bishopfox.com Open in urlscan Pro
2606:4700:20::ac43:532a Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui
Effective URL:
https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Submission: On September 15 via api (September 15th 2022, 2:49:47 am UTC) from US — Scanned from DE

Summary HTTP 100 Redirects Links 35 Behaviour Indicators

Summary

This website contacted 29 IPs in 6 countries across 23 domains to perform 100 HTTP transactions. The main IP is 2606:4700:20::ac43:532a, located in United States and belongs to CLOUDFLARENET, US. The main domain is bishopfox.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 4th 2022. Valid for: a year.

This is the only time bishopfox.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 11	2606:4700:20:... 2606:4700:20::ac43:532a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42:400... 2a04:4e42:400::485	54113 (FASTLY) (FASTLY)
1	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	52.219.177.209 52.219.177.209	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:810::2008	15169 (GOOGLE) (GOOGLE)
19	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
10	104.17.74.206 104.17.74.206	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:80e::200e	15169 (GOOGLE) (GOOGLE)
3	2001:4860:480... 2001:4860:4802:38::178	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:11a... 2a02:26f0:11a::6867:4868	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2a00:1450:400... 2a00:1450:4001:812::2010	15169 (GOOGLE) (GOOGLE)
2	92.123.8.217 92.123.8.217	16625 (AKAMAI-AS) (AKAMAI-AS)
7	96.16.137.162 96.16.137.162	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a04:4e42::622 2a04:4e42::622	54113 (FASTLY) (FASTLY)
4	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c06::9b	15169 (GOOGLE) (GOOGLE)
2 4	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:830::2006	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:810::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:803::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:829::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82f::2016	15169 (GOOGLE) (GOOGLE)
3 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	185.89.210.122 185.89.210.122	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2a00:1450:400... 2a00:1450:400e:811::2013	15169 (GOOGLE) (GOOGLE)
1	192.28.147.68 192.28.147.68	15224 (OMNITURE) (OMNITURE)
2	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
100	29

11 2606:4700:20::ac43:532a (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

know.bishopfox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
bishopfox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 52.219.177.209 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: s3.us-east-2.amazonaws.com

s3.us-east-2.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 104.17.74.206 (None, )

ASN13335 (CLOUDFLARENET, US)

go.bishopfox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googleoptimize.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2001:4860:4802:38::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:11a::6867:4868 (Vienna, Austria)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:812::2010 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

storage.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 92.123.8.217 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a92-123-8-217.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 96.16.137.162 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a96-16-137-162.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::622 (United States)

ASN54113 (FASTLY, US)

fast.wistia.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c06::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

jnn-pa.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:803::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

yt3.ggpht.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::2016 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.89.210.122 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400e:811::2013 (Ireland)

ASN15169 (GOOGLE, US)

www.snapengage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.147.68 (United States)

ASN15224 (OMNITURE, US)

136-utj-516.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
21	bishopfox.com 2 redirects know.bishopfox.com bishopfox.com go.bishopfox.com	506 KB
19	youtube.com www.youtube.com — Cisco Umbrella Rank: 91	2 MB
9	googleapis.com storage.googleapis.com — Cisco Umbrella Rank: 706 jnn-pa.googleapis.com — Cisco Umbrella Rank: 341	191 KB
8	doubleclick.net 2 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 188 googleads.g.doubleclick.net — Cisco Umbrella Rank: 73 static.doubleclick.net — Cisco Umbrella Rank: 439	2 KB
7	6sc.co j.6sc.co — Cisco Umbrella Rank: 16308 c.6sc.co — Cisco Umbrella Rank: 23029 b.6sc.co — Cisco Umbrella Rank: 8700	12 KB
7	amazonaws.com s3.us-east-2.amazonaws.com	914 KB
4	linkedin.com 3 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 894 www.linkedin.com — Cisco Umbrella Rank: 847 px4.ads.linkedin.com — Cisco Umbrella Rank: 6869	4 KB
4	google.com region1.analytics.google.com — Cisco Umbrella Rank: 3915 www.google.com — Cisco Umbrella Rank: 19	29 KB
4	gstatic.com fonts.gstatic.com www.gstatic.com	48 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 94	20 KB
2	ytimg.com i.ytimg.com — Cisco Umbrella Rank: 107	18 KB
2	ggpht.com yt3.ggpht.com — Cisco Umbrella Rank: 206	12 KB
2	google.de www.google.de — Cisco Umbrella Rank: 3469	564 B
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 6777	6 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 141	148 KB
1	mktoresp.com 136-utj-516.mktoresp.com	318 B
1	snapengage.com www.snapengage.com — Cisco Umbrella Rank: 25885	348 B
1	adnxs.com secure.adnxs.com — Cisco Umbrella Rank: 725	701 B
1	wistia.net fast.wistia.net — Cisco Umbrella Rank: 17952	114 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 1614	3 KB
1	googleoptimize.com www.googleoptimize.com — Cisco Umbrella Rank: 1811	41 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 355	29 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 493	832 B
100	23

	Domain	Requested by
19	www.youtube.com	bishopfox.com www.youtube.com www.googletagmanager.com
10	go.bishopfox.com	bishopfox.com go.bishopfox.com
10	bishopfox.com	1 redirects bishopfox.com
7	s3.us-east-2.amazonaws.com	bishopfox.com
6	jnn-pa.googleapis.com	www.youtube.com
5	b.6sc.co	bishopfox.com
4	googleads.g.doubleclick.net	2 redirects www.youtube.com
3	www.google.com	www.youtube.com bishopfox.com
3	storage.googleapis.com	bishopfox.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com bishopfox.com
2	www.gstatic.com	www.youtube.com www.gstatic.com
2	px.ads.linkedin.com	2 redirects
2	i.ytimg.com	www.youtube.com
2	yt3.ggpht.com	www.youtube.com
2	static.doubleclick.net	www.youtube.com
2	www.google.de	bishopfox.com
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	fonts.gstatic.com	www.youtube.com
2	munchkin.marketo.net	bishopfox.com munchkin.marketo.net
2	www.googletagmanager.com	bishopfox.com www.googletagmanager.com
1	136-utj-516.mktoresp.com	munchkin.marketo.net
1	www.snapengage.com	storage.googleapis.com
1	c.6sc.co	j.6sc.co
1	secure.adnxs.com	j.6sc.co
1	px4.ads.linkedin.com	bishopfox.com
1	www.linkedin.com	1 redirects
1	region1.analytics.google.com	www.googletagmanager.com
1	fast.wistia.net	bishopfox.com
1	j.6sc.co	bishopfox.com
1	snap.licdn.com	www.googletagmanager.com
1	www.googleoptimize.com	www.googletagmanager.com
1	cdnjs.cloudflare.com	bishopfox.com
1	cdn.jsdelivr.net	bishopfox.com
1	know.bishopfox.com	1 redirects
100	34

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.linkedin.com
github.com
www.telerik.com
codewhitesec.blogspot.com
docs.microsoft.com
www.slideshare.net
www.blackhat.com
thewover.github.io
portswigger.net
docs.telerik.com
www.defense.gov
facebook.com
linkedin.com
youtube.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-04` - `2023-06-03`	a year	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q1	`2022-03-21` - `2023-04-22`	a year	crt.sh
*.s3.us-east-2.amazonaws.com Amazon	`2021-12-17` - `2022-12-16`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
go.bishopfox.com Cloudflare Inc ECC CA-3	`2022-06-26` - `2023-06-26`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2022-03-01` - `2023-03-01`	a year	crt.sh
storage.googleapis.com GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2022-02-06` - `2023-02-07`	a year	crt.sh
*.6sc.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-08` - `2023-03-11`	a year	crt.sh
fast.wistia.net GlobalSign Atlas R3 DV TLS CA H2 2021	`2021-12-24` - `2023-01-25`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-08-29` - `2022-11-21`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-08-29` - `2022-11-21`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-08-29` - `2022-11-21`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-08-29` - `2022-11-21`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
edgestatic.com GTS CA 1C3	`2022-08-22` - `2022-11-14`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
*.google.de GTS CA 1C3	`2022-08-29` - `2022-11-21`	3 months	crt.sh
www.snapengage.com GTS CA 1D4	`2022-08-23` - `2022-11-21`	3 months	crt.sh
*.mktoresp.com DigiCert TLS RSA SHA256 2020 CA1	`2021-11-30` - `2022-11-30`	a year	crt.sh

This page contains 5 frames:

Primary Page: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Frame ID: 01DCB19299B0FDFBE2BDB4ECCEF4D77F
Requests: 56 HTTP requests in this frame

Frame: https://www.youtube.com/embed/--6PiuvBGAU?enablejsapi=1&origin=https%3A%2F%2Fbishopfox.com
Frame ID: C587A517A0093D66976D82E5FA21BE6F
Requests: 38 HTTP requests in this frame

Frame: https://go.bishopfox.com/dtp-1.0.4.html
Frame ID: F4429528E4C1CFFB41CCCA1E27D9B56A
Requests: 3 HTTP requests in this frame

Frame: https://storage.googleapis.com/code.snapengage.com/cd/4828764552101888/1632347706836.png
Frame ID: 16DB9DD98E3ECDD93AF6A73BEBB45594
Requests: 1 HTTP requests in this frame

Frame: https://go.bishopfox.com/index.php/form/XDFrame
Frame ID: FA6C105A1E809FA87AAFCD841AD3DDAA
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

CVE-2019-18935: Remote Code Execution via Insecure… | Bishop Fox

Page URL History Show full URLs

https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui HTTP 301
https://bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui HTTP 301
https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui Page URL

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Optimize (A/B Testing) Expand

Overall confidence: 100%
Detected patterns

googleoptimize\.com/optimize\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Highlight.js (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

/(?:([\d.])+/)?highlight(?:\.min)?\.js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

100
Requests

94 %
HTTPS

76 %
IPv6

23
Domains

34
Subdomains

29
IPs

6
Countries

3739 kB
Transfer

10158 kB
Size

26
Cookies

35 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/share.php?u=https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui&utm_medium=social&utm_source=facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui&utm_medium=social&utm_source=twitter&source=tweetbutton&text=

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui&utm_medium=social&utm_source=linkedin

Search URL Search Domain Scan URL

URL: https://github.com/noperator/CVE-2019-18935
Title: CVE-2019-18935 GitHub repo

Search URL Search Domain Scan URL

URL: https://www.telerik.com/products/aspnet-ajax.aspx
Title: Telerik UI for ASP.NET AJAX

Search URL Search Domain Scan URL

URL: https://www.telerik.com/support/kb/aspnet-ajax/details/allows-javascriptserializer-deserialization
Title: security advisory for CVE-2019-18935

Search URL Search Domain Scan URL

URL: https://twitter.com/mwulftange
Title: @mwulftange

Search URL Search Domain Scan URL

URL: https://github.com/bao7uo
Title: (@bao7uo

Search URL Search Domain Scan URL

URL: https://github.com/straightblast/UnRadAsyncUpload/wiki
Title: @straightblast's write-up

Search URL Search Domain Scan URL

URL: https://www.telerik.com/support/kb/aspnet-ajax/upload-(async)/details/unrestricted-file-upload
Title: security advisory

Search URL Search Domain Scan URL

URL: https://codewhitesec.blogspot.com/2019/02/telerik-revisited.html
Title: took a closer look

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/dotnet/api/system.web.script.serialization.javascriptserializer.deserialize?view=netframework-4.8
Title: JavaScriptSerializer.Deserialize()

Search URL Search Domain Scan URL

URL: https://www.slideshare.net/frohoff1/appseccali-2015-marshalling-pickles
Title: gadget

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/dotnet/api/system.configuration.install.assemblyinstaller?view=netframework-4.8
Title: path

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/win32/dlls/dllmain
Title: DDLMain()

Search URL Search Domain Scan URL

URL: https://www.blackhat.com/docs/us-17/thursday/us-17-Munoz-Friday-The-13th-JSON-Attacks-wp.pdf
Title: Friday the 13th JSON Attacks

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/cpp/dotnet/mixed-native-and-managed-assemblies?view=vs-2019
Title: mixed mode assembly

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/dotnet/standard/assembly/
Title: assembly

Search URL Search Domain Scan URL

URL: https://thewover.github.io/Introducing-Donut/
Title: article about injecting .NET assemblies

Search URL Search Domain Scan URL

URL: https://thewover.github.io/Mixed-Assemblies/
Title: mixed assemblies

Search URL Search Domain Scan URL

URL: https://www.telerik.com/support/whats-new/aspnet-ajax/release-history
Title: release history

