urlscan.io logo urlscan.io
SecurityTrails logo

blog.semmle.com Open in urlscan Pro
2606:4700:20::6819:db14  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://lgtm.com/blog/apache_struts_CVE-2017-9805
Effective URL: https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
Submission: On October 29 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 2 countries across 10 domains to perform 38 HTTP transactions. The main IP is 2606:4700:20::6819:db14, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is blog.semmle.com.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on March 26th 2019. Valid for: a year.
This is the only time blog.semmle.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2001:4860:480... 15169 (GOOGLE)
25 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
4 2606:4700::68... 13335 (CLOUDFLAR...)
38 11
1    2001:4860:4802:32::15 (United States)

ASN15169 (GOOGLE - Google LLC, US)
lgtm.com
25    2606:4700:20::6819:db14 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
blog.semmle.com
1    2a00:1450:4001:806::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
www.googletagmanager.com
1    2606:4700::6811:d3cc (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
js.hs-scripts.com
1    2606:4700::6811:47b0 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
js.hs-analytics.net
1    2606:4700::6811:7fab (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
js.hscollectedforms.net
1    2606:4700::6811:eecc (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
js.usemessages.com
1    2606:4700::6810:fc05 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
api.hubspot.com
2    2606:4700::6810:fa05 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
track.hubspot.com
1    2606:4700::6811:b949 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
js.hsforms.net
4    2606:4700::6810:5705 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
forms.hsforms.com
Domain Requested by
25 blog.semmle.com blog.semmle.com
4 forms.hsforms.com js.hsforms.net
2 track.hubspot.com
1 js.hsforms.net blog.semmle.com
1 api.hubspot.com js.usemessages.com
1 js.usemessages.com js.hs-scripts.com
1 js.hscollectedforms.net js.hs-scripts.com
1 js.hs-analytics.net js.hs-scripts.com
1 js.hs-scripts.com www.googletagmanager.com
1 www.googletagmanager.com blog.semmle.com
1 lgtm.com 1 redirects
38 11
Subject Issuer Validity Valid
semmle.com
CloudFlare Inc ECC CA-2		 2019-03-26 -
2020-03-26		 a year crt.sh
*.google-analytics.com
GTS CA 1O1		 2019-10-10 -
2020-01-02		 3 months crt.sh
ssl817718.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2019-08-13 -
2020-02-19		 6 months crt.sh
ssl803670.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2019-05-29 -
2019-12-05		 6 months crt.sh
ssl803673.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2019-05-29 -
2019-12-05		 6 months crt.sh
ssl817703.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2019-08-13 -
2020-02-19		 6 months crt.sh
hubspot.com
CloudFlare Inc ECC CA-2		 2019-08-28 -
2020-08-27		 a year crt.sh
ssl766686.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2019-06-28 -
2020-01-04		 6 months crt.sh
ssl431287.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2019-07-24 -
2020-01-30		 6 months crt.sh

This page contains 1 frames:

Primary Page: https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
Frame ID: FE182C12CB8B39C406EA3CBBE62D7104
Requests: 42 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://lgtm.com/blog/apache_struts_CVE-2017-9805 HTTP 301
    https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

38
Requests

100 %
HTTPS

100 %
IPv6

10
Domains

11
Subdomains

11
IPs

2
Countries

1826 kB
Transfer

3465 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://lgtm.com/blog/apache_struts_CVE-2017-9805 HTTP 301
    https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

38 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
Redirect Chain
  • https://lgtm.com/blog/apache_struts_CVE-2017-9805
  • https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
333 KB
186 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:db14 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
21dd641369e4a9c6d12bb4819dd48ef74ba4bbbedc9d9fbb5be34e698803d6a1

Request headers

:method
GET
:authority
blog.semmle.com
:scheme
https
:path
/apache-struts-vulnerability-cve-2017-9805/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36
sec-fetch-mode
navigate
sec-fetch-user
?1
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
none
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1

Response headers

status
200
date
Tue, 29 Oct 2019 17:53:07 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=d3e4a8a93967dc990c4b6d6d7132d41c71572371587; expires=Wed, 28-Oct-20 17:53:07 GMT; path=/; domain=.semmle.com; HttpOnly; Secure
x-powered-by
Express
cache-control
public, max-age=0
last-modified
Thu, 17 Oct 2019 19:09:06 GMT
etag
W/"534c5-16ddb1fa050"
via
1.1 vegur
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
52d701d5884ecbcc-VIE
content-encoding
br

Redirect headers

status
301
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block; report=https://lgtm.com/browser_report/
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://stats.g.doubleclick.net https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hs-analytics.net https://js.usemessages.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://www.gravatar.com https://img.shields.io https://www.google-analytics.com https://stats.g.doubleclick.net https://track.hubspot.com; object-src 'none'; connect-src 'self' https://forms.hubspot.com https://storage.googleapis.com; font-src 'self'; media-src 'self'; manifest-src 'self'; frame-src https://www.youtube.com; report-uri https://lgtm.com/browser_report/; report-to https://lgtm.com/browser_report/
referrer-policy
same-origin
strict-transport-security
max-age=31536000; includeSubDomains
set-cookie
lgtm_short_session=4baf3f273bb8d3a5af57720a53ed9c9ac8e8dcc27b847adedbe475b643ff9ca22507cbd4aa6d94f79291e749a1b00e66c3381b887070ef32ef3ec2e2fb021865;Path=/;Secure;HttpOnly lgtm_long_session=5fbd684560eb2643bed33c0c93957a3137bf69b2d210901632d184860ec32bc4b94c38c328e74b648ab6a60f1a6ba205a5b2af04d175ddba1194e55424b31983;Path=/;Expires=Wed, 28-Oct-2020 17:53:07 GMT;Secure;HttpOnly
expires
Fri, 01 Jan 1990 00:00:00 GMT
x-deploy-time
1572365799000
location
https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
x-cloud-trace-context
21ca03b61c3fe21999d0258ebf640267
date
Tue, 29 Oct 2019 17:53:07 GMT
pragma
no-cache
cache-control
no-cache, must-revalidate
content-type
text/html
server
Google Frontend
content-length
0
gtm.js
www.googletagmanager.com/ 		78 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-K53TDXZ
Requested by
Host: blog.semmle.com
URL: https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
f742c6ade769ca01ac15c88ecc290aaabb2917711686df263f740b8db9bbdf32
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

