app.sbc.sage.com Open in urlscan Pro
2606:4700:4400::6812:2819 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://app.sbc.sage.com/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00
Effective URL:
https://app.sbc.sage.com/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00
Submission: On April 27 via manual (April 27th 2022, 10:35:22 am UTC) from GB — Scanned from GB

Summary HTTP 24 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 6 IPs in 1 countries across 4 domains to perform 24 HTTP transactions. The main IP is 2606:4700:4400::6812:2819, located in United States and belongs to CLOUDFLARENET, US. The main domain is app.sbc.sage.com. The Cisco Umbrella rank of the primary domain is 995752.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on October 13th 2021. Valid for: a year.

This is the only time app.sbc.sage.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 13	2606:4700:440... 2606:4700:4400::6812:2819	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:231... 2600:9000:2315:7e00:1f:aa31:7740:93a1	16509 (AMAZON-02) (AMAZON-02)
6	2606:4700:440... 2606:4700:4400::ac40:93e7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.194.137 151.101.194.137	54113 (FASTLY) (FASTLY)
2	162.247.242.20 162.247.242.20	23467 (NEWRELIC-...) (NEWRELIC-AS-1)
24	6

13 2606:4700:4400::6812:2819 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

app.sbc.sage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.sbc.sage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2315:7e00:1f:aa31:7740:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.pendo.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:4400::ac40:93e7 (United States)

ASN13335 (CLOUDFLARENET, US)

assets.sbc.sage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.194.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.247.242.20 (United States)

ASN23467 (NEWRELIC-AS-1, US)
PTR: bam-8.nr-data.net

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	sage.com 1 redirects app.sbc.sage.com — Cisco Umbrella Rank: 995752 assets.sbc.sage.com — Cisco Umbrella Rank: 860787	721 KB
2	nr-data.net bam.nr-data.net — Cisco Umbrella Rank: 594	505 B
1	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 344	17 KB
1	pendo.io cdn.pendo.io — Cisco Umbrella Rank: 983	142 KB
24	4

	Domain	Requested by
11	assets.sbc.sage.com	app.sbc.sage.com
8	app.sbc.sage.com	1 redirects assets.sbc.sage.com app.sbc.sage.com
2	bam.nr-data.net	app.sbc.sage.com
1	js-agent.newrelic.com	app.sbc.sage.com
1	cdn.pendo.io	app.sbc.sage.com
24	5

This site contains links to these domains. Also see Links.

Domain
help.accounting.sage.com

Subject Issuer	Validity	Valid
sbc.sage.com Cloudflare Inc ECC CA-3	`2021-10-13` - `2022-10-12`	a year	crt.sh
cdn.pendo.io Amazon	`2021-08-29` - `2022-09-27`	a year	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA H2 2021	`2021-10-06` - `2022-11-07`	a year	crt.sh
*.nr-data.net DigiCert TLS RSA SHA256 2020 CA1	`2022-01-10` - `2023-02-10`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://app.sbc.sage.com/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00
Frame ID: CDF23D0551103F118DBF11846567269B
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

We couldn’t find that page | Sage Business CloudSage logo

Page URL History Show full URLs

http://app.sbc.sage.com/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/pas... HTTP 301
https://app.sbc.sage.com/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/pas... Page URL

Detected technologies

Joomla (CMS) Expand

Overall confidence: 100%
Detected patterns

option=com_

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

24
Requests

92 %
HTTPS

60 %
IPv6

4
Domains

5
Subdomains

6
IPs

1
Countries

880 kB
Transfer

3007 kB
Size

2
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://help.accounting.sage.com/en-gb/cm/index.html
Title: Help Centre

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://app.sbc.sage.com/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00 HTTP 301
https://app.sbc.sage.com/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

24 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request index.php Show response
app.sbc.sage.com/
Redirect Chain

http://app.sbc.sage.com/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00
https://app.sbc.sage.com/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00

40 KB
14 KB

516ms
411ms

Document
text/html

2606:4700:4400::6812:2819
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.sbc.sage.com/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2819 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

97a0e2c58ab434668557d7c0dda9aa49578bea622b9935f141c053c846bb05ce

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' .sbc.sage.com app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com; script-src 'self' .sbc.sage.com id.sage.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-eu-static.storage.googleapis.com pendo-io-static.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com 'unsafe-inline'; style-src 'self' app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com 'unsafe-inline'; font-src 'self'; connect-src 'self' .sbc.sage.com id.sage.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net sbc-global-import-fileupload-production-eu-central-1.s3.eu-central-1.amazonaws.com sbc-global-import-fileupload-production-eu-west-1.s3.eu-west-1.amazonaws.com app.eu.pendo.io app.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com; frame-src 'self' .sbc.sage.com id.sage.com players.brightcove.net; frame-ancestors 'self' app.eu.pendo.io app.pendo.io; worker-src 'self' blob:; child-src 'self' blob:; object-src 'none';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 67252
cache-control: max-age=900,must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7026e9122c0001f0-ZRH
content-encoding: gzip
content-security-policy: default-src 'self'; img-src 'self' *.sbc.sage.com app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com; script-src 'self' *.sbc.sage.com id.sage.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-eu-static.storage.googleapis.com pendo-io-static.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com 'unsafe-inline'; style-src 'self' app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com 'unsafe-inline'; font-src 'self'; connect-src 'self' *.sbc.sage.com id.sage.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net sbc-global-import-fileupload-production-eu-central-1.s3.eu-central-1.amazonaws.com sbc-global-import-fileupload-production-eu-west-1.s3.eu-west-1.amazonaws.com app.eu.pendo.io app.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com; frame-src 'self' *.sbc.sage.com id.sage.com players.brightcove.net; frame-ancestors 'self' app.eu.pendo.io app.pendo.io; worker-src 'self' blob:; child-src 'self' blob:; object-src 'none';
content-type: text/html
date: Wed, 27 Apr 2022 10:35:16 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified: Tue, 26 Apr 2022 15:54:13 GMT
permissions-policy
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
strict-transport-security: max-age=63072000; includeSubdomains; preload
via: 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront)
x-amz-cf-id: orWd0_eHs8LvEc_Qb7YziEbf6eX6JQtI-3Siy-Ucc5edfPVaVmLauw==
x-amz-cf-pop: FRA56-P6
x-cache: Error from cloudfront
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block

