blog.pentesterlab.com Open in urlscan Pro
52.0.16.118 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
Effective URL:
https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a
Submission: On April 05 via automatic, source hackernews (April 5th 2019, 3:14:25 am UTC)

Summary HTTP 85 Redirects Links 22 Behaviour Indicators

Summary

This website contacted 21 IPs in 3 countries across 13 domains to perform 85 HTTP transactions. The main IP is 52.0.16.118, located in Ashburn, United States and belongs to AMAZON-AES - Amazon.com, Inc., US. The main domain is blog.pentesterlab.com.
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on June 4th 2018. Valid for: a year.

This is the only time blog.pentesterlab.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 9	52.0.16.118 52.0.16.118	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1 6	2606:4700::68... 2606:4700::6810:7c7f	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
18	2606:4700::68... 2606:4700::6810:7991	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	2a00:1450:400... 2a00:1450:4001:81e::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
7	2606:4700::68... 2606:4700::6810:7691	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	104.16.90.50 104.16.90.50	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	13.35.254.37 13.35.254.37	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	34.200.62.66 34.200.62.66	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	13.35.253.62 13.35.253.62	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
5	2606:4700::68... 2606:4700::6810:797f	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2600:9000:200... 2600:9000:200d:3400:19:9934:6a80:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
10	34.192.104.91 34.192.104.91	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
4	192.30.253.118 192.30.253.118	36459 (GITHUB) (GITHUB - GitHub)
7	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST - MCI Communications Services)
4	2600:9000:200... 2600:9000:200d:1c00:11:f728:3040:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 3	104.244.42.72 104.244.42.72	13414 (TWITTER) (TWITTER - Twitter Inc.)
1	2606:2800:134... 2606:2800:134:fa2:1627:1fe:edb:1665	15133 (EDGECAST) (EDGECAST - MCI Communications Services)
4	185.199.108.154 185.199.108.154	54113 (FASTLY) (FASTLY - Fastly)
1	2606:2800:134... 2606:2800:134:1a0d:1429:742:782:b6	15133 (EDGECAST) (EDGECAST - MCI Communications Services)
1	52.0.240.180 52.0.240.180	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
85	21

9 52.0.16.118 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-0-16-118.compute-1.amazonaws.com

blog.pentesterlab.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6810:7c7f (United States) 1 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2606:4700::6810:7991 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

glyph.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-static-1.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-images-1.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81e::200e (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700::6810:7691 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdn-images-1.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
glyph.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.16.90.50 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

i.embed.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.35.254.37 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-35-254-37.fra6.r.cloudfront.net

d1z2jf7jlzjs58.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.200.62.66 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-200-62-66.compute-1.amazonaws.com

srv-2019-04-05-03.pixel.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.35.253.62 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-35-253-62.fra6.r.cloudfront.net

cdn.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6810:797f (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:200d:3400:19:9934:6a80:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

app.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 34.192.104.91 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-192-104-91.compute-1.amazonaws.com

collector-medium.lightstep.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 192.30.253.118 (San Francisco, United States)

ASN36459 (GITHUB - GitHub, Inc., US)
PTR: lb-192-30-253-118-iad.github.com

gist.github.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:200d:1c00:11:f728:3040:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

api2.branch.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.244.42.72 (San Francisco, United States) 1 redirects

ASN13414 (TWITTER - Twitter Inc., US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:134:fa2:1627:1fe:edb:1665 (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)

cdn.syndication.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.199.108.154 (None, )

ASN54113 (FASTLY - Fastly, US)

github.githubassets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:134:1a0d:1429:742:782:b6 (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)

pbs.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.0.240.180 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-0-240-180.compute-1.amazonaws.com

srv-2019-04-05-03.pixel.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
36	medium.com 1 redirects medium.com glyph.medium.com cdn-static-1.medium.com cdn-images-1.medium.com	910 KB
10	twitter.com 1 redirects platform.twitter.com syndication.twitter.com	110 KB
10	lightstep.com collector-medium.lightstep.com	2 KB
9	pentesterlab.com 1 redirects blog.pentesterlab.com	41 KB
5	branch.io cdn.branch.io api2.branch.io	23 KB
4	githubassets.com github.githubassets.com	19 KB
4	github.com gist.github.com	12 KB
2	twimg.com cdn.syndication.twimg.com pbs.twimg.com	5 KB
2	parsely.com srv-2019-04-05-03.pixel.parsely.com	765 B
2	embed.ly i.embed.ly	6 KB
2	google-analytics.com www.google-analytics.com	17 KB
1	app.link app.link	699 B
1	cloudfront.net d1z2jf7jlzjs58.cloudfront.net	16 KB
85	13

	Domain	Requested by
14	cdn-images-1.medium.com	blog.pentesterlab.com
11	medium.com	1 redirects cdn-static-1.medium.com blog.pentesterlab.com
10	collector-medium.lightstep.com	cdn-static-1.medium.com blog.pentesterlab.com
9	blog.pentesterlab.com	1 redirects blog.pentesterlab.com cdn-static-1.medium.com
7	platform.twitter.com	blog.pentesterlab.com platform.twitter.com
7	glyph.medium.com	blog.pentesterlab.com
4	github.githubassets.com	gist.github.com
4	api2.branch.io	cdn.branch.io
4	gist.github.com	blog.pentesterlab.com
4	cdn-static-1.medium.com	blog.pentesterlab.com cdn-static-1.medium.com
3	syndication.twitter.com	1 redirects blog.pentesterlab.com
2	srv-2019-04-05-03.pixel.parsely.com	d1z2jf7jlzjs58.cloudfront.net
2	i.embed.ly	blog.pentesterlab.com
2	www.google-analytics.com	blog.pentesterlab.com
1	pbs.twimg.com	blog.pentesterlab.com
1	cdn.syndication.twimg.com	platform.twitter.com
1	app.link	cdn.branch.io
1	cdn.branch.io	blog.pentesterlab.com
1	d1z2jf7jlzjs58.cloudfront.net	blog.pentesterlab.com
85	19

This site contains links to these domains. Also see Links.

Domain
medium.com
chybeta.github.io
github.com
www.elttam.com.au
twitter.com
pentesterlab.com
blog.bradfieldcs.com

Subject Issuer	Validity	Valid
blog.pentesterlab.com COMODO RSA Domain Validation Secure Server CA	`2018-06-04` - `2019-06-04`	a year	crt.sh
*.medium.com DigiCert SHA2 Secure Server CA	`2018-07-31` - `2020-09-09`	2 years	crt.sh
*.google-analytics.com Google Internet Authority G3	`2019-03-01` - `2019-05-24`	3 months	crt.sh
*.embed.ly COMODO RSA Domain Validation Secure Server CA	`2018-02-23` - `2021-02-22`	3 years	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2018-10-08` - `2019-10-09`	a year	crt.sh
*.pixel.parsely.com Amazon	`2019-02-27` - `2020-03-27`	a year	crt.sh
*.branch.io DigiCert SHA2 Secure Server CA	`2018-12-05` - `2020-12-08`	2 years	crt.sh
medium.com DigiCert SHA2 Extended Validation Server CA	`2017-06-01` - `2019-08-30`	2 years	crt.sh
appipv4.link Amazon	`2018-09-17` - `2019-10-17`	a year	crt.sh
*.lightstep.com Let's Encrypt Authority X3	`2019-02-21` - `2019-05-22`	3 months	crt.sh
*.github.com DigiCert SHA2 High Assurance Server CA	`2018-06-19` - `2019-07-10`	a year	crt.sh
*.twimg.com DigiCert SHA2 High Assurance Server CA	`2018-11-19` - `2019-11-27`	a year	crt.sh
syndication.twitter.com DigiCert SHA2 High Assurance Server CA	`2018-07-19` - `2019-08-28`	a year	crt.sh
*.githubassets.com DigiCert SHA2 High Assurance Server CA	`2018-10-29` - `2020-11-02`	2 years	crt.sh

This page contains 9 frames:

Primary Page: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a
Frame ID: 406B894D68CC75767FD6111F19D9703B
Requests: 65 HTTP requests in this frame

Frame: https://blog.pentesterlab.com/media/9a25d410b4fbe975b821cafb06cd742d?postId=10e93f9a1981
Frame ID: 6095373AF05D614F78BB50E00596D1E8
Requests: 8 HTTP requests in this frame

Frame: https://blog.pentesterlab.com/media/b175fd342fae0b626a61bfefa79aba6e?postId=10e93f9a1981
Frame ID: 166E82EAD7881D88A72F5C41F7BA5008
Requests: 3 HTTP requests in this frame

Frame: https://blog.pentesterlab.com/media/05cde2b27802e569376ce310ac47d9b9?postId=10e93f9a1981
Frame ID: E06B0BABDD95B46C489D4A36125F57C9
Requests: 3 HTTP requests in this frame

Frame: https://blog.pentesterlab.com/media/8038014d85e84c4eca3076c6145439a3?postId=10e93f9a1981
Frame ID: E1248D5BCA43960F361B34E7C1005439
Requests: 3 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2e9f365dae390394eb8d923cba8c5b11.html?origin=https%3A%2F%2Fblog.pentesterlab.com&settingsEndpoint=https%3A%2F%2Fsyndication.twitter.com%2Fsettings
Frame ID: C7AA0185EC20EDF1673CF3B4F9230191
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/css/tweet.0940efb0bc0eb82a2de893b3e7b414bf.light.ltr.css
Frame ID: CEA653E4E81409DB6C61F83C337159BF
Requests: 7 HTTP requests in this frame

Frame: https://platform.twitter.com/jot.html
Frame ID: 310F657CF319F2CFB17937A4EFC1E468
Requests: 1 HTTP requests in this frame

Frame: https://blog.pentesterlab.com/media/68e98d6cb8a874ec0eb1d35603b85122?postId=10e93f9a1981
Frame ID: CA28FCDDAD4D0464003FCC891D5A30C1
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981 HTTP 302
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fblog.pentesterlab.com%2Fcve-2019... HTTP 302
https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a Page URL

Detected technologies

Medium (Blogs) Expand

Overall confidence: 100%
Detected patterns

script /medium\.com/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
env /^gaGlobal$/i

Parse.ly (Analytics) Expand

Overall confidence: 100%
Detected patterns

env /^PARSELY$/i

Page Statistics

85
Requests

100 %
HTTPS

50 %
IPv6

13
Domains

19
Subdomains

21
IPs

3
Countries

1161 kB
Transfer

3405 kB
Size

12
Cookies

22 Outgoing links

These are links going to different origins than the main page.

URL: https://medium.com/policy/f03bf92035c9
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://medium.com/
Title: Homepage

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?redirect=https%3A%2F%2Fblog.pentesterlab.com%2Fcve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981&source=--------------------------nav_reg&operation=login
Title: Sign in

Search URL Search Domain Scan URL

URL: https://medium.com/@PentesterLab
Title: PentesterLab

Search URL Search Domain Scan URL

URL: https://chybeta.github.io/2019/03/16/Analysis-for%E3%80%90CVE-2019-5418%E3%80%91File-Content-Disclosure-on-Rails/
Title: https://chybeta.github.io/2019/03/16/Analysis-for%E3%80%90CVE-2019-5418%E3%80%91File-Content-Disclosure-on-Rails/

Search URL Search Domain Scan URL

URL: https://github.com/rails/rails/blob/v5.2.2/actionview/lib/action_view/template/resolver.rb#L246-L252
Title: the following code

Search URL Search Domain Scan URL

URL: https://www.elttam.com.au/blog/ruby-deserialization/
Title: RUBY 2.X UNIVERSAL RCE DESERIALIZATION GADGET CHAIN

Search URL Search Domain Scan URL

URL: https://twitter.com/bitcoinctf
Title: @bitcoinctf

Search URL Search Domain Scan URL

URL: https://medium.com/p/10e93f9a1981/share/twitter

Search URL Search Domain Scan URL

URL: https://medium.com/p/10e93f9a1981/share/facebook

Search URL Search Domain Scan URL

URL: https://pentesterlab.com/
Title: https://pentesterlab.com/

Search URL Search Domain Scan URL

URL: https://medium.com/@IreneuszSkrobis/graphql-with-ruby-on-rails-queries-in-multiple-files-3a7b818354a2?source=placement_card_footer_grid---------0-43

Search URL Search Domain Scan URL

URL: https://medium.com/@IreneuszSkrobis

Search URL Search Domain Scan URL

URL: https://medium.com/@IreneuszSkrobis?source=placement_card_footer_grid---------0-43
Title: Ireneusz Skrobiś

Search URL Search Domain Scan URL

URL: https://blog.bradfieldcs.com/you-are-not-google-84912cf44afb?source=placement_card_footer_grid---------1-14

Search URL Search Domain Scan URL

URL: https://blog.bradfieldcs.com/@ozanonay

Search URL Search Domain Scan URL

URL: https://blog.bradfieldcs.com/@ozanonay?source=placement_card_footer_grid---------1-14
Title: Ozan Onay

Search URL Search Domain Scan URL

URL: https://medium.com/@lennysan/what-seven-years-at-airbnb-taught-me-about-building-a-company-e1d035d49c56?source=placement_card_footer_grid---------2-14

Search URL Search Domain Scan URL

URL: https://medium.com/@lennysan

Search URL Search Domain Scan URL

URL: https://medium.com/@lennysan?source=placement_card_footer_grid---------2-14
Title: Lenny Rachitsky

Search URL Search Domain Scan URL

URL: https://medium.com/@Medium/personalize-your-medium-experience-with-users-publications-tags-26a41ab1ee0c#.hx4zuv3mg
Title: Learn more

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981 HTTP 302
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fblog.pentesterlab.com%2Fcve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981 HTTP 302
https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 70

https://syndication.twitter.com/i/jot HTTP 302
https://platform.twitter.com/jot.html

85 HTTP transactions
9 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981 Show response
blog.pentesterlab.com/
Redirect Chain

https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
https://medium.com/m/global-identity?redirectUrl=https%3A%2F%2Fblog.pentesterlab.com%2Fcve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a

128 KB
28 KB

346ms
346ms

Document
text/html

52.0.16.118
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.0.16.118 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-0-16-118.compute-1.amazonaws.com

Software

nginx / Medium

Resource Hash

3bfd84aa0c4cd3a21eafaf21b4cc58f55fd2893495bca8c8efcda081afd7cea3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src https://localhost https://.instapaper.com https://.stripe.com https://glyph.medium.com https://.paypal.com https://getpocket.com https://blog.pentesterlab.com https://.blog.pentesterlab.com https://.medium.com https://medium.com https://.medium.com https://.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://.lightstep.com https://.branch.io https://app.zencoder.com 'self'; font-src data: https://.amazonaws.com https://.medium.com https://glyph.medium.com https://medium.com https://.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: blog.pentesterlab.com
:scheme: https
:path: /cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 200
server: nginx
date: Fri, 05 Apr 2019 03:14:08 GMT
content-type: text/html; charset=utf-8
content-security-policy: default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://getpocket.com https://blog.pentesterlab.com https://*.blog.pentesterlab.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://*.lightstep.com https://*.branch.io https://app.zencoder.com 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge, Chrome=1
x-powered-by: Medium
x-obvious-tid: 1554434048071:30eea50b4da6
x-obvious-info: 37111-3d138b9,3d138b9a163
link: <https://medium.com/humans.txt>; rel="humans"
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Thu, 09 Sep 1999 09:09:09 GMT
pragma: no-cache
set-cookie: uid=lo_fEWmH1ILHMea; path=/; expires=Sat, 04 Apr 2020 03:14:08 GMT; secure; httponly sid=1:Jj1WX33o03+n9Wp4zee4f2uYtTB0UorEaIrchxz8IZxkPCBU/tw1Gn0cZHdhq3TC; path=/; expires=Sat, 04 Apr 2020 03:14:08 GMT; secure; httponly
tk: T
content-encoding: gzip

