/embed.js

69 KB
22 KB

602ms
557ms

Script
application/javascript

199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://nafiezresearch.disqus.com/embed.js

Requested by

Host: zeifan.my
URL: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

6b8210cbbb8e2004e5d510876e86c5b631df36fde95c6de2667b47bb843e7745

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 14 Sep 2020 21:37:30 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 0
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 21831
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 02 Sep 2020 23:40:47 GMT
Server: nginx
ETag: "5f502d7f-5547"
Strict-Transport-Security: max-age=300; includeSubdomains
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=300
Timing-Allow-Origin: *
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect

Redirect headers

Date: Mon, 14 Sep 2020 21:37:30 GMT
Server: Varnish
Strict-Transport-Security: max-age=300; includeSubdomains
Content-Type: text/html
Location: https://nafiezresearch.disqus.com/embed.js
Cache-Control: public, max-age=31536000
Connection: close
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 219

GET
H2 200 github-btn.html
ghbtns.com/ Frame 212E 0
0 235ms
213ms Document
text/html 2606:4700:3034::ac43:a60b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ghbtns.com/github-btn.html?user=agusmakmun&repo=agusmakmun.github.io&type=star&count=true

Requested by

Host: zeifan.my
URL: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::ac43:a60b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: ghbtns.com
:scheme: https
:path: /github-btn.html?user=agusmakmun&repo=agusmakmun.github.io&type=star&count=true
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html

Response headers

status: 200
date: Mon, 14 Sep 2020 21:37:30 GMT
content-type: text/html; charset=utf-8
set-cookie: __cfduid=d49bdc056a03ea50c1764da5f53a536a61600119450; expires=Wed, 14-Oct-20 21:37:30 GMT; path=/; domain=.ghbtns.com; HttpOnly; SameSite=Lax; Secure
last-modified: Wed, 20 May 2020 05:36:59 GMT
vary: Accept-Encoding
access-control-allow-origin: *
expires: Mon, 14 Sep 2020 21:47:30 GMT
cache-control: max-age=1800
x-proxy-cache: MISS
x-github-request-id: F4BC:3BD2:9D8B8A:BE0177:5F5FE29A
cf-cache-status: MISS
cf-request-id: 05302641ea00000742cd87f200000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 5d2d3fe31ea40742-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 github-btn.html
ghbtns.com/ Frame C227 0
0 238ms
217ms Document
text/html 2606:4700:3034::ac43:a60b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ghbtns.com/github-btn.html?user=agusmakmun&repo=agusmakmun.github.io&type=fork&count=true

Requested by

Host: zeifan.my
URL: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::ac43:a60b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: ghbtns.com
:scheme: https
:path: /github-btn.html?user=agusmakmun&repo=agusmakmun.github.io&type=fork&count=true
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html

Response headers

status: 200
date: Mon, 14 Sep 2020 21:37:30 GMT
content-type: text/html; charset=utf-8
set-cookie: __cfduid=d49bdc056a03ea50c1764da5f53a536a61600119450; expires=Wed, 14-Oct-20 21:37:30 GMT; path=/; domain=.ghbtns.com; HttpOnly; SameSite=Lax; Secure
x-origin-cache: HIT
last-modified: Wed, 20 May 2020 05:36:59 GMT
vary: Accept-Encoding
access-control-allow-origin: *
expires: Mon, 14 Sep 2020 21:47:30 GMT
cache-control: max-age=1800
x-proxy-cache: MISS
x-github-request-id: F342:4175:2BEF:342E:5F5A2E6E
cf-cache-status: REVALIDATED
cf-request-id: 05302641ea00000742cd880200000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 5d2d3fe31ea50742-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 1 B
92 B 13ms
13ms XHR
text/plain 2a00:1450:4001:81a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j85&a=1188653702&t=pageview&_s=1&dl=http%3A%2F%2Fzeifan.my%2Fsecurity%2Farbitrary%2520file%2Feop%2F2020%2F07%2F21%2Favast-secureline-vpn-arb-file-eop.html&ul=en-us&de=UTF-8&dt=CVE-2020-25289%20-%20AVAST%20SecureLine%20VPN%20-%20Arbitrary%20File%20Creation%20Vulnerability%20-%20Security%20Research&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1927020705&gjid=590341166&cid=1867853972.1600119450&tid=UA-XXXXXXXX-Y&_gid=1790249744.1600119450&_r=1&z=538196913