Search URL Search Domain Scan URL

URL: https://portswigger.net/burp/documentation/desktop/functions/search
Title: search

Search URL Search Domain Scan URL

URL: https://github.com/bao7uo/RAU_crypto
Title: RAU_crypto

Search URL Search Domain Scan URL

URL: https://github.com/noperator/CVE-2019-18935/blob/master/sleep.c
Title: sleep.c

Search URL Search Domain Scan URL

URL: https://github.com/noperator/CVE-2019-18935/blob/master/CVE-2019-18935.py
Title: CVE-2019-18935.py

Search URL Search Domain Scan URL

URL: https://www.telerik.com/support/whats-new/aspnet-ajax/release-history/ui-for-asp-net-ajax-r3-2019-sp1-(version-2019-3-1023)
Title: R3 2019 SP1

Search URL Search Domain Scan URL

URL: https://docs.telerik.com/devtools/aspnet-ajax/controls/asyncupload/security
Title: RadAsyncUpload security guide

Search URL Search Domain Scan URL

URL: https://docs.telerik.com/devtools/aspnet-ajax/controls/asyncupload/security#recommended-settings
Title: recommended security settings

Search URL Search Domain Scan URL

URL: https://www.defense.gov/
Title: US Department of Defense

Search URL Search Domain Scan URL

URL: https://twitter.com/noperator

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/caleb-gross/

Search URL Search Domain Scan URL

URL: https://facebook.com/BishopFoxConsulting

Search URL Search Domain Scan URL

URL: https://twitter.com/bishopfox

Search URL Search Domain Scan URL

URL: https://linkedin.com/company/bishop-fox

Search URL Search Domain Scan URL

URL: https://youtube.com/c/Bishopfox

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui HTTP 301
https://bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui HTTP 301
https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 36

https://googleads.g.doubleclick.net/pagead/id HTTP 302
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Request Chain 49

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2404668&time=1663210181778&url=https%3A%2F%2Fbishopfox.com%2Fblog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2404668%26time%3D1663210181778%26url%3Dhttps%253A%252F%252Fbishopfox.com%252Fblog%252Fcve-2019-18935-remote-code-execution-in-telerik-ui%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2404668&time=1663210181778&url=https%3A%2F%2Fbishopfox.com%2Fblog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2404668&time=1663210181778&url=https%3A%2F%2Fbishopfox.com%2Fblog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&liSync=true&e_ipv6=AQJyCdmn3_nWwgAAAYM_DVcezdWoS2i25D166QfczCbdYEXeKi19f1Ffy9qfzsXJw7CPbOM

Request Chain 76

https://googleads.g.doubleclick.net/pagead/id HTTP 302
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

100 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request cve-2019-18935-remote-code-execution-in-telerik-ui Show response
bishopfox.com/blog/
Redirect Chain

https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui
https://bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui
https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui

190 KB
39 KB

620ms
619ms

Document
text/html

2606:4700:20::ac43:532a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:532a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Craft CMS SEOmatic

Resource Hash

0e11df844ad4bbde8d0e1750a60ddd43fbb16d3d6193a5833b046f9a9501fcbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cf-apo-via: origin,no-cache
cf-cache-status: BYPASS
cf-ray: 74ae0cec7a8e83a9-MXP
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 15 Sep 2022 02:49:41 GMT
link: <https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui>; rel='canonical'
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7pPo2HilT6Da85snpE0PXlNE7mNzDIDLHX6Mh4JqTZUtCmm2GDKG5LzHZWnL%2B%2FFvLdIwxfILgdMvin61%2FNt7LPLEmgtRlxI9Pr864Td3svUbiUwq4ionDukf8DAy9AnK1MjIArmUcpZWfEg%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-powered-by: Craft CMS SEOmatic
x-robots-tag: all
x-xss-protection: 1; mode=block

Redirect headers

cf-apo-via: origin,no-cache
cf-cache-status: BYPASS
cf-ray: 74ae0cead9b683a9-MXP
content-type: text/html; charset=UTF-8
date: Thu, 15 Sep 2022 02:49:40 GMT
location: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R%2BKpRBdh2Jxbjz72adJWIuutsbcASy0L70UtpS0GJIkuowTXZ1hdUNhCbsw9v9VIjgpCEz4CxfI3WBRap8qXTX95B0NF2MEEqKocPMgcTGQ5GG7q224L9R%2FeJA67Q9Z%2F7TP6m1qwT1Ay5ck%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-powered-by: Craft CMS
x-xss-protection: 1; mode=block

GET
H2 200 app.css
bishopfox.com/static/styles/ 63 KB
13 KB 34ms
34ms Stylesheet
text/css 2606:4700:20::ac43:532a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bishopfox.com/static/styles/app.css?id=82004dcc05010354f76e

Requested by

Host: bishopfox.com
URL: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:532a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

05efdb775f0bf96921005ceb24157462c7474d2743ded06e04789b520678ca35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 02:49:41 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5502
x-xss-protection: 1; mode=block
last-modified: Wed, 14 Sep 2022 22:07:35 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"632250a7-fa0b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YxEhHPyPvqOYhBGC%2FAoaJR7j%2FtwDNXR9Yx22Fg6hPzIAjZNPKdS0%2BhHPm8Brt8U2IohvpLcmgVVWaGeyjMN66s1cFZZNgTBDg0iPk8pC1NatwxZME%2FhSh55mOKrsoBXsZA2ot9PExPp7hu8%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 74ae0cf06d1183a9-MXP
cf-bgj: minify

GET
H2 200 main.js Show response
bishopfox.com/static/js/ 132 KB
45 KB 37ms
37ms Script
application/javascript 2606:4700:20::ac43:532a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bishopfox.com/static/js/main.js?id=b915f1e5e00470be7133

Requested by

Host: bishopfox.com
URL: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:532a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1b3522ad63d4455254028dda7d23b1d67956ef26f2596b8d2f01a12576ef273b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 02:49:41 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5502
x-xss-protection: 1; mode=block
last-modified: Wed, 13 Jul 2022 16:18:06 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"62cef03e-210ff"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mzDiQWcAM1IJGwRWmQRRqg0lgqxD2E8pBa%2BU%2FCQAiLSAQ119ZQbWYey6R1e7haDpDYOm5yUqzOJgFXLwJmN43g%2FvyQeEykCP6SpdbkEQgcTTrso08XBt08EF3%2FDn8en1n88frNea%2FwuPUBg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 74ae0cf0ad2b83a9-MXP

GET
H2 200 solarized-dark.min.css
cdn.jsdelivr.net/gh/highlightjs/cdn-release@10.1.2/build/styles/ 778 B
832 B 88ms
25ms Stylesheet
text/css 2a04:4e42:400::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@10.1.2/build/styles/solarized-dark.min.css

Requested by

Host: bishopfox.com
URL: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a62395528bf1cec786343dc969b28c2f5a0046cc8e73652780a7408fbbd97a2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 3196827
x-jsd-version: 10.1.2
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 374
etag: W/"30a-8gH5cmaIiZrl8M7l/yQS4GnBH5E"
x-served-by: cache-fra19146-FRA, cache-mxp6968-MXP
x-jsd-version-type: version
date: Thu, 15 Sep 2022 02:49:41 GMT
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 highlight.min.js Show response
cdnjs.cloudflare.com/ajax/libs/highlight.js/10.1.2/ 98 KB
29 KB 84ms
28ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/highlight.js/10.1.2/highlight.min.js

Requested by

Host: bishopfox.com
URL: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8a446896ed6dd5086841d19eefeb98551a65a848e961ac248050254d66e758fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 02:49:41 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 13819877
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 28749
timing-allow-origin: *
last-modified: Thu, 23 Jul 2020 21:15:39 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5f19fdfb-187b4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e42TgqJsHzjkgNLozl67gmeODW%2BG1xfPmc2GJSXZMGFTH9qswp4BmHcpyjwsgLp0pt5PY9oqWpn9FuTernVWMHgoJ2ZMeWQsC%2BTQi9N15l5kwn3E7SfnsA2kZOVA7LDR5zhPJRy%2FmdGW6PlWemJNEWs1"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 74ae0cf0fa880219-ZRH
expires: Tue, 05 Sep 2023 02:49:41 GMT

GET
H2 200 bishopfox-mexico-logo.png
bishopfox.com/static/assets/images/main-menu/ 25 KB
25 KB 35ms
34ms Image
image/png 2606:4700:20::ac43:532a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bishopfox.com/static/assets/images/main-menu/bishopfox-mexico-logo.png

Requested by

Host: bishopfox.com
URL: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:532a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a26c9e631307638ee80b6127043a351f5e1fa90a4fcd8948e27e083a3ecb72cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 02:49:41 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5502
cf-polished: origSize=28841
content-length: 25291
x-xss-protection: 1; mode=block
last-modified: Wed, 14 Sep 2022 22:07:35 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "632250a7-70a9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=edQ5RjyGmr3sGCeJJyY1uZFWRsi0%2Bq20EjOj6Asbsk0KJuxHmHzEWG%2BavLI8%2FAUbRBchS4XB4mwxFmFTxpG0tJ0XwrAwJTQaDW7P2h80MpG54yDfL6zJFjTVXxMr6YRsny7DeqXRq12armk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 74ae0cf13d8683a9-MXP
cf-bgj: imgq:85,h2pri

GET
H/1.1 200
OK Bishop-Fox_Blog-Post_Telerik_FI-01_2022-05-18-224348_nhah.jpg
s3.us-east-2.amazonaws.com/s3.bishopfox.com/prod-1437/Images/channels/blog/tiles/ 80 KB
80 KB 432ms
159ms Image
image/jpeg 52.219.177.209
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.us-east-2.amazonaws.com/s3.bishopfox.com/prod-1437/Images/channels/blog/tiles/Bishop-Fox_Blog-Post_Telerik_FI-01_2022-05-18-224348_nhah.jpg
Requested by: Host: bishopfox.com
URL: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.219.177.209 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3.us-east-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: 365f167a75f0de021be3c1a8a7cc99a3e21cc666f2889ccce438c3f013e0c10c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 15 Sep 2022 02:49:42 GMT
Last-Modified: Fri, 27 May 2022 16:36:53 GMT
Server: AmazonS3
x-amz-request-id: 1JRAYHNZXFQ0HHR0
ETag: "d05a60bbb3ffb2e82a234a6ba3112e43"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 81912
x-amz-id-2: jsjQ1DKInaYwt4SPep3KJCAL8cgLcGzfsJyfK7G6iJuVp3a+WLNgINDwMDg3tqRc23/TQneKhSg=

GET
H/1.1 200
OK caleb.jpg
s3.us-east-2.amazonaws.com/s3.bishopfox.com/prod-1437/Images/headshots/ 266 KB
266 KB 440ms
178ms Image
image/jpeg 52.219.177.209
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.us-east-2.amazonaws.com/s3.bishopfox.com/prod-1437/Images/headshots/caleb.jpg
Requested by: Host: bishopfox.com
URL: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.219.177.209 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3.us-east-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: 9a40ca2af2fff49c941718d910ddbb14cfba33c61ecbbd030fb8b64338f6f83d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 15 Sep 2022 02:49:42 GMT
Last-Modified: Tue, 02 Nov 2021 22:10:28 GMT
Server: AmazonS3
x-amz-request-id: 1JR54ZFCTBQC33M0
ETag: "1de0ced9a82d25eaf8f9cfdb6c6c03d5"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 272524
x-amz-id-2: 3C4V46+71raaJHaFIsdrDTd1Cw5unNE0dCu1LbHm+ukhHxQyFU7HA84RLsVaxf8nPziSkPa4/hw=

GET
H/1.1 200
OK Bishop-Fox-Blog-CloudFox.jpg
s3.us-east-2.amazonaws.com/s3.bishopfox.com/prod-1437/Images/channels/blog/tiles/ 56 KB
56 KB 393ms
131ms Image
image/jpeg 52.219.177.209
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.us-east-2.amazonaws.com/s3.bishopfox.com/prod-1437/Images/channels/blog/tiles/Bishop-Fox-Blog-CloudFox.jpg
Requested by: Host: bishopfox.com
URL: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.219.177.209 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3.us-east-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: bf3ab0c0532b83d60780ce8553648624abe53c991e59339a92ed797787458017

