urlscan.io logo urlscan.io
SecurityTrails logo

blog.redforce.io Open in urlscan Pro
2606:4700:3032::681b:a56a  Public Scan

Go To Rescan Add Verdict Report
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Submission: On March 31 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 16 IPs in 4 countries across 13 domains to perform 62 HTTP transactions. The main IP is 2606:4700:3032::681b:a56a, located in United States and belongs to CLOUDFLARENET, US. The main domain is blog.redforce.io.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on January 5th 2020. Valid for: 9 months.
This is the only time blog.redforce.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

40    2606:4700:3032::681b:a56a (United States)

ASN13335 (CLOUDFLARENET, US)
blog.redforce.io
2    2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a00:1450:4001:81d::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
3    2606:4700:3030::681f:4e79 (United States)

ASN13335 (CLOUDFLARENET, US)
collectcdn.com
avatars.collectcdn.com
2    151.101.112.134 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
redforce-blog.disqus.com
1    192.0.77.48 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: s.w.org
s.w.org
1    2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)
secure.gravatar.com
1    2606:4700:3036::681b:9ac7 (United States)

ASN13335 (CLOUDFLARENET, US)
api.collect.chat
2    2a00:1450:4001:817::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:400c:c08::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    51.77.64.70 (Germany)

ASN16276 (OVH, FR)
PTR: de-fra-1.pro.ip-api.com
pro.ip-api.com
4    2606:4700::6810:4ca6 (United States)

ASN13335 (CLOUDFLARENET, US)
c.disquscdn.com
2    151.101.192.134 (United States)

ASN54113 (FASTLY, US)
disqus.com
1    151.101.112.64 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
links.services.disqus.com
Domain Requested by
40 blog.redforce.io blog.redforce.io
4 c.disquscdn.com redforce-blog.disqus.com
2 disqus.com redforce-blog.disqus.com
2 www.google-analytics.com 1 redirects www.googletagmanager.com
2 redforce-blog.disqus.com blog.redforce.io
2 collectcdn.com blog.redforce.io
collectcdn.com
2 fonts.googleapis.com blog.redforce.io
collectcdn.com
1 links.services.disqus.com c.disquscdn.com
1 avatars.collectcdn.com collectcdn.com
1 pro.ip-api.com collectcdn.com
1 stats.g.doubleclick.net blog.redforce.io
1 api.collect.chat collectcdn.com
1 secure.gravatar.com blog.redforce.io
1 s.w.org blog.redforce.io
1 fonts.gstatic.com blog.redforce.io
1 www.googletagmanager.com blog.redforce.io
62 16
Subject Issuer Validity Valid
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2		 2020-01-05 -
2020-10-09		 9 months crt.sh
*.storage.googleapis.com
GTS CA 1O1		 2020-03-03 -
2020-05-26		 3 months crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-03-03 -
2020-05-26		 3 months crt.sh
*.google.com
GTS CA 1O1		 2020-03-03 -
2020-05-26		 3 months crt.sh
*.disqus.com
DigiCert SHA2 Secure Server CA		 2018-03-28 -
2020-04-27		 2 years crt.sh
*.w.org
Sectigo RSA Domain Validation Secure Server CA		 2019-12-19 -
2021-12-18		 2 years crt.sh
*.gravatar.com
COMODO RSA Domain Validation Secure Server CA		 2018-09-06 -
2020-09-05		 2 years crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2020-03-03 -
2020-05-26		 3 months crt.sh
*.ip-api.com
COMODO RSA Domain Validation Secure Server CA		 2018-08-19 -
2020-08-18		 2 years crt.sh
ssl565697.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2020-02-02 -
2020-08-10		 6 months crt.sh
f.ssl.fastly.net
GlobalSign Organization Validation CA - SHA256 - G2		 2018-08-30 -
2020-12-02		 2 years crt.sh

This page contains 3 frames:

Primary Page: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Frame ID: 6BDCE30EED9468782EDACB9C93881B27
Requests: 62 HTTP requests in this frame

Frame: https://collectcdn.com/widget.js?c=5c2fe9d4173f537e141b2010
Frame ID: 53C53D25C167E5CB6EF18560C3C8FE00
Requests: 2 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=redforce-blog&t_i=502%20http%3A%2F%2Fblog.redforce.io%2F%3Fp%3D502&t_u=https%3A%2F%2Fblog.redforce.io%2Fattacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study%2F&t_e=Attacking%20HelpDesks%20Part%201%3A%20RCE%20Chain%20on%20DeskPro%2C%20with%20Bitdefender%20as%20a%20Case%20Study&t_d=Attacking%20HelpDesks%20Part%201%3A%20RCE%20Chain%20on%20DeskPro%2C%20with%20Bitdefender%20as%20a%20Case%20Study%20%E2%80%93%20Redforce&t_t=Attacking%20HelpDesks%20Part%201%3A%20RCE%20Chain%20on%20DeskPro%2C%20with%20Bitdefender%20as%20a%20Case%20Study&s_o=default
Frame ID: 24D5501C15265288CF016C3FDB5FA23D
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link[^>]+foundation[^>"]+css/i
Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
  • script /jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?/i

Page Statistics

62
Requests

100 %
HTTPS

67 %
IPv6

13
Domains

16
Subdomains

16
IPs

4
Countries

915 kB
Transfer

1587 kB
Size

5
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 51
  • https://www.google-analytics.com/r/collect?v=1&_v=j81&a=199810777&t=pageview&_s=1&dl=https%3A%2F%2Fblog.redforce.io%2Fattacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study%2F&ul=en-us&de=UTF-8&dt=Attacking%20HelpDesks%20Part%201%3A%20RCE%20Chain%20on%20DeskPro%2C%20with%20Bitdefender%20as%20a%20Case%20Study%20%E2%80%93%20Redforce&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAUAB~&jid=1394039666&gjid=1623326064&cid=136750134.1585679658&tid=UA-134271712-2&_gid=1869825391.1585679658&_r=1&gtm=2ou3i0&z=1908175651 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-134271712-2&cid=136750134.1585679658&jid=1394039666&_gid=1869825391.1585679658&gjid=1623326064&_v=j81&z=1908175651

62 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/ 		63 KB
15 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::681b:a56a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d3e963f267af6f794fcc2bb4286c8c4501102f6ca50319b5626a164c63d80dad

Request headers

:method
GET
:authority
blog.redforce.io
:scheme
https
:path
/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
document
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document

Response headers

status
200
date
Tue, 31 Mar 2020 18:34:17 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=dca3ed875f577ea84438bb7dc0bf937bb1585679657; expires=Thu, 30-Apr-20 18:34:17 GMT; path=/; domain=.redforce.io; HttpOnly; SameSite=Lax; Secure
link
<https://blog.redforce.io>; rel=shortlink
vary
Accept-Encoding
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
57cc29e4294816e6-FRA
content-encoding
br
dashicons.min.css
blog.redforce.io/lib/css/ 		46 KB
28 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.redforce.io/lib/css/dashicons.min.css
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::681b:a56a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
18aa66c192cbef43a61b1398c292ae5c6c1d40d679428ee998b1c6bfaf61d75a