date
Tue, 29 Oct 2019 17:53:08 GMT
content-encoding
br
last-modified
Tue, 29 Oct 2019 15:00:00 GMT
server
Google Tag Manager
access-control-allow-headers
Cache-Control
status
200
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
http://www.googletagmanager.com
cache-control
private, max-age=900
access-control-allow-credentials
true
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
25922
x-xss-protection
0
expires
Tue, 29 Oct 2019 17:53:08 GMT
component---src-templates-post-page-jsx-2d8c0280cbd31f73495a.js
blog.semmle.com/ 		343 KB
114 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.semmle.com/component---src-templates-post-page-jsx-2d8c0280cbd31f73495a.js
Requested by
Host: blog.semmle.com
URL: https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:db14 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
0c45205d064663a1467946b6aede67d260494884478cfa2d3ab0121a87bb9b3a

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

cf-ray
52d701dc8d9dcbcc-VIE
date
Tue, 29 Oct 2019 17:53:09 GMT
via
1.1 vegur
etag
W/"55d47-16ddb19dbc0"
cf-cache-status
MISS
last-modified
Thu, 17 Oct 2019 19:02:48 GMT
server
cloudflare
x-powered-by
Express
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
status
200
cache-control
public, max-age=0
content-encoding
br
styles-11d111f5a66e6aab00bf.js
blog.semmle.com/ 		138 B
215 B 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.semmle.com/styles-11d111f5a66e6aab00bf.js
Requested by
Host: blog.semmle.com
URL: https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:db14 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
f801f7cdfd52084d4638f9c0ae0e89f86388c86d7cbe7b38d5f69663999e48fd

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

cf-ray
52d701dc8da2cbcc-VIE
date
Tue, 29 Oct 2019 17:53:09 GMT
via
1.1 vegur
etag
W/"8a-16ddb19dbc0"
cf-cache-status
MISS
last-modified
Thu, 17 Oct 2019 19:02:48 GMT
server
cloudflare
x-powered-by
Express
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
status
200
cache-control
public, max-age=0
content-encoding
br
commons-e4e62211b5c63a28e533.js
blog.semmle.com/ 		860 KB
373 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.semmle.com/commons-e4e62211b5c63a28e533.js
Requested by
Host: blog.semmle.com
URL: https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:db14 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
244b0fe1310cb0a4410791eb6968b12cb0ac631e02c49e0fdbdd66230dc9d1b4

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

cf-ray
52d701dc8da4cbcc-VIE
date
Tue, 29 Oct 2019 17:53:09 GMT
via
1.1 vegur
etag
W/"d6f30-16ddb19dbc0"
cf-cache-status
MISS
last-modified
Thu, 17 Oct 2019 19:02:48 GMT
server
cloudflare
x-powered-by
Express
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
status
200
cache-control
public, max-age=0
content-encoding
br
app-64fa78067a1852190e2c.js
blog.semmle.com/ 		89 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.semmle.com/app-64fa78067a1852190e2c.js
Requested by
Host: blog.semmle.com
URL: https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:db14 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
a579f7f036c288f7b6645ca745e6bc234f66adec86ec5978024407b54054ef95

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

cf-ray
52d701dc8da7cbcc-VIE
date
Tue, 29 Oct 2019 17:53:09 GMT
via
1.1 vegur
etag
W/"164ec-16ddb19dbc0"
cf-cache-status
MISS
last-modified
Thu, 17 Oct 2019 19:02:48 GMT
server
cloudflare
x-powered-by
Express
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
status
200
cache-control
public, max-age=0
content-encoding
br
webpack-runtime-3917ae85b5b523b5670a.js
blog.semmle.com/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.semmle.com/webpack-runtime-3917ae85b5b523b5670a.js
Requested by
Host: blog.semmle.com
URL: https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:db14 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
ec98cd2ff5e25108dcf6204c2480d54b0b1157762d85af1d6a9254160025ae9d

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

cf-ray
52d701dc8da9cbcc-VIE
date
Tue, 29 Oct 2019 17:53:09 GMT
via
1.1 vegur
etag
W/"1028-16ddb19dbc0"
cf-cache-status
MISS
last-modified
Thu, 17 Oct 2019 19:02:48 GMT
server
cloudflare
x-powered-by
Express
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
status
200
cache-control
public, max-age=0
content-encoding
br
page-data.json
blog.semmle.com/page-data/apache-struts-vulnerability-cve-2017-9805/ 		18 KB
6 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://blog.semmle.com/page-data/apache-struts-vulnerability-cve-2017-9805/page-data.json
Requested by
Host: blog.semmle.com
URL: https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:db14 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
a8bfa7962a5fe75309cda60cf5402470b4b529985e047acbd0a21db4b8e40a11