Redirect headers

CF-RAY: 7026e91118db23f7-ZRH
Cache-Control: max-age=3600
Connection: keep-alive
Date: Wed, 27 Apr 2022 10:35:16 GMT
Expires: Wed, 27 Apr 2022 11:35:16 GMT
Location: https://app.sbc.sage.com/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding

GET
H2 200 system.min.js Show response
assets.sbc.sage.com/npm/systemjs@6.8.3/dist/ 11 KB
5 KB 129ms
112ms Script
application/javascript 2606:4700:4400::6812:2819
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.sbc.sage.com/npm/systemjs@6.8.3/dist/system.min.js

Requested by

Host: app.sbc.sage.com
URL: https://app.sbc.sage.com/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2819 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

faf458dcada028341e6c98a52f71067328fb710a51d0f3acb69df9dbe93619af

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://app.sbc.sage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 10:35:16 GMT
via: 1.1 987865b81ba895db5b3f56f8ae175c84.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
age: 7951968
x-jsd-version: 6.8.3
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-served-by: cache-fra19182-FRA
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"2d8f-vNLePrR3zcdZpnqBy/hzJsUTIac"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
x-amz-cf-pop: FRA60-P3
cf-ray: 7026e914d80901f0-ZRH
x-amz-cf-id: epGvUa3les8IHdreTHq5TEsEixNst4EcNqNymzYiUesG8HwOnJWs_A==

GET
H2 200 amd.min.js Show response
assets.sbc.sage.com/npm/systemjs@6.8.3/dist/extras/ 2 KB
1 KB 120ms
103ms Script
application/javascript 2606:4700:4400::6812:2819
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.sbc.sage.com/npm/systemjs@6.8.3/dist/extras/amd.min.js

Requested by

Host: app.sbc.sage.com
URL: https://app.sbc.sage.com/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2819 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0d4fb1b44c663281b646f71734a9655cb49ae083857eb7cc704c5fadfd2b47a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://app.sbc.sage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 10:35:16 GMT
via: 1.1 d63ea68c8b7458d49fe25f66ef7f0a5e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
age: 7958371
x-jsd-version: 6.8.3
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-served-by: cache-fra19143-FRA
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"665-BQHyV2OT0XsgsHcuM1F7Bi7HRVI"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
x-amz-cf-pop: FRA60-P3
cf-ray: 7026e914d80701f0-ZRH
x-amz-cf-id: AUaGkQ_Hm2qSo2lP80waWzmdj-I4kQQnXImegBx-MJ0IBD3PeQIFyg==

GET
H2 200 named-exports.min.js Show response
assets.sbc.sage.com/npm/systemjs@6.8.3/dist/extras/ 662 B
654 B 121ms
104ms Script
application/javascript 2606:4700:4400::6812:2819
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.sbc.sage.com/npm/systemjs@6.8.3/dist/extras/named-exports.min.js

Requested by

Host: app.sbc.sage.com
URL: https://app.sbc.sage.com/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2819 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b7814b98c55e89e1a4141087f0d037b542f4a57ad00ad128f8de38852e74104

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://app.sbc.sage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 10:35:16 GMT
via: 1.1 7fd88bab22735486702d23ba4e028d86.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
age: 7934459
x-jsd-version: 6.8.3
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-served-by: cache-fra19132-FRA
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"296-tyago8sK8kum8+GjusQQJlD7Mvo"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
x-amz-cf-pop: FRA60-P3
cf-ray: 7026e914d80c01f0-ZRH
x-amz-cf-id: Pf_C8Tjl_cvSal0ZSGxokWnDdW4ZI9Tcb1IY-q9Tq_BBupfo7dfc0Q==

GET
H2 200 use-default.min.js Show response
assets.sbc.sage.com/npm/systemjs@6.8.3/dist/extras/ 251 B
421 B 133ms
117ms Script
application/javascript 2606:4700:4400::6812:2819
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.sbc.sage.com/npm/systemjs@6.8.3/dist/extras/use-default.min.js

Requested by

Host: app.sbc.sage.com
URL: https://app.sbc.sage.com/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2819 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b950d42d6c00fec207c673b7d5d2bc4e102e2b8e8cacf9ab567f895e53177390

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://app.sbc.sage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 10:35:16 GMT
via: 1.1 cb605905cea2427f1d9f13acc778e822.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
age: 7942296
x-jsd-version: 6.8.3
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-served-by: cache-fra19162-FRA
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"fb-3R2r5IObJpsR7qV1P0mIda4ywDw"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
x-amz-cf-pop: FRA60-P3
cf-ray: 7026e914d80f01f0-ZRH
x-amz-cf-id: 2g8fM5qfhgK-d3BLf7lLABJadBGw6nrodwlScWkwoDXUL2xCdacEcA==

GET
H2 200 import-map.json Show response
app.sbc.sage.com/ 1 KB
2 KB 73ms
73ms Fetch
application/json 2606:4700:4400::6812:2819
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.sbc.sage.com/import-map.json