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 14 Sep 2020 21:37:30 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: text/plain
access-control-allow-origin: http://zeifan.my
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 201 KB
61 KB 18ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=1778698cc3eadbf02f55a7881e10d8fa&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: http://connect.facebook.net/en_US/sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

6c23615331e221ee0033c355813a9855b059f13b9c6483ca13ef995044a77fd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: http://zeifan.my
Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: qzc46kSCJGv6G/2G3uVuhw==
status: 200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 62344
etag: "2a4cf9ef65d6813a35b164413e47e299"
x-fb-debug: CF/1nIM6WJge/pkHKpIquXDtwe+xGgIAcf5rsBIYLqay37JEUgwBpWenZwOVRvOKaJaEqLgr9x6St4cs5sJOLg==
x-fb-trip-id: 664085054
x-fb-content-md5: 9722ed35ac62709b9d1cef0465fb74db
x-frame-options: DENY
date: Mon, 14 Sep 2020 21:37:30 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin: *
expires: Tue, 14 Sep 2021 20:16:04 GMT

GET
H/1.1 200
OK sitemap.xml Show response
zeifan.my/ 359 KB
84 KB 131ms
131ms XHR
application/rss+xml 185.199.110.153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://zeifan.my/sitemap.xml
Requested by: Host: zeifan.my
URL: http://zeifan.my/static/js/super-search.js
Protocol: HTTP/1.1
Server: 185.199.110.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: GitHub.com /
Resource Hash: 84e615e836f16b77a09958bce0f3e1a22e78d0fd6a060b2f5f6e249d346a87de

Request headers

Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Fastly-Request-ID: 4c20c9b2838907939b2b7f9c2a02d0053457d379
Date: Mon, 14 Sep 2020 21:37:30 GMT
Content-Encoding: gzip
Age: 0
X-Cache: MISS
Connection: keep-alive
Content-Length: 85227
X-Served-By: cache-ams21080-AMS
Access-Control-Allow-Origin: *
Last-Modified: Mon, 14 Sep 2020 02:22:12 GMT
Server: GitHub.com
X-GitHub-Request-Id: 4220:B1CC:27B3A83:2A79240:5F5FE29A
X-Timer: S1600119450.137768,VS0,VE104
ETag: W/"5f5ed3d4-59b85"
Vary: Accept-Encoding
Content-Type: application/xml
Via: 1.1 varnish
Expires: Mon, 14 Sep 2020 21:47:30 GMT
Cache-Control: max-age=600
Accept-Ranges: bytes
X-Proxy-Cache: MISS
X-Cache-Hits: 0

GET
H/1.1 200
OK loadingAnimation.gif
zeifan.my/static/img/ 6 KB
6 KB 109ms
109ms Image
image/gif 185.199.110.153
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://zeifan.my/static/img/loadingAnimation.gif
Requested by: Host: zeifan.my
URL: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
Protocol: HTTP/1.1
Server: 185.199.110.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: GitHub.com /
Resource Hash: e69abd7e0cc82f336e61fea889e406ecbbeb7ece1df960231b7a9ba0d1dd1676