Redirect headers

status: 302
date: Fri, 05 Apr 2019 03:14:08 GMT
content-type: application/octet-stream
set-cookie: __cfduid=dd2be22ed0243fa58781d4b5522e149921554434047; expires=Sat, 04-Apr-20 03:14:07 GMT; path=/; domain=.medium.com; HttpOnly uid=lo_fEWmH1ILHMea; Expires=Sat, 04-Apr-20 03:14:07 GMT; Domain=.medium.com; Path=/; Secure; HttpOnly sid=1:rkZYYmnMcVJjblYP6zqrdUJ1TFNzLeDqNIcauWSqYY9PLYeP9N+QotA4TtI4fIS9; path=/; expires=Sat, 04 Apr 2020 03:14:07 GMT; domain=.medium.com; secure; httponly
content-security-policy: default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://getpocket.com https://medium.com https://*.medium.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://*.lightstep.com https://*.branch.io https://app.zencoder.com 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge, Chrome=1
x-powered-by: Medium
x-obvious-tid: 1554434047930:ad5c0bf83442
x-obvious-info: 37111-3d138b9,3d138b9a163
link: <https://medium.com/humans.txt>; rel="humans"
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Thu, 09 Sep 1999 09:09:09 GMT
pragma: no-cache
tk: T
location: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a
strict-transport-security: max-age=15552000; includeSubDomains; preload
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 4c28599f2b13973e-FRA

GET
H2 200 m2.css
glyph.medium.com/css/e/sr/latin/e/ssr/latin/e/ssb/latin/ 44 KB
29 KB 82ms
17ms Stylesheet
text/css 2606:4700::6810:7991
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/css/e/sr/latin/e/ssr/latin/e/ssb/latin/m2.css

Requested by

Host: blog.pentesterlab.com
URL: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

087a4c7aa118304c5ce85d5917d95a49b3c93204ef3500752dfde52595e4eac6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 05 Apr 2019 03:14:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=14400
access-control-allow-credentials: true
cf-ray: 4c2859a2c9f763bb-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Fri, 05 Apr 2019 07:14:08 GMT

GET
H2 200 main-branding-base.95h6LstxJX8UWgJm7QqR7A.css
cdn-static-1.medium.com/_/fp/css/ 510 KB
64 KB 92ms
35ms Stylesheet
text/css 2606:4700::6810:7991
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-static-1.medium.com/_/fp/css/main-branding-base.95h6LstxJX8UWgJm7QqR7A.css

Requested by

Host: blog.pentesterlab.com
URL: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

167576388f70eb4ef80f89d1e160925d13823bbf41cb1d86cc7b46a7a5ab5a33

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 05 Apr 2019 03:14:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-request-id: 5183E72173236A8E
status: 200
vary: Accept-Encoding
content-length: 65424
x-amz-id-2: v2b0Tlakc0Wdj+sKERGYMhwp6gjVgoDKMy9Sr1FLjFsvMFfBTxrcgfldTCJzuSjXBRorSwXFoB0=
last-modified: Thu, 28 Mar 2019 23:53:45 GMT
server: cloudflare
etag: "6e15272e3697391b13f96b99f3122bd9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 4c2859a2c9f563bb-FRA
expires: Sat, 04 Apr 2020 03:14:08 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 7ms
5ms Script
text/javascript 2a00:1450:4001:81e::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: blog.pentesterlab.com
URL: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81e::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 16 Jan 2019 20:01:45 GMT
server: Golfe2
age: 5232
date: Fri, 05 Apr 2019 01:46:56 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 17543
expires: Fri, 05 Apr 2019 03:46:56 GMT

GET
H2 200 1*8ubvluu0ERU-B3Cld1RSig.png
cdn-images-1.medium.com/fit/c/64/64/ 3 KB
3 KB 86ms
19ms Image
image/png 2606:4700::6810:7991
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-images-1.medium.com/fit/c/64/64/1*8ubvluu0ERU-B3Cld1RSig.png

Requested by

Host: blog.pentesterlab.com
URL: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

c3358df2d44c6c85b193fe40ca98ef289173fb103ce6dd78c93f3ff29263976c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 05 Apr 2019 03:14:08 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3192-d9ea9bb
status: 200
vary: Accept-Encoding
content-length: 2938
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 4c2859a2d9fa63bb-FRA
expires: Sun, 05 May 2019 03:14:08 GMT

GET
H2 200 1*jqSPRjhT5e5fFUIaVKed4w.png
cdn-images-1.medium.com/letterbox/314/72/50/50/ 10 KB
10 KB 154ms
154ms Image
image/png 2606:4700::6810:7991
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-images-1.medium.com/letterbox/314/72/50/50/1*jqSPRjhT5e5fFUIaVKed4w.png?source=logoAvatar-lo_fEWmH1ILHMea---ec251a4b4a78

Requested by

Host: blog.pentesterlab.com
URL: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

93d5f510af675f31ac3cdbf26614851907a4a4ae5b92707eeecd753842df429e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 05 Apr 2019 03:14:08 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3193-abeaa88
status: 200
vary: Accept-Encoding
content-length: 9841
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 4c2859a2da0063bb-FRA
expires: Sun, 05 May 2019 03:14:08 GMT

GET
H2 200 1*RK_ShnALKbtbd4YZAvi-uw@2x.png
cdn-images-1.medium.com/fit/c/100/100/ 6 KB
6 KB 15ms
15ms Image
image/png 2606:4700::6810:7991
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-images-1.medium.com/fit/c/100/100/1*RK_ShnALKbtbd4YZAvi-uw@2x.png

Requested by

Host: blog.pentesterlab.com
URL: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

a880e2c08f4e5b79b3ab15f311e915fc2d85d2b2f7c1c9cca778453c1c9b7f2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 05 Apr 2019 03:14:08 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3192-d9ea9bb
status: 200
vary: Accept-Encoding
content-length: 5713
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 4c2859a30a1163bb-FRA
expires: Sun, 05 May 2019 03:14:08 GMT

GET
H2 200 0*Plyh40oY-Xu_tYtK.jpg
cdn-images-1.medium.com/freeze/max/60/ 1 KB
2 KB 71ms
17ms Image
image/jpeg 2606:4700::6810:7691
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-images-1.medium.com/freeze/max/60/0*Plyh40oY-Xu_tYtK.jpg?q=20

Requested by

Host: blog.pentesterlab.com
URL: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7691 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

7520f97f445c827079f91c4510e73843ffc6eccd51fe98fab48291f31bdffc11

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a
Origin: https://blog.pentesterlab.com

Response headers

date: Fri, 05 Apr 2019 03:14:08 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3193-abeaa88
status: 200
vary: Accept-Encoding
content-length: 1265
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 4c2859a3aefdc2e7-FRA
expires: Sun, 05 May 2019 03:14:08 GMT

GET
H2 200 resize
i.embed.ly/1/display/ 2 KB
2 KB 77ms
13ms Image
image/png 104.16.90.50
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.embed.ly/1/display/resize?url=https%3A%2F%2Fpbs.twimg.com%2Fprofile_images%2F1110103138961223680%2FA1FJ5fJg_400x400.png&key=a19fcc184b9711e1b4764040d3dc5c07&width=40
Requested by: Host: blog.pentesterlab.com
URL: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.90.50 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ce1be151550c7e6b236d63547ab02d32a420c1ac1ee5958ad1a3d67a6462d28f

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a
Origin: https://blog.pentesterlab.com

Response headers

date: Fri, 05 Apr 2019 03:14:08 GMT
cf-cache-status: HIT
last-modified: Mon, 25 Mar 2019 08:54:27 GMT
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
access-control-expose-headers: content-range,content-length,accept-ranges
cache-control: public, max-age=43200
access-control-allow-credentials: *
cf-ray: 4c2859a3cd8527b0-FRA
access-control-allow-headers: range
expires: Fri, 05 Apr 2019 15:14:08 GMT

GET
H2 200 resize
i.embed.ly/1/display/ 3 KB
4 KB 76ms
13ms Image
image/png 104.16.90.50
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.embed.ly/1/display/resize?url=https%3A%2F%2Favatars2.githubusercontent.com%2Fu%2F45491%3Fs%3D400%26v%3D4&key=a19fcc184b9711e1b4764040d3dc5c07&width=40
Requested by: Host: blog.pentesterlab.com
URL: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.90.50 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 89102fb28c60ad7c5a7777c556c0e7038a31c94cc47fc676f84eb1b5ef47a9e2

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a
Origin: https://blog.pentesterlab.com

Response headers

date: Fri, 05 Apr 2019 03:14:08 GMT
cf-cache-status: HIT
last-modified: Sat, 10 Jan 2009 05:20:12 GMT
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
access-control-expose-headers: content-range,content-length,accept-ranges
cache-control: public, max-age=43200
access-control-allow-credentials: *
cf-ray: 4c2859a3cd8627b0-FRA
access-control-allow-headers: range
expires: Fri, 05 Apr 2019 15:14:08 GMT

GET
H2 200 1*RK_ShnALKbtbd4YZAvi-uw@2x.png
cdn-images-1.medium.com/fit/c/120/120/ 7 KB
8 KB 28ms
28ms Image
image/png 2606:4700::6810:7991
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-images-1.medium.com/fit/c/120/120/1*RK_ShnALKbtbd4YZAvi-uw@2x.png

Requested by

Host: blog.pentesterlab.com
URL: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

c4b2e5210daf1507afaa4740318f3e982ffa026a70ed0db5245c5ad256d1c3db

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 05 Apr 2019 03:14:08 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3192-d9ea9bb
status: 200
vary: Accept-Encoding
content-length: 7620
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 4c2859a36a2b63bb-FRA
expires: Sun, 05 May 2019 03:14:08 GMT

GET
H2 200 1*8ubvluu0ERU-B3Cld1RSig.png
cdn-images-1.medium.com/fit/c/120/120/ 6 KB
6 KB 30ms
30ms Image
image/png 2606:4700::6810:7991
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-images-1.medium.com/fit/c/120/120/1*8ubvluu0ERU-B3Cld1RSig.png

Requested by

Host: blog.pentesterlab.com
URL: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

811fd6e002182e100d3b21c1ab6153e775b79deeeed2bd40e2efbe0c897031a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 05 Apr 2019 03:14:08 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3192-d9ea9bb
status: 200
vary: Accept-Encoding
content-length: 6117
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 4c2859a36a2c63bb-FRA
expires: Sun, 05 May 2019 03:14:08 GMT

GET
H2 200 1*8ubvluu0ERU-B3Cld1RSig.png
cdn-images-1.medium.com/fit/c/80/80/ 4 KB
4 KB 29ms
29ms Image
image/png 2606:4700::6810:7991
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-images-1.medium.com/fit/c/80/80/1*8ubvluu0ERU-B3Cld1RSig.png

Requested by

Host: blog.pentesterlab.com
URL: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

e857d8bec05ef2b0d15bf4e61bc3987891b3e87bc4132ee2f5daaa970d156c29

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 05 Apr 2019 03:14:08 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3192-d9ea9bb
status: 200
vary: Accept-Encoding
content-length: 3607
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 4c2859a36a2e63bb-FRA
expires: Sun, 05 May 2019 03:14:08 GMT

GET
H2 200 main-base.bundle.ztL1AHa8u_uAOkVEwWp3MA.js Show response
cdn-static-1.medium.com/_/fp/gen-js/ 1 MB
338 KB 27ms
25ms Script
application/javascript 2606:4700::6810:7991
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-static-1.medium.com/_/fp/gen-js/main-base.bundle.ztL1AHa8u_uAOkVEwWp3MA.js

Requested by

Host: blog.pentesterlab.com
URL: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3c186a2617806a6a32f970b84c090b21ce16b861baf99027dcf63c9c96ba305

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 05 Apr 2019 03:14:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-request-id: F085FD1777C43CA4
status: 200
vary: Accept-Encoding
content-length: 345647
x-amz-id-2: 0XKZz0OhHUxDERxH0RMBS2GgeLSVmVA6dnNRbg6dsge0v2X7Z9GOE/CmqTnJmxaVPIB2UxwXUPc=
last-modified: Thu, 04 Apr 2019 20:55:03 GMT
server: cloudflare
etag: "f1c15a894bb6e617c576cdd287a62616"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 4c2859a36a2f63bb-FRA
expires: Sat, 04 Apr 2020 03:14:08 GMT

GET
H/1.1 200
OK p.js Show response
d1z2jf7jlzjs58.cloudfront.net/keys/medium.com/ 41 KB
16 KB 56ms
7ms Script
application/x-javascript 13.35.254.37
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://d1z2jf7jlzjs58.cloudfront.net/keys/medium.com/p.js
Requested by: Host: blog.pentesterlab.com
URL: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.254.37 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-35-254-37.fra6.r.cloudfront.net
Software: nginx /
Resource Hash: b5e98b4bc41f421981af91804a14836e78816f30d3ba7ce7acf61debd666b53e

Request headers

Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: public
Date: Thu, 04 Apr 2019 20:27:06 GMT
Content-Encoding: gzip
Last-Modified: Tue, 05 Feb 2019 20:16:50 GMT
Server: nginx
Age: 24473
ETag: "5c59ef32-a448"
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Content-Type: application/x-javascript
Via: 1.1 560d8d35213ac925f8d05c5730db1582.cloudfront.net (CloudFront)
Cache-Control: max-age=86400, public
Connection: keep-alive
X-Amz-Cf-Id: HLF3wKJAhVwiYp7nqLkjuTEI_K_kTOO5ZshpVNRUII0X8s_wiGVmKw==
Expires: Fri, 05 Apr 2019 20:26:11 GMT

GET
H2 200 stat
blog.pentesterlab.com/_/ 43 B
1 KB 167ms
165ms Image
image/gif 52.0.16.118
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.pentesterlab.com/_/stat?event=pixel.load&origin=https%3A%2F%2Fblog.pentesterlab.com

Requested by

Host: blog.pentesterlab.com
URL: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.0.16.118 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-0-16-118.compute-1.amazonaws.com

Software

nginx / Medium

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src https://localhost https://.instapaper.com https://.stripe.com https://glyph.medium.com https://.paypal.com https://getpocket.com https://blog.pentesterlab.com https://.blog.pentesterlab.com https://.medium.com https://medium.com https://.medium.com https://.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://.lightstep.com https://.branch.io https://app.zencoder.com 'self'; font-src data: https://.amazonaws.com https://.medium.com https://glyph.medium.com https://medium.com https://.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

:path: /_/stat?event=pixel.load&origin=https%3A%2F%2Fblog.pentesterlab.com
pragma: no-cache
cookie: uid=lo_fEWmH1ILHMea; sid=1:Jj1WX33o03+n9Wp4zee4f2uYtTB0UorEaIrchxz8IZxkPCBU/tw1Gn0cZHdhq3TC
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: blog.pentesterlab.com
referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a
:scheme: https
:method: GET
Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 05 Apr 2019 03:14:08 GMT
x-content-type-options: nosniff
x-powered-by: Medium
x-obvious-info: 37111-3d138b9,3d138b9a163
status: 200
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge, Chrome=1
pragma: no-cache
x-obvious-tid: 1554434048592:ecfa4c38ef83
server: nginx
tk: T
x-frame-options: sameorigin
content-type: image/gif
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-security-policy: default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://getpocket.com https://blog.pentesterlab.com https://*.blog.pentesterlab.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://*.lightstep.com https://*.branch.io https://app.zencoder.com 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
link: <https://medium.com/humans.txt>; rel="humans"
expires: Thu, 09 Sep 1999 09:09:09 GMT

GET
DATA 200
OK truncated
/ 9 KB
0 Font
font/opentype

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 99c5448d6c84fc71d6805e2485727db250113edcaea123a064f8c26ce95947d8

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Origin: https://blog.pentesterlab.com

Response headers

Content-Type: font/opentype

GET
H2 200 fell-400-normal.woff
glyph.medium.com/font/78ce731/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 14 KB
14 KB 145ms
105ms Font
application/font-woff 2606:4700::6810:7691
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/78ce731/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/fell-400-normal.woff

Requested by

Host: blog.pentesterlab.com
URL: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7691 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f57137897a4e676f0d2199b79def1a95b253a1a938dff9d8ba10519f3beb2b08

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://glyph.medium.com/css/e/sr/latin/e/ssr/latin/e/ssb/latin/m2.css
Origin: https://blog.pentesterlab.com

Response headers

date: Fri, 05 Apr 2019 03:14:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 4c2859a3df3ec2e7-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sat, 04 Apr 2020 03:14:08 GMT

GET
DATA 200
OK truncated
/ 10 KB
0 Font
font/opentype

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a3d669b687929b3aa777fdd2c400c2b8c6b794978536a64d7e1f71edcf8037e8

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Origin: https://blog.pentesterlab.com

Response headers

Content-Type: font/opentype

GET
DATA 200
OK truncated
/ 149 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a1a9f0f2844d80ca5a41f2d483d56d674eb333e570706b935cf46add6aa2f31d