Request headers

Sec-Fetch-Mode
cors
Referer
https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
Origin
https://blog.semmle.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

date
Tue, 29 Oct 2019 17:53:09 GMT
via
1.1 vegur
etag
W/"460e-16ddb1a5ca8"
cf-cache-status
DYNAMIC
last-modified
Thu, 17 Oct 2019 19:03:21 GMT
server
cloudflare
x-powered-by
Express
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray
52d701dc8dabcbcc-VIE
content-type
application/json; charset=UTF-8
status
200
cache-control
public, max-age=0
content-encoding
br
double_calculator.png
blog.semmle.com/static/9e6d8f06c8344610be2e5cf62df9e4e6/e4982/ 		88 KB
88 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.semmle.com/static/9e6d8f06c8344610be2e5cf62df9e4e6/e4982/double_calculator.png
Requested by
Host: blog.semmle.com
URL: https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:db14 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
e15d4cfa7671ea99087c8d2c06e570c31ee6afe433a928a04062725628b79557

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

date
Tue, 29 Oct 2019 17:53:09 GMT
via
1.1 vegur
etag
W/"15e89-16ddb1cd960"
cf-cache-status
MISS
last-modified
Thu, 17 Oct 2019 19:06:04 GMT
server
cloudflare
x-powered-by
Express
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
public, max-age=0
accept-ranges
bytes
cf-ray
52d701dc8dbacbcc-VIE
content-length
89737
castor_hessian.png
blog.semmle.com/static/3964de784cf4dafb98c62b8d343941a5/e4982/ 		109 KB
109 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.semmle.com/static/3964de784cf4dafb98c62b8d343941a5/e4982/castor_hessian.png
Requested by
Host: blog.semmle.com
URL: https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:db14 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
3296f566f6120612e2131d7e87145184071636aaa8d83f97eb630d449d215f54

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

date
Tue, 29 Oct 2019 17:53:09 GMT
via
1.1 vegur
etag
W/"1b43b-16ddb1cd190"
cf-cache-status
MISS
last-modified
Thu, 17 Oct 2019 19:06:02 GMT
server
cloudflare
x-powered-by
Express
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
public, max-age=0
accept-ranges
bytes
cf-ray
52d701dc8dbdcbcc-VIE
content-length
111675
calculator.png
blog.semmle.com/static/2a188a87dbc006a21aa4b2c57d99c750/e4982/ 		48 KB
48 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.semmle.com/static/2a188a87dbc006a21aa4b2c57d99c750/e4982/calculator.png
Requested by
Host: blog.semmle.com
URL: https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:db14 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
c94afaf7bb351fed26311ddd4bdba7c2929350e30d9942793c8ebbacd9d4061c

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

date
Tue, 29 Oct 2019 17:53:09 GMT
via
1.1 vegur
etag
W/"c086-16ddb1cb638"
cf-cache-status
MISS
last-modified
Thu, 17 Oct 2019 19:05:55 GMT
server
cloudflare
x-powered-by
Express
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
public, max-age=0
accept-ranges
bytes
cf-ray
52d701dc8dbecbcc-VIE
content-length
49286
struts.png
blog.semmle.com/static/06b1b949aad5e3dc5571bb74dbd88a3e/a489e/ 		78 KB
78 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.semmle.com/static/06b1b949aad5e3dc5571bb74dbd88a3e/a489e/struts.png
Requested by
Host: blog.semmle.com
URL: https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:db14 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
821dbf021433c1a36afc6c42ca51101efd0a9e71638d155343e74f989e2e1d32

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

date
Tue, 29 Oct 2019 17:53:09 GMT
via
1.1 vegur
etag
W/"13746-16ddb19dbc0"
cf-cache-status
MISS
last-modified
Thu, 17 Oct 2019 19:02:48 GMT
server
cloudflare
x-powered-by
Express
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
public, max-age=0
accept-ranges
bytes
cf-ray
52d701dc8dbfcbcc-VIE
content-length
79686
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
745bc207493d7828b999f7fbdc74b30584ec6adb5dd078c6c422d32e816e070a

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		38 KB
38 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
330ffaf06f7e58e60861e6d21e23e7e855e9a5abe2d7f2af7773929514c03b9c

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36
Origin
https://blog.semmle.com

Response headers

Content-Type
application/font-woff;charset=utf-8
truncated
/ 		38 KB
38 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
dedde4a0e58d75b1524c2198ef8d5cde603ee8c8bf8e4de94dcca9cf752c6659

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36
Origin
https://blog.semmle.com

Response headers

Content-Type
application/font-woff;charset=utf-8
truncated
/ 		39 KB
39 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1867b319ec83f5a1acd7eb87ee4930e0e011f1c6b5ff64b0a802e04b79944893

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36
Origin
https://blog.semmle.com

Response headers

Content-Type
application/font-woff;charset=utf-8
4758889.js
js.hs-scripts.com/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-scripts.com/4758889.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K53TDXZ
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:d3cc , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
dfa155955df4081d0bad37a3781d86661288d57da8b523eabc0b674eb9bd4528