Request headers

Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Fastly-Request-ID: cc79289b7e4b3f6818b11032036d212e49c4cc5d
Date: Mon, 14 Sep 2020 21:37:30 GMT
Via: 1.1 varnish
Age: 0
X-Cache: MISS
Connection: keep-alive
Content-Length: 5886
X-Served-By: cache-ams21081-AMS
Last-Modified: Mon, 14 Sep 2020 02:22:08 GMT
Server: GitHub.com
X-GitHub-Request-Id: 6768:B1B4:46AD094:4B6FD4E:5F5FE297
X-Timer: S1600119450.146011,VS0,VE90
ETag: "5f5ed3d0-16fe"
Vary: Accept-Encoding
Content-Type: image/gif
Access-Control-Allow-Origin: *
Expires: Mon, 14 Sep 2020 21:47:30 GMT
Cache-Control: max-age=600
Accept-Ranges: bytes
X-Origin-Cache: HIT
X-Proxy-Cache: MISS
X-Cache-Hits: 0

GET
H3-Q050 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.hc3rLxj9u8o.O/m=plus/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCMtAagp6kGxB19Nep_bTJunj37kww/ 186 KB
64 KB 31ms
16ms Script
text/javascript 2a00:1450:4001:81f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.hc3rLxj9u8o.O/m=plus/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCMtAagp6kGxB19Nep_bTJunj37kww/cb=gapi.loaded_0

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/platform.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c576239a5d7a05a7a401db2b799d6db73662c8dc5f534a4629f4d6b04b3a74a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 17:11:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sun, 02 Aug 2020 22:35:54 GMT
server: sffe
age: 15977
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 65127
x-xss-protection: 0
expires: Tue, 14 Sep 2021 17:11:13 GMT

GET
H3-Q050 200 cb=gapi.loaded_1 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.hc3rLxj9u8o.O/m=auth/exm=plus/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCMtAagp6kGxB19Nep_bTJunj37kww/ 74 KB
26 KB 27ms
14ms Script
text/javascript 2a00:1450:4001:81f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.hc3rLxj9u8o.O/m=auth/exm=plus/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCMtAagp6kGxB19Nep_bTJunj37kww/cb=gapi.loaded_1

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/platform.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dcc9960b08adcb69b5fc8743d6cd447c30b6690d2274c6d7800d294e49ddc7e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 17:11:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sun, 02 Aug 2020 22:35:54 GMT
server: sffe
age: 15953
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26496
x-xss-protection: 0
expires: Tue, 14 Sep 2021 17:11:37 GMT

GET
H3-Q050 404 sharebutton
apis.google.com/se/0/_/+1/ Frame 9D0D 0
0 34ms
30ms Document
text/html 2a00:1450:4001:81f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/se/0/_/+1/sharebutton?plusShare=true&usegapi=1&action=share&annotation=bubble&origin=http%3A%2F%2Fzeifan.my&url=http%3A%2F%2Fzeifan.my%2Fsecurity%2Farbitrary%2520file%2Feop%2F2020%2F07%2F21%2Favast-secureline-vpn-arb-file-eop.html&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.hc3rLxj9u8o.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCMtAagp6kGxB19Nep_bTJunj37kww%2Fm%3D__features__

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/platform.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-VISOE1sPaKXJ+KGyshduzg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: apis.google.com
:scheme: https
:path: /se/0/_/+1/sharebutton?plusShare=true&usegapi=1&action=share&annotation=bubble&origin=http%3A%2F%2Fzeifan.my&url=http%3A%2F%2Fzeifan.my%2Fsecurity%2Farbitrary%2520file%2Feop%2F2020%2F07%2F21%2Favast-secureline-vpn-arb-file-eop.html&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.hc3rLxj9u8o.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCMtAagp6kGxB19Nep_bTJunj37kww%2Fm%3D__features__
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: NID=204=tHcVgn4d1BUjhMKLe0criQlFPqeGqtlTihz41R7W0BcZLWVusXv2ICF8DLB3DXNj9EaI9pas9z77rONSeezbY3HJDjxYEm4f6BeSgT40hX0na610NSIIWRtOhoKRsbalGvv1hl5LKzrmeExhJVGbzi483lIUMaqJBNq-kZfAsdg
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html