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 15 Sep 2022 02:49:42 GMT
Last-Modified: Wed, 07 Sep 2022 19:40:27 GMT
Server: AmazonS3
x-amz-request-id: 1JRBXH5B3342SY7C
ETag: "573f9bc9a9e4c38abd6823337f991de7"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 57455
x-amz-id-2: sXPp4NDQHn/1Zm+6ijvLjmGjOHQKgLMYKEdsCVLjSi5+TrHB5tEQw1AqERV9eHLGeQNDR/zifqM=

GET
H/1.1 200
OK Bishop-Fox-Blog-Unredacter-Challenge-Winner-F.jpg
s3.us-east-2.amazonaws.com/s3.bishopfox.com/prod-1437/Images/channels/blog/featured-images/ 79 KB
79 KB 427ms
165ms Image
image/jpeg 52.219.177.209
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.us-east-2.amazonaws.com/s3.bishopfox.com/prod-1437/Images/channels/blog/featured-images/Bishop-Fox-Blog-Unredacter-Challenge-Winner-F.jpg
Requested by: Host: bishopfox.com
URL: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.219.177.209 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3.us-east-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: 6a969c79ac8d6e5d001e22d4d49d1f0544f99bfa2cf1b1c48e8923de89eb2d01

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 15 Sep 2022 02:49:42 GMT
Last-Modified: Tue, 06 Sep 2022 17:49:58 GMT
Server: AmazonS3
x-amz-request-id: 1JRFYTE7XMZXMY7S
ETag: "47c72089673965d13008e139f4ee8944"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 80798
x-amz-id-2: riqzQyXzZENm5EQWUfhCGUOAzlkaX6+TavUu3SbaFSTuHJlpYwqcx+kryTY0pEm4W9tgq9dwlJg=

GET
H/1.1 200
OK Bishop-Fox-Blog-IoT-RNG.jpg
s3.us-east-2.amazonaws.com/s3.bishopfox.com/prod-1437/Images/channels/blog/tiles/ 65 KB
65 KB 392ms
130ms Image
image/jpeg 52.219.177.209
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.us-east-2.amazonaws.com/s3.bishopfox.com/prod-1437/Images/channels/blog/tiles/Bishop-Fox-Blog-IoT-RNG.jpg
Requested by: Host: bishopfox.com
URL: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.219.177.209 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3.us-east-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: b0f9f58059171f47eca8dc77678f9fc3e823a32e00d69a84fb031bc13c2bcd23

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 15 Sep 2022 02:49:42 GMT
Last-Modified: Tue, 23 Aug 2022 18:49:30 GMT
Server: AmazonS3
x-amz-request-id: 1JR4WWWKAJ114V97
ETag: "3018e7cf55c97f5f27a2f1ef67daa75f"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 66378
x-amz-id-2: GxlISUxUMhKjwdozzd/muwZeMC5iG/utiEipzGiQthE1S0MmYUemC01Fhz8hFCUvX7PKUushYZw=

GET
H/1.1 200
OK Bishop-Fox-Blog-Bluetooth-Technology.jpg
s3.us-east-2.amazonaws.com/s3.bishopfox.com/prod-1437/Images/channels/blog/featured-images/ 234 KB
234 KB 397ms
135ms Image
image/jpeg 52.219.177.209
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.us-east-2.amazonaws.com/s3.bishopfox.com/prod-1437/Images/channels/blog/featured-images/Bishop-Fox-Blog-Bluetooth-Technology.jpg
Requested by: Host: bishopfox.com
URL: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.219.177.209 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3.us-east-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: 52f75ba6639f6de5ac66372002c168ebdfb49532335e6d5e25403a7d803ea706

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 15 Sep 2022 02:49:42 GMT
Last-Modified: Thu, 30 Jun 2022 16:16:54 GMT
Server: AmazonS3
x-amz-request-id: 1JREPN89M6TW1Z4K
ETag: "0127f94dba4c28765a9534a2dab97471"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 239610
x-amz-id-2: LoIvT7+jGPMGr7tlGWYccq9XfJRWT2m50OcUflrFXdtJneAdhUkAFZC5E5tAksw8csVa96CLJ/c=

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 216 KB
74 KB 80ms
41ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NSTVGF3

Requested by

Host: bishopfox.com
URL: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3fc42b0b60d3cd83379888941542f8acd6e8dda70afe3fba349257f36c965053

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 02:49:41 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 74781
x-xss-protection: 0
last-modified: Thu, 15 Sep 2022 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 15 Sep 2022 02:49:41 GMT

GET
H2 200 UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
bishopfox.com/fonts.gstatic.com/s/inter/v12/ 37 KB
38 KB 52ms
51ms Font
font/woff2 2606:4700:20::ac43:532a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bishopfox.com/fonts.gstatic.com/s/inter/v12/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
Requested by: Host: bishopfox.com
URL: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:532a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 450f3ba4e47ee174bd9692b396f264b907d37d2528f53911760f3d0edb785f7e

Request headers

Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Origin: https://bishopfox.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 02:49:41 GMT
cf-cache-status: HIT
last-modified: Mon, 11 Jul 2022 20:54:46 GMT
server: cloudflare
age: 5502
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TMfIwWnLQJO4ZKV6mppX%2BPCRJam8r%2BPhMBSnIjYT%2Fekn9WgK7DtqFs1eyiBrlrWWOTnZeS1f2ATIl2lNsM3s7AdXeMK2ziqsaqrq0ZuhLgNOpkl%2BN7uUSnS4Vp%2BZ2OX7l%2BKBqtGQrkqmWmo%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-apo-via: proxy
accept-ranges: bytes
cf-ray: 74ae0cf14d9883a9-MXP
content-length: 37924
expires: Fri, 08 Sep 2023 23:44:29 GMT

GET
H2 200 --6PiuvBGAU Show response
www.youtube.com/embed/ Frame C587 65 KB
27 KB 127ms
80ms Document
text/html 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/--6PiuvBGAU

Requested by

Host: bishopfox.com
URL: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f136adb8ab2945d90f8b98e08e9bfa7456da06f41c8e9aba7b0e05f05a5b867a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
date: Thu, 15 Sep 2022 02:49:41 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 bg-header-shape-R-fibers.png
bishopfox.com/static/assets/images/default/backgrounds/ 177 KB
177 KB 34ms
34ms Image
image/png 2606:4700:20::ac43:532a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bishopfox.com/static/assets/images/default/backgrounds/bg-header-shape-R-fibers.png

Requested by

Host: bishopfox.com
URL: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:532a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4d4b6a308f7020554dfd5c36f7a1ec40a7ff919487c17d885ec38e50530d8f1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 02:49:41 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5502
cf-polished: status=not_needed
content-length: 181151
x-xss-protection: 1; mode=block
last-modified: Wed, 14 Sep 2022 22:07:35 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "632250a7-2c39f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tNfP5kycqrZ8JEAcz88vFkvdDpNAla%2F6LQjbFr4Y0q3DQasCO2fwnG2%2F0d0R23%2BW0rODrvrmyJ%2BC%2BkozjvcXesEnagbvkrv4gCKpW4ZKib4Imcja%2BslKDqYPiUS2ymt6HscQ%2B%2FkRlYCXUaw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 74ae0cf17da983a9-MXP
cf-bgj: imgq:85,h2pri

GET
H/1.1 200
OK Bishop-Fox-eBook-Wolf-Sheep-ClothingF.jpg
s3.us-east-2.amazonaws.com/s3.bishopfox.com/prod-1437/Images/channels/resources/ 132 KB
132 KB 171ms
170ms Image
image/jpeg 52.219.177.209
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.us-east-2.amazonaws.com/s3.bishopfox.com/prod-1437/Images/channels/resources/Bishop-Fox-eBook-Wolf-Sheep-ClothingF.jpg
Requested by: Host: bishopfox.com
URL: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.219.177.209 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3.us-east-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: 2730239c276b9f55007e27e26a043753d63eed5a4446aee17af2bdf2a3096c1c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 15 Sep 2022 02:49:42 GMT
Last-Modified: Wed, 25 May 2022 05:28:33 GMT
Server: AmazonS3
x-amz-request-id: 1JR6J37MA9AZTX2E
ETag: "18aaeac8cb94366ea8bf9e7f405486d3"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 135182
x-amz-id-2: zxnRmpyL0men3fb/Ss0Ay3PfNCkiEBwsD+HUCaermWNhTvMVMZ5nf35jcZho+oZjGnqFq65nPW0=

GET
H2 200 forms2.min.js Show response
go.bishopfox.com/js/forms2/js/ 208 KB
69 KB 194ms
25ms Script
application/x-javascript 104.17.74.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.bishopfox.com/js/forms2/js/forms2.min.js

Requested by

Host: bishopfox.com
URL: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b3fb9332b030dc33a418be1bcd7282c9052c287fb923bd36295cb3d01db9a861

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 02:49:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Sat, 27 Aug 2022 04:30:51 GMT
server: cloudflare
age: 409
etag: "2d40e74-33e56-5e7317edc65b8"
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 74ae0cf30f3b9978-FRA
expires: Thu, 15 Sep 2022 06:49:41 GMT

GET
H2 200 digitalpi-capitalizeNames.js Show response
bishopfox.com/static/js/ 848 B
688 B 35ms
35ms Script
application/javascript 2606:4700:20::ac43:532a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bishopfox.com/static/js/digitalpi-capitalizeNames.js?id=7492045a5334c0add09f

Requested by

Host: bishopfox.com
URL: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:532a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

77b6a8e22b7c2cc34b937c6810561f50ce4d59bf6689814fc2710fe418aa284e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 02:49:41 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5502
x-xss-protection: 1; mode=block
last-modified: Wed, 23 Feb 2022 21:21:42 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"6216a566-350"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5l0%2FwtAvoTPbSOnohH0kQQzsHERkVwVbi409lrRNThdMqHr5ojYNsyeGwB9ZmElKHmeQ7gbXcMYd3VQmynkkEI1I5pLEUhMDtilJUc5DD8pbW2R1EHhrPbj%2Bhc5FFRUKC%2FTdTYix4n4V3nw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 74ae0cf20df483a9-MXP

GET
H2 200 digitalpi-briteverify.js Show response
bishopfox.com/static/js/ 4 KB
2 KB 34ms
34ms Script
application/javascript 2606:4700:20::ac43:532a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bishopfox.com/static/js/digitalpi-briteverify.js?id=00ff40653842d7b17d3a

Requested by

Host: bishopfox.com
URL: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:532a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f4cf14ddd0674fe6732b7fda6cc0223f2da9b22a5f51317c5731c5af5b44ec29

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 02:49:41 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5502
x-xss-protection: 1; mode=block
last-modified: Fri, 01 Jul 2022 17:40:27 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"62bf318b-f29"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lEv3WqPcBgGZDaCkERzJN98Q8%2B%2FJzgjRSQieMKzWUTjRc4mHrBVboC93HOhX7PFlUkkQGCRpiOgjpx6twg5axqRz4EjPchFhr%2B8CcOCNum1pCn35D58PwgxBBdEWl26fX%2BLKMBvp5FYqF7k%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 74ae0cf20df583a9-MXP

GET
H2 200 www-player.css
www.youtube.com/s/player/ec3f41f6/ Frame C587 355 KB
49 KB 16ms
15ms Stylesheet
text/css 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/ec3f41f6/www-player.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/--6PiuvBGAU

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9ecc94d599b99d64bc98482b647a573fde50858c7a6116bd85010cd678c22ff2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/--6PiuvBGAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 14 Sep 2022 14:57:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42757
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49363
x-xss-protection: 0
last-modified: Wed, 14 Sep 2022 00:17:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 14 Sep 2023 14:57:04 GMT

GET
H2 200 www-embed-player.js Show response
www.youtube.com/s/player/ec3f41f6/www-embed-player.vflset/ Frame C587 310 KB
96 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/ec3f41f6/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/--6PiuvBGAU

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

93c05f3bffc223d4c3755eacb59b612f50d11909d8fedca200247a61e32e8e5b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/--6PiuvBGAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 14 Sep 2022 14:56:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42795
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 98143
x-xss-protection: 0
last-modified: Wed, 14 Sep 2022 00:17:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 14 Sep 2023 14:56:26 GMT

GET
H2 200 base.js Show response
www.youtube.com/s/player/ec3f41f6/player_ias.vflset/de_DE/ Frame C587 2 MB
576 KB 34ms
33ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/ec3f41f6/player_ias.vflset/de_DE/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/--6PiuvBGAU

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

abb2fb41734e566378b3a8b8701be00aee959634d1cfc83332d6de556a853a54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/--6PiuvBGAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 14 Sep 2022 14:56:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42809
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 589803
x-xss-protection: 0
last-modified: Wed, 14 Sep 2022 00:17:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 14 Sep 2023 14:56:12 GMT