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

date
Tue, 29 Oct 2019 17:53:08 GMT
content-encoding
gzip
vary
Accept-Encoding
cf-cache-status
EXPIRED
status
200
content-length
548
server
cloudflare
x-trace
2BDED5F620B434AD487D20883D3F40F9845FC217F6000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3600
content-type
application/javascript;charset=utf-8
access-control-allow-origin
https://blog.semmle.com
cache-control
public, max-age=60
access-control-allow-credentials
true
accept-ranges
bytes
cf-ray
52d701ddbe8d5982-VIE
expires
Tue, 29 Oct 2019 17:54:08 GMT
4758889.js
js.hs-analytics.net/analytics/1572371400000/ 		77 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-analytics.net/analytics/1572371400000/4758889.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/4758889.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:47b0 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
5c6f5001908af4bbbdaae229c5c644827fbad48d48de8205ed336ae4ac4a9697

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

date
Tue, 29 Oct 2019 17:53:08 GMT
content-encoding
gzip
cf-cache-status
HIT
age
151
status
200
x-amz-request-id
CB5C5DF848596015
x-amz-id-2
HtcjfOAdwhGGcYhu7m8BUvCsmyWPkDRFf4iDx+8wAda9oFr9W56IaDg28PNFgVc7s/ZxlaZ4QBI=
last-modified
Tue, 29 Oct 2019 14:13:23 GMT
server
cloudflare
etag
W/"bb0115416976f14dc672af98a522444f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=300, public
access-control-allow-credentials
false
x-amz-version-id
null
cf-ray
52d701decdc759d6-VIE
expires
Tue, 29 Oct 2019 17:55:37 GMT
collectedforms.js
js.hscollectedforms.net/ 		83 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hscollectedforms.net/collectedforms.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/4758889.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:7fab , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b2cb2681de72a15a39c28c27c8972ff05d4ec020320733b0585ca5359ceb9e69

Request headers

Sec-Fetch-Mode
cors
Referer
https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
Origin
https://blog.semmle.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

date
Tue, 29 Oct 2019 17:53:08 GMT
via
1.1 5e0bea4d92b914cdc7fbc1bb38a17464.cloudfront.net (CloudFront)
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status
HIT
age
151
cf-ray
52d701deceb759be-VIE
x-cache
Miss from cloudfront
status
200
x-amz-replication-status
COMPLETED
content-encoding
gzip
last-modified
Mon, 07 Oct 2019 05:41:18 GMT
server
cloudflare
etag
W/"6fa20b64c7cd1a4aaa2931d48793b99e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
access-control-allow-methods
GET
x-amz-version-id
eaawTcLPjbuY1GG1VJjdIQS_CAyxWNDU
access-control-allow-origin
*
cache-control
max-age=600
x-amz-cf-pop
IAD79-C2
content-type
application/javascript; charset=utf-8
x-amz-cf-id
2s5znmyM4qjKnmWW-uZsUhWo-bY3Q2Mwrg_DH2zphzhNDCWV9KDX5Q==
conversations-embed.js
js.usemessages.com/ 		58 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.usemessages.com/conversations-embed.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/4758889.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:eecc , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
aeb9ba7915bc09473f6df5a6d287ee9e0cfbd42343e0d33cc6a825d34c7fb9c1

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

date
Tue, 29 Oct 2019 17:53:08 GMT
via
1.1 ff57be90471f9a747547dbdeaf42a3eb.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
331
x-cache
Hit from cloudfront
status
200
x-amz-replication-status
COMPLETED
content-encoding
br
content-type
application/javascript; charset=utf-8
last-modified
Tue, 29 Oct 2019 03:27:09 GMT
server
cloudflare
etag
W/"5fb15eb908fc9187a837740a600a1192"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
vvvd6XGPdL8R0vawp8JH4V6aIEziJDCy
cache-control
max-age=600
x-amz-cf-pop
IAD79-C3
cf-ray
52d701df0a85cbb4-VIE
x-amz-cf-id
jsk7wKUog4x1ODqcAWoLUw7UFJWfM6Y-YHPm66YRh6ZJn9NCy27LJA==
public
api.hubspot.com/livechat-public/v1/message/ 		300 B
514 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.hubspot.com/livechat-public/v1/message/public?portalId=4758889&conversations-embed=static-1.4927&mobile=false&messagesUtk=39b34d1e6bdf42e2be1e8f7a6f373f03&traceId=39b34d1e6bdf42e2be1e8f7a6f373f03
Requested by
Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:fc05 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ab56e6711b9ffa15f77136db0b00bbd15bb863e47b14da643535af85fe0d9c01
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Sec-Fetch-Mode
cors
Referer
https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36
X-HubSpot-Messages-Uri
https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/

Response headers

date
Tue, 29 Oct 2019 17:53:09 GMT
content-encoding
gzip
vary
Accept-Encoding
cf-cache-status
DYNAMIC
status
200
content-length
236
server
cloudflare
x-trace
2BBDDDCD516B873213E3DA74FE4C15C1750B0D7007000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
application/json;charset=utf-8
access-control-allow-origin
https://blog.semmle.com
cache-control
no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials
false
accept-ranges
bytes
cf-ray
52d701e15a5dcba0-VIE
access-control-allow-headers
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
__ptq.gif
track.hubspot.com/ 		45 B
483 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=844302560&v=1.1&a=4758889&pu=https%3A%2F%2Fblog.semmle.com%2Fapache-struts-vulnerability-cve-2017-9805%2F&t=CVE-2017-9805%3A+How+QL+found+a+remote+code+execution+vulnerability+in+Apache+Struts+%7C+Semmle+Blog&cts=1572371590999&vi=2bf6058c6976af29d8adcb8462c4ae1d&nc=true&ce=false&pt=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:fa05 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