Response headers

status: 404
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 14 Sep 2020 21:37:30 GMT
content-security-policy: script-src 'report-sample' 'nonce-VISOE1sPaKXJ+KGyshduzg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 widget_iframe.2d7d9a6d04538bf11c7b23641e75738c.html
platform.twitter.com/widgets/ Frame 7CFE 0
0 75ms
31ms Document
text/html 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2d7d9a6d04538bf11c7b23641e75738c.html?origin=http%3A%2F%2Fzeifan.my
Requested by: Host: platform.twitter.com
URL: http://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

:method: GET
:authority: platform.twitter.com
:scheme: https
:path: /widgets/widget_iframe.2d7d9a6d04538bf11c7b23641e75738c.html?origin=http%3A%2F%2Fzeifan.my
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html

Response headers

status: 200
last-modified: Tue, 01 Sep 2020 17:58:17 GMT
cache-control: public, max-age=315360000
content-type: text/html; charset=utf-8
etag: "9fa476ae827f556d5b037fe43632370d+gzip"
content-encoding: gzip
access-control-allow-methods: GET
access-control-allow-origin: *
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
accept-ranges: bytes
date: Mon, 14 Sep 2020 21:37:30 GMT
x-served-by: cache-bwi5125-BWI, cache-hhn4033-HHN
x-cache: HIT, HIT
vary: Accept-Encoding
tw-cdn: FT
content-length: 5825

GET
H2 200 postmessageRelay
accounts.google.com/o/oauth2/ Frame 9679 0
0 132ms
98ms Document
text/html 2a00:1450:4001:801::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/oauth2/postmessageRelay?parent=http%3A%2F%2Fzeifan.my&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.hc3rLxj9u8o.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCMtAagp6kGxB19Nep_bTJunj37kww%2Fm%3D__features__

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.hc3rLxj9u8o.O/m=auth/exm=plus/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCMtAagp6kGxB19Nep_bTJunj37kww/cb=gapi.loaded_1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-fDqFqn5jd81OPu7afqqmrA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
X-Xss-Protection	0

Request headers

:method: GET
:authority: accounts.google.com
:scheme: https
:path: /o/oauth2/postmessageRelay?parent=http%3A%2F%2Fzeifan.my&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.hc3rLxj9u8o.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCMtAagp6kGxB19Nep_bTJunj37kww%2Fm%3D__features__
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: NID=204=tHcVgn4d1BUjhMKLe0criQlFPqeGqtlTihz41R7W0BcZLWVusXv2ICF8DLB3DXNj9EaI9pas9z77rONSeezbY3HJDjxYEm4f6BeSgT40hX0na610NSIIWRtOhoKRsbalGvv1hl5LKzrmeExhJVGbzi483lIUMaqJBNq-kZfAsdg
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 14 Sep 2020 21:37:30 GMT
content-security-policy: script-src 'report-sample' 'nonce-fDqFqn5jd81OPu7afqqmrA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 button.e24f3bcdec527b80b9c80e88b62047c3.js Show response
platform.twitter.com/js/ 7 KB
2 KB 23ms
22ms Script
application/javascript 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/button.e24f3bcdec527b80b9c80e88b62047c3.js
Requested by: Host: platform.twitter.com
URL: http://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: da3e524928bcca821af2551eb6f9e9ae2449ceb48642cce4f2dae23383098537

Request headers

Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 21:37:30 GMT
content-encoding: gzip
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 2295
x-served-by: cache-bwi5134-BWI, cache-hhn4033-HHN
last-modified: Tue, 01 Sep 2020 17:58:08 GMT
etag: "2288bbd5e30b6dba457d3d615de9e136+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=315360000
accept-ranges: bytes
tw-cdn: FT

