urlscan.io logo urlscan.io
SecurityTrails logo

labs.bishopfox.com Open in urlscan Pro
2606:2c40::c73c:67fe  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui
Effective URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Submission: On September 21 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 46 IPs in 5 countries across 34 domains to perform 118 HTTP transactions. The main IP is 2606:2c40::c73c:67fe, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is labs.bishopfox.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 9th 2021. Valid for: a year.
This is the only time labs.bishopfox.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 2606:2c40::c7... 209242 (CLOUDFLAR...)
26 2606:2c40::c7... 209242 (CLOUDFLAR...)
8 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 2606:2800:233... 15133 (EDGECAST)
3 2606:4700::68... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
9 2a00:1450:400... 15169 (GOOGLE)
2 2a03:2880:f01... 32934 (FACEBOOK)
2 2606:2800:234... 15133 (EDGECAST)
2 2606:4700::68... 13335 (CLOUDFLAR...)
2 7 2606:4700::68... 13335 (CLOUDFLAR...)
8 104.111.233.140 16625 (AKAMAI-AS)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
2 4 142.250.185.198 15169 (GOOGLE)
3 2620:1ec:c11:... 8068 (MICROSOFT...)
1 18.66.96.113 16509 (AMAZON-02)
2 104.111.234.67 16625 (AKAMAI-AS)
1 18.66.112.63 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
2 2 2620:119:50e1... 14413 (LINKEDIN)
1 1 2620:1ec:21::14 8068 (MICROSOFT...)
1 108.174.10.14 14413 (LINKEDIN)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 104.244.42.136 13414 (TWITTER)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 185.33.220.100 29990 (ASN-APPNEX)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 192.28.147.68 15224 (OMNITURE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2 52.17.150.98 16509 (AMAZON-02)
1 2 52.222.214.8 16509 (AMAZON-02)
1 35.244.174.68 15169 (GOOGLE)
1 18.66.97.57 16509 (AMAZON-02)
5 2606:4700::68... 13335 (CLOUDFLAR...)
1 34.246.120.40 16509 (AMAZON-02)
1 142.250.186.130 15169 (GOOGLE)
118 46
2    2606:2c40::c73c:6702 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)
know.bishopfox.com
26    2606:2c40::c73c:67fe (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)
labs.bishopfox.com
8    2a02:26f0:6c00::210:ba0a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
use.typekit.net
1    2606:2800:233:66b5:799a:7cd3:f74d:7071 (United States)

ASN15133 (EDGECAST, US)
platform.linkedin.com
3    2606:4700::6811:f1cc (United States)

ASN13335 (CLOUDFLARENET, US)
cdn2.hubspot.net
avatars.hubspot.net
2    2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2a02:26f0:6c00:2ae::19fd (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
p.typekit.net
9    2a00:1450:4001:813::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.youtube.com
2    2a03:2880:f01c:216:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
2    2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)
platform.twitter.com
2    2606:4700::6811:cacc (United States)

ASN13335 (CLOUDFLARENET, US)
api-na1.hubapi.com
api.hubapi.com
7    2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)
app.hubspot.com
track.hubspot.com
api.hubspot.com
8    104.111.233.140 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-233-140.deploy.static.akamaitechnologies.com
j.6sc.co
c.6sc.co
b.6sc.co
2    2a00:1450:4001:802::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a02:26f0:6c00:2b0::25ea (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
snap.licdn.com
4    142.250.185.198 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f6.1e100.net
10586810.fls.doubleclick.net
3    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
1    18.66.96.113 (United States)

ASN16509 (AMAZON-02, US)
js.adsrvr.org
2    104.111.234.67 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-234-67.deploy.static.akamaitechnologies.com
munchkin.marketo.net
1    18.66.112.63 (United States)

ASN16509 (AMAZON-02, US)
tag.demandbase.com
1    2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    2620:119:50e1:101::6cae:b25 (United States)

ASN14413 (LINKEDIN, US)
px.ads.linkedin.com
1    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.linkedin.com
1    108.174.10.14 (United States)

ASN14413 (LINKEDIN, US)
PTR: 108-174-10-14.fwd.linkedin.com
px4.ads.linkedin.com
1    2a00:1450:400c:c08::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
2    2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
1    2a00:1450:4001:811::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
static.doubleclick.net
3    2a00:1450:4001:830::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    104.244.42.136 (United States)

ASN13414 (TWITTER, US)
syndication.twitter.com
1    2a00:1450:4001:813::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
yt3.ggpht.com
1    2a00:1450:4001:809::2016 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
i.ytimg.com
1    185.33.220.100 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 399.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
secure.adnxs.com
1    2606:4700::6812:15bf (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-banner.com
1    2606:4700::6811:47b0 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-analytics.net
1    2606:4700::6811:72b0 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hsadspixel.net
1    2606:4700::6811:edcc (United States)