cf-ray
52d701ebff08cbc0-VIE
date
Tue, 29 Oct 2019 17:53:11 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
p3p
CP="NOI CUR ADM OUR NOR STA NID"
status
200
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/gif
content-length
45
x-robots-tag
none
struts.png
blog.semmle.com/static/06b1b949aad5e3dc5571bb74dbd88a3e/a489e/ 		78 KB
78 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.semmle.com/static/06b1b949aad5e3dc5571bb74dbd88a3e/a489e/struts.png
Requested by
Host: blog.semmle.com
URL: https://blog.semmle.com/commons-e4e62211b5c63a28e533.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:db14 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
821dbf021433c1a36afc6c42ca51101efd0a9e71638d155343e74f989e2e1d32

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

date
Tue, 29 Oct 2019 17:53:11 GMT
via
1.1 vegur
etag
W/"13746-16ddb19dbc0"
cf-cache-status
MISS
last-modified
Thu, 17 Oct 2019 19:02:48 GMT
server
cloudflare
x-powered-by
Express
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
public, max-age=0
accept-ranges
bytes
cf-ray
52d701ececabcbcc-VIE
content-length
79686
v2.js
js.hsforms.net/forms/ 		418 KB
116 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsforms.net/forms/v2.js
Requested by
Host: blog.semmle.com
URL: https://blog.semmle.com/commons-e4e62211b5c63a28e533.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:b949 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f4ad772fb56c1e17f23427d4a319e33803acfda6eda2e28dc7fd455b061e8df2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

date
Tue, 29 Oct 2019 17:53:11 GMT
via
1.1 a20436c6d109fe9002d093f519ad4399.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
age
151
x-cache
Hit from cloudfront
status
200
x-amz-replication-status
COMPLETED
content-encoding
gzip
content-type
application/javascript; charset=utf-8
last-modified
Wed, 23 Oct 2019 09:29:26 GMT
server
cloudflare
etag
W/"c18a11a266dbc7eb68c44c6dc70c6302"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-version-id
hH_Bj1tFBkLifpkmx30qSivhP0NTAKlN
access-control-allow-origin
*
cache-control
max-age=600
x-amz-cf-pop
IAD89-C2
cf-ray
52d701ed3a53cbc0-VIE
x-amz-cf-id
v8yYz-ggsYrWYvnrvATrqluDm7ZbnAO6kDVtWVE-KQZ1Z9oZ3D8ZAQ==
page-data.json
blog.semmle.com/page-data/tags/security/ 		0
45 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://blog.semmle.com/page-data/tags/security/page-data.json
Requested by
Host: blog.semmle.com
URL: https://blog.semmle.com/app-64fa78067a1852190e2c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:db14 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

date
Tue, 29 Oct 2019 17:53:11 GMT
via
1.1 vegur
etag
W/"22a5c-16ddb1a29e0"
cf-cache-status
DYNAMIC
last-modified
Thu, 17 Oct 2019 19:03:08 GMT
server
cloudflare
x-powered-by
Express
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray
52d701ed1d3bcbcc-VIE
content-type
application/json; charset=UTF-8
status
200
cache-control
public, max-age=0
content-encoding
br
page-data.json
blog.semmle.com/page-data/tags/news/ 		0
20 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://blog.semmle.com/page-data/tags/news/page-data.json
Requested by
Host: blog.semmle.com
URL: https://blog.semmle.com/app-64fa78067a1852190e2c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:db14 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

date
Tue, 29 Oct 2019 17:53:11 GMT
via
1.1 vegur
etag
W/"c6c9-16ddb1a2dc8"
cf-cache-status
DYNAMIC
last-modified
Thu, 17 Oct 2019 19:03:09 GMT
server
cloudflare
x-powered-by
Express
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray
52d701ed1d42cbcc-VIE
content-type
application/json; charset=UTF-8
status
200
cache-control
public, max-age=0
content-encoding
br
page-data.json
blog.semmle.com/page-data/index/ 		0
73 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://blog.semmle.com/page-data/index/page-data.json
Requested by
Host: blog.semmle.com
URL: https://blog.semmle.com/app-64fa78067a1852190e2c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:db14 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

date
Tue, 29 Oct 2019 17:53:11 GMT
via
1.1 vegur
etag
W/"37639-16ddb1a5ca8"
cf-cache-status
DYNAMIC
last-modified
Thu, 17 Oct 2019 19:03:21 GMT
server
cloudflare
x-powered-by
Express
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray
52d701ed1d43cbcc-VIE
content-type
application/json; charset=UTF-8
status
200
cache-control
public, max-age=0
content-encoding
br
page-data.json
blog.semmle.com/page-data/tags/ql/ 		0
42 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://blog.semmle.com/page-data/tags/ql/page-data.json
Requested by
Host: blog.semmle.com
URL: https://blog.semmle.com/app-64fa78067a1852190e2c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:db14 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

date
Tue, 29 Oct 2019 17:53:11 GMT
via
1.1 vegur
etag
W/"20c56-16ddb1a02d0"
cf-cache-status
DYNAMIC
last-modified
Thu, 17 Oct 2019 19:02:58 GMT
server
cloudflare
x-powered-by
Express
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray
52d701ed1d45cbcc-VIE
content-type
application/json; charset=UTF-8
status
200
cache-control
public, max-age=0
content-encoding
br
page-data.json
blog.semmle.com/page-data/authors/man-yue-mo/ 		0
14 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://blog.semmle.com/page-data/authors/man-yue-mo/page-data.json
Requested by
Host: blog.semmle.com
URL: https://blog.semmle.com/app-64fa78067a1852190e2c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:db14 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

