research.jfrog.com
Open in
urlscan Pro
185.199.109.153
Public Scan
Effective URL: https://research.jfrog.com/vulnerabilities/mlflow-untrusted-dataset-xss-jfsa-2024-000631932/
Submission: On February 27 via api from IL — Scanned from IL
Summary
TLS certificate: Issued by R3 on January 2nd 2024. Valid for: 3 months.
This is the only time research.jfrog.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 19 | 185.199.109.153 185.199.109.153 | 54113 (FASTLY) (FASTLY) | |
2 | 142.250.186.40 142.250.186.40 | 15169 (GOOGLE) (GOOGLE) | |
5 | 23.37.63.218 23.37.63.218 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
1 | 216.239.36.21 216.239.36.21 | 15169 (GOOGLE) (GOOGLE) | |
5 | 162.13.202.201 162.13.202.201 | 15395 (RACKSPACE...) (RACKSPACE-LON) | |
31 | 5 |
ASN54113 (FASTLY, US)
PTR: cdn-185-199-109-153.github.com
research.jfrog.com |
ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f8.1e100.net
www.googletagmanager.com |
ASN16625 (AKAMAI-AS, US)
PTR: a23-37-63-218.deploy.static.akamaitechnologies.com
lonrtp1-cdn.marketo.com | |
rtp-static.marketo.com |
ASN15169 (GOOGLE, US)
PTR: any-in-2415.1e100.net
gtm.jfrog.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
20 |
jfrog.com
1 redirects
research.jfrog.com gtm.jfrog.com — Cisco Umbrella Rank: 303572 |
405 KB |
10 |
marketo.com
lonrtp1-cdn.marketo.com — Cisco Umbrella Rank: 81756 rtp-static.marketo.com — Cisco Umbrella Rank: 18986 lonrtp1.marketo.com — Cisco Umbrella Rank: 72931 |
124 KB |
2 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 40 |
196 KB |
31 | 3 |
Domain | Requested by | |
---|---|---|
19 | research.jfrog.com |
1 redirects
research.jfrog.com
|
5 | lonrtp1.marketo.com |
research.jfrog.com
rtp-static.marketo.com |
4 | rtp-static.marketo.com |
research.jfrog.com
|
2 | www.googletagmanager.com |
research.jfrog.com
|
1 | gtm.jfrog.com |
www.googletagmanager.com
|
1 | lonrtp1-cdn.marketo.com |
research.jfrog.com
|
31 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
twitter.com |
github.com |
jfrog.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
research.jfrog.com R3 |
2024-01-02 - 2024-04-01 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2024-02-05 - 2024-04-29 |
3 months | crt.sh |
*.marketo.com DigiCert TLS RSA SHA256 2020 CA1 |
2023-12-08 - 2024-12-11 |
a year | crt.sh |
gtm.jfrog.com GTS CA 1D4 |
2024-01-13 - 2024-04-12 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://research.jfrog.com/vulnerabilities/mlflow-untrusted-dataset-xss-jfsa-2024-000631932/
Frame ID: 4896A2D8D7FB734F5CFDF039D1CAB8F1
Requests: 31 HTTP requests in this frame
Screenshot
Page Title
MLflow untrusted dataset XSS | JFSA-2024-000631932 - JFrog Security ResearchPage URL History Show full URLs
-
http://research.jfrog.com/vulnerabilities/mlflow-untrusted-dataset-xss-jfsa-2024-000631932/
HTTP 301
https://research.jfrog.com/vulnerabilities/mlflow-untrusted-dataset-xss-jfsa-2024-000631932/ Page URL
Detected technologies
Vue.js (JavaScript Frameworks) ExpandDetected patterns
- <[^>]+\sdata-v(?:ue)?-
- vue[.-]([\d.]*\d)[^/]*\.js
Google Analytics (Analytics) Expand
Detected patterns
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/gtm\.js
- googletagmanager\.com/gtag/js
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Title: Follow JFrog Security
Search URL Search Domain Scan URL
Title: Fix PR
Search URL Search Domain Scan URL
Title: Terms of Use
Search URL Search Domain Scan URL
Title: Cookies Policy
Search URL Search Domain Scan URL
Title: Privacy Policy
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://research.jfrog.com/vulnerabilities/mlflow-untrusted-dataset-xss-jfsa-2024-000631932/