Requested by

Host: assets.sbc.sage.com
URL: https://assets.sbc.sage.com/npm/systemjs@6.8.3/dist/system.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2819 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b2ae3036f0909d7a9e0d94288b9590a693f3c6199ef4822facc76947b0b6a3d4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' .sbc.sage.com app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com; script-src 'self' .sbc.sage.com id.sage.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-eu-static.storage.googleapis.com pendo-io-static.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com 'unsafe-inline'; style-src 'self' app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com 'unsafe-inline'; font-src 'self'; connect-src 'self' .sbc.sage.com id.sage.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net sbc-global-import-fileupload-production-eu-central-1.s3.eu-central-1.amazonaws.com sbc-global-import-fileupload-production-eu-west-1.s3.eu-west-1.amazonaws.com app.eu.pendo.io app.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com; frame-src 'self' .sbc.sage.com id.sage.com players.brightcove.net; frame-ancestors 'self' app.eu.pendo.io app.pendo.io; worker-src 'self' blob:; child-src 'self' blob:; object-src 'none';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://app.sbc.sage.com/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 10:35:16 GMT
via: 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
age: 67251
x-cache: Hit from cloudfront
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 26 Apr 2022 15:54:13 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"92d4e75226107ff89629e7e62f8fd19b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-type: application/json
cache-control: max-age=900,must-revalidate
permissions-policy
content-security-policy: default-src 'self'; img-src 'self' *.sbc.sage.com app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com; script-src 'self' *.sbc.sage.com id.sage.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-eu-static.storage.googleapis.com pendo-io-static.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com 'unsafe-inline'; style-src 'self' app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com 'unsafe-inline'; font-src 'self'; connect-src 'self' *.sbc.sage.com id.sage.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net sbc-global-import-fileupload-production-eu-central-1.s3.eu-central-1.amazonaws.com sbc-global-import-fileupload-production-eu-west-1.s3.eu-west-1.amazonaws.com app.eu.pendo.io app.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com; frame-src 'self' *.sbc.sage.com id.sage.com players.brightcove.net; frame-ancestors 'self' app.eu.pendo.io app.pendo.io; worker-src 'self' blob:; child-src 'self' blob:; object-src 'none';
x-amz-cf-pop: FRA56-P6
cf-ray: 7026e915995e01f0-ZRH
x-amz-cf-id: C64VAqJ--zI_gHyWFvTN5AYbKMtWGsnyNxPk3NZgfLTXF0Uybs8SBQ==

GET
H/1.1 200
OK pendo.js Show response
cdn.pendo.io/agent/static/d9fd84b8-298a-4953-694c-9b6541df2884/ 460 KB
142 KB 231ms
54ms Script
application/javascript 2600:9000:2315:7e00:1f:aa31:7740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pendo.io/agent/static/d9fd84b8-298a-4953-694c-9b6541df2884/pendo.js
Requested by: Host: app.sbc.sage.com
URL: https://app.sbc.sage.com/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:7e00:1f:aa31:7740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 8ddf25efb7b9c2e9231bfa7d46a679a3b2806d2137adbd4b9baa9f4cfe85ba0b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://app.sbc.sage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Wed, 27 Apr 2022 10:35:16 GMT
Content-Encoding: gzip
Age: 329
X-GUploader-UploadID: ADPycdvjC2_som6Q0PQdeul0O4Ufwzq0Ck6xK9tr2nUQwHs2Vj6EiGBfgC6Qo0Ba0Ls3-5LNxfIw0YJdSBJN8qmWLez3dg
X-Cache: Hit from cloudfront
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
Connection: keep-alive
Content-Length: 144891
Access-Control-Allow-Origin: *
Last-Modified: Tue, 26 Apr 2022 19:18:46 GMT
Server: UploadServer
ETag: "272a93083f76390087e2cc9b02894e5c"
Vary: Accept-Encoding
x-goog-hash: crc32c=/plY0A==, md5=JyqTCD92OQCH4sybAolOXA==
x-goog-generation: 1651000726346136
Via: 1.1 7dc1e6ca5d933ea10694c61d8475b502.cloudfront.net (CloudFront)
Access-Control-Expose-Headers: *
Cache-Control: max-age=450
x-goog-stored-content-length: 144891
X-Amz-Cf-Pop: DUS51-P2
Accept-Ranges: bytes
Content-Type: application/javascript
X-Amz-Cf-Id: oqE3NJWS7ORZFwLva2hCkbx8sntq-0KuwgbAiZ3TgTqpBgR9e-P8Ww==
Expires: Wed, 27 Apr 2022 10:37:17 GMT

GET
H2 200 index.js Show response
app.sbc.sage.com/ 56 KB
17 KB 80ms
80ms Script
application/javascript 2606:4700:4400::6812:2819
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.sbc.sage.com/index.js

Requested by

Host: app.sbc.sage.com
URL: https://app.sbc.sage.com/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2819 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9c63acfedaf4bcb4cb6806a22ee36c947fd7bf3ce8cf9543fb0c81d8f59b1aed

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' .sbc.sage.com app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com; script-src 'self' .sbc.sage.com id.sage.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-eu-static.storage.googleapis.com pendo-io-static.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com 'unsafe-inline'; style-src 'self' app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com 'unsafe-inline'; font-src 'self'; connect-src 'self' .sbc.sage.com id.sage.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net sbc-global-import-fileupload-production-eu-central-1.s3.eu-central-1.amazonaws.com sbc-global-import-fileupload-production-eu-west-1.s3.eu-west-1.amazonaws.com app.eu.pendo.io app.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com; frame-src 'self' .sbc.sage.com id.sage.com players.brightcove.net; frame-ancestors 'self' app.eu.pendo.io app.pendo.io; worker-src 'self' blob:; child-src 'self' blob:; object-src 'none';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://app.sbc.sage.com/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 10:35:16 GMT
via: 1.1 ab68583a58d574d6a9e5fca1fb1e6316.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
age: 67251
x-cache: Hit from cloudfront
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 26 Apr 2022 15:54:13 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"bfb65ad85c26e6e3ffe3b59c4d55cbe6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-type: application/javascript
cache-control: max-age=900,must-revalidate
permissions-policy
content-security-policy: default-src 'self'; img-src 'self' *.sbc.sage.com app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com; script-src 'self' *.sbc.sage.com id.sage.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-eu-static.storage.googleapis.com pendo-io-static.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com 'unsafe-inline'; style-src 'self' app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com 'unsafe-inline'; font-src 'self'; connect-src 'self' *.sbc.sage.com id.sage.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net sbc-global-import-fileupload-production-eu-central-1.s3.eu-central-1.amazonaws.com sbc-global-import-fileupload-production-eu-west-1.s3.eu-west-1.amazonaws.com app.eu.pendo.io app.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com; frame-src 'self' *.sbc.sage.com id.sage.com players.brightcove.net; frame-ancestors 'self' app.eu.pendo.io app.pendo.io; worker-src 'self' blob:; child-src 'self' blob:; object-src 'none';
x-amz-cf-pop: FRA56-P6
cf-ray: 7026e9160a0e01f0-ZRH
x-amz-cf-id: 6VY8gJDnvXZpQD_GjH5llXF8m0NtY8a_L1tTAqEn7eeH0bSjZJIslg==