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 charter-400-italic.woff
glyph.medium.com/font/81d2bf1/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 10 KB
11 KB 28ms
20ms Font
application/font-woff 2606:4700::6810:7691
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/81d2bf1/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/charter-400-italic.woff

Requested by

Host: blog.pentesterlab.com
URL: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7691 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f0b9a9e4ea994c106a4fc595828ca1332b2cd0435d5d159d26d1773344d97367

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://glyph.medium.com/css/e/sr/latin/e/ssr/latin/e/ssb/latin/m2.css
Origin: https://blog.pentesterlab.com

Response headers

date: Fri, 05 Apr 2019 03:14:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 4c2859a3aefac2e7-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sat, 04 Apr 2020 03:14:08 GMT

GET
H2 200 charter-700-normal.woff
glyph.medium.com/font/f50d520/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 10 KB
10 KB 20ms
19ms Font
application/font-woff 2606:4700::6810:7691
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/f50d520/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/charter-700-normal.woff

Requested by

Host: blog.pentesterlab.com
URL: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7691 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

41532aec4c3a3a0747ca853b064ef7a96483a95798a6526974ec043997e2ccf9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://glyph.medium.com/css/e/sr/latin/e/ssr/latin/e/ssb/latin/m2.css
Origin: https://blog.pentesterlab.com

Response headers

date: Fri, 05 Apr 2019 03:14:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 4c2859a3bf0ec2e7-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sat, 04 Apr 2020 03:14:08 GMT

GET
DATA 200
OK truncated
/ 10 KB
0 Font
font/opentype

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1ed6a034a5055a869c7c25765ee1f2844a27a54e83e8a857d77b3f1cd83dd3

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Origin: https://blog.pentesterlab.com

Response headers

Content-Type: font/opentype

GET
H2 200 fell-400-normal.woff
glyph.medium.com/font/78ce731/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 19 KB
19 KB 16ms
16ms Font
application/font-woff 2606:4700::6810:7691
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/78ce731/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/fell-400-normal.woff

Requested by

Host: blog.pentesterlab.com
URL: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7691 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

087316f29690e0a35f6642721fb9bf8d05bb9cbac3bbb30c822ba878ff7965d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://glyph.medium.com/css/e/sr/latin/e/ssr/latin/e/ssb/latin/m2.css
Origin: https://blog.pentesterlab.com

Response headers

date: Fri, 05 Apr 2019 03:14:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 4c2859a41f8fc2e7-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sat, 04 Apr 2020 03:14:08 GMT

GET
H2 200 marat-sans-400-normal.woff
glyph.medium.com/font/d8659c9/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 14 KB
14 KB 18ms
17ms Font
application/font-woff 2606:4700::6810:7691
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/d8659c9/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/marat-sans-400-normal.woff

Requested by

Host: blog.pentesterlab.com
URL: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7691 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

12fe85ec038af8c41ba830412520589dbd125d417913c10a57838ac92ab96192

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://glyph.medium.com/css/e/sr/latin/e/ssr/latin/e/ssb/latin/m2.css
Origin: https://blog.pentesterlab.com

Response headers

date: Fri, 05 Apr 2019 03:14:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 4c2859a44fc9c2e7-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sat, 04 Apr 2020 03:14:08 GMT

GET
H2 200 charter-400-normal.woff
glyph.medium.com/font/be78681/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 19 KB
19 KB 16ms
16ms Font
application/font-woff 2606:4700::6810:7691
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/be78681/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/charter-400-normal.woff

Requested by

Host: blog.pentesterlab.com
URL: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7691 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc72a2ca45067a3d17fed4cd8776fec5dca3b9ecd7300e107f9256a86a0c8b2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://glyph.medium.com/css/e/sr/latin/e/ssr/latin/e/ssb/latin/m2.css
Origin: https://blog.pentesterlab.com

Response headers

date: Fri, 05 Apr 2019 03:14:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 4c2859a48810c2e7-FRA
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Sat, 04 Apr 2020 03:14:08 GMT

GET
H2 200 collect
www.google-analytics.com/r/ 35 B
111 B 13ms
13ms Image
image/gif 2a00:1450:4001:81e::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j73&a=1336332172&t=pageview&_s=1&dl=https%3A%2F%2Fblog.pentesterlab.com%2Fcve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981%3Fgi%3D38a8c46e838a&ul=en-us&de=UTF-8&dt=CVE-2019%E2%80%935418%3A%20on%20WAF%20bypass%20and%20caching%20%E2%80%93%20PentesterLab&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAEAB~&jid=1963283606&gjid=1738595001&cid=1922186635.1554434049&tid=UA-24232453-2&_gid=2066359195.1554434049&_r=1&z=1283595020

Requested by

Host: blog.pentesterlab.com
URL: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81e::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 05 Apr 2019 03:14:08 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK / Show response
srv-2019-04-05-03.pixel.parsely.com/start/ 77 B
380 B 420ms
95ms Script
application/json 34.200.62.66
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://srv-2019-04-05-03.pixel.parsely.com/start/?rand=1554434048893&plid=31255532&idsite=medium.com&url=https%3A%2F%2Fblog.pentesterlab.com%2Fcve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981%3Fgi%3D38a8c46e838a&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%7D&sid=1&surl=https%3A%2F%2Fblog.pentesterlab.com%2Fcve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981%3Fgi%3D38a8c46e838a&sref=&sts=1554434048884&slts=0&title=CVE-2019%E2%80%935418%3A+on+WAF+bypass+and+caching+%E2%80%93+PentesterLab&date=Fri+Apr+05+2019+03%3A14%3A08+GMT%2B0000+(Coordinated+Universal+Time)&action=pageview&pvid=27640326&callback=parselyStartCallback
Requested by: Host: d1z2jf7jlzjs58.cloudfront.net
URL: https://d1z2jf7jlzjs58.cloudfront.net/keys/medium.com/p.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.200.62.66 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-200-62-66.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 2bd08111d5b830bf98452d50dd97a4edccb498cfceac6043a51e04a32e288f35

Request headers

Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 05 Apr 2019 03:14:09 GMT
Server: nginx
Connection: keep-alive
Content-Type: application/json
Content-Length: 77
P3P: CP="CUR ADM OUR NOR STA NID"

GET
H/1.1 200
OK branch-latest.min.js Show response
cdn.branch.io/ 70 KB
21 KB 48ms
7ms Script
text/javascript 13.35.253.62
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.branch.io/branch-latest.min.js
Requested by: Host: blog.pentesterlab.com
URL: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.35.253.62 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-35-253-62.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0a8ffdb922f0525a50cdc117bda012e2e5eb1f2281fe5189a0cb37499b1a446b

Request headers

Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id: B5UyDl4GX0TWbMj8h.f2a8s3ivBrePzX
Content-Encoding: gzip
Last-Modified: Wed, 30 Jan 2019 21:30:03 GMT
Server: AmazonS3
Age: 145
ETag: "14b6955c76f6dc3a7c6859e615f5124a"
X-Cache: Hit from cloudfront
Content-Type: text/javascript
Via: 1.1 c1fb60e38be5022a78e4b52bedded7c2.cloudfront.net (CloudFront)
Cache-Control: max-age=300
Date: Fri, 05 Apr 2019 03:11:48 GMT
Connection: keep-alive
Content-Length: 21327
X-Amz-Cf-Id: oxQsEZwTt4CW9r1KGU6FOYQwRhYB3ovhCSOyHkmzxOwhMLjoEIfBdw==

GET
H2 200 main-common-async.bundle.VN_akDtUk0fZb7LXh-Lm_w.js Show response
cdn-static-1.medium.com/_/fp/gen-js/ 645 KB
176 KB 22ms
18ms Script
application/javascript 2606:4700::6810:7991
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-static-1.medium.com/_/fp/gen-js/main-common-async.bundle.VN_akDtUk0fZb7LXh-Lm_w.js

Requested by

Host: cdn-static-1.medium.com
URL: https://cdn-static-1.medium.com/_/fp/gen-js/main-base.bundle.ztL1AHa8u_uAOkVEwWp3MA.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1d4af730fa3d0335e288b82f889681a32ece9e721e247560ee6587e786c3055a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 05 Apr 2019 03:14:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-request-id: 271BF1A37D0D4663
status: 200
vary: Accept-Encoding
content-length: 179680
x-amz-id-2: in3xABrHsrX/SNTpin6Hsb0ko0/yuAmgKKii3jZViuIVmdQ84GL+3XfGLvdSv+GfwnfSXfMxSqI=
last-modified: Thu, 04 Apr 2019 20:55:03 GMT
server: cloudflare
etag: "3adc56314f3405135efd8b827d7913a6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 4c2859a6bb2c63bb-FRA
expires: Sat, 04 Apr 2020 03:14:09 GMT

OPTIONS
H2 204 upvotes Show response
medium.com/p/10e93f9a1981/ 0
149 B 434ms
399ms XHR
text/plain 2606:4700::6810:797f
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://medium.com/p/10e93f9a1981/upvotes

Requested by

Host: cdn-static-1.medium.com
URL: https://cdn-static-1.medium.com/_/fp/gen-js/main-base.bundle.ztL1AHa8u_uAOkVEwWp3MA.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:797f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Medium

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src https://localhost https://.instapaper.com https://.stripe.com https://glyph.medium.com https://.paypal.com https://getpocket.com https://medium.com https://.medium.com https://.medium.com https://medium.com https://.medium.com https://.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://.lightstep.com https://.branch.io https://app.zencoder.com 'self'; font-src data: https://.amazonaws.com https://.medium.com https://glyph.medium.com https://medium.com https://.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Access-Control-Request-Method: GET
Origin: https://blog.pentesterlab.com
Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers: content-type,x-client-date,x-obvious-cid,x-opentracing,x-xsrf-token

Response headers

date: Fri, 05 Apr 2019 03:14:09 GMT
x-content-type-options: nosniff
x-powered-by: Medium
x-obvious-info: 37111-3d138b9,3d138b9a163
status: 204
access-control-max-age: 86400
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge, Chrome=1
access-control-allow-headers: Accept, Content-Type, Origin, User-Agent, DNT, Cache-Control, X-Xsrf-Token, X-Obvious-Cid, X-Client-Date, x-opentracing
x-obvious-tid: 1554434049610:4434bccbf7c4
server: cloudflare
x-frame-options: sameorigin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-methods: GET, POST, PUT, DELETE
access-control-allow-origin: https://blog.pentesterlab.com
cache-control: no-cache
access-control-allow-credentials: true
content-security-policy: default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://getpocket.com https://medium.com https://*.medium.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://*.lightstep.com https://*.branch.io https://app.zencoder.com 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
cf-ray: 4c2859a7fc1e634f-FRA
link: <https://medium.com/humans.txt>; rel="humans"

GET
H2 200 0*Plyh40oY-Xu_tYtK.jpg
cdn-images-1.medium.com/max/1600/ 21 KB
21 KB 16ms
15ms Image
image/jpeg 2606:4700::6810:7991
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-images-1.medium.com/max/1600/0*Plyh40oY-Xu_tYtK.jpg

Requested by

Host: blog.pentesterlab.com
URL: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

abea12af3c95d3b3e723687d4320dd7b35268ac3f9ac79e8cc876d37f38cd365

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 05 Apr 2019 03:14:09 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3193-abeaa88
status: 200
vary: Accept-Encoding
content-length: 21449
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 4c2859a80b9163bb-FRA
expires: Sun, 05 May 2019 03:14:09 GMT

GET
H/1.1 200
OK _r Show response
app.link/ 90 B
699 B 203ms
157ms Script
text/javascript 2600:9000:200d:3400:19:9934:6a80:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://app.link/_r?sdk=web2.49.0&branch_key=key_live_ofxXr2qTrrU9NqURK8ZwEhknBxiI6KBm&callback=branch_callback__0

Requested by

Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:9000:200d:3400:19:9934:6a80:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

Software

openresty/1.13.6.2 / Express

Resource Hash

410693bd6b595eaeac5ef6e9fc17228f953e9e1ebaf1f0aeb0557b8fabf7721d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 05 Apr 2019 03:14:09 GMT
Via: 1.1 aac86dd0bb06b97ef178f97d0c65ee5f.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
Server: openresty/1.13.6.2
X-Powered-By: Express
X-Cache: Miss from cloudfront
Content-Type: text/javascript; charset=utf-8
Connection: keep-alive
Content-Length: 90
ETag: W/"5a-OX4wLCxYiNaVXOYP8d4weEsGX3M"
X-Amz-Cf-Id: zqCWu74mswwIYrWbGWFpAd64WqG912dhv4s93pVSAPpiqBABOFc8tQ==

GET
H2 200 9a25d410b4fbe975b821cafb06cd742d Show response
blog.pentesterlab.com/media/ Frame 6095 2 KB
2 KB 172ms
171ms Document
text/html 52.0.16.118
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.pentesterlab.com/media/9a25d410b4fbe975b821cafb06cd742d?postId=10e93f9a1981

Requested by

Host: cdn-static-1.medium.com
URL: https://cdn-static-1.medium.com/_/fp/gen-js/main-base.bundle.ztL1AHa8u_uAOkVEwWp3MA.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.0.16.118 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-0-16-118.compute-1.amazonaws.com

Software

nginx / Medium

Resource Hash

b6a822fe09849fc8df6f382eb6632a1317b8aae8b3abccdeb3b3350f6321e9cc

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src https://localhost https://.instapaper.com https://.stripe.com https://glyph.medium.com https://.paypal.com https://getpocket.com https://blog.pentesterlab.com https://.blog.pentesterlab.com https://.medium.com https://medium.com https://.medium.com https://.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://.lightstep.com https://.branch.io https://app.zencoder.com 'self'; font-src data: https://.amazonaws.com https://.medium.com https://glyph.medium.com https://medium.com https://.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: blog.pentesterlab.com
:scheme: https
:path: /media/9a25d410b4fbe975b821cafb06cd742d?postId=10e93f9a1981
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
accept-encoding: gzip, deflate, br
cookie: uid=lo_fEWmH1ILHMea; sid=1:Jj1WX33o03+n9Wp4zee4f2uYtTB0UorEaIrchxz8IZxkPCBU/tw1Gn0cZHdhq3TC; _ga=GA1.2.1922186635.1554434049; _gid=GA1.2.2066359195.1554434049; _gat=1; _parsely_session={%22sid%22:1%2C%22surl%22:%22https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a%22%2C%22sref%22:%22%22%2C%22sts%22:1554434048884%2C%22slts%22:0}; lightstep_guid/medium-web=cb83bcfa138863a6; lightstep_session_id=e40d4a77208c39ad; sz=1585; pr=1; tz=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981

Response headers

status: 200
server: nginx
date: Fri, 05 Apr 2019 03:14:09 GMT
content-type: text/html; charset=utf-8
content-security-policy: default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://getpocket.com https://blog.pentesterlab.com https://*.blog.pentesterlab.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://*.lightstep.com https://*.branch.io https://app.zencoder.com 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge, Chrome=1
x-powered-by: Medium
x-obvious-tid: 1554434049372:cc87daca1a2a
x-obvious-info: 37111-3d138b9,3d138b9a163
link: <https://medium.com/humans.txt>; rel="humans"
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Thu, 09 Sep 1999 09:09:09 GMT
pragma: no-cache
tk: T
content-encoding: gzip

GET
H2 200 b175fd342fae0b626a61bfefa79aba6e Show response
blog.pentesterlab.com/media/ Frame 166E 2 KB
2 KB 161ms
160ms Document
text/html 52.0.16.118
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.pentesterlab.com/media/b175fd342fae0b626a61bfefa79aba6e?postId=10e93f9a1981

Requested by

Host: cdn-static-1.medium.com
URL: https://cdn-static-1.medium.com/_/fp/gen-js/main-base.bundle.ztL1AHa8u_uAOkVEwWp3MA.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.0.16.118 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-0-16-118.compute-1.amazonaws.com