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Tue, 31 Mar 2020 18:34:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 28 Mar 2020 18:51:28 GMT
server
cloudflare
age
4425
etag
W/"b9c6-5a1eeb4a70e1c-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=14400
cf-ray
57cc29e55c7816e6-FRA
elusive.min.css
blog.redforce.io/core/modules/0f2c37ef13/vendor/codeinwp/icon-picker/css/types/ 		12 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.redforce.io/core/modules/0f2c37ef13/vendor/codeinwp/icon-picker/css/types/elusive.min.css
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::681b:a56a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6cf390024b9fb02ae1756d257499f568393acc60c76ae6b13ce986a46f396e34

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Tue, 31 Mar 2020 18:34:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 28 Mar 2020 16:27:14 GMT
server
cloudflare
age
4425
etag
W/"31f0-5a1ecb0d05808-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=14400
cf-ray
57cc29e55c7a16e6-FRA
font-awesome.min.css
blog.redforce.io/core/modules/0f2c37ef13/vendor/codeinwp/icon-picker/css/types/ 		30 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.redforce.io/core/modules/0f2c37ef13/vendor/codeinwp/icon-picker/css/types/font-awesome.min.css
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::681b:a56a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
46cd92e74493c286e7cc9c8ed59a3cce3aec77edf6da51e4287d43349e496259

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Tue, 31 Mar 2020 18:34:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 28 Mar 2020 16:27:14 GMT
server
cloudflare
age
4424
etag
W/"788d-5a1ecb0d05808-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=14400
cf-ray
57cc29e55c7c16e6-FRA
foundation-icons.min.css
blog.redforce.io/core/modules/0f2c37ef13/vendor/codeinwp/icon-picker/css/types/ 		17 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.redforce.io/core/modules/0f2c37ef13/vendor/codeinwp/icon-picker/css/types/foundation-icons.min.css
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::681b:a56a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d51089ba164e46643145dc475cce83e53896a1e6541c68b20d841c1ab24e65b9

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Tue, 31 Mar 2020 18:34:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 28 Mar 2020 16:27:14 GMT
server
cloudflare
age
4423
etag
W/"439a-5a1ecb0d05808-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=14400
cf-ray
57cc29e55c7e16e6-FRA
genericons.min.css
blog.redforce.io/core/modules/0f2c37ef13/vendor/codeinwp/icon-picker/css/types/ 		26 KB
15 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.redforce.io/core/modules/0f2c37ef13/vendor/codeinwp/icon-picker/css/types/genericons.min.css
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::681b:a56a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eeeecb59f46b1474b7b2cc02df510a8faa73438e20a41db43a74a1d91a4eeecb

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Tue, 31 Mar 2020 18:34:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 28 Mar 2020 16:27:14 GMT
server
cloudflare
age
4424
etag
W/"6836-5a1ecb0d05808-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=14400
cf-ray
57cc29e55c7f16e6-FRA
extra.min.css
blog.redforce.io/core/modules/0f2c37ef13/css/ 		815 B
350 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.redforce.io/core/modules/0f2c37ef13/css/extra.min.css
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::681b:a56a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
968ab8ae6f33119ee267a11ce60920934e0d5e9d4714a3eb6b47cb9f05e42a0f

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Tue, 31 Mar 2020 18:34:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 28 Mar 2020 16:27:14 GMT
server
cloudflare
age
4425
etag
W/"32f-5a1ecb0cffa48-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=14400
cf-ray
57cc29e56c8116e6-FRA
style.min.css
blog.redforce.io/lib/css/dist/block-library/ 		40 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.redforce.io/lib/css/dist/block-library/style.min.css
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::681b:a56a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d9662b4b9ba6c2c3691ce0acd4572e027366eb97d6070550a13429262bb0037f

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Tue, 31 Mar 2020 18:34:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 28 Mar 2020 18:51:28 GMT
server
cloudflare
age
4425
etag
W/"a1fb-5a1eeb4a6eedc-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=14400
cf-ray
57cc29e56c8216e6-FRA
style.min.css
blog.redforce.io/core/modules/a2174c3e6f/vendor/icomoon/ 		438 B
295 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.redforce.io/core/modules/a2174c3e6f/vendor/icomoon/style.min.css
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::681b:a56a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b88fca268e1352a0922f301c6b88f0499606c01faa8d0718de11a8153a5edc3a

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Tue, 31 Mar 2020 18:34:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 30 Mar 2020 19:07:58 GMT
server
cloudflare
age
4424
etag
W/"1b6-5a2172b590e1a-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=14400
cf-ray
57cc29e56c8616e6-FRA
screen.min.css
blog.redforce.io/core/modules/a2174c3e6f/assets/css/ 		5 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.redforce.io/core/modules/a2174c3e6f/assets/css/screen.min.css
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::681b:a56a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d8faea6e218910bf83cd1e7fe9775b3b75195df3c16a3f4eea74b75f9b881dce

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Tue, 31 Mar 2020 18:34:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 30 Mar 2020 19:07:58 GMT
server
cloudflare
age
4425
etag
W/"13b8-5a2172b591dba-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=14400
cf-ray
57cc29e56c8716e6-FRA
css
fonts.googleapis.com/ 		2 KB
654 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Montserrat:
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
06818b2c41364e70021d420e1cc98f4bbcc0a082f6dbd02bb5a272c12b7764b2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 31 Mar 2020 18:34:17 GMT
server
ESF
date
Tue, 31 Mar 2020 18:34:17 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 31 Mar 2020 18:34:17 GMT
editor-style.css
blog.redforce.io/core/views/10fdcdae3c/ 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.redforce.io/core/views/10fdcdae3c/editor-style.css
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::681b:a56a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ae8ce0a91914c1115e63ebe3733a64c691bcc1e077b67500ea89f45030d67b28

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Tue, 31 Mar 2020 18:34:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 06 Feb 2019 23:57:25 GMT
server
cloudflare
age
4425
etag
W/"16cd-581427ccb7243-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=14400
cf-ray
57cc29e56c8816e6-FRA
design.css
blog.redforce.io/core/views/10fdcdae3c/ 		37 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.redforce.io/core/views/10fdcdae3c/design.css
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::681b:a56a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b7f43808cb7dfabe4c69b09da0d388dcca4908e87bab1f5dc131fd5d31aaf5e0

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Tue, 31 Mar 2020 18:34:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 30 Mar 2020 19:10:32 GMT
server
cloudflare
age
4425
etag
W/"9257-5a2173485ede3-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=14400
cf-ray
57cc29e56c8a16e6-FRA
design.css
blog.redforce.io/core/views/6b989d9015/ 		328 B
299 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.redforce.io/core/views/6b989d9015/design.css
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::681b:a56a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d9636a9d853d06f01801c669738463af2a6a69dfbcd5bb5b2624ed0636fe59b9