GET
H2 200 fetch-polyfill.js Show response
www.youtube.com/s/player/ec3f41f6/fetch-polyfill.vflset/ Frame C587 9 KB
3 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/ec3f41f6/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/--6PiuvBGAU

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

498b3f2a0357fbd50a80eb18b23ab4b461b791d640e5560b799f08ed960748a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/--6PiuvBGAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 14 Sep 2022 14:56:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42795
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2786
x-xss-protection: 0
last-modified: Wed, 14 Sep 2022 00:17:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 14 Sep 2023 14:56:26 GMT

GET
H2 200 optimize.js Show response
www.googleoptimize.com/ 105 KB
41 KB 83ms
28ms Script
application/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleoptimize.com/optimize.js?id=OPT-TPVLMLB

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NSTVGF3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

728b3893eeda381a60edd4d161a6e226dae48a21531169cf72465d0ce80636a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 02:49:41 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41645
x-xss-protection: 0
last-modified: Thu, 15 Sep 2022 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 15 Sep 2022 02:49:41 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 55ms
15ms Script
text/javascript 2001:4860:4802:38::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NSTVGF3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 6461
date: Thu, 15 Sep 2022 01:02:00 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 15 Sep 2022 03:02:00 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 8 KB
3 KB 113ms
27ms Script
application/x-javascript 2a02:26f0:11a::6867:4868
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NSTVGF3
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:11a::6867:4868 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: b57839788686bf37d29f47bbe45ad8258085e3aebf54650ab389c0b515b977e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 02:49:41 GMT
content-encoding: gzip
last-modified: Fri, 12 Aug 2022 20:23:36 GMT
x-cdn: AKAM
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=33972
accept-ranges: bytes
content-length: 3063

GET
H2 200 f3f28b6e-d72e-4019-b593-e66b82625b0c.js Show response
storage.googleapis.com/code.snapengage.com/js/ 481 KB
123 KB 190ms
137ms Script
text/javascript 2a00:1450:4001:812::2010
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.googleapis.com/code.snapengage.com/js/f3f28b6e-d72e-4019-b593-e66b82625b0c.js
Requested by: Host: bishopfox.com
URL: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:812::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 93093dcf2a05be09ded37bd7cf1250488ac328d3ddf5be6299e50305128861aa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 02:49:41 GMT
content-encoding: gzip
age: 0
x-guploader-uploadid: ADPycdu7mE1Jf1wavLa1rEhrY4EN7HnGeaiXcXrpDZ6XyVRvpH4It6R-qwN039ZyKGu6dLDzhLalTICVky6qffWiW8TzrkuqrVdp
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 124889
last-modified: Wed, 07 Sep 2022 14:25:05 GMT
server: UploadServer
etag: "f464eaaa850cb111b3966f5c7dcba1fe"
x-goog-hash: crc32c=DWGshg==, md5=9GTqqoUMsRGzlm9cfcuh/g==
x-goog-generation: 1662560705670849
cache-control: public, max-age=120, no-transform
x-goog-stored-content-length: 124889
accept-ranges: bytes
content-type: text/javascript; charset=utf-8
expires: Thu, 15 Sep 2022 02:51:41 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 105ms
26ms Script
application/x-javascript 92.123.8.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: bishopfox.com
URL: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.123.8.217 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-123-8-217.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 91a50850c517899e1c975079158949f7a500ddf5a7307fe36bf50092926beedc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 15 Sep 2022 02:49:41 GMT
Content-Encoding: gzip
Last-Modified: Fri, 09 Sep 2022 01:18:39 GMT
Server: AkamaiNetStorage
ETag: "92b41a298690c047b0c4602dd843cba4:1662686319.691662"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 728

GET
H2 200 6si.min.js Show response
j.6sc.co/ 30 KB
10 KB 105ms
22ms Script
application/javascript 96.16.137.162
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: bishopfox.com
URL: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

96.16.137.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a96-16-137-162.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

b71f76186117ab510aca8eb8208815da837acdd4b29e171c9897993175c28878

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Sep 2022 02:49:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 22 Aug 2022 22:26:40 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "630402a0-786e"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 9594
expires: Thu, 15 Sep 2022 02:49:41 GMT

GET
H2 200 simpledto-1.0.4.js Show response
go.bishopfox.com/rs/136-UTJ-516/images/ 2 KB
1 KB 187ms
187ms Script
application/x-javascript 104.17.74.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.bishopfox.com/rs/136-UTJ-516/images/simpledto-1.0.4.js

Requested by

Host: bishopfox.com
URL: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ea4dbd2c85145cacf92362ae72dc6d56be63d1a68f0d492f55699959874940

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 02:49:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: EXPIRED
last-modified: Sat, 27 Aug 2022 02:17:31 GMT
server: cloudflare
etag: "1120436-8b5-5e72fa2091d49"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=60
accept-ranges: bytes
cf-ray: 74ae0cf30f3e9978-FRA
content-length: 1092
expires: Thu, 15 Sep 2022 02:50:41 GMT

GET
H2 200 E-v1.js Show response
fast.wistia.net/assets/external/ 624 KB
114 KB 111ms
26ms Script
application/javascript 2a04:4e42::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.net/assets/external/E-v1.js

Requested by

Host: bishopfox.com
URL: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42::622 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6dd14af019830626bf4052398d957f3d9066c2167a4300e0932fb83a2a0a5bed

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 02:49:41 GMT
content-encoding: br
vary: Accept-Encoding
age: 3542
x-cache: HIT, HIT
content-length: 116056
x-served-by: cache-iad-kjyo7100093-IAD, cache-mxp6922-MXP
access-control-allow-origin: *
x-browser-version: 105
last-modified: Mon, 12 Sep 2022 15:35:17 GMT
x-timer: S1663210182.702826,VS0,VE0
etag: "631f51b5-1c558"
strict-transport-security: max-age=0
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=3600
x-browser: chrome
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 2, 9

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 222 KB
75 KB 34ms
33ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-DYCTLWMS7T&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NSTVGF3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

77b60c89633ccc04e9384a68132e833fb12f6bee7742e71d837f909d8f56cf29

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 02:49:41 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 76455
x-xss-protection: 0
expires: Thu, 15 Sep 2022 02:49:41 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame C587 15 KB
16 KB 56ms
15ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/--6PiuvBGAU

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 11:18:05 GMT
x-content-type-options: nosniff
age: 142296
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 13 Sep 2023 11:18:05 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
345 B 76ms
22ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-DYCTLWMS7T&gtm=2oe9e0&_p=1392146971&_gaz=1&cid=1668797329.1663210182&ul=en-us&sr=1600x1200&_z=ccd.v9B&_s=1&sid=1663210181&sct=1&seg=0&dl=https%3A%2F%2Fbishopfox.com%2Fblog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&dt=CVE-2019-18935%3A%20Remote%20Code%20Execution%20via%20Insecure%E2%80%A6%20%7C%20Bishop%20Fox&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-DYCTLWMS7T&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Sep 2022 02:49:41 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://bishopfox.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
345 B 97ms
28ms Ping
text/plain 2a00:1450:400c:c06::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-DYCTLWMS7T&cid=1668797329.1663210182&gtm=2oe9e0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-DYCTLWMS7T&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c06::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Sep 2022 02:49:41 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://bishopfox.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 67ms
29ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-DYCTLWMS7T&cid=1668797329.1663210182&gtm=2oe9e0&aip=1&z=1290748410

Requested by

Host: bishopfox.com
URL: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Sep 2022 02:49:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

id Show response
googleads.g.doubleclick.net/pagead/ Frame C587
Redirect Chain

https://googleads.g.doubleclick.net/pagead/id
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

100 B
146 B

58ms
25ms

XHR
application/json

2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/--6PiuvBGAU

Protocol

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

72275571b1e2b1d801a31e7ef9518de049ef13a50d8ca8add004ae98fd66638e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 02:49:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 120
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 15 Sep 2022 02:49:41 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame C587 29 B
588 B 69ms
15ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/ec3f41f6/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 02:34:42 GMT
x-content-type-options: nosniff
age: 899
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29
x-xss-protection: 0
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 15 Sep 2022 02:49:42 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 54ms
22ms XHR
text/plain 2001:4860:4802:38::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&aip=1&a=1392146971&t=pageview&_s=1&dl=https%3A%2F%2Fbishopfox.com%2Fblog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&ul=en-us&de=UTF-8&dt=CVE-2019-18935%3A%20Remote%20Code%20Execution%20via%20Insecure%E2%80%A6%20%7C%20Bishop%20Fox&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aADAAEABQAAAAC~&jid=2085793662&gjid=1847667516&cid=1668797329.1663210182&tid=UA-41346121-1&_gid=34627020.1663210182&_r=1&gtm=2wg9e0NSTVGF3&cd1=2022-09-15T02%3A49%3A41.497%2B00%3A00&cd2=1668797329.1663210182&z=1558531888

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 15 Sep 2022 02:49:41 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://bishopfox.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 75ms
22ms Preflight
text/html 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/html
date: Thu, 15 Sep 2022 02:49:41 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 Create Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame C587 65 KB
30 KB 62ms
30ms XHR
application/json+protobuf 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/ec3f41f6/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d706f210bc18fa6da515a4257731a2893634ef3dca66c545eaa5ad79a5264c41

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Thu, 15 Sep 2022 02:49:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 30963
x-xss-protection: 0

GET
H3 200 remote.js Show response
www.youtube.com/s/player/ec3f41f6/player_ias.vflset/de_DE/ Frame C587 120 KB
37 KB 16ms
16ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/ec3f41f6/player_ias.vflset/de_DE/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/ec3f41f6/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

414ae6b2d7c6e4842580a11d37c325f82f8ebec24313450abc04cdaaac0fdef5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/--6PiuvBGAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 14 Sep 2022 14:56:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42808
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37807
x-xss-protection: 0
last-modified: Wed, 14 Sep 2022 00:17:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 14 Sep 2023 14:56:13 GMT

GET
H2 200 9e5Q9JddguzAeYJyBJt7GsINCHbvQKKYaWDK5a7IWAA.js Show response
www.google.com/js/th/ Frame C587 36 KB
14 KB 55ms
17ms Script
text/javascript 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/9e5Q9JddguzAeYJyBJt7GsINCHbvQKKYaWDK5a7IWAA.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/ec3f41f6/player_ias.vflset/de_DE/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5ee50f4975d82ecc0798272049b7b1ac20d0876ef40a2986960cae5aec85800

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 14 Sep 2022 18:25:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30277
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14185
x-xss-protection: 0
last-modified: Mon, 29 Aug 2022 11:00:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Sep 2023 18:25:04 GMT

GET
H3 200 embed.js Show response
www.youtube.com/s/player/ec3f41f6/player_ias.vflset/de_DE/ Frame C587 28 KB
8 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/ec3f41f6/player_ias.vflset/de_DE/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/ec3f41f6/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6623b204c448facd01e9300c87a70161b61bf44b2d2d7ff68987a9bf494f015c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/--6PiuvBGAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 14 Sep 2022 14:57:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42756
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8416
x-xss-protection: 0
last-modified: Wed, 14 Sep 2022 00:17:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 14 Sep 2023 14:57:05 GMT

GET
DATA 200
OK truncated
/ 212 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5ca272b5c51f5790821b50ebfb5f2868f20230a839431baf92f45bfff38861ea

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame C587 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 AMLnZu_EQPAoaaHI44jxCxCyUIIeKqVKmqo6dibMtaMw=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ytc/ Frame C587 6 KB
6 KB 87ms
31ms Image
image/jpeg 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/ytc/AMLnZu_EQPAoaaHI44jxCxCyUIIeKqVKmqo6dibMtaMw=s68-c-k-c0x00ffffff-no-rj

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/--6PiuvBGAU

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

9c1162a622bc982328d9c7d2768c7c90116b2002fc8d5823ff4f06bf309f18c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 02:49:41 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5921
x-xss-protection: 0
server: fife
etag: "v9"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 11 Sep 2022 12:29:31 GMT

GET
H2 200 sddefault.webp
i.ytimg.com/vi_webp/--6PiuvBGAU/ Frame C587 9 KB
9 KB 83ms
28ms Image
image/webp 2a00:1450:4001:82f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi_webp/--6PiuvBGAU/sddefault.webp

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/--6PiuvBGAU

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1943f3b04a44d0c87b27581e293ae88f0550384fdedb54719cd3959251b39cac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 02:49:41 GMT
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8740
x-xss-protection: 0
server: sffe
etag: "0"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/webp
cache-control: public, max-age=7200
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 15 Sep 2022 04:49:41 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/162/ 11 KB
5 KB 30ms
29ms Script
application/x-javascript 92.123.8.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/162/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.123.8.217 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-123-8-217.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5d4972183041556a4368526fbac13acafc83de9ff3ca29ce81f31eb29c8f8a57

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 15 Sep 2022 02:49:41 GMT
Content-Encoding: gzip
Last-Modified: Fri, 01 Jul 2022 00:59:12 GMT
Server: AkamaiNetStorage
ETag: "75daf56f6191efe42577301908659c29:1656637152.894482"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 4677
Expires: Sat, 24 Dec 2022 02:49:41 GMT

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2404668&time=1663210181778&url=https%3A%2F%2Fbishopfox.com%2Fblog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2404668%26time%3D1663210181778%26url%3Dhttps%253A%252F%252Fbishopfox.com%252Fblog...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2404668&time=1663210181778&url=https%3A%2F%2Fbishopfox.com%2Fblog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2404668&time=1663210181778&url=https%3A%2F%2Fbishopfox.com%2Fblog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&liSync=true&e_ipv6=AQJyCdm...