GET
H2 200 index.js Show response
assets.sbc.sage.com/sbc.core.authentication.ui/2.0.1/ 81 KB
27 KB 204ms
109ms Script
application/javascript 2606:4700:4400::ac40:93e7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.sbc.sage.com/sbc.core.authentication.ui/2.0.1/index.js
Requested by: Host: app.sbc.sage.com
URL: https://app.sbc.sage.com/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:93e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ec2203b8e09d0079f268128d9ee24bfc393c325f0d78dd625951593cdfd8934

Request headers

Referer: https://app.sbc.sage.com/
Origin: https://app.sbc.sage.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 10:35:17 GMT
via: 1.1 d2f47ea7c79de35229ffbfc6942082c0.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
age: 6326347
x-cache: Hit from cloudfront
content-encoding: gzip
last-modified: Tue, 22 Jun 2021 10:24:56 GMT
server: cloudflare
etag: W/"73a907852c010e433d5b3260906d9c49"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: https://app.sbc.sage.com
access-control-allow-credentials: true
x-amz-cf-pop: DUS51-P1
cf-ray: 7026e9173c180221-ZRH
x-amz-cf-id: _6SSysaBmJVexcCKouDvokettQBQvt0-fhcV2beAbMhKG1KplDjLhg==

GET
H2 200 index.js Show response
assets.sbc.sage.com/sbc.core.scene.ui/1.2.0/ 39 KB
13 KB 218ms
123ms Script
application/javascript 2606:4700:4400::ac40:93e7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.sbc.sage.com/sbc.core.scene.ui/1.2.0/index.js
Requested by: Host: app.sbc.sage.com
URL: https://app.sbc.sage.com/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:93e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6ce96f09d38ca0381077569816b4df877520e6a54ca6dca73f75671bd40d84a7

Request headers

Referer: https://app.sbc.sage.com/
Origin: https://app.sbc.sage.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 10:35:17 GMT
via: 1.1 9135737f9852a1a33e45e8c90861e8be.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
age: 6324612
x-cache: Hit from cloudfront
content-encoding: gzip
last-modified: Tue, 07 Dec 2021 16:56:36 GMT
server: cloudflare
etag: W/"1807fa5e63d5de370e34bee89b6f5975"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: https://app.sbc.sage.com
access-control-allow-credentials: true
x-amz-cf-pop: DUS51-P1
cf-ray: 7026e9174c1d0221-ZRH
x-amz-cf-id: fi_h59FWE8mpfjcbOKntIWcaAXoMNXxgHdmqUq1b4A7zwqMMy5Unrg==

GET
H2 200 react.production.min.js Show response
assets.sbc.sage.com/npm/react@16.13.0/umd/ 12 KB
5 KB 73ms
73ms Script
application/javascript 2606:4700:4400::ac40:93e7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.sbc.sage.com/npm/react@16.13.0/umd/react.production.min.js

Requested by

Host: app.sbc.sage.com
URL: https://app.sbc.sage.com/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:93e7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df61a6c39ac10d7c8c8e0ffbdc5829ba4a1365d32bc6e616eed8fc69d6cdf33e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://app.sbc.sage.com/
Origin: https://app.sbc.sage.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 10:35:17 GMT
via: 1.1 9135737f9852a1a33e45e8c90861e8be.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
age: 9532837
x-jsd-version: 16.13.0
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-served-by: cache-fra19134-FRA
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"30af-PdQeRv5Wrr+mzPClFwc4E01l6K0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
x-amz-cf-pop: DUS51-P1
cf-ray: 7026e9180d170221-ZRH
x-amz-cf-id: PmRJJKkJceAN_2QiclFVnUrSFwzbb4WLVvAu2wCFp09sceG1mAtzvg==

GET root-service-worker.js
app.sbc.sage.com/ 0
0

GET
H2 200 index.js Show response
assets.sbc.sage.com/sbc.core.globalnav.ui/2.35.1/ 2 MB
439 KB 66ms
66ms Script
application/javascript 2606:4700:4400::ac40:93e7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.sbc.sage.com/sbc.core.globalnav.ui/2.35.1/index.js
Requested by: Host: app.sbc.sage.com
URL: https://app.sbc.sage.com/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:93e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2b5f7295b034c22952ca6066d394e0b45ca1aaf997fe513027de9b57488a1639

Request headers

Referer: https://app.sbc.sage.com/
Origin: https://app.sbc.sage.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 10:35:17 GMT
via: 1.1 9135737f9852a1a33e45e8c90861e8be.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
age: 69701
x-cache: Hit from cloudfront
content-encoding: gzip
last-modified: Tue, 26 Apr 2022 10:36:24 GMT
server: cloudflare
etag: W/"89c2897051f29b39e909c395dda48c94"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: https://app.sbc.sage.com
access-control-allow-credentials: true
x-amz-cf-pop: DUS51-P1
cf-ray: 7026e918adf40221-ZRH
x-amz-cf-id: -3X3eRjXZOQHTOCj59D9wvTFRFfQDsJR79HhnS-PLi15VDu-ynIq9g==

GET
BLOB 200
OK 14eee29e-e24d-4f4f-aefa-5e681bb97785
https://app.sbc.sage.com/ 4 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://app.sbc.sage.com/14eee29e-e24d-4f4f-aefa-5e681bb97785
Requested by: Host: app.sbc.sage.com
URL: https://app.sbc.sage.com/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ce88bd4dc97853138f406b5c2ba6a19d495fbb236375ea395aa08da66441b428