Software

nginx / Medium

Resource Hash

326b6e860289a3b15c74ee30eff58541ba00bec5366898075b775dd0f71ef1e5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src https://localhost https://.instapaper.com https://.stripe.com https://glyph.medium.com https://.paypal.com https://getpocket.com https://blog.pentesterlab.com https://.blog.pentesterlab.com https://.medium.com https://medium.com https://.medium.com https://.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://.lightstep.com https://.branch.io https://app.zencoder.com 'self'; font-src data: https://.amazonaws.com https://.medium.com https://glyph.medium.com https://medium.com https://.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: blog.pentesterlab.com
:scheme: https
:path: /media/b175fd342fae0b626a61bfefa79aba6e?postId=10e93f9a1981
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
accept-encoding: gzip, deflate, br
cookie: uid=lo_fEWmH1ILHMea; sid=1:Jj1WX33o03+n9Wp4zee4f2uYtTB0UorEaIrchxz8IZxkPCBU/tw1Gn0cZHdhq3TC; _ga=GA1.2.1922186635.1554434049; _gid=GA1.2.2066359195.1554434049; _gat=1; _parsely_session={%22sid%22:1%2C%22surl%22:%22https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a%22%2C%22sref%22:%22%22%2C%22sts%22:1554434048884%2C%22slts%22:0}; lightstep_guid/medium-web=cb83bcfa138863a6; lightstep_session_id=e40d4a77208c39ad; sz=1585; pr=1; tz=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981

Response headers

status: 200
server: nginx
date: Fri, 05 Apr 2019 03:14:09 GMT
content-type: text/html; charset=utf-8
content-security-policy: default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://getpocket.com https://blog.pentesterlab.com https://*.blog.pentesterlab.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://*.lightstep.com https://*.branch.io https://app.zencoder.com 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge, Chrome=1
x-powered-by: Medium
x-obvious-tid: 1554434049368:28542fa5b30a
x-obvious-info: 37111-3d138b9,3d138b9a163
link: <https://medium.com/humans.txt>; rel="humans"
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Thu, 09 Sep 1999 09:09:09 GMT
pragma: no-cache
tk: T
content-encoding: gzip

GET
H2 200 05cde2b27802e569376ce310ac47d9b9 Show response
blog.pentesterlab.com/media/ Frame E06B 2 KB
2 KB 167ms
164ms Document
text/html 52.0.16.118
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.pentesterlab.com/media/05cde2b27802e569376ce310ac47d9b9?postId=10e93f9a1981

Requested by

Host: cdn-static-1.medium.com
URL: https://cdn-static-1.medium.com/_/fp/gen-js/main-base.bundle.ztL1AHa8u_uAOkVEwWp3MA.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.0.16.118 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-0-16-118.compute-1.amazonaws.com

Software

nginx / Medium

Resource Hash

a016f9635295337b2c243f15050f4063118af182a8bf2a9e84fac4fc94f54f87

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src https://localhost https://.instapaper.com https://.stripe.com https://glyph.medium.com https://.paypal.com https://getpocket.com https://blog.pentesterlab.com https://.blog.pentesterlab.com https://.medium.com https://medium.com https://.medium.com https://.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://.lightstep.com https://.branch.io https://app.zencoder.com 'self'; font-src data: https://.amazonaws.com https://.medium.com https://glyph.medium.com https://medium.com https://.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: blog.pentesterlab.com
:scheme: https
:path: /media/05cde2b27802e569376ce310ac47d9b9?postId=10e93f9a1981
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
accept-encoding: gzip, deflate, br
cookie: uid=lo_fEWmH1ILHMea; sid=1:Jj1WX33o03+n9Wp4zee4f2uYtTB0UorEaIrchxz8IZxkPCBU/tw1Gn0cZHdhq3TC; _ga=GA1.2.1922186635.1554434049; _gid=GA1.2.2066359195.1554434049; _gat=1; _parsely_session={%22sid%22:1%2C%22surl%22:%22https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a%22%2C%22sref%22:%22%22%2C%22sts%22:1554434048884%2C%22slts%22:0}; lightstep_guid/medium-web=cb83bcfa138863a6; lightstep_session_id=e40d4a77208c39ad; sz=1585; pr=1; tz=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981

Response headers

status: 200
server: nginx
date: Fri, 05 Apr 2019 03:14:09 GMT
content-type: text/html; charset=utf-8
content-security-policy: default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://getpocket.com https://blog.pentesterlab.com https://*.blog.pentesterlab.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://*.lightstep.com https://*.branch.io https://app.zencoder.com 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge, Chrome=1
x-powered-by: Medium
x-obvious-tid: 1554434049375:8fed0530f6a9
x-obvious-info: 37111-3d138b9,3d138b9a163
link: <https://medium.com/humans.txt>; rel="humans"
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Thu, 09 Sep 1999 09:09:09 GMT
pragma: no-cache
tk: T
content-encoding: gzip

GET
H2 200 8038014d85e84c4eca3076c6145439a3 Show response
blog.pentesterlab.com/media/ Frame E124 2 KB
2 KB 155ms
154ms Document
text/html 52.0.16.118
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.pentesterlab.com/media/8038014d85e84c4eca3076c6145439a3?postId=10e93f9a1981

Requested by

Host: cdn-static-1.medium.com
URL: https://cdn-static-1.medium.com/_/fp/gen-js/main-base.bundle.ztL1AHa8u_uAOkVEwWp3MA.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.0.16.118 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-0-16-118.compute-1.amazonaws.com

Software

nginx / Medium

Resource Hash

5ef7111f9e6189838fe27ae21d47f04e8f4e5a509d3789545eef070d9d23e24b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src https://localhost https://.instapaper.com https://.stripe.com https://glyph.medium.com https://.paypal.com https://getpocket.com https://blog.pentesterlab.com https://.blog.pentesterlab.com https://.medium.com https://medium.com https://.medium.com https://.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://.lightstep.com https://.branch.io https://app.zencoder.com 'self'; font-src data: https://.amazonaws.com https://.medium.com https://glyph.medium.com https://medium.com https://.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: blog.pentesterlab.com
:scheme: https
:path: /media/8038014d85e84c4eca3076c6145439a3?postId=10e93f9a1981
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
accept-encoding: gzip, deflate, br
cookie: uid=lo_fEWmH1ILHMea; sid=1:Jj1WX33o03+n9Wp4zee4f2uYtTB0UorEaIrchxz8IZxkPCBU/tw1Gn0cZHdhq3TC; _ga=GA1.2.1922186635.1554434049; _gid=GA1.2.2066359195.1554434049; _gat=1; _parsely_session={%22sid%22:1%2C%22surl%22:%22https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a%22%2C%22sref%22:%22%22%2C%22sts%22:1554434048884%2C%22slts%22:0}; lightstep_guid/medium-web=cb83bcfa138863a6; lightstep_session_id=e40d4a77208c39ad; sz=1585; pr=1; tz=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981

Response headers

status: 200
server: nginx
date: Fri, 05 Apr 2019 03:14:09 GMT
content-type: text/html; charset=utf-8
content-security-policy: default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://getpocket.com https://blog.pentesterlab.com https://*.blog.pentesterlab.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://*.lightstep.com https://*.branch.io https://app.zencoder.com 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge, Chrome=1
x-powered-by: Medium
x-obvious-tid: 1554434049378:b41a4ac6cab4
x-obvious-info: 37111-3d138b9,3d138b9a163
link: <https://medium.com/humans.txt>; rel="humans"
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Thu, 09 Sep 1999 09:09:09 GMT
pragma: no-cache
tk: T
content-encoding: gzip

OPTIONS
H2 200 reports Show response
collector-medium.lightstep.com/api/v0/ 0
174 B 395ms
110ms XHR
text/plain 34.192.104.91
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-medium.lightstep.com/api/v0/reports
Requested by: Host: cdn-static-1.medium.com
URL: https://cdn-static-1.medium.com/_/fp/gen-js/main-base.bundle.ztL1AHa8u_uAOkVEwWp3MA.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.192.104.91 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-192-104-91.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method: POST
Origin: https://blog.pentesterlab.com
Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers: content-type,lightstep-access-token

Response headers

status: 200
date: Fri, 05 Apr 2019 03:14:09 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-allow-headers: LightStep-Access-Token, Content-Type
content-length: 0
access-control-allow-methods: POST

GET
H2 200 main-notes.bundle.DHA3VDyLOu00e69OO-eGdw.js Show response
cdn-static-1.medium.com/_/fp/gen-js/ 86 KB
28 KB 14ms
13ms Script
application/javascript 2606:4700::6810:7991
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-static-1.medium.com/_/fp/gen-js/main-notes.bundle.DHA3VDyLOu00e69OO-eGdw.js

Requested by

Host: cdn-static-1.medium.com
URL: https://cdn-static-1.medium.com/_/fp/gen-js/main-base.bundle.ztL1AHa8u_uAOkVEwWp3MA.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d15c8df9e7b78d0e57d1d3963e16d63c76906c94b82c9cef4d4a34a9fe21fbf2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 05 Apr 2019 03:14:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-request-id: E6AE0B4102622762
status: 200
vary: Accept-Encoding
content-length: 28724
x-amz-id-2: My/MnIeBzFa4hVZrFRO96RTvpkOSCq0fP7x8539mMu6Ehnn+de3XvQBjjpug4sTTG7B6uDFLJG0=
last-modified: Thu, 04 Apr 2019 20:55:03 GMT
server: cloudflare
etag: "6b16ce9f9c4b1918c9ce8490abf9d737"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 4c2859a8ebd663bb-FRA
expires: Sat, 04 Apr 2020 03:14:09 GMT

GET
H/1.1 200
OK 22dac0394862677e0ac127562b811f13.js Show response
gist.github.com/snyff/ Frame 166E 1 KB
3 KB 379ms
137ms Script
text/javascript 192.30.253.118
GitHub

General

Check archive.org

Show headers Download Go to

Full URL

https://gist.github.com/snyff/22dac0394862677e0ac127562b811f13.js

Requested by

Host: blog.pentesterlab.com
URL: https://blog.pentesterlab.com/media/b175fd342fae0b626a61bfefa79aba6e?postId=10e93f9a1981

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

192.30.253.118 San Francisco, United States, ASN36459 (GITHUB - GitHub, Inc., US),

Reverse DNS

lb-192-30-253-118-iad.github.com

Software

GitHub.com /

Resource Hash

bd575b7f1090c406502d6e2b200d18acbff1067e212e0dce0624cb7551af2820

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com wss://live.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.pentesterlab.com/media/b175fd342fae0b626a61bfefa79aba6e?postId=10e93f9a1981
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 05 Apr 2019 03:14:09 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Status: 200 OK
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-XSS-Protection: 1; mode=block
X-Request-Id: e3260bbd-90e3-4094-b088-c3624ca798f7
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Server: GitHub.com
X-GitHub-Request-Id: AD5A:516A:22961B:3D895A:5CA6C801
X-Frame-Options: deny
ETag: W/"bd575b7f1090c406502d6e2b200d18ac"
Expect-CT: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
Vary: X-PJAX
Content-Type: text/javascript; charset=utf-8
Cache-Control: max-age=0, private, must-revalidate
Content-Security-Policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com wss://live.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com

GET
H/1.1 200
OK 187072e1ce7611a05a00b29d46553f97.js Show response
gist.github.com/snyff/ Frame E124 3 KB
3 KB 374ms
136ms Script
text/javascript 192.30.253.118
GitHub

General

Check archive.org

Show headers Download Go to

Full URL

https://gist.github.com/snyff/187072e1ce7611a05a00b29d46553f97.js

Requested by

Host: blog.pentesterlab.com
URL: https://blog.pentesterlab.com/media/8038014d85e84c4eca3076c6145439a3?postId=10e93f9a1981

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

192.30.253.118 San Francisco, United States, ASN36459 (GITHUB - GitHub, Inc., US),

Reverse DNS

lb-192-30-253-118-iad.github.com

Software

GitHub.com /

Resource Hash

5a718aadf6f5d3b356855c4119038b2965144f30ad10e8efb651ca6a2e116aa4

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com wss://live.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.pentesterlab.com/media/8038014d85e84c4eca3076c6145439a3?postId=10e93f9a1981
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 05 Apr 2019 03:14:09 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Status: 200 OK
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-XSS-Protection: 1; mode=block
X-Request-Id: 5af2ef7b-c4fc-4149-83cc-cb71b94b395e
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Server: GitHub.com
X-GitHub-Request-Id: AD5C:463F:2CE318:4CFEB2:5CA6C801
X-Frame-Options: deny
ETag: W/"5a718aadf6f5d3b356855c4119038b29"
Expect-CT: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
Vary: X-PJAX
Content-Type: text/javascript; charset=utf-8
Cache-Control: max-age=0, private, must-revalidate
Content-Security-Policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com wss://live.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ Frame 6095 93 KB
28 KB 46ms
21ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: blog.pentesterlab.com
URL: https://blog.pentesterlab.com/media/9a25d410b4fbe975b821cafb06cd742d?postId=10e93f9a1981
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/40B4) /
Resource Hash: 460c112ca18e517ef1a6c6abb2ba5ae55187138503a10177bf1908d9261c3a19

Request headers

Referer: https://blog.pentesterlab.com/media/9a25d410b4fbe975b821cafb06cd742d?postId=10e93f9a1981
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 05 Apr 2019 03:14:09 GMT
Content-Encoding: gzip
Last-Modified: Thu, 07 Mar 2019 17:40:21 GMT
Server: ECS (fcn/40B4)
Etag: "4cf9f34505e9344b9a7e4d00e67b6c88+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-control-allow-origin: *
Cache-Control: public, max-age=1800
X-Cache: HIT
Content-Type: application/javascript; charset=utf-8
Content-Length: 28028

GET
H/1.1 200
OK b191a72b52ba02d83c406b414dc18773.js Show response
gist.github.com/snyff/ Frame E06B 1 KB
3 KB 398ms
162ms Script
text/javascript 192.30.253.118
GitHub

General

Check archive.org

Show headers Download Go to

Full URL

https://gist.github.com/snyff/b191a72b52ba02d83c406b414dc18773.js

Requested by

Host: blog.pentesterlab.com
URL: https://blog.pentesterlab.com/media/05cde2b27802e569376ce310ac47d9b9?postId=10e93f9a1981

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

192.30.253.118 San Francisco, United States, ASN36459 (GITHUB - GitHub, Inc., US),

Reverse DNS

lb-192-30-253-118-iad.github.com

Software

GitHub.com /

Resource Hash

811eff6552f44467ab088ef951a1f5988b0a745ba6ee27641184dbc2df474a2b

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com wss://live.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.pentesterlab.com/media/05cde2b27802e569376ce310ac47d9b9?postId=10e93f9a1981
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 05 Apr 2019 03:14:09 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Status: 200 OK
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-XSS-Protection: 1; mode=block
X-Request-Id: 237a0a43-5f3c-49ba-86f0-0cd7b59ee050
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Server: GitHub.com
X-GitHub-Request-Id: AD58:36EA:19934D:2F4DCC:5CA6C801
X-Frame-Options: deny
ETag: W/"811eff6552f44467ab088ef951a1f598"
Expect-CT: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
Vary: X-PJAX
Content-Type: text/javascript; charset=utf-8
Cache-Control: max-age=0, private, must-revalidate
Content-Security-Policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com wss://live.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com

OPTIONS
H2 204 quotes Show response
medium.com/p/10e93f9a1981/ 0
149 B 124ms
124ms XHR
text/plain 2606:4700::6810:797f
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://medium.com/p/10e93f9a1981/quotes

Requested by

Host: cdn-static-1.medium.com
URL: https://cdn-static-1.medium.com/_/fp/gen-js/main-base.bundle.ztL1AHa8u_uAOkVEwWp3MA.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:797f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Medium

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src https://localhost https://.instapaper.com https://.stripe.com https://glyph.medium.com https://.paypal.com https://getpocket.com https://medium.com https://.medium.com https://.medium.com https://medium.com https://.medium.com https://.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://.lightstep.com https://.branch.io https://app.zencoder.com 'self'; font-src data: https://.amazonaws.com https://.medium.com https://glyph.medium.com https://medium.com https://.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Access-Control-Request-Method: GET
Origin: https://blog.pentesterlab.com
Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers: content-type,x-client-date,x-obvious-cid,x-xsrf-token

Response headers

date: Fri, 05 Apr 2019 03:14:09 GMT
x-content-type-options: nosniff
x-powered-by: Medium
x-obvious-info: 37111-3d138b9,3d138b9a163
status: 204
access-control-max-age: 86400
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge, Chrome=1
access-control-allow-headers: Accept, Content-Type, Origin, User-Agent, DNT, Cache-Control, X-Xsrf-Token, X-Obvious-Cid, X-Client-Date, x-opentracing
x-obvious-tid: 1554434049566:3f9082356e2e
server: cloudflare
x-frame-options: sameorigin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-methods: GET, POST, PUT, DELETE
access-control-allow-origin: https://blog.pentesterlab.com
cache-control: no-cache
access-control-allow-credentials: true
content-security-policy: default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://getpocket.com https://medium.com https://*.medium.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://*.lightstep.com https://*.branch.io https://app.zencoder.com 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
cf-ray: 4c2859a97d10634f-FRA
link: <https://medium.com/humans.txt>; rel="humans"