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Tue, 31 Mar 2020 18:34:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 30 Mar 2020 19:15:30 GMT
server
cloudflare
age
4425
etag
W/"148-5a2174641993a-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=14400
cf-ray
57cc29e56c8c16e6-FRA
EnlighterJS.min.css
blog.redforce.io/core/modules/43342bc671/resources/ 		36 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.redforce.io/core/modules/43342bc671/resources/EnlighterJS.min.css
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::681b:a56a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f4e8c8dbefc2cd77738662930dff811a9608ddae5a042a29737bc6f1921c9b82

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Tue, 31 Mar 2020 18:34:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 28 Mar 2020 16:27:08 GMT
server
cloudflare
age
4423
etag
W/"8f0d-5a1ecb07cf85e-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=14400
cf-ray
57cc29e56c8d16e6-FRA
jquery.js
blog.redforce.io/lib/js/jquery/ 		95 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.redforce.io/lib/js/jquery/jquery.js
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::681b:a56a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Tue, 31 Mar 2020 18:34:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 28 Mar 2020 18:51:28 GMT
server
cloudflare
age
4424
etag
W/"17a69-5a1eeb4a96f7b-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-ray
57cc29e56c9716e6-FRA
jquery-migrate.min.js
blog.redforce.io/lib/js/jquery/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.redforce.io/lib/js/jquery/jquery-migrate.min.js
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::681b:a56a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Tue, 31 Mar 2020 18:34:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 28 Mar 2020 18:51:28 GMT
server
cloudflare
age
4423
etag
W/"2748-5a1eeb4a95fdb-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-ray
57cc29e56c9916e6-FRA
jquery.lazyloadxt.extra.min.js
blog.redforce.io/core/modules/1217de2d01/js/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.redforce.io/core/modules/1217de2d01/js/jquery.lazyloadxt.extra.min.js
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::681b:a56a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3e4c293d009f7d37b99bd03c515d37a37a9b59a0ff8fde6df3217cad191aafea

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Tue, 31 Mar 2020 18:34:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 07 Feb 2019 00:11:57 GMT
server
cloudflare
age
4423
etag
W/"af0-58142b0c62a8d-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-ray
57cc29e56c9a16e6-FRA
jquery.lazyloadxt.srcset.min.js
blog.redforce.io/core/modules/1217de2d01/js/ 		1 KB
740 B 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.redforce.io/core/modules/1217de2d01/js/jquery.lazyloadxt.srcset.min.js
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::681b:a56a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e923d2bc441edb82d3586e0898d02b1b03d2ce5daf76d15310de74332186b3ad

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Tue, 31 Mar 2020 18:34:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 07 Feb 2019 00:11:57 GMT
server
cloudflare
age
4423
etag
W/"50d-58142b0c62a8d-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-ray
57cc29e56c9c16e6-FRA
logo_redforce.png
blog.redforce.io/storage/2019/02/ 		98 KB
98 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.redforce.io/storage/2019/02/logo_redforce.png
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::681b:a56a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bb64fc5fb6800fb9df882a09f9faf57bbb9d2fcf413ecf3de542e23d4acc22b6

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 31 Mar 2020 18:34:17 GMT
cf-cache-status
HIT
last-modified
Thu, 07 Feb 2019 00:00:19 GMT
server
cloudflare
age
3677
etag
"188a3-58142872ecce3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
57cc29e56c9d16e6-FRA
content-length
100515
Facebook-2.svg
blog.redforce.io/core/views/10fdcdae3c/imgs/social/ 		912 B
606 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.redforce.io/core/views/10fdcdae3c/imgs/social/Facebook-2.svg
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::681b:a56a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b79ccfb297b8c329206a5830eadd549c69cfd15fc69415e40a19bbe8f14d538a

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 31 Mar 2020 18:34:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 06 Feb 2019 23:57:25 GMT
server
cloudflare
age
4423
etag
W/"390-581427ccb7243"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
status
200
cache-control
max-age=14400
cf-ray
57cc29e56c9e16e6-FRA
Twitter.svg
blog.redforce.io/core/views/10fdcdae3c/imgs/social/ 		2 KB
946 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.redforce.io/core/views/10fdcdae3c/imgs/social/Twitter.svg
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::681b:a56a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dbb3ae8d2e3f0dbbc9a65fb631f52a740443ddcfe52095e2f13fbb87eab0f957

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 31 Mar 2020 18:34:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 06 Feb 2019 23:57:25 GMT
server
cloudflare
age
4423
etag
W/"636-581427ccb62a3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
status
200
cache-control
max-age=14400
cf-ray
57cc29e5ad2f16e6-FRA
Linkedin-2.svg
blog.redforce.io/core/views/10fdcdae3c/imgs/social/ 		1 KB
663 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.redforce.io/core/views/10fdcdae3c/imgs/social/Linkedin-2.svg
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::681b:a56a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2cf6aa2153f5f53107a30113944c8a24debb6616aff6e9318b791718d780d3ee

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 31 Mar 2020 18:34:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 06 Feb 2019 23:57:25 GMT
server
cloudflare
age
4423
etag
W/"494-581427ccb7243"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
status
200
cache-control
max-age=14400
cf-ray
57cc29e5ad3016e6-FRA
email-decode.min.js
blog.redforce.io/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 		1 KB
830 B 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.redforce.io/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::681b:a56a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Tue, 31 Mar 2020 18:34:17 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Mon, 23 Mar 2020 15:58:02 GMT
server
cloudflare
etag
W/"5e78dc8a-4d7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
SAMEORIGIN
content-type
application/javascript
status
200
cache-control
max-age=172800, public
cf-ray
57cc29e58cd716e6-FRA
expires
Thu, 02 Apr 2020 18:34:17 GMT
imagesloaded.min.js
blog.redforce.io/lib/js/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.redforce.io/lib/js/imagesloaded.min.js
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::681b:a56a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
11e15f1d64a63cb498d0d42720a688ed15bf78393d8c460d695a110244c066e3

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Tue, 31 Mar 2020 18:34:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 28 Mar 2020 18:51:28 GMT
server
cloudflare
age
4422
etag
W/"1fb1-5a1eeb4a98ebb-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-ray
57cc29e59ce916e6-FRA
waves-scripts.js
blog.redforce.io/core/views/10fdcdae3c/js/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.redforce.io/core/views/10fdcdae3c/js/waves-scripts.js
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::681b:a56a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5b6960e8c4f2da894a2cba63e44b4ede1be52054066270479f20b6e8d7ce6cd3

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Tue, 31 Mar 2020 18:34:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 06 Feb 2019 23:57:25 GMT
server
cloudflare
age
4423
etag
W/"1965-581427ccb81e3-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-ray
57cc29e5ad2016e6-FRA
comment-reply.min.js
blog.redforce.io/lib/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.redforce.io/lib/js/comment-reply.min.js
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::681b:a56a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
73eb139b1371aed55b1dce74b7258f2d90991c5294d69fce852c3eed1af40068