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Content-Length: 3900
Content-Type: application/javascript

GET
H2 200 react-dom.production.min.js Show response
assets.sbc.sage.com/npm/react-dom@16.13.0/umd/ 116 KB
38 KB 79ms
79ms Script
application/javascript 2606:4700:4400::ac40:93e7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.sbc.sage.com/npm/react-dom@16.13.0/umd/react-dom.production.min.js

Requested by

Host: app.sbc.sage.com
URL: https://app.sbc.sage.com/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:93e7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6e3438d9a73710dd06a8ae34a42f601a2fd88b1bcac99db8a8c3fff478865bbc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://app.sbc.sage.com/
Origin: https://app.sbc.sage.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 10:35:17 GMT
via: 1.1 9135737f9852a1a33e45e8c90861e8be.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
age: 15860887
x-jsd-version: 16.13.0
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-served-by: cache-fra19143-FRA
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"1cf4f-WPOBYPb6DskoqH8J9BSB+53Ki+M"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
x-amz-cf-pop: DUS51-P1
cf-ray: 7026e919ef900221-ZRH
x-amz-cf-id: H7T7Hc_kb0zG-wsWlQZsyDBroXoMD4wR-Z_5rg20n7wEYy8L-0lQlg==

GET
H2 200 styled-components.min.js Show response
assets.sbc.sage.com/npm/styled-components@4.4.1/dist/ 44 KB
17 KB 101ms
101ms Script
application/javascript 2606:4700:4400::ac40:93e7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.sbc.sage.com/npm/styled-components@4.4.1/dist/styled-components.min.js

Requested by

Host: app.sbc.sage.com
URL: https://app.sbc.sage.com/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:93e7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0d09fdb3dd81f69d21c5a4469bcfa85fb908bb0dc25a5ebe3e7d8613ac77cb8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://app.sbc.sage.com/
Origin: https://app.sbc.sage.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 10:35:17 GMT
via: 1.1 bf943aab70e585412f7a215fb0a10790.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
age: 11734452
x-jsd-version: 4.4.1
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-served-by: cache-fra19142-FRA
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"b069-8KivllFTPvvSEgxikXFQ+OMVjk8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
x-amz-cf-pop: DUS51-P1
cf-ray: 7026e919ef930221-ZRH
x-amz-cf-id: CfcWH13tcEtOrDtVtPhzdVhn-wlAIU_vSvHOg0q6qqayFOI5zNQt-g==

GET
H2 200 messaging-error-404.png
assets.sbc.sage.com/sbc.core.globalnav.ui/2.35.1/images/ 41 KB
42 KB 126ms
126ms Image
image/png 2606:4700:4400::6812:2819
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.sbc.sage.com/sbc.core.globalnav.ui/2.35.1/images/messaging-error-404.png
Requested by: Host: app.sbc.sage.com
URL: https://app.sbc.sage.com/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:2819 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e08c12585c5609681836f50e0e0e3dcca594d1a91e20525a701d39c0e912e316

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://app.sbc.sage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 10:35:17 GMT
via: 1.1 d63ea68c8b7458d49fe25f66ef7f0a5e.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
last-modified: Tue, 26 Apr 2022 10:36:24 GMT
server: cloudflare
x-amz-cf-pop: FRA60-P3
etag: "0c3b747a5b2574d5086794e71b7753aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-cache: Miss from cloudfront
content-type: image/png
accept-ranges: bytes
cf-ray: 7026e91c3c0401f0-ZRH
content-length: 42456
x-amz-cf-id: nUWdS9nKTx321W_XkgqfJjF0h5bjA-9owYR8d2a2PkIQW2IBRuXDeg==

GET
H2 200 carbon-icons-webfont-77_2_0.woff
app.sbc.sage.com/fonts/ 23 KB
12 KB 86ms
86ms Font
application/font-woff 2606:4700:4400::6812:2819
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.sbc.sage.com/fonts/carbon-icons-webfont-77_2_0.woff

Requested by

Host: app.sbc.sage.com
URL: https://app.sbc.sage.com/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2819 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

acb63808c9359a136ad4f973db83a6ce71763acc813c23ffeb67ad5211a3b4db

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' .sbc.sage.com app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com; script-src 'self' .sbc.sage.com id.sage.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-eu-static.storage.googleapis.com pendo-io-static.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com 'unsafe-inline'; style-src 'self' app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com 'unsafe-inline'; font-src 'self'; connect-src 'self' .sbc.sage.com id.sage.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net sbc-global-import-fileupload-production-eu-central-1.s3.eu-central-1.amazonaws.com sbc-global-import-fileupload-production-eu-west-1.s3.eu-west-1.amazonaws.com app.eu.pendo.io app.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com; frame-src 'self' .sbc.sage.com id.sage.com players.brightcove.net; frame-ancestors 'self' app.eu.pendo.io app.pendo.io; worker-src 'self' blob:; child-src 'self' blob:; object-src 'none';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://app.sbc.sage.com/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00
Origin: https://app.sbc.sage.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 10:35:17 GMT
via: 1.1 dd09b3b5f5b8dc626e1ba6804a73af40.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
age: 7738
x-cache: Hit from cloudfront
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 26 Apr 2022 15:54:13 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"15ea76e2447f98b5110ee978a864855a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-type: application/font-woff
cache-control: max-age=900,must-revalidate
permissions-policy
content-security-policy: default-src 'self'; img-src 'self' *.sbc.sage.com app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com; script-src 'self' *.sbc.sage.com id.sage.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-eu-static.storage.googleapis.com pendo-io-static.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com 'unsafe-inline'; style-src 'self' app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com 'unsafe-inline'; font-src 'self'; connect-src 'self' *.sbc.sage.com id.sage.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net sbc-global-import-fileupload-production-eu-central-1.s3.eu-central-1.amazonaws.com sbc-global-import-fileupload-production-eu-west-1.s3.eu-west-1.amazonaws.com app.eu.pendo.io app.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com; frame-src 'self' *.sbc.sage.com id.sage.com players.brightcove.net; frame-ancestors 'self' app.eu.pendo.io app.pendo.io; worker-src 'self' blob:; child-src 'self' blob:; object-src 'none';
x-amz-cf-pop: FRA56-P6
cf-ray: 7026e91c4c0d01f0-ZRH
x-amz-cf-id: K6PYoQBojuGn7m8Km5zz8ayOFiQsyKrpRHHykGdCMQwY4xD08-RpyQ==