OPTIONS
H2 204 responses Show response
medium.com/_/api/posts/10e93f9a1981/ 0
2 KB 118ms
117ms XHR
text/plain 2606:4700::6810:797f
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://medium.com/_/api/posts/10e93f9a1981/responses?filter=best

Requested by

Host: cdn-static-1.medium.com
URL: https://cdn-static-1.medium.com/_/fp/gen-js/main-base.bundle.ztL1AHa8u_uAOkVEwWp3MA.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:797f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Medium

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src https://localhost https://.instapaper.com https://.stripe.com https://glyph.medium.com https://.paypal.com https://getpocket.com https://medium.com https://.medium.com https://.medium.com https://medium.com https://.medium.com https://.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://.lightstep.com https://.branch.io https://app.zencoder.com 'self'; font-src data: https://.amazonaws.com https://.medium.com https://glyph.medium.com https://medium.com https://.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Access-Control-Request-Method: GET
Origin: https://blog.pentesterlab.com
Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers: content-type,x-client-date,x-obvious-cid,x-opentracing,x-xsrf-token

Response headers

date: Fri, 05 Apr 2019 03:14:09 GMT
x-content-type-options: nosniff
x-powered-by: Medium
x-obvious-info: 37111-3d138b9,3d138b9a163
status: 204
access-control-max-age: 86400
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge, Chrome=1
access-control-allow-headers: Accept, Content-Type, Origin, User-Agent, DNT, Cache-Control, X-Xsrf-Token, X-Obvious-Cid, X-Client-Date, x-opentracing
x-obvious-tid: 1554434049575:f04c3834821d
server: cloudflare
x-frame-options: sameorigin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-methods: GET, POST, PUT, DELETE
access-control-allow-origin: https://blog.pentesterlab.com
cache-control: no-cache
access-control-allow-credentials: true
content-security-policy: default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://getpocket.com https://medium.com https://*.medium.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://*.lightstep.com https://*.branch.io https://app.zencoder.com 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
cf-ray: 4c2859a98d12634f-FRA
link: <https://medium.com/humans.txt>; rel="humans"

POST
H2 200 open Show response
api2.branch.io/v1/ 312 B
581 B 219ms
174ms XHR
application/json 2600:9000:200d:1c00:11:f728:3040:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/open
Requested by: Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:200d:1c00:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: openresty/1.13.6.2 /
Resource Hash: 86d93f00fa73b117c0b0f8074621af623d05063d26652d5e5f52b4e685b59dd7

Request headers

Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
Origin: https://blog.pentesterlab.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Fri, 05 Apr 2019 03:14:09 GMT
via: 1.1 2d2eb60d814c8202a5a69fa957cd569d.cloudfront.net (CloudFront)
server: openresty/1.13.6.2
status: 200
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache
content-length: 312
x-amz-cf-id: n2YblHJdcyh7azaN9IMHZJeTQelFbhU1ys9YV4Z5UxIYtPKqia740Q==

GET
H/1.1 200
OK widget_iframe.2e9f365dae390394eb8d923cba8c5b11.html
platform.twitter.com/widgets/ Frame C7AA 0
0 30ms
6ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2e9f365dae390394eb8d923cba8c5b11.html?origin=https%3A%2F%2Fblog.pentesterlab.com&settingsEndpoint=https%3A%2F%2Fsyndication.twitter.com%2Fsettings
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/40DF) /
Resource Hash

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://blog.pentesterlab.com/media/9a25d410b4fbe975b821cafb06cd742d?postId=10e93f9a1981
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://blog.pentesterlab.com/media/9a25d410b4fbe975b821cafb06cd742d?postId=10e93f9a1981

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-control-allow-origin: *
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Fri, 05 Apr 2019 03:14:09 GMT
Etag: "347ce5de96d97a02c18244967b8b6532+gzip"
Last-Modified: Thu, 07 Mar 2019 17:39:26 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (fcn/40DF)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 5783

GET
H/1.1 200
OK moment~timeline~tweet.6e5b62723488aee38af0c77681396a5b.js Show response
platform.twitter.com/js/ Frame 6095 24 KB
8 KB 33ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/moment~timeline~tweet.6e5b62723488aee38af0c77681396a5b.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/4186) /
Resource Hash: e26fdccb214e020f70cf2aede7b77d5dc51854e23b3acbb4bcff0018773a636f

Request headers

Referer: https://blog.pentesterlab.com/media/9a25d410b4fbe975b821cafb06cd742d?postId=10e93f9a1981
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 05 Apr 2019 03:14:09 GMT
Content-Encoding: gzip
Last-Modified: Thu, 07 Mar 2019 17:39:15 GMT
Server: ECS (fcn/4186)
Etag: "da3e8002f83d92efe615008a56f12f48+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Content-Type: application/javascript; charset=utf-8
Content-Length: 7925

GET
H/1.1 200
OK tweet.2b7769d244a8dfeb3ab9d97583412dec.js Show response
platform.twitter.com/js/ Frame 6095 18 KB
6 KB 55ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/tweet.2b7769d244a8dfeb3ab9d97583412dec.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/40EA) /
Resource Hash: 9c6ea1ab4588c0be7dc9cb629aa641415dd91acaea7084de6921a7ffa2299bfb

Request headers

Referer: https://blog.pentesterlab.com/media/9a25d410b4fbe975b821cafb06cd742d?postId=10e93f9a1981
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 05 Apr 2019 03:14:09 GMT
Content-Encoding: gzip
Last-Modified: Thu, 07 Mar 2019 17:39:15 GMT
Server: ECS (fcn/40EA)
Etag: "20fa27831d8703b8d33a11abad368f93+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Content-Type: application/javascript; charset=utf-8
Content-Length: 6038

GET
H2 200 responses Show response
medium.com/_/api/posts/10e93f9a1981/ 153 B
445 B 181ms
180ms XHR
application/json 2606:4700::6810:7c7f
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://medium.com/_/api/posts/10e93f9a1981/responses?filter=best

Requested by

Host: blog.pentesterlab.com
URL: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7c7f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Medium

Resource Hash

eb9834733498cf6b285fd91d999a74214ae8332662c7d13b7c01287082a6180a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

X-Client-Date: 1554434049516
Origin: https://blog.pentesterlab.com
X-XSRF-Token: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/json
X-Obvious-CID: web
Accept: application/json
Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
x-opentracing: {"ot-tracer-spanid":"4906c85c4a9ce","ot-tracer-traceid":"56b05f069e8d1","ot-tracer-sampled":"true"}

Response headers

date: Fri, 05 Apr 2019 03:14:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-powered-by: Medium
x-obvious-info: 37111-3d138b9,3d138b9a163
status: 200
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge, Chrome=1
pragma: no-cache
x-obvious-tid: 1554434049706:f8987ea270d5
server: cloudflare
x-frame-options: sameorigin
tk: T
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/json; charset=utf-8
access-control-allow-origin: https://blog.pentesterlab.com
access-control-expose-headers: X-Xsrf-Token, X-Obvious-Cid, X-Client-Date, X-Obvious-Profiling, X-Diagnostics, x-opentracing
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
cf-ray: 4c2859aa4ade973e-FRA
link: <https://medium.com/humans.txt>; rel="humans"
expires: Thu, 09 Sep 1999 09:09:09 GMT

GET
H2 200 quotes Show response
medium.com/p/10e93f9a1981/ 97 B
698 B 155ms
154ms XHR
application/json 2606:4700::6810:7c7f
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://medium.com/p/10e93f9a1981/quotes

Requested by

Host: blog.pentesterlab.com
URL: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7c7f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Medium

Resource Hash

7e9db049c52d6ba10322d7bf811253d4c3be6fbfd743007d23f912a7245a5e95

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

X-Client-Date: 1554434049514
Origin: https://blog.pentesterlab.com
X-XSRF-Token: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/json
Accept: application/json
Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
X-Obvious-CID: web

Response headers

date: Fri, 05 Apr 2019 03:14:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-powered-by: Medium
x-obvious-info: 37111-3d138b9,3d138b9a163
status: 200
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge, Chrome=1
pragma: no-cache
link: <https://medium.com/humans.txt>; rel="humans"
x-obvious-tid: 1554434049707:d402673dc23d
server: cloudflare
x-frame-options: sameorigin
tk: T
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/json; charset=utf-8
access-control-allow-origin: https://blog.pentesterlab.com
access-control-expose-headers: X-Xsrf-Token, X-Obvious-Cid, X-Client-Date, X-Obvious-Profiling, X-Diagnostics, x-opentracing
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
cf-ray: 4c2859aa5ae9973e-FRA
x-opentracing: {"ot-tracer-spanid":"75ef2b8722f2ab2d","ot-tracer-traceid":"7a75545e40e70993","ot-tracer-sampled":"true"}
expires: Thu, 09 Sep 1999 09:09:09 GMT

GET
H2 200 syndication
syndication.twitter.com/i/jot/ Frame 6095 43 B
375 B 151ms
125ms Image
image/gif 104.244.42.72
Twitter Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot/syndication?dnt=1&l=%7B%22_category_%22%3A%22syndicated_impression%22%2C%22triggered_on%22%3A1554434049673%2C%22dnt%22%3Atrue%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22tweet%22%2C%22action%22%3A%22impression%22%7D%7D

Requested by

Host: blog.pentesterlab.com
URL: https://blog.pentesterlab.com/media/9a25d410b4fbe975b821cafb06cd742d?postId=10e93f9a1981

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.72 San Francisco, United States, ASN13414 (TWITTER - Twitter Inc., US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://twitter.com/i/xss_report

Request headers

Referer: https://blog.pentesterlab.com/media/9a25d410b4fbe975b821cafb06cd742d?postId=10e93f9a1981
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 05 Apr 2019 03:14:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
content-length: 65
x-xss-protection: 1; mode=block; report=https://twitter.com/i/xss_report
x-response-time: 117
pragma: no-cache
last-modified: Fri, 05 Apr 2019 03:14:09 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: d366460bcc5e52eee4ec50e3a7959212
x-transaction: 00be8472000e0771
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 upvotes Show response
medium.com/p/10e93f9a1981/ 10 KB
2 KB 515ms
514ms XHR
application/json 2606:4700::6810:7c7f
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://medium.com/p/10e93f9a1981/upvotes

Requested by

Host: blog.pentesterlab.com
URL: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7c7f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Medium

Resource Hash

8803267a573f670c563f28f4299c8e9758d00ed53c4cfc887c24d76eb769e17d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

X-Client-Date: 1554434049234
Origin: https://blog.pentesterlab.com
X-XSRF-Token: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/json
X-Obvious-CID: web
Accept: application/json
Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
x-opentracing: {"ot-tracer-spanid":"972d9372a9f14","ot-tracer-traceid":"5957ef2c19261fee","ot-tracer-sampled":"true"}

Response headers

date: Fri, 05 Apr 2019 03:14:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-powered-by: Medium
x-obvious-info: 37111-3d138b9,3d138b9a163
status: 200
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge, Chrome=1
pragma: no-cache
x-obvious-tid: 1554434050048:69139fa07bce
server: cloudflare
x-frame-options: sameorigin
tk: T
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/json; charset=utf-8
access-control-allow-origin: https://blog.pentesterlab.com
access-control-expose-headers: X-Xsrf-Token, X-Obvious-Cid, X-Client-Date, X-Obvious-Profiling, X-Diagnostics, x-opentracing
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
cf-ray: 4c2859aa8b0b973e-FRA
link: <https://medium.com/humans.txt>; rel="humans"
expires: Thu, 09 Sep 1999 09:09:09 GMT

GET
H2 200 tweets.json Show response
cdn.syndication.twimg.com/ Frame 6095 5 KB
2 KB 193ms
134ms Script
application/javascript 2606:2800:134:fa2:1627:1fe:edb:1665
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.syndication.twimg.com/tweets.json?callback=__twttr.callbacks.cb0&ids=1111398659306876929-t&lang=en&suppress_response_codes=true&theme=light&tz=GMT%2B0000

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

tsa_o /

Resource Hash

fa57c70475cfa038476658c3537f7808b6aaf568bffaeee87419680b6790170b

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://twitter.com/i/xss_report

Request headers

Referer: https://blog.pentesterlab.com/media/9a25d410b4fbe975b821cafb06cd742d?postId=10e93f9a1981
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 05 Apr 2019 03:14:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
content-disposition: attachment; filename=jsonp.jsonp
strict-transport-security: max-age=631138519
content-length: 1471
x-xss-protection: 1; mode=block; report=https://twitter.com/i/xss_report
x-response-time: 128
last-modified: Fri, 05 Apr 2019 03:14:09 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
cache-control: must-revalidate, max-age=60
x-connection-hash: 2a0536bae5fcbdeb0e764e7ac0ee80cd
timing-allow-origin: *
x-transaction: 00f679aa0004a265
expires: Fri, 05 Apr 2019 03:15:09 GMT

POST
H2 200 reports Show response
collector-medium.lightstep.com/api/v0/ 127 B
325 B 110ms
110ms XHR
application/json 34.192.104.91
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-medium.lightstep.com/api/v0/reports
Requested by: Host: blog.pentesterlab.com
URL: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.192.104.91 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-192-104-91.compute-1.amazonaws.com
Software: /
Resource Hash: f721f5c18f4aa019bfa66be707c770717a1b2e7311c7e14e2a2117ce6c34b507

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
Origin: https://blog.pentesterlab.com
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
Content-Type: application/json

Response headers

date: Fri, 05 Apr 2019 03:14:09 GMT
status: 200
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
content-length: 127

OPTIONS
H2 204 responsesStream Show response
medium.com/_/api/posts/10e93f9a1981/ 0
148 B 116ms
115ms XHR
text/plain 2606:4700::6810:797f
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://medium.com/_/api/posts/10e93f9a1981/responsesStream?filter=best

Requested by

Host: cdn-static-1.medium.com
URL: https://cdn-static-1.medium.com/_/fp/gen-js/main-base.bundle.ztL1AHa8u_uAOkVEwWp3MA.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:797f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Medium

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src https://localhost https://.instapaper.com https://.stripe.com https://glyph.medium.com https://.paypal.com https://getpocket.com https://medium.com https://.medium.com https://.medium.com https://medium.com https://.medium.com https://.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://.lightstep.com https://.branch.io https://app.zencoder.com 'self'; font-src data: https://.amazonaws.com https://.medium.com https://glyph.medium.com https://medium.com https://.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Access-Control-Request-Method: GET
Origin: https://blog.pentesterlab.com
Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers: content-type,x-client-date,x-obvious-cid,x-opentracing,x-xsrf-token

Response headers

date: Fri, 05 Apr 2019 03:14:09 GMT
x-content-type-options: nosniff
x-powered-by: Medium
x-obvious-info: 37111-3d138b9,3d138b9a163
status: 204
access-control-max-age: 86400
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge, Chrome=1
access-control-allow-headers: Accept, Content-Type, Origin, User-Agent, DNT, Cache-Control, X-Xsrf-Token, X-Obvious-Cid, X-Client-Date, x-opentracing
x-obvious-tid: 1554434049823:a9e9c06ca477
server: cloudflare
x-frame-options: sameorigin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-methods: GET, POST, PUT, DELETE
access-control-allow-origin: https://blog.pentesterlab.com
cache-control: no-cache
access-control-allow-credentials: true
content-security-policy: default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://getpocket.com https://medium.com https://*.medium.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://*.lightstep.com https://*.branch.io https://app.zencoder.com 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
cf-ray: 4c2859ab0de5634f-FRA
link: <https://medium.com/humans.txt>; rel="humans"

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
344 B 171ms
171ms XHR
application/json 2600:9000:200d:1c00:11:f728:3040:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/pageview
Requested by: Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:200d:1c00:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: openresty/1.13.6.2 / Express
Resource Hash: a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Request headers

Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
Origin: https://blog.pentesterlab.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Fri, 05 Apr 2019 03:14:09 GMT
via: 1.1 2d2eb60d814c8202a5a69fa957cd569d.cloudfront.net (CloudFront)
server: openresty/1.13.6.2
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
status: 200
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
content-length: 28
x-amz-cf-id: H-YKMj0s_WU8qmeuMRWOEFK6j3rd9jbCLX3xdHkBGAh8WEUbzV3zxA==

GET
H2 200 gist-embed-a9a1cf2ca01efd362bfa52312712ae94.css
github.githubassets.com/assets/ Frame E124 22 KB
5 KB 39ms
6ms Stylesheet
text/css 185.199.108.154
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://github.githubassets.com/assets/gist-embed-a9a1cf2ca01efd362bfa52312712ae94.css
Requested by: Host: gist.github.com
URL: https://gist.github.com/snyff/187072e1ce7611a05a00b29d46553f97.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.199.108.154 -, , ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fcc1b9ca9cd9136039180e6e6bbb90005ee972c21e3d47f84ecdc3e7cdeeb25c

Request headers

Referer: https://blog.pentesterlab.com/media/8038014d85e84c4eca3076c6145439a3?postId=10e93f9a1981
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-fastly-request-id: b47944b3484b911c0c7898b5c2c7aa2c336586a7
date: Fri, 05 Apr 2019 03:14:09 GMT
content-encoding: gzip
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
age: 5520
x-cache: MISS, HIT
status: 200
content-length: 4741
x-served-by: cache-iad2126-IAD, cache-hhn1539-HHN
access-control-allow-origin: *
last-modified: Tue, 19 Mar 2019 00:12:02 GMT
server: AmazonS3
x-timer: S1554434050.901502,VS0,VE0
etag: "800c22e69b617d89efb0a6a9cc4e1a9b"
access-control-max-age: 3600
access-control-allow-methods: GET
content-type: text/css
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
x-cache-hits: 0, 17

GET
H2 200 gist-embed-a9a1cf2ca01efd362bfa52312712ae94.css
github.githubassets.com/assets/ Frame 166E 22 KB
5 KB 38ms
7ms Stylesheet
text/css 185.199.108.154
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://github.githubassets.com/assets/gist-embed-a9a1cf2ca01efd362bfa52312712ae94.css
Requested by: Host: gist.github.com
URL: https://gist.github.com/snyff/22dac0394862677e0ac127562b811f13.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.199.108.154 -, , ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fcc1b9ca9cd9136039180e6e6bbb90005ee972c21e3d47f84ecdc3e7cdeeb25c

Request headers

Referer: https://blog.pentesterlab.com/media/b175fd342fae0b626a61bfefa79aba6e?postId=10e93f9a1981
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-fastly-request-id: 07c917256f23efdd92e27af8ed24dd897dffaf85
date: Fri, 05 Apr 2019 03:14:09 GMT
content-encoding: gzip
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
age: 5520
x-cache: MISS, HIT
status: 200
content-length: 4741
x-served-by: cache-iad2126-IAD, cache-hhn1539-HHN
access-control-allow-origin: *
last-modified: Tue, 19 Mar 2019 00:12:02 GMT
server: AmazonS3
x-timer: S1554434050.901543,VS0,VE0
etag: "800c22e69b617d89efb0a6a9cc4e1a9b"
access-control-max-age: 3600
access-control-allow-methods: GET
content-type: text/css
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
x-cache-hits: 0, 18

GET
H2 200 responsesStream Show response
medium.com/_/api/posts/10e93f9a1981/ 115 B
253 B 178ms
177ms XHR
application/json 2606:4700::6810:7c7f
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://medium.com/_/api/posts/10e93f9a1981/responsesStream?filter=best

Requested by

Host: blog.pentesterlab.com
URL: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7c7f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Medium

Resource Hash

04c41cc5d12b51194ca0a1cc3df50978b1a9e6d82817693d512ee8ec3acf152e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

X-Client-Date: 1554434049763
Origin: https://blog.pentesterlab.com
X-XSRF-Token: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/json
X-Obvious-CID: web
Accept: application/json
Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
x-opentracing: {"ot-tracer-spanid":"183d4c0c607a50","ot-tracer-traceid":"1111dd60503a5b","ot-tracer-sampled":"true"}

Response headers

date: Fri, 05 Apr 2019 03:14:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-powered-by: Medium
x-obvious-info: 37111-3d138b9,3d138b9a163
status: 200
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge, Chrome=1
pragma: no-cache
x-obvious-tid: 1554434049946:a397321577d3
server: cloudflare
x-frame-options: sameorigin
tk: T
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/json; charset=utf-8
access-control-allow-origin: https://blog.pentesterlab.com
access-control-expose-headers: X-Xsrf-Token, X-Obvious-Cid, X-Client-Date, X-Obvious-Profiling, X-Diagnostics, x-opentracing
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
cf-ray: 4c2859abcc05973e-FRA
link: <https://medium.com/humans.txt>; rel="humans"
expires: Thu, 09 Sep 1999 09:09:09 GMT

GET
H2 200 gist-embed-a9a1cf2ca01efd362bfa52312712ae94.css
github.githubassets.com/assets/ Frame E06B 22 KB
5 KB 11ms
11ms Stylesheet
text/css 185.199.108.154
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://github.githubassets.com/assets/gist-embed-a9a1cf2ca01efd362bfa52312712ae94.css
Requested by: Host: gist.github.com
URL: https://gist.github.com/snyff/b191a72b52ba02d83c406b414dc18773.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.199.108.154 -, , ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fcc1b9ca9cd9136039180e6e6bbb90005ee972c21e3d47f84ecdc3e7cdeeb25c

Request headers

Referer: https://blog.pentesterlab.com/media/05cde2b27802e569376ce310ac47d9b9?postId=10e93f9a1981
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-fastly-request-id: e0f451b7244f999ff9c28aab8315c99f592646c3
date: Fri, 05 Apr 2019 03:14:09 GMT
content-encoding: gzip
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
age: 5520
x-cache: MISS, HIT
status: 200
content-length: 4741
x-served-by: cache-iad2126-IAD, cache-hhn1539-HHN
access-control-allow-origin: *
last-modified: Tue, 19 Mar 2019 00:12:02 GMT
server: AmazonS3
x-timer: S1554434050.903716,VS0,VE0
etag: "800c22e69b617d89efb0a6a9cc4e1a9b"
access-control-max-age: 3600
access-control-allow-methods: GET
content-type: text/css
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
x-cache-hits: 0, 19

GET
H/1.1 200
OK tweet.0940efb0bc0eb82a2de893b3e7b414bf.light.ltr.css
platform.twitter.com/css/ Frame CEA6 54 KB
13 KB 7ms
7ms Stylesheet
text/css 2606:2800:234:59:254c:406:2366:268c
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/css/tweet.0940efb0bc0eb82a2de893b3e7b414bf.light.ltr.css
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/41A3) /
Resource Hash: c139b8dd7b1ccda2813ae79d127d1c0256f91a71fce5581887a1d5fbbca81bde

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 05 Apr 2019 03:14:09 GMT
Content-Encoding: gzip
Last-Modified: Thu, 07 Mar 2019 17:39:11 GMT
Server: ECS (fcn/41A3)
Etag: "ae6fef09ef216879adf6be6beb2522ea+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Content-Type: text/css; charset=utf-8
Content-Length: 12323

GET
H/1.1 200
OK tweet.0940efb0bc0eb82a2de893b3e7b414bf.light.ltr.css
platform.twitter.com/css/ Frame 6095 54 KB
54 KB 9ms
8ms Image
text/css 2606:2800:234:59:254c:406:2366:268c
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform.twitter.com/css/tweet.0940efb0bc0eb82a2de893b3e7b414bf.light.ltr.css
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/41A3) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blog.pentesterlab.com/media/9a25d410b4fbe975b821cafb06cd742d?postId=10e93f9a1981
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 05 Apr 2019 03:14:09 GMT
Content-Encoding: gzip
Last-Modified: Thu, 07 Mar 2019 17:39:11 GMT
Server: ECS (fcn/41A3)
Etag: "ae6fef09ef216879adf6be6beb2522ea+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Content-Type: text/css; charset=utf-8
Content-Length: 12323

GET
H2 200 A1FJ5fJg_normal.png
pbs.twimg.com/profile_images/1110103138961223680/ Frame CEA6 3 KB
3 KB 60ms
11ms Image
image/png 2606:2800:134:1a0d:1429:742:782:b6
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/1110103138961223680/A1FJ5fJg_normal.png

Requested by

Host: blog.pentesterlab.com
URL: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

ECS (fcn/40AD) /

Resource Hash

064ccc800158df769680c9af1fbe3057f4c607ddfc06a10f475e406ebd3ed1ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-response-time: 132
date: Fri, 05 Apr 2019 03:14:10 GMT
x-content-type-options: nosniff
surrogate-key: profile_images profile_images/bucket/4 profile_images/1110103138961223680
last-modified: Mon, 25 Mar 2019 08:54:27 GMT
server: ECS (fcn/40AD)
access-control-allow-origin: *
x-cache: HIT
content-type: image/png
status: 200
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 0d093c4368b5783acaf664f5901e2d8f
accept-ranges: bytes
content-length: 2567

GET
DATA 200
OK truncated
/ Frame CEA6 825 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4468e35646c229b518e5f398c5a3d6b15ba1351a71ef22692129bb32f5030ac0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame CEA6 572 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0341a4478ce861ef85c819b913fa0a2501836a6a2ffda8643e95e39f4a2a7de0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame CEA6 707 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 338e5578a7b3021caec1db415b93b214c378029d3cd8d19adc833d8b85ea7d29

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame CEA6 600 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c50a17e8272b9359e4b62e0f305e201f359cb5bd2245671c115d031f2b7f68d0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ Frame CEA6 323 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c3531ed2c934e5daee80955db42a0245d666131e6322c6ec6985992922520ab4

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 jot
syndication.twitter.com/i/ Frame 6095 43 B
167 B 132ms
131ms Image
image/gif 104.244.42.72
Twitter Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?dnt=1&l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fblog.pentesterlab.com%2Fmedia%2F9a25d410b4fbe975b821cafb06cd742d%3FpostId%3D10e93f9a1981%22%2C%22widget_frame%22%3Afalse%2C%22item_ids%22%3A%5B%221111398659306876929%22%5D%2C%22item_details%22%3A%7B%221111398659306876929%22%3A%7B%22item_type%22%3A0%7D%7D%2C%22unbucketed%22%3Atrue%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1554434050203%2C%22dnt%22%3Atrue%2C%22client_version%22%3A%22c1f189f%3A1551939852453%22%2C%22format_version%22%3A%22c1f189f%3A1551939852453%22%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22tweet%22%2C%22element%22%3A%22notice%22%2C%22component%22%3A%22tweet%22%2C%22section%22%3A%22subject%22%2C%22action%22%3A%22seen%22%7D%7D&notice_seen=true

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.72 San Francisco, United States, ASN13414 (TWITTER - Twitter Inc., US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://twitter.com/i/xss_report

Request headers

Referer: https://blog.pentesterlab.com/media/9a25d410b4fbe975b821cafb06cd742d?postId=10e93f9a1981
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 05 Apr 2019 03:14:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
content-length: 65
x-xss-protection: 1; mode=block; report=https://twitter.com/i/xss_report
x-response-time: 117
pragma: no-cache
last-modified: Fri, 05 Apr 2019 03:14:10 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: d366460bcc5e52eee4ec50e3a7959212
x-transaction: 0084d8af004575bd
expires: Tue, 31 Mar 1981 05:00:00 GMT

OPTIONS
H2 200 reports Show response
collector-medium.lightstep.com/api/v0/ 0
174 B 122ms
122ms XHR
text/plain 34.192.104.91
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-medium.lightstep.com/api/v0/reports
Requested by: Host: cdn-static-1.medium.com
URL: https://cdn-static-1.medium.com/_/fp/gen-js/main-base.bundle.ztL1AHa8u_uAOkVEwWp3MA.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.192.104.91 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-192-104-91.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method: POST
Origin: https://blog.pentesterlab.com
Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers: content-type,lightstep-access-token

Response headers

status: 200
date: Fri, 05 Apr 2019 03:14:10 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-allow-headers: LightStep-Access-Token, Content-Type
content-length: 0
access-control-allow-methods: POST

GET
H/1.1

200
OK

jot.html
platform.twitter.com/ Frame 310F
Redirect Chain

https://syndication.twitter.com/i/jot
https://platform.twitter.com/jot.html

0
0

7ms
6ms

Document
text/html

2606:2800:234:59:254c:406:2366:268c
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/jot.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/4190) /
Resource Hash

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Origin: null
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Fri, 05 Apr 2019 03:14:10 GMT
Etag: "d9592a6c704736fa4da218d4357976dd"
Last-Modified: Thu, 07 Mar 2019 17:40:21 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (fcn/4190)
X-Cache: HIT
Content-Length: 80

Redirect headers

status: 302 302 Found
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-length: 0
content-type: text/html;charset=utf-8
date: Fri, 05 Apr 2019 03:14:10 GMT
expires: Tue, 31 Mar 1981 05:00:00 GMT
last-modified: Fri, 05 Apr 2019 03:14:10 GMT
location: https://platform.twitter.com/jot.html
pragma: no-cache
server: tsa_o
strict-transport-security: max-age=631138519
x-connection-hash: d366460bcc5e52eee4ec50e3a7959212
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 118
x-transaction: 00fb3d3c0098bfb1
x-tsa-request-body-time: 1
x-twitter-response-tags: BouncerCompliant
x-xss-protection: 0

OPTIONS
H2 204 placements Show response
medium.com/_/api/ 0
266 B 120ms
118ms XHR
text/plain 2606:4700::6810:797f
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://medium.com/_/api/placements?requestContext%5BpostPageContext%5D%5BpostId%5D=10e93f9a1981&requestContext%5BcontextType%5D=postPageContext&slots%5B0%5D%5Blocation%5D=1&slots%5B0%5D%5Bindex%5D=0

Requested by

Host: cdn-static-1.medium.com
URL: https://cdn-static-1.medium.com/_/fp/gen-js/main-base.bundle.ztL1AHa8u_uAOkVEwWp3MA.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:797f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Medium

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src https://localhost https://.instapaper.com https://.stripe.com https://glyph.medium.com https://.paypal.com https://getpocket.com https://medium.com https://.medium.com https://.medium.com https://medium.com https://.medium.com https://.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://.lightstep.com https://.branch.io https://app.zencoder.com 'self'; font-src data: https://.amazonaws.com https://.medium.com https://glyph.medium.com https://medium.com https://.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Access-Control-Request-Method: GET
Origin: https://blog.pentesterlab.com
Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers: content-type,x-client-date,x-obvious-cid,x-opentracing,x-xsrf-token

Response headers

date: Fri, 05 Apr 2019 03:14:10 GMT
x-content-type-options: nosniff
x-powered-by: Medium
x-obvious-info: 37111-3d138b9,3d138b9a163
status: 204
access-control-max-age: 86400
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge, Chrome=1
access-control-allow-headers: Accept, Content-Type, Origin, User-Agent, DNT, Cache-Control, X-Xsrf-Token, X-Obvious-Cid, X-Client-Date, x-opentracing
x-obvious-tid: 1554434050329:ae0f8b25449b
server: cloudflare
x-frame-options: sameorigin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-methods: GET, POST, PUT, DELETE
access-control-allow-origin: https://blog.pentesterlab.com
cache-control: no-cache
access-control-allow-credentials: true
content-security-policy: default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://getpocket.com https://medium.com https://*.medium.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://*.lightstep.com https://*.branch.io https://app.zencoder.com 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
cf-ray: 4c2859ae3f9d634f-FRA
link: <https://medium.com/humans.txt>; rel="humans"

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
343 B 183ms
182ms XHR
application/json 2600:9000:200d:1c00:11:f728:3040:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/pageview
Requested by: Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:200d:1c00:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: openresty/1.13.6.2 / Express
Resource Hash: a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Request headers

Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
Origin: https://blog.pentesterlab.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Fri, 05 Apr 2019 03:14:10 GMT
via: 1.1 2d2eb60d814c8202a5a69fa957cd569d.cloudfront.net (CloudFront)
server: openresty/1.13.6.2
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
status: 200
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
content-length: 28
x-amz-cf-id: P-qZ5Wte3HAfCyYUPX1hB-ihywG8B1UmPisj8wf5TZG3YftsQibkoQ==