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Tue, 31 Mar 2020 18:34:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 28 Mar 2020 18:51:28 GMT
server
cloudflare
age
3214
etag
W/"951-5a1eeb4a8563c-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-ray
57cc29e5ad2116e6-FRA
comment_count.js
blog.redforce.io/core/modules/a47eeb41d2/public/js/ 		889 B
481 B 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.redforce.io/core/modules/a47eeb41d2/public/js/comment_count.js
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::681b:a56a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cea0a05c5af6e21a409875328ed2e3dba79131b7c41f8ea07d0e0e02c7b7b59e

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Tue, 31 Mar 2020 18:34:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 28 Mar 2020 16:27:05 GMT
server
cloudflare
age
4422
etag
W/"379-5a1ecb04ed3ea-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-ray
57cc29e5ad2216e6-FRA
comment_embed.js
blog.redforce.io/core/modules/a47eeb41d2/public/js/ 		1 KB
507 B 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.redforce.io/core/modules/a47eeb41d2/public/js/comment_embed.js
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::681b:a56a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f055e217bde76d711bd8b42af773f9f99b8a29d81ad9ed10b6379cc7e6c60452

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Tue, 31 Mar 2020 18:34:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 28 Mar 2020 16:27:05 GMT
server
cloudflare
age
3215
etag
W/"47e-5a1ecb04ed3ea-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-ray
57cc29e5ad2316e6-FRA
mootools-core-yc.js
blog.redforce.io/core/modules/43342bc671/resources/ 		88 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.redforce.io/core/modules/43342bc671/resources/mootools-core-yc.js
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::681b:a56a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bcada3fb8ba74f6737ee9e798c50512e274a4227ef0a165b84d6ef3f2f0f5c1f

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Tue, 31 Mar 2020 18:34:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 28 Mar 2020 16:27:08 GMT
server
cloudflare
age
4422
etag
W/"15e0e-5a1ecb07cf85e-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-ray
57cc29e5ad2416e6-FRA
EnlighterJS.min.js
blog.redforce.io/core/modules/43342bc671/resources/ 		49 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.redforce.io/core/modules/43342bc671/resources/EnlighterJS.min.js
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::681b:a56a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ba248c9f36442fceef93b25bc4577993797ab7255b16ec87be25d8cec31d559d

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Tue, 31 Mar 2020 18:34:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 28 Mar 2020 16:27:08 GMT
server
cloudflare
age
4422
etag
W/"c395-5a1ecb07cf85e-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-ray
57cc29e5ad2516e6-FRA
wp-embed.min.js
blog.redforce.io/lib/js/ 		1 KB
725 B 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.redforce.io/lib/js/wp-embed.min.js
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::681b:a56a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0284cbccebf1682452d62d06efa3665c874d642d4e03f5f5f9bb0f555da9251b

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Tue, 31 Mar 2020 18:34:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 28 Mar 2020 18:51:28 GMT
server
cloudflare
age
4422
etag
W/"577-5a1eeb4a930fb-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-ray
57cc29e5ad2616e6-FRA
jquery.smooth-scroll.min.js
blog.redforce.io/core/modules/a2174c3e6f/vendor/smooth-scroll/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.redforce.io/core/modules/a2174c3e6f/vendor/smooth-scroll/jquery.smooth-scroll.min.js
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::681b:a56a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cb6554b04a2e5178a3e18dde21b1bb72e0aa5f87aac9cb567844a4fda5990847

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Tue, 31 Mar 2020 18:34:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 30 Mar 2020 19:07:58 GMT
server
cloudflare
age
2015
etag
W/"13bc-5a2172b590e1a-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-ray
57cc29e5ad2816e6-FRA
js.cookie.min.js
blog.redforce.io/core/modules/a2174c3e6f/vendor/js-cookie/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.redforce.io/core/modules/a2174c3e6f/vendor/js-cookie/js.cookie.min.js
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::681b:a56a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
073351c657bbb62703d3e79b437eb5b7c7a647b2293edd2caab7e7016f3d91fa

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Tue, 31 Mar 2020 18:34:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 30 Mar 2020 19:07:58 GMT
server
cloudflare
age
2015
etag
W/"9e7-5a2172b590e1a-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-ray
57cc29e5ad2a16e6-FRA
jquery.sticky-kit.min.js
blog.redforce.io/core/modules/a2174c3e6f/vendor/sticky-kit/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.redforce.io/core/modules/a2174c3e6f/vendor/sticky-kit/jquery.sticky-kit.min.js
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::681b:a56a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9b4ed13bfe6e05b6340281394abe265105b1eb916ab1e53e604352525305f7c2

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Tue, 31 Mar 2020 18:34:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 30 Mar 2020 19:07:58 GMT
server
cloudflare
age
2540
etag
W/"b4c-5a2172b590e1a-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-ray
57cc29e5ad2b16e6-FRA
front.min.js
blog.redforce.io/core/modules/a2174c3e6f/assets/js/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.redforce.io/core/modules/a2174c3e6f/assets/js/front.min.js
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::681b:a56a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d752a0565cc4029a5dac15956695b7f54b57c072b38dddcc6ab7aa3051bb54d9

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Tue, 31 Mar 2020 18:34:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 30 Mar 2020 19:07:58 GMT
server
cloudflare
age
2015
etag
W/"1526-5a2172b591dba-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-ray
57cc29e5ad2e16e6-FRA
js
www.googletagmanager.com/gtag/ 		75 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-134271712-2
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
643911a261bc46647434937b3c6926df1dda87c66720d4a759c4e6585341857a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Tue, 31 Mar 2020 18:34:17 GMT
content-encoding
br
status
200
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
28643
x-xss-protection
0
last-modified
Tue, 31 Mar 2020 18:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
http://www.googletagmanager.com
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 31 Mar 2020 18:34:17 GMT
wp-emoji-release.min.js
blog.redforce.io/lib/js/ 		14 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.redforce.io/lib/js/wp-emoji-release.min.js
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::681b:a56a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1a351abc3f3b435497ddb8a55f09268d3e641dc22455deac06cf0181a4de52ee

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Tue, 31 Mar 2020 18:34:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 28 Mar 2020 18:51:28 GMT
server
cloudflare
age
4422
etag
W/"362a-5a1eeb4a9bd9b-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-ray
57cc29e5ad3216e6-FRA
submenu-arrow.svg
blog.redforce.io/core/views/10fdcdae3c/imgs/ 		302 B
273 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.redforce.io/core/views/10fdcdae3c/imgs/submenu-arrow.svg
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::681b:a56a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e4870d8f2d50065a4d541c90843f2810741d3048f6816ed4c002af4def1934c1

Request headers

Referer
https://blog.redforce.io/core/views/10fdcdae3c/design.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 31 Mar 2020 18:34:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 06 Feb 2019 23:57:25 GMT
server
cloudflare
age
3214
etag
W/"12e-581427ccb7243"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
status
200
cache-control
max-age=14400
cf-ray
57cc29e5bd4316e6-FRA
truncated
/ 		25 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d02f66b2c4e26b3ba063c199ce126f434a81fc3f8746149a0955ea778fe5e853