GET
H2 200 Lato-Black.woff2
app.sbc.sage.com/fonts/ 28 KB
28 KB 69ms
68ms Font
binary/octet-stream 2606:4700:4400::6812:2819
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.sbc.sage.com/fonts/Lato-Black.woff2

Requested by

Host: app.sbc.sage.com
URL: https://app.sbc.sage.com/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2819 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c16911984dce7909e91263930a1f34352a03476a6c58894a482f33aad91cd379

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' .sbc.sage.com app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com; script-src 'self' .sbc.sage.com id.sage.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-eu-static.storage.googleapis.com pendo-io-static.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com 'unsafe-inline'; style-src 'self' app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com 'unsafe-inline'; font-src 'self'; connect-src 'self' .sbc.sage.com id.sage.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net sbc-global-import-fileupload-production-eu-central-1.s3.eu-central-1.amazonaws.com sbc-global-import-fileupload-production-eu-west-1.s3.eu-west-1.amazonaws.com app.eu.pendo.io app.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com; frame-src 'self' .sbc.sage.com id.sage.com players.brightcove.net; frame-ancestors 'self' app.eu.pendo.io app.pendo.io; worker-src 'self' blob:; child-src 'self' blob:; object-src 'none';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://app.sbc.sage.com/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00
Origin: https://app.sbc.sage.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 10:35:17 GMT
via: 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
age: 7738
x-cache: Hit from cloudfront
content-length: 28284
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 26 Apr 2022 15:54:12 GMT
server: cloudflare
x-frame-options: DENY
etag: "e29067446336b1e58be582e29387da02"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-type: binary/octet-stream
cache-control: max-age=900,must-revalidate
permissions-policy
content-security-policy: default-src 'self'; img-src 'self' *.sbc.sage.com app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com; script-src 'self' *.sbc.sage.com id.sage.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-eu-static.storage.googleapis.com pendo-io-static.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com 'unsafe-inline'; style-src 'self' app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com 'unsafe-inline'; font-src 'self'; connect-src 'self' *.sbc.sage.com id.sage.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net sbc-global-import-fileupload-production-eu-central-1.s3.eu-central-1.amazonaws.com sbc-global-import-fileupload-production-eu-west-1.s3.eu-west-1.amazonaws.com app.eu.pendo.io app.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com; frame-src 'self' *.sbc.sage.com id.sage.com players.brightcove.net; frame-ancestors 'self' app.eu.pendo.io app.pendo.io; worker-src 'self' blob:; child-src 'self' blob:; object-src 'none';
x-amz-cf-pop: FRA56-P6
accept-ranges: bytes
cf-ray: 7026e91c4c0f01f0-ZRH
x-amz-cf-id: al7d2FHcoTKzS4MmZlJ_S5GYRNvx-3_NnrNWZfWLnDZyvmfq1zwhsg==

GET
H2 200 Lato-Bold.woff2
app.sbc.sage.com/fonts/ 28 KB
28 KB 115ms
115ms Font
binary/octet-stream 2606:4700:4400::6812:2819
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.sbc.sage.com/fonts/Lato-Bold.woff2

Requested by

Host: app.sbc.sage.com
URL: https://app.sbc.sage.com/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2819 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e47c34e4bb6a2fe7f50c02b0656e10666ded963f874015cb10ee1be923ea4448

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' .sbc.sage.com app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com; script-src 'self' .sbc.sage.com id.sage.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-eu-static.storage.googleapis.com pendo-io-static.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com 'unsafe-inline'; style-src 'self' app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com 'unsafe-inline'; font-src 'self'; connect-src 'self' .sbc.sage.com id.sage.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net sbc-global-import-fileupload-production-eu-central-1.s3.eu-central-1.amazonaws.com sbc-global-import-fileupload-production-eu-west-1.s3.eu-west-1.amazonaws.com app.eu.pendo.io app.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com; frame-src 'self' .sbc.sage.com id.sage.com players.brightcove.net; frame-ancestors 'self' app.eu.pendo.io app.pendo.io; worker-src 'self' blob:; child-src 'self' blob:; object-src 'none';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://app.sbc.sage.com/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00
Origin: https://app.sbc.sage.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 10:35:17 GMT
via: 1.1 3a4987afa567e120a2fa0d82969d4c0a.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
age: 15446
x-cache: Hit from cloudfront
content-length: 28676
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 26 Apr 2022 15:54:12 GMT
server: cloudflare
x-frame-options: DENY
etag: "12a234e87f37d441adc9bb2e3dec13de"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-type: binary/octet-stream
cache-control: max-age=900,must-revalidate
permissions-policy
content-security-policy: default-src 'self'; img-src 'self' *.sbc.sage.com app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com; script-src 'self' *.sbc.sage.com id.sage.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-eu-static.storage.googleapis.com pendo-io-static.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com 'unsafe-inline'; style-src 'self' app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com 'unsafe-inline'; font-src 'self'; connect-src 'self' *.sbc.sage.com id.sage.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net sbc-global-import-fileupload-production-eu-central-1.s3.eu-central-1.amazonaws.com sbc-global-import-fileupload-production-eu-west-1.s3.eu-west-1.amazonaws.com app.eu.pendo.io app.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com; frame-src 'self' *.sbc.sage.com id.sage.com players.brightcove.net; frame-ancestors 'self' app.eu.pendo.io app.pendo.io; worker-src 'self' blob:; child-src 'self' blob:; object-src 'none';
x-amz-cf-pop: FRA56-P6
accept-ranges: bytes
cf-ray: 7026e91c4c1001f0-ZRH
x-amz-cf-id: gEMfnMBeewlOV-wzooQ6Bj4hVUgEKuHwwSaJp7mwtXuo-NUvwOb-mQ==