0
481 B

204ms
162ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2404668&time=1663210181778&url=https%3A%2F%2Fbishopfox.com%2Fblog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&liSync=true&e_ipv6=AQJyCdmn3_nWwgAAAYM_DVcezdWoS2i25D166QfczCbdYEXeKi19f1Ffy9qfzsXJw7CPbOM
Requested by: Host: bishopfox.com
URL: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 02:49:42 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 4B43ED7923CE4C2FAC91788012E89600 Ref B: FRAEDGE1311 Ref C: 2022-09-15T02:49:42Z
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
content-type: application/javascript
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
x-li-uuid: AAXorkwfZ1rCWSBvXoR/jA==
x-li-fabric: prod-ltx1

Redirect headers

date: Thu, 15 Sep 2022 02:49:42 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 8DA666D5BBD846A7867012FB231671B0 Ref B: FRAEDGE1418 Ref C: 2022-09-15T02:49:42Z
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2404668&time=1663210181778&url=https%3A%2F%2Fbishopfox.com%2Fblog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&liSync=true&e_ipv6=AQJyCdmn3_nWwgAAAYM_DVcezdWoS2i25D166QfczCbdYEXeKi19f1Ffy9qfzsXJw7CPbOM
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
x-li-uuid: AAXorkwcM4nHj/zErhC0Hw==

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
25 B 86ms
28ms XHR
text/plain 2a00:1450:400c:c06::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-41346121-1&cid=1668797329.1663210182&jid=2085793662&gjid=1847667516&_gid=34627020.1663210182&_u=aADAAEAAQAAAAC~&z=1999932106

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c06::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 15 Sep 2022 02:49:41 GMT
content-type: text/plain
access-control-allow-origin: https://bishopfox.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 getForm Show response
go.bishopfox.com/index.php/form/ 16 KB
4 KB 65ms
64ms Script
application/javascript 104.17.74.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.bishopfox.com/index.php/form/getForm?munchkinId=136-UTJ-516&form=1049&url=https%3A%2F%2Fbishopfox.com%2Fblog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&callback=jQuery1124044236914821499673_1663210181754&_=1663210181755
Requested by: Host: go.bishopfox.com
URL: https://go.bishopfox.com/js/forms2/js/forms2.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 10fc5adc9cc4fdc47a2ea3ff61a5f268309a8a03be0aebfdc741950e0f4c5059

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 02:49:41 GMT
content-encoding: gzip
vary: Accept-Encoding
server: cloudflare
cf-ray: 74ae0cf4b8569978-FRA
cached: true
content-type: application/javascript; charset=utf-8

GET
H2 200 bg-bf-logo@2x.png
bishopfox.com/static/assets/images/backgrounds/ 14 KB
15 KB 33ms
33ms Image
image/png 2606:4700:20::ac43:532a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bishopfox.com/static/assets/images/backgrounds/bg-bf-logo@2x.png

Requested by

Host: bishopfox.com
URL: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:532a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5ec6f5a71a8fd9ffeaca919d9122324ded0d517837216256e312a7d47e46076e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 02:49:41 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5501
cf-polished: origSize=69012
content-length: 14788
x-xss-protection: 1; mode=block
last-modified: Wed, 14 Sep 2022 22:07:35 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "632250a7-10d94"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7Tv2gxmz2fdShwQhhFtXi35XOAybqWbeChollR5aJSIzgPwcYBRjB2xgwjgvvkLipsBXwr4KyuZaQEOr9BqxQveEqlJHLiKks6nmwPAQnMHf0hLZok8Qj58V3AOm50QW%2Fsfs%2FyoNvYq7Yhk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 74ae0cf4cf8083a9-MXP
cf-bgj: imgq:85,h2pri

GET
H/1.1 200
OK getuidj Show response
secure.adnxs.com/ 11 B
701 B 82ms
22ms XHR
application/json 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 15 Sep 2022 02:49:42 GMT
X-Proxy-Origin: 146.70.117.102; 146.70.117.102; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: c7e39d17-60fb-4174-902c-b1dff74ccd8e
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://bishopfox.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 11
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
200 B 30ms
22ms XHR
text/html 96.16.137.162
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 96.16.137.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a96-16-137-162.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 02:49:42 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://bishopfox.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 62ms
28ms Image
image/gif 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-41346121-1&cid=1668797329.1663210182&jid=2085793662&_u=aADAAEAAQAAAAC~&z=2143220684

Requested by

Host: bishopfox.com
URL: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Sep 2022 02:49:42 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 61ms
27ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-41346121-1&cid=1668797329.1663210182&jid=2085793662&_u=aADAAEAAQAAAAC~&z=2143220684

Requested by

Host: bishopfox.com
URL: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Sep 2022 02:49:42 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dtp-1.0.4.html Show response
go.bishopfox.com/ Frame F442 2 KB
999 B 368ms
368ms Document
text/html 104.17.74.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.bishopfox.com/dtp-1.0.4.html

Requested by

Host: go.bishopfox.com
URL: https://go.bishopfox.com/rs/136-UTJ-516/images/simpledto-1.0.4.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1a3d43e5d83b4956e9fb87e21b9851fb4f87bca59e71e8d8644a3a154ef16b83

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: stale-while-revalidate=60, max-age=300, public
cf-cache-status: DYNAMIC
cf-ray: 74ae0cf659999978-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 15 Sep 2022 02:49:42 GMT
p3p: CP="CAO CURa ADMa DEVa TAIa OUR IND UNI COM NAV INT"
server: cloudflare
vary: *,Accept-Encoding
x-asset-type: LP
x-content-type-options: nosniff

GET
H3 200 --6PiuvBGAU Show response
www.youtube.com/embed/ Frame C587 65 KB
26 KB 85ms
84ms Document
text/html 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/--6PiuvBGAU?enablejsapi=1&origin=https%3A%2F%2Fbishopfox.com

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NSTVGF3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e280f0e87665f16702471eea835380787acf7d3347f5e8fb51f03f3dcb098b9a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
date: Thu, 15 Sep 2022 02:49:42 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame C587 28 B
54 B 31ms
30ms XHR
application/json 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/ec3f41f6/www-embed-player.vflset/www-embed-player.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
X-Goog-Request-Time: 1663210182127
Content-Type: application/json
X-YouTube-Utc-Offset: 0
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/--6PiuvBGAU
X-YouTube-Client-Version: 1.20220913.01.00
X-YouTube-Time-Zone: Etc/Unknown
X-Goog-Visitor-Id: Cgt5dFAzMmtncEg4WSjFpYqZBg%3D%3D
X-YouTube-Ad-Signals: dt=1663210181550&flash=0&frm=2&u_tz&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C560%2C315&vis=1&wgl=true&ca_type=image

Response headers

date: Thu, 15 Sep 2022 02:49:42 GMT
content-encoding: br
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31
x-xss-protection: 0
expires: Thu, 15 Sep 2022 02:49:42 GMT

GET
H3 200 iframe_api Show response
www.youtube.com/ 992 B
516 B 39ms
39ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NSTVGF3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2cf1b941ebf3e2864887b0c7090b23dc91e85e62501c73f0d39d3afebeeaa8fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 02:49:42 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
server: ESF
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
content-type: text/javascript; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=0
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
expires: Thu, 15 Sep 2022 02:49:42 GMT

GET
H3 200 1632347706836.png
storage.googleapis.com/code.snapengage.com/cd/4828764552101888/ 4 KB
4 KB 49ms
17ms Image
image/png 2a00:1450:4001:812::2010
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://storage.googleapis.com/code.snapengage.com/cd/4828764552101888/1632347706836.png
Requested by: Host: bishopfox.com
URL: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 058f6a953b55bae14a0440a4191b38f91a391724ea022353a4c1d9afcffaf3c2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 01:57:45 GMT
age: 3117
x-guploader-uploadid: ADPycdtkhqkmBv3nRuOIwnvgx_ymQy2JHQRrmqRTEXHC7v1ChZEh6OgswAS-FPUduXQjuAtuex7So1on6VGErnWKs6nPjQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4188
last-modified: Wed, 22 Sep 2021 21:55:07 GMT
server: UploadServer
etag: "66ca79fecd19b0ba4e822f81178ffa42"
x-goog-hash: crc32c=Wc43QQ==, md5=Zsp5/s0ZsLpOgi+BF4/6Qg==
x-goog-generation: 1632347706994198
cache-control: public, max-age=31536000, no-transform
x-goog-stored-content-length: 4188
accept-ranges: bytes
content-type: image/png
expires: Fri, 15 Sep 2023 01:57:45 GMT

GET
H3 200 1632347706836.png
storage.googleapis.com/code.snapengage.com/cd/4828764552101888/ Frame 16DB 4 KB
4 KB 48ms
16ms Image
image/png 2a00:1450:4001:812::2010
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://storage.googleapis.com/code.snapengage.com/cd/4828764552101888/1632347706836.png
Requested by: Host: bishopfox.com
URL: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 058f6a953b55bae14a0440a4191b38f91a391724ea022353a4c1d9afcffaf3c2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 01:57:45 GMT
age: 3117
x-guploader-uploadid: ADPycdtkhqkmBv3nRuOIwnvgx_ymQy2JHQRrmqRTEXHC7v1ChZEh6OgswAS-FPUduXQjuAtuex7So1on6VGErnWKs6nPjQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4188
last-modified: Wed, 22 Sep 2021 21:55:07 GMT
server: UploadServer
etag: "66ca79fecd19b0ba4e822f81178ffa42"
x-goog-hash: crc32c=Wc43QQ==, md5=Zsp5/s0ZsLpOgi+BF4/6Qg==
x-goog-generation: 1632347706994198
cache-control: public, max-age=31536000, no-transform
x-goog-stored-content-length: 4188
accept-ranges: bytes
content-type: image/png
expires: Fri, 15 Sep 2023 01:57:45 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
492 B 225ms
199ms Image
image/gif 96.16.137.162
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=46da313aa8ef51ce5d666ee13565a60d&svisitor=null&visitor=b8dc8732-e143-4a8d-88ed-b6c46027b309&session=1d3c85cb-db23-4a87-8813-fd793b7916c5&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Thu%2C%2015%20Sep%202022%2002%3A49%3A42%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Telerik%20UI%20for%20ASP.NET%20AJAX%20insecurely%20deserializes%20JSON%20objects%20resulting%20in%20arbitrary%20RCE.%20Learn%20how%20to%20patch%20and%20securely%20configure%20this%20software.%22%2C%22keywords%22%3A%22Bishop%20Fox%2Cbishopfox%22%2C%22title%22%3A%22CVE-2019-18935%3A%20Remote%20Code%20Execution%20via%20Insecure%E2%80%A6%20%7C%20Bishop%20Fox%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fbishopfox.com%2Fblog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&pageViewId=c4c2f05f-6a5d-468e-88ae-eb0545ce9373&an_uid=0

Requested by

Host: bishopfox.com
URL: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

96.16.137.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a96-16-137-162.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 02:49:42 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 ServiceGetConfig Show response
www.snapengage.com/chatjs/ 159 B
348 B 270ms
159ms Script
text/javascript 2a00:1450:400e:811::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.snapengage.com/chatjs/ServiceGetConfig?w=f3f28b6e-d72e-4019-b593-e66b82625b0c