GET
H2 200 tweet_button.2d7d9a6d04538bf11c7b23641e75738c.en.html
platform.twitter.com/widgets/ Frame 2D74 0
0 22ms
21ms Document
text/html 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.2d7d9a6d04538bf11c7b23641e75738c.en.html
Requested by: Host: platform.twitter.com
URL: http://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

:method: GET
:authority: platform.twitter.com
:scheme: https
:path: /widgets/tweet_button.2d7d9a6d04538bf11c7b23641e75738c.en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html

Response headers

status: 200
last-modified: Tue, 01 Sep 2020 17:58:14 GMT
cache-control: public, max-age=315360000
content-type: text/html; charset=utf-8
etag: "287ee8422006a852a093d257a3e63161+gzip"
content-encoding: gzip
access-control-allow-methods: GET
access-control-allow-origin: *
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
accept-ranges: bytes
date: Mon, 14 Sep 2020 21:37:30 GMT
x-served-by: cache-bwi5127-BWI, cache-hhn4033-HHN
x-cache: HIT, HIT
vary: Accept-Encoding
tw-cdn: FT
content-length: 12279

GET
H2 200 jot
syndication.twitter.com/i/ 43 B
337 B 152ms
152ms Image
image/gif 104.244.42.8
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22widget_origin%22%3A%22http%3A%2F%2Fzeifan.my%2Fsecurity%2Farbitrary%2520file%2Feop%2F2020%2F07%2F21%2Favast-secureline-vpn-arb-file-eop.html%22%2C%22widget_frame%22%3Afalse%2C%22widget_site_screen_name%22%3A%22zeifan%22%2C%22widget_creator_screen_name%22%3A%22zeifan%22%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1600119450484%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22219d021%3A1598982042171%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D

Requested by

Host: zeifan.my
URL: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.8 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 21:37:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 127
pragma: no-cache
last-modified: Mon, 14 Sep 2020 21:37:30 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 5c5b6f3d7c4a18c08bffe94251ea1fb5
x-transaction: 009025d5003b7abe
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 lounge.6525595c7a9874fa10bd041275e40f17.css
c.disquscdn.com/next/embed/styles/ 0
22 KB 30ms
12ms Other
text/css 2606:4700::6812:a813
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.6525595c7a9874fa10bd041275e40f17.css

Requested by

Host: nafiezresearch.disqus.com
URL: http://nafiezresearch.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a813 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 21:37:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 4764965
status: 200
strict-transport-security: max-age=300; includeSubdomains
content-length: 22092
x-xss-protection: 1; mode=block
timing-allow-origin: *
last-modified: Mon, 20 Jul 2020 23:36:39 GMT
server: cloudflare
etag: "5f162a87-564c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
cf-request-id: 05302644c800000ebba3179200000001
accept-ranges: bytes
cf-ray: 5d2d3fe7ace20ebb-FRA
expires: Wed, 21 Jul 2021 18:01:24 GMT

GET
H2 200 common.bundle.e07f4f02bedd02259fb3f3e092970560.js
c.disquscdn.com/next/embed/ 0
88 KB 31ms
14ms Other
application/javascript 2606:4700::6812:a813
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.e07f4f02bedd02259fb3f3e092970560.js

Requested by

Host: nafiezresearch.disqus.com
URL: http://nafiezresearch.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a813 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 21:37:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1358232
status: 200
strict-transport-security: max-age=300; includeSubdomains
content-length: 89940
x-xss-protection: 1; mode=block
timing-allow-origin: *
last-modified: Sun, 30 Aug 2020 04:13:44 GMT
server: cloudflare
etag: "5f4b2778-15f54"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
cf-request-id: 05302644c800000ebba317a200000001
accept-ranges: bytes
cf-ray: 5d2d3fe7ace40ebb-FRA
expires: Mon, 30 Aug 2021 04:20:17 GMT