GET
H2 200 68e98d6cb8a874ec0eb1d35603b85122 Show response
blog.pentesterlab.com/media/ Frame CA28 2 KB
2 KB 166ms
166ms Document
text/html 52.0.16.118
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.pentesterlab.com/media/68e98d6cb8a874ec0eb1d35603b85122?postId=10e93f9a1981

Requested by

Host: cdn-static-1.medium.com
URL: https://cdn-static-1.medium.com/_/fp/gen-js/main-base.bundle.ztL1AHa8u_uAOkVEwWp3MA.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.0.16.118 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-0-16-118.compute-1.amazonaws.com

Software

nginx / Medium

Resource Hash

307c070ee1e6213cd33c9791f66b50af7582e7bfeeb348e8daac38abb946e81b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src https://localhost https://.instapaper.com https://.stripe.com https://glyph.medium.com https://.paypal.com https://getpocket.com https://blog.pentesterlab.com https://.blog.pentesterlab.com https://.medium.com https://medium.com https://.medium.com https://.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://.lightstep.com https://.branch.io https://app.zencoder.com 'self'; font-src data: https://.amazonaws.com https://.medium.com https://glyph.medium.com https://medium.com https://.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: blog.pentesterlab.com
:scheme: https
:path: /media/68e98d6cb8a874ec0eb1d35603b85122?postId=10e93f9a1981
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
accept-encoding: gzip, deflate, br
cookie: uid=lo_fEWmH1ILHMea; sid=1:Jj1WX33o03+n9Wp4zee4f2uYtTB0UorEaIrchxz8IZxkPCBU/tw1Gn0cZHdhq3TC; _ga=GA1.2.1922186635.1554434049; _gid=GA1.2.2066359195.1554434049; _gat=1; _parsely_session={%22sid%22:1%2C%22surl%22:%22https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a%22%2C%22sref%22:%22%22%2C%22sts%22:1554434048884%2C%22slts%22:0}; lightstep_guid/medium-web=cb83bcfa138863a6; lightstep_session_id=e40d4a77208c39ad; sz=1585; pr=1; tz=0; _parsely_visitor={%22id%22:%22pid=dbcef24bcc4a7a8a7a106b846a211d33%22%2C%22session_count%22:1%2C%22last_session_ts%22:1554434048884}
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981

Response headers

status: 200
server: nginx
date: Fri, 05 Apr 2019 03:14:10 GMT
content-type: text/html; charset=utf-8
content-security-policy: default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://getpocket.com https://blog.pentesterlab.com https://*.blog.pentesterlab.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://*.lightstep.com https://*.branch.io https://app.zencoder.com 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge, Chrome=1
x-powered-by: Medium
x-obvious-tid: 1554434050386:c5a1642a219c
x-obvious-info: 37111-3d138b9,3d138b9a163
link: <https://medium.com/humans.txt>; rel="humans"
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Thu, 09 Sep 1999 09:09:09 GMT
pragma: no-cache
tk: T
content-encoding: gzip

POST
H2 200 reports Show response
collector-medium.lightstep.com/api/v0/ 127 B
325 B 111ms
110ms XHR
application/json 34.192.104.91
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-medium.lightstep.com/api/v0/reports
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.192.104.91 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-192-104-91.compute-1.amazonaws.com
Software: /
Resource Hash: c214ff80513e360adc30cf43cef46d005b39548d871d026d459201e86571ad98

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
Origin: https://blog.pentesterlab.com
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
Content-Type: application/json

Response headers

date: Fri, 05 Apr 2019 03:14:10 GMT
status: 200
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
content-length: 127

GET
H2 200 placements Show response
medium.com/_/api/ 27 KB
7 KB 430ms
429ms XHR
application/json 2606:4700::6810:7c7f
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://medium.com/_/api/placements?requestContext%5BpostPageContext%5D%5BpostId%5D=10e93f9a1981&requestContext%5BcontextType%5D=postPageContext&slots%5B0%5D%5Blocation%5D=1&slots%5B0%5D%5Bindex%5D=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7c7f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Medium

Resource Hash

d5fb47611b7e3dea2c08b2160658860eb477d5a9cf67250a689c4db8de82d8f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

X-Client-Date: 1554434050267
Origin: https://blog.pentesterlab.com
X-XSRF-Token: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/json
X-Obvious-CID: web
Accept: application/json
Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
x-opentracing: {"ot-tracer-spanid":"f64561bc9405","ot-tracer-traceid":"1c32929729d15f","ot-tracer-sampled":"true"}

Response headers

date: Fri, 05 Apr 2019 03:14:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-powered-by: Medium
x-obvious-info: 37111-3d138b9,3d138b9a163
status: 200
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge, Chrome=1
pragma: no-cache
x-obvious-tid: 1554434050452:e1888ccbc137
server: cloudflare
x-frame-options: sameorigin
tk: T
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/json; charset=utf-8
access-control-allow-origin: https://blog.pentesterlab.com
access-control-expose-headers: X-Xsrf-Token, X-Obvious-Cid, X-Client-Date, X-Obvious-Profiling, X-Diagnostics, x-opentracing
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
cf-ray: 4c2859aefe60973e-FRA
link: <https://medium.com/humans.txt>; rel="humans"
expires: Thu, 09 Sep 1999 09:09:09 GMT

POST
H2 200 pageview Show response
api2.branch.io/v1/ 28 B
344 B 168ms
168ms XHR
application/json 2600:9000:200d:1c00:11:f728:3040:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api2.branch.io/v1/pageview
Requested by: Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:200d:1c00:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: openresty/1.13.6.2 / Express
Resource Hash: a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Request headers

Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
Origin: https://blog.pentesterlab.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Fri, 05 Apr 2019 03:14:10 GMT
via: 1.1 2d2eb60d814c8202a5a69fa957cd569d.cloudfront.net (CloudFront)
server: openresty/1.13.6.2
x-powered-by: Express
etag: W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
status: 200
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
content-length: 28
x-amz-cf-id: x7KTdKNTjUoTwSVJJ-AGkaKAx04b7r9wphZIVKSSZqMak6Oey1q7TQ==

GET
H/1.1 200
OK 18fe4c5ce719376d6ee26c01611dcb25.js Show response
gist.github.com/snyff/ Frame CA28 5 KB
3 KB 156ms
156ms Script
text/javascript 192.30.253.118
GitHub

General

Check archive.org

Show headers Download Go to

Full URL

https://gist.github.com/snyff/18fe4c5ce719376d6ee26c01611dcb25.js

Requested by

Host: blog.pentesterlab.com
URL: https://blog.pentesterlab.com/media/68e98d6cb8a874ec0eb1d35603b85122?postId=10e93f9a1981

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

192.30.253.118 San Francisco, United States, ASN36459 (GITHUB - GitHub, Inc., US),

Reverse DNS

lb-192-30-253-118-iad.github.com

Software

GitHub.com /

Resource Hash

47eef10275953d76132944cf345ca49c0e47c7e1c8f1aaf724aeae54cda3bad9

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com wss://live.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.pentesterlab.com/media/68e98d6cb8a874ec0eb1d35603b85122?postId=10e93f9a1981
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 05 Apr 2019 03:14:10 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Status: 200 OK
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-XSS-Protection: 1; mode=block
X-Request-Id: 5c42b398-3dec-489b-ad9d-ebc5a70e74f4
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Server: GitHub.com
X-GitHub-Request-Id: AD58:36EA:19937E:2F4DD1:5CA6C801
X-Frame-Options: deny
ETag: W/"47eef10275953d76132944cf345ca49c"
Expect-CT: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
Vary: X-PJAX
Content-Type: text/javascript; charset=utf-8
Cache-Control: max-age=0, private, must-revalidate
Content-Security-Policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com wss://live.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com

GET
H2 200 gist-embed-a9a1cf2ca01efd362bfa52312712ae94.css
github.githubassets.com/assets/ Frame CA28 22 KB
5 KB 7ms
7ms Stylesheet
text/css 185.199.108.154
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://github.githubassets.com/assets/gist-embed-a9a1cf2ca01efd362bfa52312712ae94.css
Requested by: Host: gist.github.com
URL: https://gist.github.com/snyff/18fe4c5ce719376d6ee26c01611dcb25.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.199.108.154 -, , ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fcc1b9ca9cd9136039180e6e6bbb90005ee972c21e3d47f84ecdc3e7cdeeb25c

Request headers

Referer: https://blog.pentesterlab.com/media/68e98d6cb8a874ec0eb1d35603b85122?postId=10e93f9a1981
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-fastly-request-id: d20783a70fb40cbe8b6c4c1e51d9a01932d3726f
date: Fri, 05 Apr 2019 03:14:10 GMT
content-encoding: gzip
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
age: 5521
x-cache: MISS, HIT
status: 200
content-length: 4741
x-served-by: cache-iad2126-IAD, cache-hhn1539-HHN
access-control-allow-origin: *
last-modified: Tue, 19 Mar 2019 00:12:02 GMT
server: AmazonS3
x-timer: S1554434051.671172,VS0,VE0
etag: "800c22e69b617d89efb0a6a9cc4e1a9b"
access-control-max-age: 3600
access-control-allow-methods: GET
content-type: text/css
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
x-cache-hits: 0, 20

OPTIONS
H2 200 reports Show response
collector-medium.lightstep.com/api/v0/ 0
174 B 141ms
140ms XHR
text/plain 34.192.104.91
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-medium.lightstep.com/api/v0/reports
Requested by: Host: cdn-static-1.medium.com
URL: https://cdn-static-1.medium.com/_/fp/gen-js/main-base.bundle.ztL1AHa8u_uAOkVEwWp3MA.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.192.104.91 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-192-104-91.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method: POST
Origin: https://blog.pentesterlab.com
Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers: content-type,lightstep-access-token

Response headers

status: 200
date: Fri, 05 Apr 2019 03:14:10 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-allow-headers: LightStep-Access-Token, Content-Type
content-length: 0
access-control-allow-methods: POST

GET
H2 200 1*WIyv6iSHaT3uXgNfdA13ZQ.png
cdn-images-1.medium.com/fit/c/36/36/ 2 KB
2 KB 102ms
101ms Image
image/png 2606:4700::6810:7991
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-images-1.medium.com/fit/c/36/36/1*WIyv6iSHaT3uXgNfdA13ZQ.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

5bfdf0e078aea65a2a4b4af3bb23e656178657051174fb226cfbefb5139f32f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 05 Apr 2019 03:14:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3192-d9ea9bb
status: 200
vary: Accept-Encoding
content-length: 2290
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 4c2859b1df2b63bb-FRA
expires: Sun, 05 May 2019 03:14:10 GMT

GET
H2 200 1*QZe4FvnoZr1Un64g4mP1CA.jpeg
cdn-images-1.medium.com/fit/c/36/36/ 2 KB
2 KB 15ms
14ms Image
image/jpeg 2606:4700::6810:7991
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-images-1.medium.com/fit/c/36/36/1*QZe4FvnoZr1Un64g4mP1CA.jpeg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

316fdcfe3df4bcc7d73685c1cc7e4afe52205656ab9c5c9e5ebccaf5a8a31c92

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 05 Apr 2019 03:14:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3192-d9ea9bb
status: 200
vary: Accept-Encoding
content-length: 1620
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 4c2859b1df2c63bb-FRA
expires: Sun, 05 May 2019 03:14:10 GMT

GET
H2 200 1*B5aLjfgH5jREJD3OsyA4nA.jpeg
cdn-images-1.medium.com/fit/c/36/36/ 2 KB
2 KB 18ms
17ms Image
image/jpeg 2606:4700::6810:7991
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-images-1.medium.com/fit/c/36/36/1*B5aLjfgH5jREJD3OsyA4nA.jpeg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

228e63fc5e0904aa1cfdd444b2985e7079d600b376dea0f5ad895779cc1aa87f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 05 Apr 2019 03:14:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3193-abeaa88
status: 200
vary: Accept-Encoding
content-length: 1574
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 4c2859b1df2d63bb-FRA
expires: Sun, 05 May 2019 03:14:10 GMT

GET
H2 200 1*B2Vj-6neP9P7URGNJAsOmg.jpeg
cdn-images-1.medium.com/fit/c/400/120/ 20 KB
20 KB 386ms
386ms Image
image/jpeg 2606:4700::6810:7991
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-images-1.medium.com/fit/c/400/120/1*B2Vj-6neP9P7URGNJAsOmg.jpeg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

00d422ab2051dbd63c151b8f382e72b0b4b24307de82cb133f233a9941087abb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 05 Apr 2019 03:14:11 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3193-abeaa88
status: 200
vary: Accept-Encoding
content-length: 20126
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 4c2859b1df2f63bb-FRA
expires: Sun, 05 May 2019 03:14:11 GMT

GET
H2 200 1*58fByP3ysdAKFlbH_KAWRQ.jpeg
cdn-images-1.medium.com/fit/c/400/120/ 23 KB
23 KB 20ms
20ms Image
image/jpeg 2606:4700::6810:7991
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-images-1.medium.com/fit/c/400/120/1*58fByP3ysdAKFlbH_KAWRQ.jpeg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

b8b70d1a8e3ee1faaabc663bd13e042d289571b4db254657f9c95d77825d2334

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 05 Apr 2019 03:14:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3193-abeaa88
status: 200
vary: Accept-Encoding
content-length: 23552
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 4c2859b1df3063bb-FRA
expires: Sun, 05 May 2019 03:14:10 GMT

GET
H2 200 1*cufFG8OsK1K0z2zTmdaDnw.png
cdn-images-1.medium.com/fit/c/400/120/ 65 KB
66 KB 20ms
20ms Image
image/png 2606:4700::6810:7991
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn-images-1.medium.com/fit/c/400/120/1*cufFG8OsK1K0z2zTmdaDnw.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7991 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Geomyidae artificij

Resource Hash

77c1059cbcb37b8a2f9e5f42da1321d378e1e699c891d2ffc169173231efc0f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 05 Apr 2019 03:14:10 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-powered-by: Geomyidae artificij
x-obvious-info: 16.3, 3193-abeaa88
status: 200
vary: Accept-Encoding
content-length: 67032
pragma: public
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 4c2859b1df3163bb-FRA
expires: Sun, 05 May 2019 03:14:10 GMT

POST
H2 200 reports Show response
collector-medium.lightstep.com/api/v0/ 127 B
325 B 173ms
173ms XHR
application/json 34.192.104.91
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-medium.lightstep.com/api/v0/reports
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.192.104.91 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-192-104-91.compute-1.amazonaws.com
Software: /
Resource Hash: f82cf3e852b118df21736d1590934690eb3a93dd95b9779cf8c15bcd18e24531

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
Origin: https://blog.pentesterlab.com
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
Content-Type: application/json

Response headers

date: Fri, 05 Apr 2019 03:14:11 GMT
status: 200
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
content-length: 127

OPTIONS
H2 200 reports Show response
collector-medium.lightstep.com/api/v0/ 0
174 B 133ms
132ms XHR
text/plain 34.192.104.91
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-medium.lightstep.com/api/v0/reports
Requested by: Host: cdn-static-1.medium.com
URL: https://cdn-static-1.medium.com/_/fp/gen-js/main-base.bundle.ztL1AHa8u_uAOkVEwWp3MA.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.192.104.91 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-192-104-91.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method: POST
Origin: https://blog.pentesterlab.com
Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers: content-type,lightstep-access-token

Response headers

status: 200
date: Fri, 05 Apr 2019 03:14:11 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-allow-headers: LightStep-Access-Token, Content-Type
content-length: 0
access-control-allow-methods: POST

POST
H2 200 reports Show response
collector-medium.lightstep.com/api/v0/ 127 B
325 B 111ms
110ms XHR
application/json 34.192.104.91
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-medium.lightstep.com/api/v0/reports
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.192.104.91 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-192-104-91.compute-1.amazonaws.com
Software: /
Resource Hash: 1847d383efe9a34b0cf188106cfc991d345d098a3507030c264b0d20c9a8931c

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
Origin: https://blog.pentesterlab.com
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
Content-Type: application/json

Response headers

date: Fri, 05 Apr 2019 03:14:11 GMT
status: 200
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
content-length: 127

OPTIONS
H2 200 reports Show response
collector-medium.lightstep.com/api/v0/ 0
174 B 112ms
111ms XHR
text/plain 34.192.104.91
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-medium.lightstep.com/api/v0/reports
Requested by: Host: cdn-static-1.medium.com
URL: https://cdn-static-1.medium.com/_/fp/gen-js/main-base.bundle.ztL1AHa8u_uAOkVEwWp3MA.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.192.104.91 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-192-104-91.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method: POST
Origin: https://blog.pentesterlab.com
Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers: content-type,lightstep-access-token