HTTP 301
https://research.jfrog.com/vulnerabilities/mlflow-untrusted-dataset-xss-jfsa-2024-000631932/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
31 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
research.jfrog.com/vulnerabilities/mlflow-untrusted-dataset-xss-jfsa-2024-000631932/ Redirect Chain
|
18 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0.styles.ee79b767.css
research.jfrog.com/assets/css/ |
92 KB 59 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.eab0b0b8.js
research.jfrog.com/assets/js/ |
229 KB 90 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
page--src--templates--post-vue.a6f69f84.js
research.jfrog.com/assets/js/ |
10 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
page--src--pages--404-vue.77816cba.js
research.jfrog.com/assets/js/ |
0 6 KB |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
page--src--pages--index-vue.459f3137.js
research.jfrog.com/assets/js/ |
0 49 KB |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
page--src--pages--index-vue~page--src--pages--malicious-packages-vue.5e25d45d.js
research.jfrog.com/assets/js/ |
0 31 KB |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
page--src--pages--malicious-packages-vue.9848d295.js
research.jfrog.com/assets/js/ |
0 4 KB |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
page--src--pages--oss-vue.18b64a67.js
research.jfrog.com/assets/js/ |
0 17 KB |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
page--src--pages--vulnerabilities-vue.a81d19e8.js
research.jfrog.com/assets/js/ |
0 15 KB |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendors~page--src--pages--index-vue.c7ec8625.js
research.jfrog.com/assets/js/ |
0 79 KB |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
speedsize-local.js
research.jfrog.com/ |
22 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jfrog-logo-svg.5788598.74a3bea875bf053c65a0663c9ec9a0fd.svg
research.jfrog.com/assets/static/ |
7 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtm.js
www.googletagmanager.com/ |
369 KB 109 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
roboto-latin-400-normal.aa23b7b4.woff2
research.jfrog.com/assets/fonts/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
roboto-latin-700-normal.bf28241e.woff2
research.jfrog.com/assets/fonts/ |
15 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
twitter.e0519be.9769aec62433fd58c76ad32c2d613842.svg
research.jfrog.com/assets/static/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.json
research.jfrog.com/assets/data/ |
0 203 B |
Other
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.json
research.jfrog.com/assets/data/vulnerabilities/ |
0 261 B |
Other
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
266 KB 87 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
rtp.js
lonrtp1-cdn.marketo.com/rtp-api/v1/ |
155 KB 42 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collect
gtm.jfrog.com/g/ |
65 B 698 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
rtp-static.marketo.com/rtp/libs/jquery/1.8.3/ |
91 KB 33 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-ui-insightera-custom-1.9.6.css
rtp-static.marketo.com/rtp/libs/ |
22 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
trw
lonrtp1.marketo.com/gw1/ |
0 436 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ga-integration-2.0.5.js
rtp-static.marketo.com/rtp/libs/ |
18 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
msg
lonrtp1.marketo.com/gw1/ |
0 427 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-custom-ui.min.js
rtp-static.marketo.com/rtp/libs/jqueryui/1.9.2f/ |
126 KB 35 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