date
Tue, 29 Oct 2019 17:53:11 GMT
via
1.1 vegur
etag
W/"a3fb-16ddb1a31b0"
cf-cache-status
DYNAMIC
last-modified
Thu, 17 Oct 2019 19:03:10 GMT
server
cloudflare
x-powered-by
Express
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray
52d701ed1d46cbcc-VIE
content-type
application/json; charset=UTF-8
status
200
cache-control
public, max-age=0
content-encoding
br
53ad10da-bdc3-4b5c-a9a6-d9d1ed7834e1
forms.hsforms.com/embed/v3/form/4758889/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://forms.hsforms.com/embed/v3/form/4758889/53ad10da-bdc3-4b5c-a9a6-d9d1ed7834e1?callback=hs_reqwest_0&hutk=
Requested by
Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5705 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2d714a4051a9b00fd6bf1c137b4ebdcd057ea0297f98fb4e58f338f328c0a315
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

date
Tue, 29 Oct 2019 17:53:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
status
200
content-disposition
attachment; filename=no-rfd.txt
vary
Accept-Encoding
content-length
1329
server
cloudflare
x-trace
2B080FA0046D7F6C03873EA169764EE89E8DFED70E000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript;charset=utf-8
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
accept-ranges
bytes
cf-ray
52d701edecdccbac-VIE
timings.gif
forms.hsforms.com/embed/v3/ 		35 B
483 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://forms.hsforms.com/embed/v3/timings.gif?key=embed-script&valueInMs=36.43500059843063
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5705 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

date
Tue, 29 Oct 2019 17:53:11 GMT
cf-cache-status
DYNAMIC
server
cloudflare
x-trace
2BA18F322740A5B7BA5F503772EAFA46319CC8D326000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
status
200
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
strict-transport-security
max-age=31536000; includeSubDomains; preload
accept-ranges
bytes
cf-ray
52d701edece1cbac-VIE
content-length
35
timings.gif
forms.hsforms.com/embed/v3/ 		35 B
139 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://forms.hsforms.com/embed/v3/timings.gif?key=fetch-definition&valueInMs=156.6349994391203
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5705 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

date
Tue, 29 Oct 2019 17:53:11 GMT
cf-cache-status
DYNAMIC
server
cloudflare
x-trace
2B7506292EDD6B1876CBC461D1F3346C592C4436EA000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
status
200
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
strict-transport-security
max-age=31536000; includeSubDomains; preload
accept-ranges
bytes
cf-ray
52d701eed823cbac-VIE
content-length
35
timings.gif
forms.hsforms.com/embed/v3/ 		35 B
137 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://forms.hsforms.com/embed/v3/timings.gif?key=render&valueInMs=14.389999210834503
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5705 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

date
Tue, 29 Oct 2019 17:53:11 GMT
cf-cache-status
DYNAMIC
server
cloudflare
x-trace
2BD5E859B5040FB124E822114F951E0060BC8E86C5000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
status
200
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
52d701eed825cbac-VIE
content-length
35
__ptq.gif
track.hubspot.com/ 		45 B
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=15&fi=53ad10da-bdc3-4b5c-a9a6-d9d1ed7834e1&fci=75c51083-a4ea-473d-96c8-ad7e890bc429&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=844302560&v=1.1&a=4758889&pu=https%3A%2F%2Fblog.semmle.com%2Fapache-struts-vulnerability-cve-2017-9805%2F&t=CVE-2017-9805%3A+How+QL+found+a+remote+code+execution+vulnerability+in+Apache+Struts+%7C+Semmle+Blog&cts=1572371591485&vi=2bf6058c6976af29d8adcb8462c4ae1d&nc=true&ce=false&pt=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:fa05 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

cf-ray
52d701eedf5acbc0-VIE
date
Tue, 29 Oct 2019 17:53:11 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
p3p
CP="NOI CUR ADM OUR NOR STA NID"
status
200
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/gif
content-length
45
x-robots-tag
none
page-data.json
blog.semmle.com/page-data/tags/ql/ 		131 KB
42 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://blog.semmle.com/page-data/tags/ql/page-data.json
Requested by
Host: blog.semmle.com
URL: https://blog.semmle.com/app-64fa78067a1852190e2c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:db14 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
15bf231f2e94cd71e003b5a92c0f71d4852ca81b19c153d586b74fcc749b9934

Request headers

Sec-Fetch-Mode
cors
Referer
https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

date
Tue, 29 Oct 2019 17:53:11 GMT
via
1.1 vegur
etag
W/"20c56-16ddb1a02d0"
cf-cache-status
DYNAMIC
last-modified
Thu, 17 Oct 2019 19:02:58 GMT
server
cloudflare
x-powered-by
Express
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray
52d701f0c8a0cbcc-VIE
content-type
application/json; charset=UTF-8
status
200
cache-control
public, max-age=0
content-encoding
br
page-data.json
blog.semmle.com/page-data/authors/man-yue-mo/ 		41 KB
14 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://blog.semmle.com/page-data/authors/man-yue-mo/page-data.json
Requested by
Host: blog.semmle.com
URL: https://blog.semmle.com/app-64fa78067a1852190e2c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:db14 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
992602e144e44b4bddff719abbbe108fb24bf6a72a1bf77205617316747ffb0e