Response headers

status: 200
date: Fri, 05 Apr 2019 03:14:14 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-allow-headers: LightStep-Access-Token, Content-Type
content-length: 0
access-control-allow-methods: POST

POST
H2 200 batch Show response
blog.pentesterlab.com/_/ 97 B
586 B 315ms
314ms XHR
application/json 52.0.16.118
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.pentesterlab.com/_/batch

Requested by

Host: cdn-static-1.medium.com
URL: https://cdn-static-1.medium.com/_/fp/gen-js/main-base.bundle.ztL1AHa8u_uAOkVEwWp3MA.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.0.16.118 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-0-16-118.compute-1.amazonaws.com

Software

nginx / Medium

Resource Hash

1760b959da50e32a0ed135869c22519d47d128cf8f83328ff0ac2fed118de160

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

cookie: uid=lo_fEWmH1ILHMea; sid=1:Jj1WX33o03+n9Wp4zee4f2uYtTB0UorEaIrchxz8IZxkPCBU/tw1Gn0cZHdhq3TC; _ga=GA1.2.1922186635.1554434049; _gid=GA1.2.2066359195.1554434049; _gat=1; _parsely_session={%22sid%22:1%2C%22surl%22:%22https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a%22%2C%22sref%22:%22%22%2C%22sts%22:1554434048884%2C%22slts%22:0}; lightstep_guid/medium-web=cb83bcfa138863a6; lightstep_session_id=e40d4a77208c39ad; sz=1585; pr=1; tz=0; _parsely_visitor={%22id%22:%22pid=dbcef24bcc4a7a8a7a106b846a211d33%22%2C%22session_count%22:1%2C%22last_session_ts%22:1554434048884}
origin: https://blog.pentesterlab.com
x-xsrf-token: 1
accept-encoding: gzip, deflate, br
x-obvious-cid: web
content-length: 23827
:path: /_/batch
pragma: no-cache
x-client-date: 1554434054010
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
content-type: application/json
accept: application/json
cache-control: no-cache
:authority: blog.pentesterlab.com
referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
:scheme: https
:method: POST
X-Client-Date: 1554434054010
Origin: https://blog.pentesterlab.com
X-XSRF-Token: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/json
Accept: application/json
Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
X-Obvious-CID: web

Response headers

date: Fri, 05 Apr 2019 03:14:14 GMT
x-content-type-options: nosniff
x-powered-by: Medium
x-obvious-info: 37111-3d138b9,3d138b9a163
status: 200
content-length: 97
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge, Chrome=1
pragma: no-cache
link: <https://medium.com/humans.txt>; rel="humans"
x-obvious-tid: 1554434054156:f2affedc73c5
server: nginx
tk: T
x-frame-options: sameorigin
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-opentracing: {"ot-tracer-spanid":"69f2bc845db8c4d5","ot-tracer-traceid":"2a7a973f4383658c","ot-tracer-sampled":"true"}
expires: Thu, 09 Sep 1999 09:09:09 GMT

POST
H2 200 reports Show response
collector-medium.lightstep.com/api/v0/ 127 B
325 B 111ms
111ms XHR
application/json 34.192.104.91
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-medium.lightstep.com/api/v0/reports
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.192.104.91 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-192-104-91.compute-1.amazonaws.com
Software: /
Resource Hash: 7d54558359188382e3596d7ead906396cd9b973286895e6f0b34b47c9aaa9161

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
Origin: https://blog.pentesterlab.com
LightStep-Access-Token: ce5be895bef60919541332990ac9fef2
Content-Type: application/json

Response headers

date: Fri, 05 Apr 2019 03:14:14 GMT
status: 200
access-control-allow-methods: POST
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: LightStep-Access-Token, Content-Type
content-length: 127

GET
H/1.1 200
OK /
srv-2019-04-05-03.pixel.parsely.com/event/ 43 B
385 B 402ms
97ms Image
image/gif 52.0.240.180
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://srv-2019-04-05-03.pixel.parsely.com/event/?rand=1554434059390&plid=31255532&idsite=medium.com&url=https%3A%2F%2Fblog.pentesterlab.com%2Fcve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981%3Fgi%3D38a8c46e838a&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%7D&sid=1&surl=https%3A%2F%2Fblog.pentesterlab.com%2Fcve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981%3Fgi%3D38a8c46e838a&sref=&sts=1554434059389&slts=0&date=Fri+Apr+05+2019+03%3A14%3A19+GMT%2B0000+(Coordinated+Universal+Time)&action=heartbeat&inc=5&tt=4900&pvid=27640326&u=pid%3Ddbcef24bcc4a7a8a7a106b846a211d33
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.0.240.180 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-0-240-180.compute-1.amazonaws.com
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 05 Apr 2019 03:14:19 GMT
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
P3P: CP="CUR ADM OUR NOR STA NID"

Verdicts & Comments Add Verdict or Comment

25 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

12 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.pentesterlab.com/	1970-01-19 09:16:38	Name: _parsely_visitor Value: {%22id%22:%22pid=dbcef24bcc4a7a8a7a106b846a211d33%22%2C%22session_count%22:1%2C%22last_session_ts%22:1554434048884}
blog.pentesterlab.com/	1970-01-18 23:57:18	Name: tz Value: 0
blog.pentesterlab.com/	1970-01-18 23:57:18	Name: sz Value: 1585
.pentesterlab.com/	1970-01-18 23:47:15	Name: _parsely_session Value: {%22sid%22:1%2C%22surl%22:%22https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981?gi=38a8c46e838a%22%2C%22sref%22:%22%22%2C%22sts%22:1554434048884%2C%22slts%22:0}
blog.pentesterlab.com/	1970-01-18 23:57:18	Name: lightstep_guid/medium-web Value: cb83bcfa138863a6
.pentesterlab.com/	1970-01-18 23:47:14	Name: _gat Value: 1
blog.pentesterlab.com/	1970-01-19 08:32:50	Name: uid Value: lo_fEWmH1ILHMea
blog.pentesterlab.com/	1970-01-18 23:57:18	Name: pr Value: 1
blog.pentesterlab.com/	1970-01-18 23:57:18	Name: lightstep_session_id Value: e40d4a77208c39ad
.pentesterlab.com/	1970-01-19 17:18:26	Name: _ga Value: GA1.2.1922186635.1554434049
.pentesterlab.com/	1970-01-18 23:48:40	Name: _gid Value: GA1.2.2066359195.1554434049
blog.pentesterlab.com/	1970-01-19 08:32:50	Name: sid Value: 1:Jj1WX33o03+n9Wp4zee4f2uYtTB0UorEaIrchxz8IZxkPCBU/tw1Gn0cZHdhq3TC

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self'; connect-src https://localhost https://.instapaper.com https://.stripe.com https://glyph.medium.com https://.paypal.com https://getpocket.com https://blog.pentesterlab.com https://.blog.pentesterlab.com https://.medium.com https://medium.com https://.medium.com https://.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://.lightstep.com https://.branch.io https://app.zencoder.com 'self'; font-src data: https://.amazonaws.com https://.medium.com https://glyph.medium.com https://medium.com https://.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://use.typekit.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: medium: 'self'; img-src blob: data: https: 'self'; media-src https://.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api2.branch.io
app.link
blog.pentesterlab.com
cdn-images-1.medium.com
cdn-static-1.medium.com
cdn.branch.io
cdn.syndication.twimg.com
collector-medium.lightstep.com
d1z2jf7jlzjs58.cloudfront.net
gist.github.com
github.githubassets.com
glyph.medium.com
i.embed.ly
medium.com
pbs.twimg.com
platform.twitter.com
srv-2019-04-05-03.pixel.parsely.com
syndication.twitter.com
www.google-analytics.com
104.16.90.50
104.244.42.72
13.35.253.62
13.35.254.37
185.199.108.154
192.30.253.118
2600:9000:200d:1c00:11:f728:3040:93a1
2600:9000:200d:3400:19:9934:6a80:93a1
2606:2800:134:1a0d:1429:742:782:b6
2606:2800:134:fa2:1627:1fe:edb:1665
2606:2800:234:59:254c:406:2366:268c
2606:4700::6810:7691
2606:4700::6810:797f
2606:4700::6810:7991
2606:4700::6810:7c7f
2a00:1450:4001:81e::200e
34.192.104.91
34.200.62.66
52.0.16.118
52.0.240.180
00d422ab2051dbd63c151b8f382e72b0b4b24307de82cb133f233a9941087abb
0341a4478ce861ef85c819b913fa0a2501836a6a2ffda8643e95e39f4a2a7de0
04c41cc5d12b51194ca0a1cc3df50978b1a9e6d82817693d512ee8ec3acf152e
064ccc800158df769680c9af1fbe3057f4c607ddfc06a10f475e406ebd3ed1ba
087316f29690e0a35f6642721fb9bf8d05bb9cbac3bbb30c822ba878ff7965d8
087a4c7aa118304c5ce85d5917d95a49b3c93204ef3500752dfde52595e4eac6
0a8ffdb922f0525a50cdc117bda012e2e5eb1f2281fe5189a0cb37499b1a446b
12fe85ec038af8c41ba830412520589dbd125d417913c10a57838ac92ab96192
167576388f70eb4ef80f89d1e160925d13823bbf41cb1d86cc7b46a7a5ab5a33
1760b959da50e32a0ed135869c22519d47d128cf8f83328ff0ac2fed118de160
1847d383efe9a34b0cf188106cfc991d345d098a3507030c264b0d20c9a8931c
1d4af730fa3d0335e288b82f889681a32ece9e721e247560ee6587e786c3055a
228e63fc5e0904aa1cfdd444b2985e7079d600b376dea0f5ad895779cc1aa87f
2bd08111d5b830bf98452d50dd97a4edccb498cfceac6043a51e04a32e288f35
307c070ee1e6213cd33c9791f66b50af7582e7bfeeb348e8daac38abb946e81b
316fdcfe3df4bcc7d73685c1cc7e4afe52205656ab9c5c9e5ebccaf5a8a31c92
326b6e860289a3b15c74ee30eff58541ba00bec5366898075b775dd0f71ef1e5
338e5578a7b3021caec1db415b93b214c378029d3cd8d19adc833d8b85ea7d29
3bfd84aa0c4cd3a21eafaf21b4cc58f55fd2893495bca8c8efcda081afd7cea3
3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22
410693bd6b595eaeac5ef6e9fc17228f953e9e1ebaf1f0aeb0557b8fabf7721d
41532aec4c3a3a0747ca853b064ef7a96483a95798a6526974ec043997e2ccf9
4468e35646c229b518e5f398c5a3d6b15ba1351a71ef22692129bb32f5030ac0
460c112ca18e517ef1a6c6abb2ba5ae55187138503a10177bf1908d9261c3a19
47eef10275953d76132944cf345ca49c0e47c7e1c8f1aaf724aeae54cda3bad9
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5a718aadf6f5d3b356855c4119038b2965144f30ad10e8efb651ca6a2e116aa4
5bfdf0e078aea65a2a4b4af3bb23e656178657051174fb226cfbefb5139f32f0
5ef7111f9e6189838fe27ae21d47f04e8f4e5a509d3789545eef070d9d23e24b
7520f97f445c827079f91c4510e73843ffc6eccd51fe98fab48291f31bdffc11
77c1059cbcb37b8a2f9e5f42da1321d378e1e699c891d2ffc169173231efc0f4
7d54558359188382e3596d7ead906396cd9b973286895e6f0b34b47c9aaa9161
7e9db049c52d6ba10322d7bf811253d4c3be6fbfd743007d23f912a7245a5e95
811eff6552f44467ab088ef951a1f5988b0a745ba6ee27641184dbc2df474a2b
811fd6e002182e100d3b21c1ab6153e775b79deeeed2bd40e2efbe0c897031a7
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
86d93f00fa73b117c0b0f8074621af623d05063d26652d5e5f52b4e685b59dd7
8803267a573f670c563f28f4299c8e9758d00ed53c4cfc887c24d76eb769e17d
89102fb28c60ad7c5a7777c556c0e7038a31c94cc47fc676f84eb1b5ef47a9e2
93d5f510af675f31ac3cdbf26614851907a4a4ae5b92707eeecd753842df429e
99c5448d6c84fc71d6805e2485727db250113edcaea123a064f8c26ce95947d8
9c6ea1ab4588c0be7dc9cb629aa641415dd91acaea7084de6921a7ffa2299bfb
a016f9635295337b2c243f15050f4063118af182a8bf2a9e84fac4fc94f54f87
a1a9f0f2844d80ca5a41f2d483d56d674eb333e570706b935cf46add6aa2f31d
a3c186a2617806a6a32f970b84c090b21ce16b861baf99027dcf63c9c96ba305
a3d669b687929b3aa777fdd2c400c2b8c6b794978536a64d7e1f71edcf8037e8
a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb
a880e2c08f4e5b79b3ab15f311e915fc2d85d2b2f7c1c9cca778453c1c9b7f2d
abea12af3c95d3b3e723687d4320dd7b35268ac3f9ac79e8cc876d37f38cd365
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b5e98b4bc41f421981af91804a14836e78816f30d3ba7ce7acf61debd666b53e
b6a822fe09849fc8df6f382eb6632a1317b8aae8b3abccdeb3b3350f6321e9cc
b8b70d1a8e3ee1faaabc663bd13e042d289571b4db254657f9c95d77825d2334
bc72a2ca45067a3d17fed4cd8776fec5dca3b9ecd7300e107f9256a86a0c8b2f
bd575b7f1090c406502d6e2b200d18acbff1067e212e0dce0624cb7551af2820
c139b8dd7b1ccda2813ae79d127d1c0256f91a71fce5581887a1d5fbbca81bde
c214ff80513e360adc30cf43cef46d005b39548d871d026d459201e86571ad98
c3358df2d44c6c85b193fe40ca98ef289173fb103ce6dd78c93f3ff29263976c
c3531ed2c934e5daee80955db42a0245d666131e6322c6ec6985992922520ab4
c4b2e5210daf1507afaa4740318f3e982ffa026a70ed0db5245c5ad256d1c3db
c50a17e8272b9359e4b62e0f305e201f359cb5bd2245671c115d031f2b7f68d0
ce1be151550c7e6b236d63547ab02d32a420c1ac1ee5958ad1a3d67a6462d28f
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d15c8df9e7b78d0e57d1d3963e16d63c76906c94b82c9cef4d4a34a9fe21fbf2
d5fb47611b7e3dea2c08b2160658860eb477d5a9cf67250a689c4db8de82d8f2
e26fdccb214e020f70cf2aede7b77d5dc51854e23b3acbb4bcff0018773a636f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e857d8bec05ef2b0d15bf4e61bc3987891b3e87bc4132ee2f5daaa970d156c29
eb9834733498cf6b285fd91d999a74214ae8332662c7d13b7c01287082a6180a
ef1ed6a034a5055a869c7c25765ee1f2844a27a54e83e8a857d77b3f1cd83dd3
f0b9a9e4ea994c106a4fc595828ca1332b2cd0435d5d159d26d1773344d97367
f57137897a4e676f0d2199b79def1a95b253a1a938dff9d8ba10519f3beb2b08
f721f5c18f4aa019bfa66be707c770717a1b2e7311c7e14e2a2117ce6c34b507
f82cf3e852b118df21736d1590934690eb3a93dd95b9779cf8c15bcd18e24531
fa57c70475cfa038476658c3537f7808b6aaf568bffaeee87419680b6790170b
fcc1b9ca9cd9136039180e6e6bbb90005ee972c21e3d47f84ecdc3e7cdeeb25c

blog.pentesterlab.com Open in urlscan Pro 52.0.16.118 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

85 Requests

100 %HTTPS

50 %IPv6

13 Domains

19 Subdomains

21 IPs

3 Countries

1161 kBTransfer

3405 kBSize

12 Cookies

22 Outgoing links

Page URL History

Redirected requests

85 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

blog.pentesterlab.com Open in urlscan Pro
52.0.16.118 Public Scan

Screenshot
Live screenshot

Full Image

85
Requests

100 %
HTTPS

50 %
IPv6

13
Domains

19
Subdomains

21
IPs

3
Countries

1161 kB
Transfer

3405 kB
Size

12
Cookies

85 HTTP transactions
9 data transactions