msg
lonrtp1.marketo.com/gw1/ |
0 427 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
visitor
lonrtp1.marketo.com/gw1/rtp/api/v1_1/ |
904 B 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sgm
lonrtp1.marketo.com/gw1/ga/ |
48 B 502 B |
XHR
text/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
42 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| __INITIAL_STATE__ object| webpackJsonp object| dataLayer object| google_tag_manager function| postscribe object| google_tag_manager_external object| google_tag_data function| rtp object| gaGlobal function| getInternetExplorerVersion function| consoleMessage function| makeGetRequest function| createCORSRequest object| ITLocalStorageAPI object| InsighteraUtil object| iiq object| ibq object| trackObj function| isCurrentSession function| addDynamicScript function| rtpRCMD object| AITag object| aiq object| AIConfig function| setButtonWidthHeight function| getDirectionForWidgetSide function| updateWidget function| initialize function| showWidgetCampaign function| hide function| injectContent function| execute function| destroy object| InsighteraWidget function| setTimeoutFunction object| exp_2_year function| loadRichMediaImage undefined| $ undefined| jQuery function| alignElementPosition function| applyAttributeHeightToPics function| revertAttributeHeightToPics7 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.jfrog.com/ | Name: _ga_SQ1NR9VTFJ Value: GS1.1.1709078127.1.0.1709078127.0.0.0 |
|
.jfrog.com/ | Name: _ga Value: GA1.1.1407223070.1709078127 |
|
.jfrog.com/ | Name: trwv.uid Value: jfrog-1709078127549-b040ded9%3A1 |
|
.jfrog.com/ | Name: trwsa.sid Value: jfrog-1709078127550-95055490%3A1 |
|
.jfrog.com/ | Name: FPID Value: FPID2.2.T6cJQNVsN0IlIgkJGia2Y0XnWTIeKmgn%2B5PurXyH%2BBs%3D.1709078127 |
|
.jfrog.com/ | Name: FPLC Value: A1MQekNryc6oPStWQXo3f0A4DmySAZ%2Bqmb1Djeo%2BBEb59fDnAQKaMizsoxflZnrUuUTFBSePL%2FkYEagn%2BRfhUgoNZEuS1CKG9QvIs7LMRbRaYl9r7TsmRcwslS0U0g%3D%3D |
|
.jfrog.com/ | Name: gtmIdnts Value: %7B%22ga_cid%22%3A%221407223070.1709078127%22%2C%22ga_fpid%22%3A%22T6cJQNVsN0IlIgkJGia2Y0XnWTIeKmgn%2B5PurXyH%2BBs%3D.1709078127%22%2C%22ga_session_id%22%3A%221709078127%22%7D |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
gtm.jfrog.com
lonrtp1-cdn.marketo.com
lonrtp1.marketo.com
research.jfrog.com
rtp-static.marketo.com
www.googletagmanager.com
142.250.186.40
162.13.202.201
185.199.109.153
216.239.36.21
23.37.63.218
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
25b4e974dc91d718d1b66bf120388c20da6dfd3a886ec8401af1c269dd169a44
339b2b60e94b6dc169fd9e5b68ac16b1ca08ef6a4968e98a0f43c2add405e79a
35f273e01e70db780ae423347dffecfc27cc348ba4abbd6099331559a7c5cd31
4e12d1b26d5ec76995de768c083e68845af7c080a72a5755fb5106e959bf7552
55b4a50612be7be04e3666639848b92dd23e6b07138f6bcb0e9d5c0b6bb2dd8d
5e8db02ea46111606594050d3e2d25ec2b3ed1b8ef85a53877a11ec01262ac6d
60ff7a3beaced3f2346c7c3b676aece09bfbebeb06d4cdcf8dfbdca943fa407d
61c6caebd23921741fb5ffe6603f16634fca9840c2bf56ac8201e9264d6daccf
865b5bb8206915cb78af5b067bbb9e15dacd29b76fb1017928221f82016ebb60
8d978f68e9d7d217c6b7080506d565b9fa0112657bc4fa128fbd57d179712d67
ac5027e4fd9c4d3ebf93e310d2d1e766b6260ed27ca487312bf4134c0f88fed9
ad139faddadf76bbfb0385518f28c1d8b601ae70ce188dc7381b2ebee9b4af1b
bf6806d8c92e228249230195772afe2e68791d52763b782be9aa2855fab3b641
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
d2b38468c9a6f18bbc8bf8b2b2d9f792857abd9f3c197978aefe643fca619f34
d6c503df73be4c3a093c3cd889641fab52b6c62a62bcb5d05ba5fb9c65cca6b5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c
fe8231bb10228e33951b2fa88d60bc4daccaddaba86a9819ec37810b2714f12f