Requested by

Host: storage.googleapis.com
URL: https://storage.googleapis.com/code.snapengage.com/js/f3f28b6e-d72e-4019-b593-e66b82625b0c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:811::2013 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

47eb859ff311128018b9863f90260b0bfbd573d3b31dd53af967f5a0cce49cbb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: Public
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
server: Google Frontend
date: Thu, 15 Sep 2022 02:49:42 GMT
vary: Accept-Encoding, User-Agent
content-type: text/javascript; charset=utf-8
x-cloud-trace-context: 6badbf6f065b5a0a3198440ec6575717
cache-control: public, max-age=30
content-length: 126

POST atr
www.youtube.com/api/stats/ Frame C587 0
0

POST log_event
www.youtube.com/youtubei/v1/ Frame C587 0
0

POST
H/1.1 200
OK visitWebPage
136-utj-516.mktoresp.com/webevents/ 2 B
318 B 869ms
163ms Ping
text/plain 192.28.147.68
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://136-utj-516.mktoresp.com/webevents/visitWebPage?_mchNc=1663210182337&_mchCn=&_mchId=136-UTJ-516&_mchTk=_mch-bishopfox.com-1663210182336-29934&_mchHo=bishopfox.com&_mchPo=&_mchRu=%2Fblog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&_mchPc=https%3A&_mchVr=162&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/162/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.28.147.68 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Thu, 15 Sep 2022 02:49:43 GMT
Content-Encoding: gzip
Server: nginx/1.20.1
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: 458d48e5-c812-40ba-a790-0c27e179ac47

GET
H3 200 www-player.css
www.youtube.com/s/player/ec3f41f6/ Frame C587 355 KB
48 KB 18ms
16ms Stylesheet
text/css 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/ec3f41f6/www-player.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/--6PiuvBGAU?enablejsapi=1&origin=https%3A%2F%2Fbishopfox.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9ecc94d599b99d64bc98482b647a573fde50858c7a6116bd85010cd678c22ff2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/--6PiuvBGAU?enablejsapi=1&origin=https%3A%2F%2Fbishopfox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 14 Sep 2022 14:57:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42758
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49363
x-xss-protection: 0
last-modified: Wed, 14 Sep 2022 00:17:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 14 Sep 2023 14:57:04 GMT

GET
H3 200 www-embed-player.js Show response
www.youtube.com/s/player/ec3f41f6/www-embed-player.vflset/ Frame C587 310 KB
96 KB 27ms
21ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/ec3f41f6/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/--6PiuvBGAU?enablejsapi=1&origin=https%3A%2F%2Fbishopfox.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

93c05f3bffc223d4c3755eacb59b612f50d11909d8fedca200247a61e32e8e5b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/--6PiuvBGAU?enablejsapi=1&origin=https%3A%2F%2Fbishopfox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 14 Sep 2022 14:56:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42796
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 98143
x-xss-protection: 0
last-modified: Wed, 14 Sep 2022 00:17:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 14 Sep 2023 14:56:26 GMT

GET
H3 200 base.js Show response
www.youtube.com/s/player/ec3f41f6/player_ias.vflset/de_DE/ Frame C587 2 MB
576 KB 30ms
24ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/ec3f41f6/player_ias.vflset/de_DE/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/--6PiuvBGAU?enablejsapi=1&origin=https%3A%2F%2Fbishopfox.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

abb2fb41734e566378b3a8b8701be00aee959634d1cfc83332d6de556a853a54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/--6PiuvBGAU?enablejsapi=1&origin=https%3A%2F%2Fbishopfox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 14 Sep 2022 14:56:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42810
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 589803
x-xss-protection: 0
last-modified: Wed, 14 Sep 2022 00:17:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 14 Sep 2023 14:56:12 GMT

GET
H3 200 fetch-polyfill.js Show response
www.youtube.com/s/player/ec3f41f6/fetch-polyfill.vflset/ Frame C587 9 KB
3 KB 32ms
27ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/ec3f41f6/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/--6PiuvBGAU?enablejsapi=1&origin=https%3A%2F%2Fbishopfox.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

498b3f2a0357fbd50a80eb18b23ab4b461b791d640e5560b799f08ed960748a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/--6PiuvBGAU?enablejsapi=1&origin=https%3A%2F%2Fbishopfox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 14 Sep 2022 14:56:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42796
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2786
x-xss-protection: 0
last-modified: Wed, 14 Sep 2022 00:17:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 14 Sep 2023 14:56:26 GMT

GET
H2 200 forms2.css
go.bishopfox.com/js/forms2/css/ 13 KB
3 KB 33ms
26ms Stylesheet
text/css 104.17.74.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.bishopfox.com/js/forms2/css/forms2.css

Requested by

Host: go.bishopfox.com
URL: https://go.bishopfox.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 02:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Tue, 16 Aug 2022 18:54:37 GMT
server: cloudflare
age: 4507
etag: "2d404fb-3437-5e66047a81540"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 74ae0cf7cab89978-FRA
content-length: 2623
expires: Thu, 15 Sep 2022 06:49:42 GMT

GET
H2 200 forms2-theme-plain.css
go.bishopfox.com/js/forms2/css/ 828 B
343 B 191ms
185ms Stylesheet
text/css 104.17.74.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.bishopfox.com/js/forms2/css/forms2-theme-plain.css

Requested by

Host: go.bishopfox.com
URL: https://go.bishopfox.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

57cd46adbabd6c40823602b4513aecbe89320a769572255272abe9f008de69fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 02:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Tue, 16 Aug 2022 18:54:37 GMT
server: cloudflare
etag: "2d404fc-33c-5e66047a81540"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 74ae0cf7caba9978-FRA
content-length: 246
expires: Thu, 15 Sep 2022 06:49:42 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame C587 15 KB
15 KB 61ms
18ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/--6PiuvBGAU?enablejsapi=1&origin=https%3A%2F%2Fbishopfox.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Tue, 13 Sep 2022 11:18:05 GMT
x-content-type-options: nosniff
age: 142297
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 13 Sep 2023 11:18:05 GMT

GET
H3 200 www-widgetapi.js Show response
www.youtube.com/s/player/ec3f41f6/www-widgetapi.vflset/ 162 KB
52 KB 47ms
45ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/ec3f41f6/www-widgetapi.vflset/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8a8d702d54e4e73cc85067bc00ed312f09891cef4da7f76f04c75ca2a3879fe9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 01:06:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6209
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53676
x-xss-protection: 0
last-modified: Wed, 14 Sep 2022 00:17:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 15 Sep 2023 01:06:13 GMT

GET
H3

200

id Show response
googleads.g.doubleclick.net/pagead/ Frame C587
Redirect Chain

https://googleads.g.doubleclick.net/pagead/id
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

100 B
146 B

24ms
24ms

XHR
application/json

2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/--6PiuvBGAU?enablejsapi=1&origin=https%3A%2F%2Fbishopfox.com

Protocol

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9b3e5c656213bdbf7fe82e941dafb8ece319e051d9d6e0e341868781466b1abc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 02:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 120
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 15 Sep 2022 02:49:42 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame C587 29 B
54 B 48ms
16ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/ec3f41f6/www-embed-player.vflset/www-embed-player.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 02:49:42 GMT
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29
x-xss-protection: 0
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 15 Sep 2022 03:04:42 GMT

GET
H2 200 simpledto-1.0.4.js Show response
go.bishopfox.com/rs/136-UTJ-516/images/ Frame F442 2 KB
1 KB 27ms
27ms Script
application/x-javascript 104.17.74.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.bishopfox.com/rs/136-UTJ-516/images/simpledto-1.0.4.js

Requested by

Host: go.bishopfox.com
URL: https://go.bishopfox.com/dtp-1.0.4.html

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ea4dbd2c85145cacf92362ae72dc6d56be63d1a68f0d492f55699959874940

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.bishopfox.com/dtp-1.0.4.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 02:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Sat, 27 Aug 2022 02:17:31 GMT
server: cloudflare
age: 1
etag: "1120436-8b5-5e72fa2091d49"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=60
accept-ranges: bytes
cf-ray: 74ae0cf8db5b9978-FRA
content-length: 1092
expires: Thu, 15 Sep 2022 02:50:42 GMT

GET
H2 200 stripmkttok.js Show response
go.bishopfox.com/js/ Frame F442 2 KB
791 B 27ms
27ms Script
application/x-javascript 104.17.74.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.bishopfox.com/js/stripmkttok.js

Requested by

Host: go.bishopfox.com
URL: https://go.bishopfox.com/dtp-1.0.4.html

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7545b96ed2740220c349ae9deb614faf1f0f211d4cf710788e0790f74cc9715

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.bishopfox.com/dtp-1.0.4.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 02:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Tue, 16 Aug 2022 18:54:38 GMT
server: cloudflare
age: 4841
etag: "2d40ddc-602-5e66047b75780"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 74ae0cf8db5c9978-FRA
content-length: 678
expires: Thu, 15 Sep 2022 06:49:42 GMT

OPTIONS
H3 200 Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 22ms
22ms Preflight
text/html 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/html
date: Thu, 15 Sep 2022 02:49:42 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 Create Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame C587 65 KB
30 KB 38ms
37ms XHR
application/json+protobuf 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/ec3f41f6/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

bca5a4bcdb155c7babd69a83f35ca26907efa6f6f1fb64d19d545303225e55c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Thu, 15 Sep 2022 02:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 30909
x-xss-protection: 0

GET
H3 200 remote.js Show response
www.youtube.com/s/player/ec3f41f6/player_ias.vflset/de_DE/ Frame C587 120 KB
37 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/ec3f41f6/player_ias.vflset/de_DE/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/ec3f41f6/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

414ae6b2d7c6e4842580a11d37c325f82f8ebec24313450abc04cdaaac0fdef5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/--6PiuvBGAU?enablejsapi=1&origin=https%3A%2F%2Fbishopfox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 14 Sep 2022 14:56:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42809
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37807
x-xss-protection: 0
last-modified: Wed, 14 Sep 2022 00:17:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 14 Sep 2023 14:56:13 GMT

GET
H3 200 9e5Q9JddguzAeYJyBJt7GsINCHbvQKKYaWDK5a7IWAA.js Show response
www.google.com/js/th/ Frame C587 36 KB
14 KB 16ms
16ms Script
text/javascript 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/9e5Q9JddguzAeYJyBJt7GsINCHbvQKKYaWDK5a7IWAA.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/ec3f41f6/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5ee50f4975d82ecc0798272049b7b1ac20d0876ef40a2986960cae5aec85800

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 14 Sep 2022 18:25:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30278
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14185
x-xss-protection: 0
last-modified: Mon, 29 Aug 2022 11:00:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Sep 2023 18:25:04 GMT

GET
H3 200 embed.js Show response
www.youtube.com/s/player/ec3f41f6/player_ias.vflset/de_DE/ Frame C587 28 KB
8 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/ec3f41f6/player_ias.vflset/de_DE/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/ec3f41f6/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6623b204c448facd01e9300c87a70161b61bf44b2d2d7ff68987a9bf494f015c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/--6PiuvBGAU?enablejsapi=1&origin=https%3A%2F%2Fbishopfox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 14 Sep 2022 14:57:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42757
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8416
x-xss-protection: 0
last-modified: Wed, 14 Sep 2022 00:17:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 14 Sep 2023 14:57:05 GMT

GET
DATA 200
OK truncated
/ Frame C587 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 AMLnZu_EQPAoaaHI44jxCxCyUIIeKqVKmqo6dibMtaMw=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ytc/ Frame C587 6 KB
6 KB 48ms
16ms Image
image/jpeg 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/ytc/AMLnZu_EQPAoaaHI44jxCxCyUIIeKqVKmqo6dibMtaMw=s68-c-k-c0x00ffffff-no-rj

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/--6PiuvBGAU?enablejsapi=1&origin=https%3A%2F%2Fbishopfox.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

9c1162a622bc982328d9c7d2768c7c90116b2002fc8d5823ff4f06bf309f18c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 02:49:41 GMT
x-content-type-options: nosniff
age: 1
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5921
x-xss-protection: 0
server: fife
etag: "v9"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 11 Sep 2022 12:29:31 GMT

GET
H3 200 sddefault.webp
i.ytimg.com/vi_webp/--6PiuvBGAU/ Frame C587 9 KB
9 KB 46ms
15ms Image
image/webp 2a00:1450:4001:82f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi_webp/--6PiuvBGAU/sddefault.webp