GET
H2 200 Lato-Regular.woff2
app.sbc.sage.com/fonts/ 29 KB
30 KB 88ms
87ms Font
binary/octet-stream 2606:4700:4400::6812:2819
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.sbc.sage.com/fonts/Lato-Regular.woff2

Requested by

Host: app.sbc.sage.com
URL: https://app.sbc.sage.com/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2819 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

76df5b67646f4f0f999d4e1c482ab2007b948f3b9acc2c8a207bfdb214103855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' .sbc.sage.com app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com; script-src 'self' .sbc.sage.com id.sage.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-eu-static.storage.googleapis.com pendo-io-static.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com 'unsafe-inline'; style-src 'self' app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com 'unsafe-inline'; font-src 'self'; connect-src 'self' .sbc.sage.com id.sage.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net sbc-global-import-fileupload-production-eu-central-1.s3.eu-central-1.amazonaws.com sbc-global-import-fileupload-production-eu-west-1.s3.eu-west-1.amazonaws.com app.eu.pendo.io app.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com; frame-src 'self' .sbc.sage.com id.sage.com players.brightcove.net; frame-ancestors 'self' app.eu.pendo.io app.pendo.io; worker-src 'self' blob:; child-src 'self' blob:; object-src 'none';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://app.sbc.sage.com/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00
Origin: https://app.sbc.sage.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Wed, 27 Apr 2022 10:35:17 GMT
via: 1.1 6b85d8725dd6471c3db1f65d4096afc4.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
age: 67249
x-cache: Hit from cloudfront
content-length: 29188
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 26 Apr 2022 15:54:13 GMT
server: cloudflare
x-frame-options: DENY
etag: "69279aef7fbc11101022a9f06079bbbf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-type: binary/octet-stream
cache-control: max-age=900,must-revalidate
permissions-policy
content-security-policy: default-src 'self'; img-src 'self' *.sbc.sage.com app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com; script-src 'self' *.sbc.sage.com id.sage.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-eu-static.storage.googleapis.com pendo-io-static.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com 'unsafe-inline'; style-src 'self' app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com 'unsafe-inline'; font-src 'self'; connect-src 'self' *.sbc.sage.com id.sage.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net sbc-global-import-fileupload-production-eu-central-1.s3.eu-central-1.amazonaws.com sbc-global-import-fileupload-production-eu-west-1.s3.eu-west-1.amazonaws.com app.eu.pendo.io app.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com; frame-src 'self' *.sbc.sage.com id.sage.com players.brightcove.net; frame-ancestors 'self' app.eu.pendo.io app.pendo.io; worker-src 'self' blob:; child-src 'self' blob:; object-src 'none';
x-amz-cf-pop: FRA56-P6
accept-ranges: bytes
cf-ray: 7026e91c4c2001f0-ZRH
x-amz-cf-id: wpNXFMP3-e2xy8cs8hRs9yiHZOqoM7p5A2fgF5WbCr9SfLIK7KivnA==

GET
H2 200 nr-spa-1212.min.js Show response
js-agent.newrelic.com/ 44 KB
17 KB 89ms
28ms Script
application/javascript 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-spa-1212.min.js
Requested by: Host: app.sbc.sage.com
URL: https://app.sbc.sage.com/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ebfe453394ff1be6ef75d380ab7c5535aea0b51832d045f0d5d0ef7e6535969c

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://app.sbc.sage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-amz-version-id: wY72Ah.NJX5KzzqRFK3uhSo3Jh07tDe4
content-encoding: gzip
etag: "8bd93bf0ecb2f4e971a2055a41402bb6"
x-amz-request-id: NHQR3V1VBEEMR1KY
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 16636
x-amz-id-2: jXQQBiIqYgRmrFwfaD7K63XkExa87hXNwd65t7PPhjwR+R3OYwO9X0pCqKv7h2p1yrmpQ/UyVGA=
x-served-by: cache-lcy19230-LCY
last-modified: Thu, 04 Nov 2021 21:16:16 GMT
server: AmazonS3
x-timer: S1651055718.987609,VS0,VE0
date: Wed, 27 Apr 2022 10:35:17 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 493

GET
H/1.1 200
OK NRJS-3d18c6eb1cc8897bdc1 Show response
bam.nr-data.net/1/ 57 B
322 B 458ms
114ms Script
text/javascript 162.247.242.20
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/NRJS-3d18c6eb1cc8897bdc1?a=536226031&sa=1&v=1212.e95d35c&t=Unnamed%20Transaction&rst=2070&ck=1&ref=https://app.sbc.sage.com/index.php&be=773&fe=1971&dc=779&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1651055715941,%22n%22:0,%22f%22:113,%22dn%22:114,%22dne%22:114,%22c%22:114,%22s%22:159,%22ce%22:218,%22rq%22:218,%22rp%22:629,%22rpe%22:639,%22dl%22:632,%22di%22:779,%22ds%22:779,%22de%22:779,%22dc%22:1971,%22l%22:1971,%22le%22:1972%7D,%22navigation%22:%7B%7D%7D&fp=782&fcp=1853&jsonp=NREUM.setToken
Requested by: Host: app.sbc.sage.com
URL: https://app.sbc.sage.com/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.247.242.20 , United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS: bam-8.nr-data.net
Software: /
Resource Hash: 5e864c2e3f674c60970513411eaeeeafd2d615d842e65ec01d09ccfcb4a7b38d