GET
H2 200 lounge.bundle.f08ab706542f4d9b2998c2ce6f1a5173.js
c.disquscdn.com/next/embed/ 0
113 KB 36ms
20ms Other
application/javascript 2606:4700::6812:a813
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.f08ab706542f4d9b2998c2ce6f1a5173.js

Requested by

Host: nafiezresearch.disqus.com
URL: http://nafiezresearch.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a813 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Sep 2020 21:37:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 491312
status: 200
strict-transport-security: max-age=300; includeSubdomains
content-length: 115360
x-xss-protection: 1; mode=block
timing-allow-origin: *
last-modified: Wed, 26 Aug 2020 23:14:19 GMT
server: cloudflare
etag: "5f46eccb-1c2a0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
cf-request-id: 05302644c900000ebba317b200000001
accept-ranges: bytes
cf-ray: 5d2d3fe7ace80ebb-FRA
expires: Thu, 26 Aug 2021 23:49:00 GMT

GET
H/1.1 200
OK config.js
disqus.com/next/ 0
7 KB 59ms
19ms Other
application/javascript 151.101.192.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: nafiezresearch.disqus.com
URL: http://nafiezresearch.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 14 Sep 2020 21:37:30 GMT
X-Content-Type-Options: nosniff
Content-Type: application/javascript; charset=UTF-8
Server: nginx
Age: 29
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 7005
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK /
disqus.com/embed/comments/ Frame BD15 0
0 154ms
153ms Document
text/html 151.101.192.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/embed/comments/?base=default&f=nafiezresearch&t_i=https%3A%2F%2Fnafiez.github.io_CVE-2020-25289%20-%20AVAST%20SecureLine%20VPN%20-%20Arbitrary%20File%20Creation%20Vulnerability&t_u=http%3A%2F%2Fzeifan.my%2Fsecurity%2Farbitrary%2520file%2Feop%2F2020%2F07%2F21%2Favast-secureline-vpn-arb-file-eop.html&t_e=CVE-2020-25289%20-%20AVAST%20SecureLine%20VPN%20-%20Arbitrary%20File%20Creation%20Vulnerability&t_d=CVE-2020-25289%20-%20AVAST%20SecureLine%20VPN%20-%20Arbitrary%20File%20Creation%20Vulnerability&t_t=CVE-2020-25289%20-%20AVAST%20SecureLine%20VPN%20-%20Arbitrary%20File%20Creation%20Vulnerability&s_o=default

Requested by

Host: nafiezresearch.disqus.com
URL: http://nafiezresearch.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src https://.twitter.com: https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://.services.disqus.com: https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: disqus.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html

Response headers

Connection: keep-alive
Content-Length: 1160
Server: nginx
Content-Type: text/html; charset=utf-8
Content-Security-Policy: script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Link: <https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Cache-Control: stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
Date: Mon, 14 Sep 2020 21:37:31 GMT
Age: 0
Vary: Accept-Encoding
Strict-Transport-Security: max-age=300; includeSubdomains

GET
H2 200 share_button.php
www.facebook.com/v2.6/plugins/ Frame CE19 0
0 63ms
63ms Document
text/html 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.6/plugins/share_button.php?app_id=1749788565247320&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1e5aa9e155df78%26domain%3Dzeifan.my%26origin%3Dhttp%253A%252F%252Fzeifan.my%252Ff357e38db170f48%26relation%3Dparent.parent&container_width=710&href=https%3A%2F%2Fnafiez.github.io%2Fsecurity%2Farbitrary%2520file%2Feop%2F2020%2F07%2F21%2Favast-secureline-vpn-arb-file-eop.html&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=1778698cc3eadbf02f55a7881e10d8fa&ua=modern_es6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.facebook.com
:scheme: https
:path: /v2.6/plugins/share_button.php?app_id=1749788565247320&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1e5aa9e155df78%26domain%3Dzeifan.my%26origin%3Dhttp%253A%252F%252Fzeifan.my%252Ff357e38db170f48%26relation%3Dparent.parent&container_width=710&href=https%3A%2F%2Fnafiez.github.io%2Fsecurity%2Farbitrary%2520file%2Feop%2F2020%2F07%2F21%2Favast-secureline-vpn-arb-file-eop.html&layout=button_count&locale=en_US&sdk=joey
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html