Request headers

Origin
https://blog.redforce.io
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
application/x-font-woff;charset=utf-8
JTUSjIg1_i6t8kCHKm459WlhyyTh89Y.woff2
fonts.gstatic.com/s/montserrat/v14/ 		13 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/montserrat/v14/JTUSjIg1_i6t8kCHKm459WlhyyTh89Y.woff2
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0ce5a460ace775560c3344a43245687bdbec5cb8ee20d209ab9fa67f4e09a3e8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/css?family=Montserrat:
Origin
https://blog.redforce.io
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Jan 2020 10:08:21 GMT
x-content-type-options
nosniff
last-modified
Tue, 23 Jul 2019 03:46:48 GMT
server
sffe
age
5905556
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
13708
x-xss-protection
0
expires
Fri, 22 Jan 2021 10:08:21 GMT
launcher.js
collectcdn.com/ 		63 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://collectcdn.com/launcher.js
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::681f:4e79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7f49a0b5bd4093056086de4e53ada483ab36b24d91a5bf3fd5e79d926b0309a9

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Tue, 31 Mar 2020 18:34:17 GMT
content-encoding
br
cf-cache-status
HIT
age
4437
cf-polished
origSize=64433
status
200
x-amz-request-id
3F01E033478B00E2
x-amz-id-2
0ZgOrixtSOexrIvIkkLl9DaxFmIwuLn9tcQqsUcYYlHQU4sjfyfNOs5hbWgbiHCj7ny8aPk42qc=
last-modified
Thu, 19 Mar 2020 12:22:14 GMT
server
cloudflare
etag
W/"e55c861b3c488a53891a67a0da3d1866"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=1382400
cf-ray
57cc29e5ead9c2b3-FRA
cf-bgj
minify
truncated
/ 		42 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/gif
ez-toc-icomoon.woff2
blog.redforce.io/core/modules/a2174c3e6f/vendor/icomoon/fonts/ 		580 B
662 B 		Font
General
Check archive.org
Download Go to
Full URL
https://blog.redforce.io/core/modules/a2174c3e6f/vendor/icomoon/fonts/ez-toc-icomoon.woff2
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::681b:a56a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9a5d04f74cf2a5ac395114c141150def9ea2ec79fa5b06febc02cb396d2c88f7

Request headers

Referer
https://blog.redforce.io/core/modules/a2174c3e6f/vendor/icomoon/style.min.css
Origin
https://blog.redforce.io
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 31 Mar 2020 18:34:17 GMT
cf-cache-status
HIT
last-modified
Mon, 30 Mar 2020 19:07:58 GMT
server
cloudflare
age
3705
etag
"244-5a2172b590e1a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
57cc29e5cd7416e6-FRA
content-length
580
count.js
redforce-blog.disqus.com/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://redforce-blog.disqus.com/count.js
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/core/modules/a47eeb41d2/public/js/comment_count.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.134 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Tue, 31 Mar 2020 18:34:18 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
1198588
P3P
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Connection
keep-alive
Content-Length
871
X-XSS-Protection
1; mode=block
Last-Modified
Tue, 17 Mar 2020 01:10:10 GMT
Server
nginx
ETag
"5e702372-367"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=300; includeSubdomains
Content-Type
application/javascript; charset=utf-8
Cache-Control
public, max-age=300
Link
<https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
embed.js
redforce-blog.disqus.com/ 		67 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://redforce-blog.disqus.com/embed.js
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/core/modules/a47eeb41d2/public/js/comment_embed.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.134 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash
54e357624fc5cc60cfd1d1b1514c7081195dd164d2b73b53395108ee2055e857
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Tue, 31 Mar 2020 18:34:18 GMT
Content-Encoding
gzip
Server
openresty
Age
0
Vary
Accept-Encoding
Strict-Transport-Security
max-age=300; includeSubdomains
Content-Type
application/javascript; charset=utf-8
Cache-Control
private, max-age=60
X-Service
router
Connection
keep-alive
Link
<https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length
22283
response.php
blog.redforce.io/ 		1 B
366 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://blog.redforce.io/response.php
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/lib/js/jquery/jquery.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::681b:a56a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept
*/*
Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Origin
https://blog.redforce.io
X-Requested-With
XMLHttpRequest
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Tue, 31 Mar 2020 18:34:18 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
cf-ray
57cc29e65f2816e6-FRA
status
200
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
SAMEORIGIN
content-type
text/html; charset=UTF-8
access-control-allow-origin
https://blog.redforce.io
cache-control
no-cache, must-revalidate, max-age=0
access-control-allow-credentials
true
x-robots-tag
noindex
expires
Wed, 11 Jan 1984 05:00:00 GMT
1f600.svg
s.w.org/images/core/emoji/12.0.0-1/svg/ 		450 B
649 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.w.org/images/core/emoji/12.0.0-1/svg/1f600.svg
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
s.w.org
Software
nginx /
Resource Hash
41478e547c5b6ad66bfcf91ead5350fa0bc247956c3ff912020327e3e9ad0d2b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

x-nc
HIT ams 2
date
Tue, 31 Mar 2020 18:34:18 GMT
x-content-type-options
nosniff
last-modified
Mon, 08 Apr 2019 05:13:23 GMT
server
nginx
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
status
200
cache-control
max-age=315360000
accept-ranges
bytes
content-length
450
expires
Thu, 31 Dec 2037 23:55:55 GMT
3259b1db120d424e93f724de7caed137
secure.gravatar.com/avatar/ 		92 KB
92 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.gravatar.com/avatar/3259b1db120d424e93f724de7caed137?s=224&d=mm&r=g
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
b1e6be32fea9b9014acdd4df6cc4e23e331ce80806a1a3b52b6720a7c515cb8b

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

x-nc
MISS lb8.dfw.gravatar.com, HIT fra 1
date
Tue, 31 Mar 2020 18:34:18 GMT
last-modified
Sat, 23 Feb 2019 16:51:24 GMT
server
nginx
access-control-allow-origin
*
content-type
image/png
status
200
cache-control
max-age=300
content-disposition
inline; filename="3259b1db120d424e93f724de7caed137.png"
accept-ranges
bytes
link
<https://www.gravatar.com/avatar/3259b1db120d424e93f724de7caed137?s=224&d=mm&r=g>; rel="canonical"
content-length
94035
expires
Tue, 31 Mar 2020 18:39:18 GMT
helpdesks_coverArtboard-1-1040x464.jpg
blog.redforce.io/storage/2020/03/ 		50 KB
50 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.redforce.io/storage/2020/03/helpdesks_coverArtboard-1-1040x464.jpg
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::681b:a56a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fc9787de0e2a55665815deec2e8bdd79ba77fda0166ae517a7d14031c06cf2f5