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/--6PiuvBGAU?enablejsapi=1&origin=https%3A%2F%2Fbishopfox.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1943f3b04a44d0c87b27581e293ae88f0550384fdedb54719cd3959251b39cac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 02:49:41 GMT
x-content-type-options: nosniff
age: 1
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8740
x-xss-protection: 0
server: sffe
etag: "0"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/webp
cache-control: public, max-age=7200
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 15 Sep 2022 04:49:41 GMT

GET
H2 200 XDFrame Show response
go.bishopfox.com/index.php/form/ Frame FA6C 2 KB
716 B 184ms
184ms Document
text/html 104.17.74.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.bishopfox.com/index.php/form/XDFrame

Requested by

Host: go.bishopfox.com
URL: https://go.bishopfox.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c2c76750672f1668a3df60c8aff4a8276b3bd847914543ca5a32a7751e67aa76

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=3600
cf-cache-status: DYNAMIC
cf-ray: 74ae0cfa3c3e9978-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 15 Sep 2022 02:49:42 GMT
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 15ms
15ms Image
image/gif 2001:4860:4802:38::178
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&aip=1&a=1392146971&t=event&ni=1&_s=1&dl=https%3A%2F%2Fbishopfox.com%2Fblog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&ul=en-us&de=UTF-8&dt=CVE-2019-18935%3A%20Remote%20Code%20Execution%20via%20Insecure%E2%80%A6%20%7C%20Bishop%20Fox&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Forms&ea=Form%20View&el=Form%20ID%20-%201049&_u=aADAAEABQAAAAC~&jid=&gjid=&cid=1668797329.1663210182&tid=UA-41346121-1&_gid=34627020.1663210182&gtm=2wg9e0NSTVGF3&cd1=2022-09-15T02%3A49%3A42.750%2B00%3A00&cd2=1668797329.1663210182&z=1577698657

Requested by

Host: bishopfox.com
URL: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Sep 2022 15:13:46 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 41756
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame C587 4 KB
3 KB 68ms
23ms Script
text/javascript 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/ec3f41f6/player_ias.vflset/de_DE/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 02:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2007
x-xss-protection: 0
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview"
vary: Accept-Encoding
report-to: {"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 15 Sep 2022 02:49:42 GMT

GET
H3 204 generate_204
www.youtube.com/ Frame C587 0
10 B 16ms
16ms Image
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?W7cl7w
Requested by: Host: bishopfox.com
URL: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/--6PiuvBGAU?enablejsapi=1&origin=https%3A%2F%2Fbishopfox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 02:49:42 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 cast_sender.js Show response
www.gstatic.com/eureka/clank/105/ Frame C587 52 KB
15 KB 48ms
16ms Script
text/javascript 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/eureka/clank/105/cast_sender.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c12337c132fc5b05766adf8806c16a2950c0591708c0c45263bc1496979c1870

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 02:34:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 937
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15116
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 15:05:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview-release"
vary: Accept-Encoding
report-to: {"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type: text/javascript
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Fri, 16 Sep 2022 02:34:05 GMT

OPTIONS
H3 200 GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 23ms
22ms Preflight
text/html 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/html
date: Thu, 15 Sep 2022 02:49:42 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 GenerateIT Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame C587 90 B
134 B 26ms
26ms XHR
application/json+protobuf 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/ec3f41f6/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

cf1845c045df6bdab33c2e5954aec7cff4deee39fdb305387195219ca6654241

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Thu, 15 Sep 2022 02:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 110
x-xss-protection: 0

GET
H2 200 forms2.min.js Show response
go.bishopfox.com/js/forms2/js/ Frame FA6C 208 KB
69 KB 25ms
24ms Script
application/x-javascript 104.17.74.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.bishopfox.com/js/forms2/js/forms2.min.js

Requested by

Host: go.bishopfox.com
URL: https://go.bishopfox.com/index.php/form/XDFrame

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b3fb9332b030dc33a418be1bcd7282c9052c287fb923bd36295cb3d01db9a861

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.bishopfox.com/index.php/form/XDFrame
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 02:49:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Sat, 27 Aug 2022 04:30:51 GMT
server: cloudflare
age: 410
etag: "2d40e74-33e56-5e7317edc65b8"
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 74ae0cfb7d0d9978-FRA
expires: Thu, 15 Sep 2022 06:49:42 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 196ms
196ms Image
image/gif 96.16.137.162
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=46da313aa8ef51ce5d666ee13565a60d&svisitor=null&visitor=b8dc8732-e143-4a8d-88ed-b6c46027b309&session=1d3c85cb-db23-4a87-8813-fd793b7916c5&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2015%20Sep%202022%2002%3A49%3A43%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2015%20Sep%202022%2002%3A49%3A42%20GMT%22%2C%22timeSpent%22%3A%221004%22%2C%22totalTimeSpent%22%3A%221004%22%7D&isIframe=false&m=%7B%22description%22%3A%22Telerik%20UI%20for%20ASP.NET%20AJAX%20insecurely%20deserializes%20JSON%20objects%20resulting%20in%20arbitrary%20RCE.%20Learn%20how%20to%20patch%20and%20securely%20configure%20this%20software.%22%2C%22keywords%22%3A%22Bishop%20Fox%2Cbishopfox%22%2C%22title%22%3A%22CVE-2019-18935%3A%20Remote%20Code%20Execution%20via%20Insecure%E2%80%A6%20%7C%20Bishop%20Fox%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fbishopfox.com%2Fblog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&pageViewId=c4c2f05f-6a5d-468e-88ae-eb0545ce9373&an_uid=0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

96.16.137.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a96-16-137-162.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 02:49:43 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
492 B 196ms
195ms Image
image/gif 96.16.137.162
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=46da313aa8ef51ce5d666ee13565a60d&svisitor=null&visitor=b8dc8732-e143-4a8d-88ed-b6c46027b309&session=1d3c85cb-db23-4a87-8813-fd793b7916c5&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2015%20Sep%202022%2002%3A49%3A44%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2015%20Sep%202022%2002%3A49%3A43%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%222006%22%7D&isIframe=false&m=%7B%22description%22%3A%22Telerik%20UI%20for%20ASP.NET%20AJAX%20insecurely%20deserializes%20JSON%20objects%20resulting%20in%20arbitrary%20RCE.%20Learn%20how%20to%20patch%20and%20securely%20configure%20this%20software.%22%2C%22keywords%22%3A%22Bishop%20Fox%2Cbishopfox%22%2C%22title%22%3A%22CVE-2019-18935%3A%20Remote%20Code%20Execution%20via%20Insecure%E2%80%A6%20%7C%20Bishop%20Fox%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fbishopfox.com%2Fblog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&pageViewId=c4c2f05f-6a5d-468e-88ae-eb0545ce9373&an_uid=0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

96.16.137.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a96-16-137-162.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 02:49:44 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H3 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame C587 28 B
54 B 31ms
30ms XHR
application/json 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/ec3f41f6/www-embed-player.vflset/www-embed-player.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
X-Goog-Request-Time: 1663210184782
Content-Type: application/json
X-YouTube-Utc-Offset: 0
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/--6PiuvBGAU?enablejsapi=1&origin=https%3A%2F%2Fbishopfox.com
X-YouTube-Client-Version: 1.20220913.01.00
X-YouTube-Time-Zone: Etc/Unknown
X-Goog-Visitor-Id: Cgt5dFAzMmtncEg4WSjGpYqZBg%3D%3D
X-YouTube-Ad-Signals: dt=1663210182425&flash=0&frm=2&u_tz&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C560%2C315&vis=1&wgl=true&ca_type=image

Response headers

date: Thu, 15 Sep 2022 02:49:44 GMT
content-encoding: br
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31
x-xss-protection: 0
expires: Thu, 15 Sep 2022 02:49:44 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
492 B 199ms
199ms Image
image/gif 96.16.137.162
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=46da313aa8ef51ce5d666ee13565a60d&svisitor=null&visitor=b8dc8732-e143-4a8d-88ed-b6c46027b309&session=1d3c85cb-db23-4a87-8813-fd793b7916c5&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2015%20Sep%202022%2002%3A49%3A45%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2015%20Sep%202022%2002%3A49%3A44%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223007%22%7D&isIframe=false&m=%7B%22description%22%3A%22Telerik%20UI%20for%20ASP.NET%20AJAX%20insecurely%20deserializes%20JSON%20objects%20resulting%20in%20arbitrary%20RCE.%20Learn%20how%20to%20patch%20and%20securely%20configure%20this%20software.%22%2C%22keywords%22%3A%22Bishop%20Fox%2Cbishopfox%22%2C%22title%22%3A%22CVE-2019-18935%3A%20Remote%20Code%20Execution%20via%20Insecure%E2%80%A6%20%7C%20Bishop%20Fox%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fbishopfox.com%2Fblog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&pageViewId=c4c2f05f-6a5d-468e-88ae-eb0545ce9373&an_uid=0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

96.16.137.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a96-16-137-162.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 02:49:45 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
492 B 234ms
234ms Image
image/gif 96.16.137.162
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=46da313aa8ef51ce5d666ee13565a60d&svisitor=null&visitor=b8dc8732-e143-4a8d-88ed-b6c46027b309&session=1d3c85cb-db23-4a87-8813-fd793b7916c5&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2015%20Sep%202022%2002%3A49%3A46%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2015%20Sep%202022%2002%3A49%3A45%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224008%22%7D&isIframe=false&m=%7B%22description%22%3A%22Telerik%20UI%20for%20ASP.NET%20AJAX%20insecurely%20deserializes%20JSON%20objects%20resulting%20in%20arbitrary%20RCE.%20Learn%20how%20to%20patch%20and%20securely%20configure%20this%20software.%22%2C%22keywords%22%3A%22Bishop%20Fox%2Cbishopfox%22%2C%22title%22%3A%22CVE-2019-18935%3A%20Remote%20Code%20Execution%20via%20Insecure%E2%80%A6%20%7C%20Bishop%20Fox%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fbishopfox.com%2Fblog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&pageViewId=c4c2f05f-6a5d-468e-88ae-eb0545ce9373&an_uid=0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

96.16.137.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a96-16-137-162.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Thu, 15 Sep 2022 02:49:46 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET img.gif
b.6sc.co/v1/beacon/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.youtube.com
URL: https://www.youtube.com/api/stats/atr?ns=yt&el=embedded&cpn=VJEwwgjpSM_08huq&ver=2&cmt=0&fs=0&rt=0&euri=https%3A%2F%2Fbishopfox.com%2Fblog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&lact=656&cl=474115158&mos=0&volume=100&cbr=Chrome&cbrver=105.0.5195.102&c=WEB_EMBEDDED_PLAYER&cver=1.20220913.01.00&cplayer=UNIPLAYER&cos=Windows&cosver=10.0&cplatform=DESKTOP&epm=1&hl=de_DE&cr=DE&len=2634&fexp=23940248%2C23983296%2C24001373%2C24002022%2C24002025%2C24004644%2C24007246%2C24080738%2C24135310%2C24169501%2C24219381%2C24226335%2C24239354%2C24248385%2C24255163%2C24260441%2C24269952%2C24269957%2C24277989%2C24280303%2C39322399&muted=0&docid=--6PiuvBGAU

Domain: www.youtube.com
URL: https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Domain: b.6sc.co
URL: https://b.6sc.co/v1/beacon/img.gif?token=46da313aa8ef51ce5d666ee13565a60d&svisitor=null&visitor=b8dc8732-e143-4a8d-88ed-b6c46027b309&session=1d3c85cb-db23-4a87-8813-fd793b7916c5&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2015%20Sep%202022%2002%3A49%3A47%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2015%20Sep%202022%2002%3A49%3A46%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225009%22%7D&isIframe=false&m=%7B%22description%22%3A%22Telerik%20UI%20for%20ASP.NET%20AJAX%20insecurely%20deserializes%20JSON%20objects%20resulting%20in%20arbitrary%20RCE.%20Learn%20how%20to%20patch%20and%20securely%20configure%20this%20software.%22%2C%22keywords%22%3A%22Bishop%20Fox%2Cbishopfox%22%2C%22title%22%3A%22CVE-2019-18935%3A%20Remote%20Code%20Execution%20via%20Insecure%E2%80%A6%20%7C%20Bishop%20Fox%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fbishopfox.com%2Fblog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&pageViewId=c4c2f05f-6a5d-468e-88ae-eb0545ce9373&an_uid=0