Response headers

status: 200
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
pragma: no-cache
strict-transport-security: max-age=15552000; preload
content-encoding: br
timing-allow-origin: *
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
vary: Accept-Encoding
x-content-type-options: nosniff
facebook-api-version: v3.1
x-xss-protection: 0
content-type: text/html; charset="utf-8"
x-fb-debug: 3upClmX73spH7fQL4OX9rHwYBWCQUcUvKpitFMD4D/+bsaL+7KAtne6cEWDwzyp0/f2a4cz7XNrvYkWSH8ENiA==
date: Mon, 14 Sep 2020 21:37:31 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600

GET
H/1.1 200
OK stat.gif
referrer.disqus.com/juggler/ 43 B
295 B 196ms
150ms Image
image/gif 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://referrer.disqus.com/juggler/stat.gif?event=failed_embed.server.15

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://zeifan.my/security/arbitrary%20file/eop/2020/07/21/avast-secureline-vpn-arb-file-eop.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 14 Sep 2020 21:37:31 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Content-Type: image/gif
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block

Verdicts & Comments Add Verdict or Comment

43 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.google.com/	1970-01-19 16:52:10	Name: NID Value: 204=tHcVgn4d1BUjhMKLe0criQlFPqeGqtlTihz41R7W0BcZLWVusXv2ICF8DLB3DXNj9EaI9pas9z77rONSeezbY3HJDjxYEm4f6BeSgT40hX0na610NSIIWRtOhoKRsbalGvv1hl5LKzrmeExhJVGbzi483lIUMaqJBNq-kZfAsdg
.zeifan.my/	1970-01-19 12:28:39	Name: _gat Value: 1
.zeifan.my/	1970-01-19 12:30:05	Name: _gid Value: GA1.2.1790249744.1600119450
.zeifan.my/	1970-01-20 05:59:51	Name: _ga Value: GA1.2.1867853972.1600119450