Request headers

Sec-Fetch-Mode
cors
Referer
https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

date
Tue, 29 Oct 2019 17:53:12 GMT
via
1.1 vegur
etag
W/"a3fb-16ddb1a31b0"
cf-cache-status
DYNAMIC
last-modified
Thu, 17 Oct 2019 19:03:10 GMT
server
cloudflare
x-powered-by
Express
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray
52d701f0c8b5cbcc-VIE
content-type
application/json; charset=UTF-8
status
200
cache-control
public, max-age=0
content-encoding
br
page-data.json
blog.semmle.com/page-data/tags/news/ 		50 KB
20 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://blog.semmle.com/page-data/tags/news/page-data.json
Requested by
Host: blog.semmle.com
URL: https://blog.semmle.com/app-64fa78067a1852190e2c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:db14 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
fa49d7eca8a66c4a8153b4e80ae588bb73174b9f8c53c070c8ae5f7f142d4dfe

Request headers

Sec-Fetch-Mode
cors
Referer
https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

date
Tue, 29 Oct 2019 17:53:12 GMT
via
1.1 vegur
etag
W/"c6c9-16ddb1a2dc8"
cf-cache-status
DYNAMIC
last-modified
Thu, 17 Oct 2019 19:03:09 GMT
server
cloudflare
x-powered-by
Express
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray
52d701f1bb89cbcc-VIE
content-type
application/json; charset=UTF-8
status
200
cache-control
public, max-age=0
content-encoding
br
page-data.json
blog.semmle.com/page-data/tags/security/ 		139 KB
45 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://blog.semmle.com/page-data/tags/security/page-data.json
Requested by
Host: blog.semmle.com
URL: https://blog.semmle.com/app-64fa78067a1852190e2c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:db14 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
c01191ec39a168145c3fe4c0e6e15ffb02a8a96c43040b9674169c54c7682738

Request headers

Sec-Fetch-Mode
cors
Referer
https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

date
Tue, 29 Oct 2019 17:53:12 GMT
via
1.1 vegur
etag
W/"22a5c-16ddb1a29e0"
cf-cache-status
DYNAMIC
last-modified
Thu, 17 Oct 2019 19:03:08 GMT
server
cloudflare
x-powered-by
Express
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray
52d701f1ebf7cbcc-VIE
content-type
application/json; charset=UTF-8
status
200
cache-control
public, max-age=0
content-encoding
br
component---src-templates-tag-page-jsx-6b7cbb04d78553106772.js
blog.semmle.com/ 		0
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://blog.semmle.com/component---src-templates-tag-page-jsx-6b7cbb04d78553106772.js
Requested by
Host: blog.semmle.com
URL: https://blog.semmle.com/app-64fa78067a1852190e2c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:db14 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

cf-ray
52d701f2add3cbcc-VIE
date
Tue, 29 Oct 2019 17:53:12 GMT
via
1.1 vegur
etag
W/"1f5b-16ddb19dbc0"
cf-cache-status
MISS
last-modified
Thu, 17 Oct 2019 19:02:48 GMT
server
cloudflare
x-powered-by
Express
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
status
200
cache-control
public, max-age=0
content-encoding
br
page-data.json
blog.semmle.com/page-data/index/ 		222 KB
74 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://blog.semmle.com/page-data/index/page-data.json
Requested by
Host: blog.semmle.com
URL: https://blog.semmle.com/app-64fa78067a1852190e2c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:db14 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
91a09a7b2e8978746534f6a44188ecf0b11c082444fe337a4293d9b540db0754

Request headers

Sec-Fetch-Mode
cors
Referer
https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

date
Tue, 29 Oct 2019 17:53:12 GMT
via
1.1 vegur
etag
W/"37639-16ddb1a5ca8"
cf-cache-status
DYNAMIC
last-modified
Thu, 17 Oct 2019 19:03:21 GMT
server
cloudflare
x-powered-by
Express
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray
52d701f2be0fcbcc-VIE
content-type
application/json; charset=UTF-8
status
200
cache-control
public, max-age=0
content-encoding
br
component---src-templates-author-page-jsx-ccc457eada700b3e6479.js
blog.semmle.com/ 		0
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://blog.semmle.com/component---src-templates-author-page-jsx-ccc457eada700b3e6479.js
Requested by
Host: blog.semmle.com
URL: https://blog.semmle.com/app-64fa78067a1852190e2c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:db14 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

cf-ray
52d701f45a6fcbcc-VIE
date
Tue, 29 Oct 2019 17:53:13 GMT
via
1.1 vegur
etag
W/"156c-16ddb19dbc0"
cf-cache-status
MISS
last-modified
Thu, 17 Oct 2019 19:02:48 GMT
server
cloudflare
x-powered-by
Express
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
status
200
cache-control
public, max-age=0
content-encoding
br
component---src-pages-index-jsx-edf119c13d0584a3584f.js
blog.semmle.com/ 		0
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://blog.semmle.com/component---src-pages-index-jsx-edf119c13d0584a3584f.js
Requested by
Host: blog.semmle.com
URL: https://blog.semmle.com/app-64fa78067a1852190e2c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::6819:db14 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Response headers

cf-ray
52d701f59de7cbcc-VIE
date
Tue, 29 Oct 2019 17:53:13 GMT
via
1.1 vegur
etag
W/"155a-16ddb19dbc0"
cf-cache-status
MISS
last-modified
Thu, 17 Oct 2019 19:02:48 GMT
server
cloudflare
x-powered-by
Express
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
status
200
cache-control
public, max-age=0
content-encoding
br