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 31 Mar 2020 18:34:18 GMT
cf-cache-status
HIT
last-modified
Sat, 28 Mar 2020 22:49:02 GMT
server
cloudflare
age
3383
etag
"c79f-5a1f206419b3a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
57cc29e69fdb16e6-FRA
content-length
51103
5c2fe9d4173f537e141b2010
api.collect.chat/forms/questions/ 		7 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.collect.chat/forms/questions/5c2fe9d4173f537e141b2010
Requested by
Host: collectcdn.com
URL: https://collectcdn.com/launcher.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::681b:9ac7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
1aecebae248922e3b43ffcdfbf76c2ec6586c3aaa211d438313bee9863710c5e

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Origin
https://blog.redforce.io
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 31 Mar 2020 18:34:18 GMT
content-encoding
br
cf-cache-status
DYNAMIC
x-powered-by
Express
status
200
x-ratelimit-remaining
49
server
cloudflare
etag
W/"1d70-8l9WZ4hPMMEl6csEggNsygn6g9E"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
no-cache
x-ratelimit-reset
1585679674
x-ratelimit-limit
50
cf-ray
57cc29e6cccac2f4-FRA
analytics.js
www.google-analytics.com/ 		44 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-134271712-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 06 Feb 2020 00:21:02 GMT
server
Golfe2
age
6943
date
Tue, 31 Mar 2020 16:38:35 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
18174
expires
Tue, 31 Mar 2020 18:38:35 GMT
collect
stats.g.doubleclick.net/r/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j81&a=199810777&t=pageview&_s=1&dl=https%3A%2F%2Fblog.redforce.io%2Fattacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study%...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-134271712-2&cid=136750134.1585679658&jid=1394039666&_gid=1869825391.1585679658&gjid=1623326064&_v=j81&z=1908175651
35 B
102 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-134271712-2&cid=136750134.1585679658&jid=1394039666&_gid=1869825391.1585679658&gjid=1623326064&_v=j81&z=1908175651
Requested by
Host: blog.redforce.io
URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c08::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
access-control-allow-origin
*
date
Tue, 31 Mar 2020 18:34:18 GMT
content-type
image/gif
status
200
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 31 Mar 2020 18:34:18 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
access-control-allow-origin
*
location
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-134271712-2&cid=136750134.1585679658&jid=1394039666&_gid=1869825391.1585679658&gjid=1623326064&_v=j81&z=1908175651
content-type
text/html; charset=UTF-8
status
302
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
420
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
pro.ip-api.com/json/ 		286 B
442 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pro.ip-api.com/json/?key=MD3NG35fVBOiaPz
Requested by
Host: collectcdn.com
URL: https://collectcdn.com/launcher.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
51.77.64.70 , Germany, ASN16276 (OVH, FR),
Reverse DNS
de-fra-1.pro.ip-api.com
Software
/
Resource Hash
00260e0052c08446599f8d26b29ee7f65a339fda5169e29f6b177874a0e4ea50

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Origin
https://blog.redforce.io
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 31 Mar 2020 18:34:18 GMT
Content-Length
286
Content-Type
application/json; charset=utf-8
lounge.b362154b0539d5d23b6125bb3e3735c6.css
c.disquscdn.com/next/embed/styles/ 		0
21 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/styles/lounge.b362154b0539d5d23b6125bb3e3735c6.css
Requested by
Host: redforce-blog.disqus.com
URL: https://redforce-blog.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:4ca6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
empty

Response headers

date
Tue, 31 Mar 2020 18:34:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
421098
cf-ray
57cc29e8ef0a97d8-FRA
status
200
vary
Accept-Encoding
content-length
21796
x-xss-protection
1; mode=block
last-modified
Thu, 26 Mar 2020 17:38:55 GMT
server
cloudflare
etag
"5e7ce8af-5524"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=300; includeSubdomains
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 26 Mar 2021 21:35:59 GMT
common.bundle.35e517736a0f081c6fbaee05b4da1b3a.js
c.disquscdn.com/next/embed/ 		0
89 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/common.bundle.35e517736a0f081c6fbaee05b4da1b3a.js
Requested by
Host: redforce-blog.disqus.com
URL: https://redforce-blog.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:4ca6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
empty

Response headers

date
Tue, 31 Mar 2020 18:34:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
664078
cf-ray
57cc29e8ef0d97d8-FRA
status
200
vary
Accept-Encoding
content-length
90458
x-xss-protection
1; mode=block
last-modified
Wed, 18 Mar 2020 17:54:58 GMT
server
cloudflare
etag
"5e726072-1615a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=300; includeSubdomains
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 19 Mar 2021 17:49:00 GMT
lounge.bundle.24cead898f86515a9757ee11b7b34eb3.js
c.disquscdn.com/next/embed/ 		0
109 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/lounge.bundle.24cead898f86515a9757ee11b7b34eb3.js
Requested by
Host: redforce-blog.disqus.com
URL: https://redforce-blog.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:4ca6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
empty

Response headers

date
Tue, 31 Mar 2020 18:34:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
80722
cf-ray
57cc29e8ef0f97d8-FRA
status
200
vary
Accept-Encoding
content-length
110812
x-xss-protection
1; mode=block
last-modified
Mon, 30 Mar 2020 17:53:20 GMT
server
cloudflare
etag
"5e823210-1b0dc"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=300; includeSubdomains
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 30 Mar 2021 20:08:54 GMT
config.js
disqus.com/next/ 		0
6 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://disqus.com/next/config.js
Requested by
Host: redforce-blog.disqus.com
URL: https://redforce-blog.disqus.com/embed.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
empty

Response headers

Timing-Allow-Origin
*
Date
Tue, 31 Mar 2020 18:34:18 GMT
X-Content-Type-Options
nosniff
Server
nginx
Age
16
X-Frame-Options
SAMEORIGIN
Connection
keep-alive
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin
*
Cache-Control
public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Strict-Transport-Security
max-age=300; includeSubdomains
Content-Type
application/javascript; charset=UTF-8
Content-Length
5882
X-XSS-Protection
1; mode=block
a22.png
avatars.collectcdn.com/ 		22 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://avatars.collectcdn.com/a22.png
Requested by
Host: collectcdn.com
URL: https://collectcdn.com/launcher.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::681f:4e79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f9b938eac38e2629f92491d075840770f688c7dbf73d9d6cca5632186dafec66

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 31 Mar 2020 18:34:18 GMT
cf-cache-status
HIT
age
3400
status
200
content-type
image/png
content-length
22268
x-amz-id-2
ss10kKUHIYj/OD/AR+vp1uJ66rG//Nq+VGgaQ8ih/fd9ifqG7XI9EJSj2dJXhh7p6IPiGmfTasc=
last-modified
Mon, 11 Mar 2019 19:30:00 GMT
server
cloudflare
etag
"d00d5149e54757861fa03191da352f1f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-request-id
43F63DF246E52FF3
cache-control
max-age=1382400
accept-ranges
bytes
cf-ray
57cc29e96c87c2b3-FRA
widget.js
collectcdn.com/ Frame 53C5 		384 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://collectcdn.com/widget.js?c=5c2fe9d4173f537e141b2010
Requested by
Host: collectcdn.com
URL: https://collectcdn.com/launcher.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::681f:4e79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5e0255d38f6f5c7a07a18f52fbf944f5e858321074048c4daa282a6422e9274e