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://app.sbc.sage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Cross-Origin-Resource-Policy: cross-origin
Content-Type: text/javascript;charset=iso-8859-1
Content-Length: 57
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H/1.1 200
OK NRJS-3d18c6eb1cc8897bdc1 Show response
bam.nr-data.net/events/1/ 24 B
183 B 115ms
114ms XHR
image/gif 162.247.242.20
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/events/1/NRJS-3d18c6eb1cc8897bdc1?a=536226031&sa=1&v=1212.e95d35c&t=Unnamed%20Transaction&rst=2541&ck=1&ref=https://app.sbc.sage.com/index.php
Requested by: Host: app.sbc.sage.com
URL: https://app.sbc.sage.com/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.247.242.20 , United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS: bam-8.nr-data.net
Software: /
Resource Hash: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer: https://app.sbc.sage.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
content-type: text/plain

Response headers

Access-Control-Allow-Origin: https://app.sbc.sage.com
Access-Control-Allow-Credentials: true
Content-Length: 24
Content-Type: image/gif

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: app.sbc.sage.com
URL: https://app.sbc.sage.com/root-service-worker.js

Verdicts & Comments Add Verdict or Comment

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.sbc.sage.com/	1970-01-20 02:37:37	Name: __cf_bm Value: KhgjjqlSjYzdw413zw4hpUQGnFU.uC3tUhdQ733G4Co-1651055717-0-ARc6bZPOauEob6cOViJsQytnmGo2F5WHL/8HbL+G03CEbNpMgsWlbFGpqpsELQRDGwanR72nIhaDyqcrMQJy5P0=
			.nr-data.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: 6e25adc0c78a9f23

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self'; img-src 'self' .sbc.sage.com app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com; script-src 'self' .sbc.sage.com id.sage.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-eu-static.storage.googleapis.com pendo-io-static.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com 'unsafe-inline'; style-src 'self' app.eu.pendo.io app.pendo.io cdn.eu.pendo.io cdn.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com 'unsafe-inline'; font-src 'self'; connect-src 'self' .sbc.sage.com id.sage.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net sbc-global-import-fileupload-production-eu-central-1.s3.eu-central-1.amazonaws.com sbc-global-import-fileupload-production-eu-west-1.s3.eu-west-1.amazonaws.com app.eu.pendo.io app.pendo.io data.eu.pendo.io data.pendo.io pendo-eu-static-6540045853392896.storage.googleapis.com pendo-static-6540045853392896.storage.googleapis.com; frame-src 'self' .sbc.sage.com id.sage.com players.brightcove.net; frame-ancestors 'self' app.eu.pendo.io app.pendo.io; worker-src 'self' blob:; child-src 'self' blob:; object-src 'none';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.sbc.sage.com
assets.sbc.sage.com
bam.nr-data.net
cdn.pendo.io
js-agent.newrelic.com
app.sbc.sage.com
151.101.194.137
162.247.242.20
2600:9000:2315:7e00:1f:aa31:7740:93a1
2606:4700:4400::6812:2819
2606:4700:4400::ac40:93e7
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
0d09fdb3dd81f69d21c5a4469bcfa85fb908bb0dc25a5ebe3e7d8613ac77cb8f
0d4fb1b44c663281b646f71734a9655cb49ae083857eb7cc704c5fadfd2b47a9
2b5f7295b034c22952ca6066d394e0b45ca1aaf997fe513027de9b57488a1639
4b7814b98c55e89e1a4141087f0d037b542f4a57ad00ad128f8de38852e74104
5e864c2e3f674c60970513411eaeeeafd2d615d842e65ec01d09ccfcb4a7b38d
6ce96f09d38ca0381077569816b4df877520e6a54ca6dca73f75671bd40d84a7
6e3438d9a73710dd06a8ae34a42f601a2fd88b1bcac99db8a8c3fff478865bbc
76df5b67646f4f0f999d4e1c482ab2007b948f3b9acc2c8a207bfdb214103855
8ddf25efb7b9c2e9231bfa7d46a679a3b2806d2137adbd4b9baa9f4cfe85ba0b
8ec2203b8e09d0079f268128d9ee24bfc393c325f0d78dd625951593cdfd8934
97a0e2c58ab434668557d7c0dda9aa49578bea622b9935f141c053c846bb05ce
9c63acfedaf4bcb4cb6806a22ee36c947fd7bf3ce8cf9543fb0c81d8f59b1aed
acb63808c9359a136ad4f973db83a6ce71763acc813c23ffeb67ad5211a3b4db
b2ae3036f0909d7a9e0d94288b9590a693f3c6199ef4822facc76947b0b6a3d4
b950d42d6c00fec207c673b7d5d2bc4e102e2b8e8cacf9ab567f895e53177390
c16911984dce7909e91263930a1f34352a03476a6c58894a482f33aad91cd379
ce88bd4dc97853138f406b5c2ba6a19d495fbb236375ea395aa08da66441b428
df61a6c39ac10d7c8c8e0ffbdc5829ba4a1365d32bc6e616eed8fc69d6cdf33e
e08c12585c5609681836f50e0e0e3dcca594d1a91e20525a701d39c0e912e316
e47c34e4bb6a2fe7f50c02b0656e10666ded963f874015cb10ee1be923ea4448
ebfe453394ff1be6ef75d380ab7c5535aea0b51832d045f0d5d0ef7e6535969c
faf458dcada028341e6c98a52f71067328fb710a51d0f3acb69df9dbe93619af

app.sbc.sage.com Open in urlscan Pro 2606:4700:4400::6812:2819 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

24 Requests

92 %HTTPS

60 %IPv6

4 Domains

5 Subdomains

6 IPs

1 Countries

880 kBTransfer

3007 kBSize

2 Cookies

1 Outgoing links

Page URL History

Redirected requests

24 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

20 JavaScript Global Variables

2 Cookies

Security Headers

Indicators

app.sbc.sage.com Open in urlscan Pro
2606:4700:4400::6812:2819 Public Scan

Screenshot
Live screenshot

Full Image

24
Requests

92 %
HTTPS

60 %
IPv6

4
Domains

5
Subdomains

6
IPs

1
Countries

880 kB
Transfer

3007 kB
Size

2
Cookies

24 HTTP transactions
0 data transactions