Verdicts & Comments Add Verdict or Comment

56 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| dataLayer object| google_tag_manager string| pagePath string| webpackCompilationHash object| ___chunkMapping object| _hsq object| _paq boolean| _hstc_loaded function| OutpostErrorReporter function| setImmediate function| clearImmediate object| __hsCollectedFormsDebug boolean| COMMON_SETUP_RAN boolean| hubspot_live_messages_running object| HubSpotConversations object| webpackJsonp object| __core-js_shared__ object| core object| asyncRequires object| ___emitter object| ___loader string| ___webpackCompilationHash boolean| __navigatingToLink function| ___push function| ___replace function| ___navigate function| _ object| scCGSHMRCache object| FontAwesomeConfig object| ___FONT_AWESOME___ boolean| _hstc_ran string| __hsUserToken number| expireDateTime object| globalRoot function| hns object| hubspot object| hbspt object| __hsRoot object| hspreserve undefined| React undefined| reqwest undefined| Pikaday function| hns2 function| hmerge undefined| I18n undefined| ReactDOM undefined| require undefined| requirejs undefined| define undefined| exports undefined| module undefined| bootstrap object| HSFR function| hs_reqwest_0

1 Cookies

Domain/Path Name / Value
.semmle.com/ Name: __cfduid
Value: d3e4a8a93967dc990c4b6d6d7132d41c71572371587

1 Console Messages

Source Level URL
Text
console-api log URL: https://blog.semmle.com/commons-e4e62211b5c63a28e533.js(Line 1)
Message:
Form ready!

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.hubspot.com
blog.semmle.com
forms.hsforms.com
js.hs-analytics.net
js.hs-scripts.com
js.hscollectedforms.net
js.hsforms.net
js.usemessages.com
lgtm.com
track.hubspot.com
www.googletagmanager.com
2001:4860:4802:32::15
2606:4700:20::6819:db14
2606:4700::6810:5705
2606:4700::6810:fa05
2606:4700::6810:fc05
2606:4700::6811:47b0
2606:4700::6811:7fab
2606:4700::6811:b949
2606:4700::6811:d3cc
2606:4700::6811:eecc
2a00:1450:4001:806::2008
0c45205d064663a1467946b6aede67d260494884478cfa2d3ab0121a87bb9b3a
15bf231f2e94cd71e003b5a92c0f71d4852ca81b19c153d586b74fcc749b9934
1867b319ec83f5a1acd7eb87ee4930e0e011f1c6b5ff64b0a802e04b79944893
21dd641369e4a9c6d12bb4819dd48ef74ba4bbbedc9d9fbb5be34e698803d6a1
244b0fe1310cb0a4410791eb6968b12cb0ac631e02c49e0fdbdd66230dc9d1b4
2d714a4051a9b00fd6bf1c137b4ebdcd057ea0297f98fb4e58f338f328c0a315
3296f566f6120612e2131d7e87145184071636aaa8d83f97eb630d449d215f54
330ffaf06f7e58e60861e6d21e23e7e855e9a5abe2d7f2af7773929514c03b9c
5c6f5001908af4bbbdaae229c5c644827fbad48d48de8205ed336ae4ac4a9697
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
745bc207493d7828b999f7fbdc74b30584ec6adb5dd078c6c422d32e816e070a
821dbf021433c1a36afc6c42ca51101efd0a9e71638d155343e74f989e2e1d32
91a09a7b2e8978746534f6a44188ecf0b11c082444fe337a4293d9b540db0754
992602e144e44b4bddff719abbbe108fb24bf6a72a1bf77205617316747ffb0e
a579f7f036c288f7b6645ca745e6bc234f66adec86ec5978024407b54054ef95
a8bfa7962a5fe75309cda60cf5402470b4b529985e047acbd0a21db4b8e40a11
ab56e6711b9ffa15f77136db0b00bbd15bb863e47b14da643535af85fe0d9c01
aeb9ba7915bc09473f6df5a6d287ee9e0cfbd42343e0d33cc6a825d34c7fb9c1
b2cb2681de72a15a39c28c27c8972ff05d4ec020320733b0585ca5359ceb9e69
c01191ec39a168145c3fe4c0e6e15ffb02a8a96c43040b9674169c54c7682738
c94afaf7bb351fed26311ddd4bdba7c2929350e30d9942793c8ebbacd9d4061c
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dedde4a0e58d75b1524c2198ef8d5cde603ee8c8bf8e4de94dcca9cf752c6659
dfa155955df4081d0bad37a3781d86661288d57da8b523eabc0b674eb9bd4528
e15d4cfa7671ea99087c8d2c06e570c31ee6afe433a928a04062725628b79557
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ec98cd2ff5e25108dcf6204c2480d54b0b1157762d85af1d6a9254160025ae9d
f4ad772fb56c1e17f23427d4a319e33803acfda6eda2e28dc7fd455b061e8df2
f742c6ade769ca01ac15c88ecc290aaabb2917711686df263f740b8db9bbdf32
f801f7cdfd52084d4638f9c0ae0e89f86388c86d7cbe7b38d5f69663999e48fd
fa49d7eca8a66c4a8153b4e80ae588bb73174b9f8c53c070c8ae5f7f142d4dfe