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Tue, 31 Mar 2020 18:34:18 GMT
content-encoding
br
cf-cache-status
HIT
age
4436
cf-polished
origSize=393501
status
200
x-amz-request-id
6C1BE272BB5786C9
x-amz-id-2
B/8TFsPIm9sqC7/6dU0rjzqxRR4zoX4S3s3DFvmdMDCDV/OfAsg9WdOqaHzc8foTcM5DF2zCkvM=
last-modified
Tue, 31 Mar 2020 13:19:06 GMT
server
cloudflare
etag
W/"18c9099c8c75c393235f34b0239d674b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=1382400
cf-ray
57cc29e95c64c2b3-FRA
cf-bgj
minify
/
disqus.com/embed/comments/ Frame 24D5 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://disqus.com/embed/comments/?base=default&f=redforce-blog&t_i=502%20http%3A%2F%2Fblog.redforce.io%2F%3Fp%3D502&t_u=https%3A%2F%2Fblog.redforce.io%2Fattacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study%2F&t_e=Attacking%20HelpDesks%20Part%201%3A%20RCE%20Chain%20on%20DeskPro%2C%20with%20Bitdefender%20as%20a%20Case%20Study&t_d=Attacking%20HelpDesks%20Part%201%3A%20RCE%20Chain%20on%20DeskPro%2C%20with%20Bitdefender%20as%20a%20Case%20Study%20%E2%80%93%20Redforce&t_t=Attacking%20HelpDesks%20Part%201%3A%20RCE%20Chain%20on%20DeskPro%2C%20with%20Bitdefender%20as%20a%20Case%20Study&s_o=default
Requested by
Host: redforce-blog.disqus.com
URL: https://redforce-blog.disqus.com/embed.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ 'unsafe-inline' https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ https://apis.google.com https://www.google.com/recaptcha/ https://disqus.com
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
disqus.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/

Response headers

Server
nginx
Content-Security-Policy
script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ 'unsafe-inline' https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ https://apis.google.com https://www.google.com/recaptcha/ https://disqus.com
Link
<https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Cache-Control
stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Timing-Allow-Origin
*
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Content-Type
text/html; charset=utf-8
Last-Modified
Sat, 28 Mar 2020 21:40:54 GMT
ETag
W/"lounge:view:7939350665.2ad871e38b434be37b3617bacd5a2b11.2"
Content-Encoding
gzip
Content-Length
2676
Date
Tue, 31 Mar 2020 18:34:18 GMT
Age
31
Connection
keep-alive
Vary
Accept-Encoding
Strict-Transport-Security
max-age=300; includeSubdomains
css
fonts.googleapis.com/ Frame 53C5 		2 KB
685 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:400
Requested by
Host: collectcdn.com
URL: https://collectcdn.com/widget.js?c=5c2fe9d4173f537e141b2010
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
a8252492db56de6a43a1e52010746aa4b09c216f522dfaa82a62169a811e3405
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 31 Mar 2020 18:34:18 GMT
server
ESF
date
Tue, 31 Mar 2020 18:34:18 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 31 Mar 2020 18:34:18 GMT
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f648605439a2a9f6f75eacb4cdc5c945d1f93caecf753e93135861ec4b472f38

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
alfie.f51946af45e0b561c60f768335c9eb79.js
c.disquscdn.com/next/embed/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/alfie.f51946af45e0b561c60f768335c9eb79.js
Requested by
Host: redforce-blog.disqus.com
URL: https://redforce-blog.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:4ca6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eda8f00e9255746e7620848227aca122053845c9b4a90f1b3e26b4cd99af9e25
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Tue, 31 Mar 2020 18:34:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
21638795
cf-ray
57cc29eb693297d8-FRA
status
200
vary
Accept-Encoding
content-length
6605
x-xss-protection
1; mode=block
last-modified
Wed, 15 May 2019 00:01:52 GMT
server
cloudflare
etag
"5cdb56f0-19cd"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=300; includeSubdomains
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 19 May 2020 02:07:22 GMT
ping
links.services.disqus.com/api/ 		283 B
909 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://links.services.disqus.com/api/ping?format=jsonp&key=cfdfcf52dffd0a702a61bad27507376d&loc=https%3A%2F%2Fblog.redforce.io%2Fattacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study%2F&subId=5718559&v=1&jsonp=vglnk_jsonp_15856796588120
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/alfie.f51946af45e0b561c60f768335c9eb79.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.64 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
9c7ca088cfc6657051450cff64a904a420947321cb78a9a0b8d6f912b3748941

Request headers

Referer
https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/
Origin
https://blog.redforce.io
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 31 Mar 2020 18:34:18 GMT
Server
Apache-Coyote/1.1
P3P
CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin
https://blog.redforce.io
Cache-Control
no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/javascript;charset=UTF-8
Content-Length
283
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

97 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| _wpemojiSettings function| $ function| jQuery string| CollectId object| a function| EventEmitter object| eventie function| imagesLoaded object| ajax_var object| addComment object| countVars string| disqus_shortname object| embedVars string| disqus_url string| disqus_identifier string| disqus_container_id string| disqus_title undefined| disqus_config_custom function| disqus_config function| IFrame function| Elements function| Cookie object| MooTools function| typeOf function| instanceOf function| Type object| Browser function| $constructor function| $family function| Class function| Chain function| Events function| Options object| Slick number| uniqueNumber function| getDocument function| getWindow function| $$ function| addListener function| removeListener function| retrieve function| store function| eliminate function| DOMEvent function| addEvent function| removeEvent function| addEvents function| removeEvents function| fireEvent function| cloneEvents function| getSize function| getScroll function| getScrollSize function| getPosition function| getCoordinates function| getHeight function| getWidth function| getScrollTop function| getScrollLeft function| getScrollHeight function| getScrollWidth function| getTop function| getLeft function| Fx function| EnlighterJS object| wp function| Cookies object| ezTOC object| EnlighterJS_Config function| gtag object| dataLayer object| jQuery112402545239077048833 object| hash object| qs object| pathname object| hostname object| twemoji object| google_tag_manager object| CollectChatLauncher object| collectchat string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| DISQUSWIDGETS undefined| disqus_domain object| DISQUS undefined| CollectAlwaysOpen string| vglnk_self function| vl_cB function| vl_disable undefined| vglnk_jsonp_15856796588120 object| vglnk

5 Cookies

Domain/Path Name / Value
.redforce.io/ Name: _gat_gtag_UA_134271712_2
Value: 1
.redforce.io/ Name: _gid
Value: GA1.2.1869825391.1585679658
.redforce.io/ Name: _ga
Value: GA1.2.136750134.1585679658
.redforce.io/ Name: __cfduid
Value: dca3ed875f577ea84438bb7dc0bf937bb1585679657
blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study Name: collect_chat_page_load
Value: 1