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
ajax.googleapis.com
apis.google.com
c.disquscdn.com
code.jquery.com
connect.facebook.net
disqus.com
fonts.googleapis.com
fonts.gstatic.com
ghbtns.com
maxcdn.bootstrapcdn.com
nafiezresearch.disqus.com
offsec.almond.consulting
platform.twitter.com
raw.githubusercontent.com
referrer.disqus.com
syndication.twitter.com
www.facebook.com
www.google-analytics.com
zeifan.my
104.244.42.8
151.101.112.157
151.101.12.133
151.101.192.134
185.199.110.153
199.232.196.134
2001:4de0:ac19::1:b:1a
2001:4de0:ac19::1:b:3b
2606:4700:10::ac43:484
2606:4700:3034::ac43:a60b
2606:4700::6812:a813
2a00:1450:4001:801::2003
2a00:1450:4001:801::200d
2a00:1450:4001:814::200a
2a00:1450:4001:81a::200a
2a00:1450:4001:81a::200e
2a00:1450:4001:81f::200e
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
008a1d103902f15fdb1c191fcb1ce8954330e7b8de43d09abb08555ba609f420
02202c50b04a181948689b152b611ea16bdb1baa30af000c3153497dcad79472
092f3201317b7ef608f6a899d395d36cffcca4d6824f00bc50120e84341c76f2
11ec0b5d661dc821d7f64d279c0f4d5f12d55a278cf4096d06378c03a3d518c9
1e67d8dbcca1f6fd94e077c85c2fb40fa1c2756c99238daa8da882144260a68d
1fbd06d98ff87713eb030669571c929ab75539f05252f04ae1df807c28b20e95
3299587193571f5e3505dfc7ce6c0c4f79e35941d0afac67c9bb880f65ed8616
3f333b5fea53cbe5dde34fcbd8e46410fa7594ec0a73e6d56cb798951800c7a7
49a1b4e1296645aa2f513c87a0e5fe56a305a7ed678c2f6499631ec1f3b35856
532d9ab6bd0c56dd768ec80a67aa52a65d480c5368ba3f9c0a9201d8ed8034a8
5b27344b10b8d05fcc1bba8dde99c972c3b7bf98eb33203301c3965f0ed3c6b5
613c908d7a928c3f1be4327f4933dd90f83726167a03af9dbef2e8290d3d5a5b
6b8210cbbb8e2004e5d510876e86c5b631df36fde95c6de2667b47bb843e7745
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c23615331e221ee0033c355813a9855b059f13b9c6483ca13ef995044a77fd1
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73
82508f0d04c9d936c38c6a25735b6846b797d096d49418bc0994991dc5b866d0
84e615e836f16b77a09958bce0f3e1a22e78d0fd6a060b2f5f6e249d346a87de
898d05a17f2cfc5120ddcdba47a885c378c0b466f30f0700e502757e24b403a1
987c4485d7d8f2ab599b7e24d325aa81a2004354496364607e94e1f0d8312266
9f3191218fc9d5c56ac0e46b1def938c2302ab8eca1942fe0c648e480d1fe30f
a761b426004caba495cdac2c93ce7dd306c47bc4d7bdc63c4840c3d8182396a9
aaa6ab83b216040a340f50bce132d4ca7c40c711574191ad22858aec6a4ba67f
ac42e86ff1d0fc78a7870a72cf5d1bbf0a509a852dba1d8abdc734892b0d4844
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682
b575b80688c74aba614e724a3c69947e381c82fbd414a54b27e65174d14af639
bd7ce42d90f892c4bba5eb7e49de728579ad86a63bb23b76847ebb4b3df55cd0
c576239a5d7a05a7a401db2b799d6db73662c8dc5f534a4629f4d6b04b3a74a8
c9e6a013f26b21ac48e840a2a6f205d159d730aadab2e417a6858be658c309c4
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d3075062966e6b11fc5c7e07de7b273b669b992ee03d98762f2f1da1e9cd51a2
da3e524928bcca821af2551eb6f9e9ae2449ceb48642cce4f2dae23383098537
dcc9960b08adcb69b5fc8743d6cd447c30b6690d2274c6d7800d294e49ddc7e4
df02043042ddb4712851d47e53d4f308ec1c05c0edd66a731869bf97bd4b44cd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e649e65672b965127b1dab8fac1e82a57f654d661ab4b88e564cea67fa925166
e69abd7e0cc82f336e61fea889e406ecbbeb7ece1df960231b7a9ba0d1dd1676
e87e02e82a49944df94b814a11a01d83f09a87832bef388071c30eeecf4120e3
e9503448692b738dd260fbd7f7cabf2e11f09b600fa97e6eb3a56eba5b1a7e9b
f5998d51815e804f2b09c6156e9b0320d9d6dc15b8ae5d10eba71e45ae6b00c3
f6408d3c58b33f3fa8ed24f47cc888799393627aaeccd6f71f3da01c82ffcdf3

zeifan.my Open in urlscan Pro 185.199.110.153 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

53 Requests

66 %HTTPS

68 %IPv6

15 Domains

20 Subdomains

19 IPs

4 Countries

6986 kBTransfer

7728 kBSize

4 Cookies

12 Outgoing links

Redirected requests

53 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

zeifan.my Open in urlscan Pro
185.199.110.153 Public Scan

Screenshot
Live screenshot

Full Image

53
Requests

66 %
HTTPS

68 %
IPv6

15
Domains

20
Subdomains

19
IPs

4
Countries

6986 kB
Transfer

7728 kB
Size

4
Cookies

53 HTTP transactions
0 data transactions