Verdicts & Comments Add Verdict or Comment

83 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

26 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: I9G-F4su0wo
.youtube.com/	1970-01-20 10:19:22	Name: VISITOR_INFO1_LIVE Value: ytP32kgpH8Y
.bishopfox.com/	1970-01-20 15:36:10	Name: _ga Value: GA1.2.1668797329.1663210182
.bishopfox.com/	1970-01-20 06:01:36	Name: _gid Value: GA1.2.34627020.1663210182
.bishopfox.com/	1970-01-20 06:00:10	Name: _gat_UA-41346121-1 Value: 1
.go.bishopfox.com/	1970-01-20 06:00:11	Name: __cf_bm Value: zRegT.MXLEO7Btiaq7GD.6WUhUElclcFS9thTIgKqnA-1663210181-0-AYwxpmJ8lqPnymeJRV4FnEfwjBWHcTEMBkTaPlTYjefa7kgx2AsZxHJTYo7jQ29EkG9MvHH89RgX+tERj+FdoOk=
.bishopfox.com/	1970-01-20 10:19:22	Name: dpi_utmOrigVals Value: %7B%22Utm_Orig_Medium__c%22%3A%22none%22%2C%22Utm_Orig_Source__c%22%3A%22none%22%7D
.linkedin.com/	1970-01-20 06:43:22	Name: UserMatchHistory Value: AQJ86ryEdNrMMQAAAYM_DVUMMl8J1fje2nN8UKGkARmLFE2NLJxRPxbSxzgoz6JDRooBHslxSXuaJg
.linkedin.com/	1970-01-20 06:43:22	Name: AnalyticsSyncHistory Value: AQIglGaLkNTF3wAAAYM_DVUM0zvSmoCywuMiaqjCEhHTheytWuJTIOXX5HqxxNSWkZZfCCXnOudplWFw9DK_Zw
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 14:45:46	Name: bcookie Value: "v=2&e2cd0815-e72d-4079-84be-da4dee00776e"
.linkedin.com/	1970-01-20 06:01:36	Name: lidc Value: "b=TGST07:s=T:r=T:a=T:p=T:g=2433:u=1:x=1:i=1663210181:t=1663296581:v=2:sig=AQEtT8C6pMkt1iaJKdmWcPWPoTIIWOvg"
.bishopfox.com/	1970-01-20 06:00:17	Name: SnapABugRef Value: https%3A%2F%2Fbishopfox.com%2Fblog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui%20
.bishopfox.com/	1970-01-20 14:45:46	Name: SnapABugHistory Value: 1#
.bishopfox.com/	1970-01-20 14:45:46	Name: SnapABugUserAlias Value: %23
.bishopfox.com/	1969-12-31 23:59:59	Name: SnapABugVisit Value: 1#1663210182
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=de-de
.www.linkedin.com/	1970-01-20 14:45:46	Name: bscookie Value: "v=1&20220915024942710b68f8-db2a-4e14-8a2f-a182eb224430AQHE_pjl-WSZtRaQiw7HSUeL5qtzBVxm"
.linkedin.com/	1970-01-20 10:19:22	Name: li_gc Value: MTswOzE2NjMyMTAxODI7MjswMjFF51h2xXOz9nMI4eJVWyTBZjyTHOslcE2Tic4hb8SWEA==
bishopfox.com/	1970-01-20 06:10:14	Name: _an_uid Value: 0
bishopfox.com/	1970-01-20 15:36:10	Name: _gd_visitor Value: b8dc8732-e143-4a8d-88ed-b6c46027b309
bishopfox.com/	1970-01-20 06:00:24	Name: _gd_session Value: 1d3c85cb-db23-4a87-8813-fd793b7916c5
.bishopfox.com/	1970-01-20 15:36:10	Name: _mkto_trk Value: id:136-UTJ-516&token:_mch-bishopfox.com-1663210182336-29934
go.bishopfox.com/	1969-12-31 23:59:59	Name: BIGipServersj36web-nginx-app_https Value: !IIM3AwElQB9d8x/MZROflEEG2tCiknlgkiTsEi/xI0JHJIJskF3HcS52sLWF1vKoNm5bFA8CkS1R5dU=
.6sc.co/	1970-01-20 15:36:10	Name: 6suuid Value: cbd5ce17a73e0000c69222630a02000091d90302
.bishopfox.com/	1970-01-20 15:36:10	Name: _ga_DYCTLWMS7T Value: GS1.1.1663210181.1.0.1663210182.59.0.0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

136-utj-516.mktoresp.com
b.6sc.co
bishopfox.com
c.6sc.co
cdn.jsdelivr.net
cdnjs.cloudflare.com
fast.wistia.net
fonts.gstatic.com
go.bishopfox.com
googleads.g.doubleclick.net
i.ytimg.com
j.6sc.co
jnn-pa.googleapis.com
know.bishopfox.com
munchkin.marketo.net
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
s3.us-east-2.amazonaws.com
secure.adnxs.com
snap.licdn.com
static.doubleclick.net
stats.g.doubleclick.net
storage.googleapis.com
www.google-analytics.com
www.google.com
www.google.de
www.googleoptimize.com
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
www.snapengage.com
www.youtube.com
yt3.ggpht.com
b.6sc.co
www.youtube.com
104.17.74.206
13.107.42.14
185.89.210.122
192.28.147.68
2001:4860:4802:32::36
2001:4860:4802:38::178
2606:4700:20::ac43:532a
2606:4700::6811:180e
2620:1ec:21::14
2a00:1450:4001:803::2004
2a00:1450:4001:80e::2003
2a00:1450:4001:80e::200e
2a00:1450:4001:810::2003
2a00:1450:4001:810::2008
2a00:1450:4001:810::200a
2a00:1450:4001:812::2002
2a00:1450:4001:812::2010
2a00:1450:4001:829::2001
2a00:1450:4001:82b::200e
2a00:1450:4001:82f::2016
2a00:1450:4001:830::2006
2a00:1450:400c:c06::9b
2a00:1450:400e:811::2013
2a02:26f0:11a::6867:4868
2a04:4e42:400::485
2a04:4e42::622
52.219.177.209
92.123.8.217
96.16.137.162
058f6a953b55bae14a0440a4191b38f91a391724ea022353a4c1d9afcffaf3c2
05efdb775f0bf96921005ceb24157462c7474d2743ded06e04789b520678ca35
0e11df844ad4bbde8d0e1750a60ddd43fbb16d3d6193a5833b046f9a9501fcbf
10fc5adc9cc4fdc47a2ea3ff61a5f268309a8a03be0aebfdc741950e0f4c5059
1943f3b04a44d0c87b27581e293ae88f0550384fdedb54719cd3959251b39cac
1a3d43e5d83b4956e9fb87e21b9851fb4f87bca59e71e8d8644a3a154ef16b83
1b3522ad63d4455254028dda7d23b1d67956ef26f2596b8d2f01a12576ef273b
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
2730239c276b9f55007e27e26a043753d63eed5a4446aee17af2bdf2a3096c1c
2cf1b941ebf3e2864887b0c7090b23dc91e85e62501c73f0d39d3afebeeaa8fd
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
365f167a75f0de021be3c1a8a7cc99a3e21cc666f2889ccce438c3f013e0c10c
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3fc42b0b60d3cd83379888941542f8acd6e8dda70afe3fba349257f36c965053
414ae6b2d7c6e4842580a11d37c325f82f8ebec24313450abc04cdaaac0fdef5
450f3ba4e47ee174bd9692b396f264b907d37d2528f53911760f3d0edb785f7e
47eb859ff311128018b9863f90260b0bfbd573d3b31dd53af967f5a0cce49cbb
498b3f2a0357fbd50a80eb18b23ab4b461b791d640e5560b799f08ed960748a9
4d4b6a308f7020554dfd5c36f7a1ec40a7ff919487c17d885ec38e50530d8f1c
52f75ba6639f6de5ac66372002c168ebdfb49532335e6d5e25403a7d803ea706
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
57cd46adbabd6c40823602b4513aecbe89320a769572255272abe9f008de69fa
5ca272b5c51f5790821b50ebfb5f2868f20230a839431baf92f45bfff38861ea
5d4972183041556a4368526fbac13acafc83de9ff3ca29ce81f31eb29c8f8a57
5ec6f5a71a8fd9ffeaca919d9122324ded0d517837216256e312a7d47e46076e
6623b204c448facd01e9300c87a70161b61bf44b2d2d7ff68987a9bf494f015c
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2
6a969c79ac8d6e5d001e22d4d49d1f0544f99bfa2cf1b1c48e8923de89eb2d01
6dd14af019830626bf4052398d957f3d9066c2167a4300e0932fb83a2a0a5bed
72275571b1e2b1d801a31e7ef9518de049ef13a50d8ca8add004ae98fd66638e
728b3893eeda381a60edd4d161a6e226dae48a21531169cf72465d0ce80636a0
77b60c89633ccc04e9384a68132e833fb12f6bee7742e71d837f909d8f56cf29
77b6a8e22b7c2cc34b937c6810561f50ce4d59bf6689814fc2710fe418aa284e
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8a446896ed6dd5086841d19eefeb98551a65a848e961ac248050254d66e758fb
8a8d702d54e4e73cc85067bc00ed312f09891cef4da7f76f04c75ca2a3879fe9
91a50850c517899e1c975079158949f7a500ddf5a7307fe36bf50092926beedc
93093dcf2a05be09ded37bd7cf1250488ac328d3ddf5be6299e50305128861aa
93c05f3bffc223d4c3755eacb59b612f50d11909d8fedca200247a61e32e8e5b
9a40ca2af2fff49c941718d910ddbb14cfba33c61ecbbd030fb8b64338f6f83d
9b3e5c656213bdbf7fe82e941dafb8ece319e051d9d6e0e341868781466b1abc
9c1162a622bc982328d9c7d2768c7c90116b2002fc8d5823ff4f06bf309f18c1
9ecc94d599b99d64bc98482b647a573fde50858c7a6116bd85010cd678c22ff2
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a26c9e631307638ee80b6127043a351f5e1fa90a4fcd8948e27e083a3ecb72cd
a62395528bf1cec786343dc969b28c2f5a0046cc8e73652780a7408fbbd97a2e
abb2fb41734e566378b3a8b8701be00aee959634d1cfc83332d6de556a853a54
b0f9f58059171f47eca8dc77678f9fc3e823a32e00d69a84fb031bc13c2bcd23
b3fb9332b030dc33a418be1bcd7282c9052c287fb923bd36295cb3d01db9a861
b57839788686bf37d29f47bbe45ad8258085e3aebf54650ab389c0b515b977e1
b71f76186117ab510aca8eb8208815da837acdd4b29e171c9897993175c28878
bca5a4bcdb155c7babd69a83f35ca26907efa6f6f1fb64d19d545303225e55c6
bf3ab0c0532b83d60780ce8553648624abe53c991e59339a92ed797787458017
c12337c132fc5b05766adf8806c16a2950c0591708c0c45263bc1496979c1870
c2c76750672f1668a3df60c8aff4a8276b3bd847914543ca5a32a7751e67aa76
cf1845c045df6bdab33c2e5954aec7cff4deee39fdb305387195219ca6654241
d706f210bc18fa6da515a4257731a2893634ef3dca66c545eaa5ad79a5264c41
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e0ea4dbd2c85145cacf92362ae72dc6d56be63d1a68f0d492f55699959874940
e280f0e87665f16702471eea835380787acf7d3347f5e8fb51f03f3dcb098b9a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f136adb8ab2945d90f8b98e08e9bfa7456da06f41c8e9aba7b0e05f05a5b867a
f4cf14ddd0674fe6732b7fda6cc0223f2da9b22a5f51317c5731c5af5b44ec29
f5ee50f4975d82ecc0798272049b7b1ac20d0876ef40a2986960cae5aec85800
f7545b96ed2740220c349ae9deb614faf1f0f211d4cf710788e0790f74cc9715
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

bishopfox.com Open in urlscan Pro 2606:4700:20::ac43:532a Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

100 Requests

94 %HTTPS

76 %IPv6

23 Domains

34 Subdomains

29 IPs

6 Countries

3739 kBTransfer

10158 kBSize

26 Cookies

35 Outgoing links

Page URL History

Redirected requests

100 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

bishopfox.com Open in urlscan Pro
2606:4700:20::ac43:532a Public Scan

Screenshot
Live screenshot

Full Image

100
Requests

94 %
HTTPS

76 %
IPv6

23
Domains

34
Subdomains

29
IPs

6
Countries

3739 kB
Transfer

10158 kB
Size

26
Cookies

100 HTTP transactions
3 data transactions