1 Console Messages

Source Level URL
Text
console-api log URL: https://blog.redforce.io/lib/js/jquery/jquery-migrate.min.js(Line 2)
Message:
JQMIGRATE: Migrate is installed, version 1.4.1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.collect.chat
avatars.collectcdn.com
blog.redforce.io
c.disquscdn.com
collectcdn.com
disqus.com
fonts.googleapis.com
fonts.gstatic.com
links.services.disqus.com
pro.ip-api.com
redforce-blog.disqus.com
s.w.org
secure.gravatar.com
stats.g.doubleclick.net
www.google-analytics.com
www.googletagmanager.com
151.101.112.134
151.101.112.64
151.101.192.134
192.0.77.48
2606:4700:3030::681f:4e79
2606:4700:3032::681b:a56a
2606:4700:3036::681b:9ac7
2606:4700::6810:4ca6
2a00:1450:4001:800::2003
2a00:1450:4001:808::200a
2a00:1450:4001:817::200e
2a00:1450:4001:81d::2008
2a00:1450:400c:c08::9c
2a04:fa87:fffe::c000:4902
51.77.64.70
00260e0052c08446599f8d26b29ee7f65a339fda5169e29f6b177874a0e4ea50
0284cbccebf1682452d62d06efa3665c874d642d4e03f5f5f9bb0f555da9251b
06818b2c41364e70021d420e1cc98f4bbcc0a082f6dbd02bb5a272c12b7764b2
073351c657bbb62703d3e79b437eb5b7c7a647b2293edd2caab7e7016f3d91fa
0ce5a460ace775560c3344a43245687bdbec5cb8ee20d209ab9fa67f4e09a3e8
11e15f1d64a63cb498d0d42720a688ed15bf78393d8c460d695a110244c066e3
18aa66c192cbef43a61b1398c292ae5c6c1d40d679428ee998b1c6bfaf61d75a
1a351abc3f3b435497ddb8a55f09268d3e641dc22455deac06cf0181a4de52ee
1aecebae248922e3b43ffcdfbf76c2ec6586c3aaa211d438313bee9863710c5e
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2cf6aa2153f5f53107a30113944c8a24debb6616aff6e9318b791718d780d3ee
3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875
3e4c293d009f7d37b99bd03c515d37a37a9b59a0ff8fde6df3217cad191aafea
41478e547c5b6ad66bfcf91ead5350fa0bc247956c3ff912020327e3e9ad0d2b
46cd92e74493c286e7cc9c8ed59a3cce3aec77edf6da51e4287d43349e496259
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
54e357624fc5cc60cfd1d1b1514c7081195dd164d2b73b53395108ee2055e857
5b6960e8c4f2da894a2cba63e44b4ede1be52054066270479f20b6e8d7ce6cd3
5e0255d38f6f5c7a07a18f52fbf944f5e858321074048c4daa282a6422e9274e
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
643911a261bc46647434937b3c6926df1dda87c66720d4a759c4e6585341857a
6cf390024b9fb02ae1756d257499f568393acc60c76ae6b13ce986a46f396e34
73eb139b1371aed55b1dce74b7258f2d90991c5294d69fce852c3eed1af40068
7f49a0b5bd4093056086de4e53ada483ab36b24d91a5bf3fd5e79d926b0309a9
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
968ab8ae6f33119ee267a11ce60920934e0d5e9d4714a3eb6b47cb9f05e42a0f
9a5d04f74cf2a5ac395114c141150def9ea2ec79fa5b06febc02cb396d2c88f7
9b4ed13bfe6e05b6340281394abe265105b1eb916ab1e53e604352525305f7c2
9c7ca088cfc6657051450cff64a904a420947321cb78a9a0b8d6f912b3748941
a8252492db56de6a43a1e52010746aa4b09c216f522dfaa82a62169a811e3405
ae8ce0a91914c1115e63ebe3733a64c691bcc1e077b67500ea89f45030d67b28
b1e6be32fea9b9014acdd4df6cc4e23e331ce80806a1a3b52b6720a7c515cb8b
b79ccfb297b8c329206a5830eadd549c69cfd15fc69415e40a19bbe8f14d538a
b7f43808cb7dfabe4c69b09da0d388dcca4908e87bab1f5dc131fd5d31aaf5e0
b88fca268e1352a0922f301c6b88f0499606c01faa8d0718de11a8153a5edc3a
ba248c9f36442fceef93b25bc4577993797ab7255b16ec87be25d8cec31d559d
bb64fc5fb6800fb9df882a09f9faf57bbb9d2fcf413ecf3de542e23d4acc22b6
bcada3fb8ba74f6737ee9e798c50512e274a4227ef0a165b84d6ef3f2f0f5c1f
cb6554b04a2e5178a3e18dde21b1bb72e0aa5f87aac9cb567844a4fda5990847
cea0a05c5af6e21a409875328ed2e3dba79131b7c41f8ea07d0e0e02c7b7b59e
d02f66b2c4e26b3ba063c199ce126f434a81fc3f8746149a0955ea778fe5e853
d3e963f267af6f794fcc2bb4286c8c4501102f6ca50319b5626a164c63d80dad
d51089ba164e46643145dc475cce83e53896a1e6541c68b20d841c1ab24e65b9
d752a0565cc4029a5dac15956695b7f54b57c072b38dddcc6ab7aa3051bb54d9
d8faea6e218910bf83cd1e7fe9775b3b75195df3c16a3f4eea74b75f9b881dce
d9636a9d853d06f01801c669738463af2a6a69dfbcd5bb5b2624ed0636fe59b9
d9662b4b9ba6c2c3691ce0acd4572e027366eb97d6070550a13429262bb0037f
dbb3ae8d2e3f0dbbc9a65fb631f52a740443ddcfe52095e2f13fbb87eab0f957
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4870d8f2d50065a4d541c90843f2810741d3048f6816ed4c002af4def1934c1
e923d2bc441edb82d3586e0898d02b1b03d2ce5daf76d15310de74332186b3ad
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
eda8f00e9255746e7620848227aca122053845c9b4a90f1b3e26b4cd99af9e25
eeeecb59f46b1474b7b2cc02df510a8faa73438e20a41db43a74a1d91a4eeecb
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f055e217bde76d711bd8b42af773f9f99b8a29d81ad9ed10b6379cc7e6c60452
f4e8c8dbefc2cd77738662930dff811a9608ddae5a042a29737bc6f1921c9b82
f648605439a2a9f6f75eacb4cdc5c945d1f93caecf753e93135861ec4b472f38
f9b938eac38e2629f92491d075840770f688c7dbf73d9d6cca5632186dafec66
fc9787de0e2a55665815deec2e8bdd79ba77fda0166ae517a7d14031c06cf2f5