ASN13335 (CLOUDFLARENET, US)
js.usemessages.com
2    2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
2    2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
1    192.28.147.68 (United States)

ASN15224 (OMNITURE, US)
136-utj-516.mktoresp.com
2    2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
2    2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
2    52.17.150.98 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-150-98.eu-west-1.compute.amazonaws.com
match.prod.bidr.io
2    52.222.214.8 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-214-8.fra56.r.cloudfront.net
segments.company-target.com
1    35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com
id.rlcdn.com
1    18.66.97.57 (United States)

ASN16509 (AMAZON-02, US)
api.company-target.com
5    2606:4700::6811:5d2 (United States)

ASN13335 (CLOUDFLARENET, US)
static.hsappstatic.net
1    34.246.120.40 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-246-120-40.eu-west-1.compute.amazonaws.com
insight.adsrvr.org
1    142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net
www.googleadservices.com
Apex Domain
Subdomains		 Transfer
28 bishopfox.com
know.bishopfox.com
labs.bishopfox.com
1 MB
9 youtube.com
www.youtube.com
681 KB
9 typekit.net
use.typekit.net
p.typekit.net
235 KB
8 doubleclick.net
10586810.fls.doubleclick.net
stats.g.doubleclick.net
googleads.g.doubleclick.net
static.doubleclick.net
5 KB
8 6sc.co
j.6sc.co
c.6sc.co
b.6sc.co
14 KB
7 hubspot.com
app.hubspot.com
track.hubspot.com
api.hubspot.com
20 KB
5 hsappstatic.net
static.hsappstatic.net
242 KB
5 google.com
www.google.com
adservice.google.com
15 KB
5 linkedin.com
platform.linkedin.com
px.ads.linkedin.com
www.linkedin.com
px4.ads.linkedin.com
65 KB
4 google.de
www.google.de
adservice.google.de
2 KB
3 company-target.com
segments.company-target.com
api.company-target.com
2 KB
3 gstatic.com
fonts.gstatic.com
www.gstatic.com
33 KB
3 bing.com
bat.bing.com
10 KB
3 twitter.com
platform.twitter.com
syndication.twitter.com
133 KB
3 hubspot.net
cdn2.hubspot.net
avatars.hubspot.net
33 KB
2 bidr.io
match.prod.bidr.io
1019 B
2 marketo.net
munchkin.marketo.net
6 KB
2 adsrvr.org
js.adsrvr.org
insight.adsrvr.org
3 KB
2 google-analytics.com
www.google-analytics.com
20 KB
2 hubapi.com
api-na1.hubapi.com
api.hubapi.com
2 KB
2 facebook.net
connect.facebook.net
70 KB
2 googletagmanager.com
www.googletagmanager.com
103 KB
1 googleadservices.com
www.googleadservices.com
14 KB
1 rlcdn.com
id.rlcdn.com
66 B
1 mktoresp.com
136-utj-516.mktoresp.com
311 B
1 usemessages.com
js.usemessages.com
21 KB
1 hsadspixel.net
js.hsadspixel.net
3 KB
1 hs-analytics.net
js.hs-analytics.net
20 KB
1 hs-banner.com
js.hs-banner.com
16 KB
1 adnxs.com
secure.adnxs.com
694 B
1 ytimg.com
i.ytimg.com
9 KB
1 ggpht.com
yt3.ggpht.com
6 KB
1 demandbase.com
tag.demandbase.com
18 KB
1 licdn.com
snap.licdn.com
2 KB
118 34
Domain Requested by
26 labs.bishopfox.com labs.bishopfox.com
js.usemessages.com
9 www.youtube.com labs.bishopfox.com
www.youtube.com
8 use.typekit.net labs.bishopfox.com
use.typekit.net
6 b.6sc.co labs.bishopfox.com
5 static.hsappstatic.net app.hubspot.com
static.hsappstatic.net
4 10586810.fls.doubleclick.net 2 redirects www.googletagmanager.com
3 api.hubspot.com 2 redirects static.hsappstatic.net
3 www.google.com www.youtube.com
labs.bishopfox.com
3 bat.bing.com www.googletagmanager.com
bat.bing.com
labs.bishopfox.com
2 avatars.hubspot.net
2 track.hubspot.com
2 segments.company-target.com 1 redirects labs.bishopfox.com
2 match.prod.bidr.io 2 redirects
2 adservice.google.de adservice.google.com
2 www.gstatic.com www.youtube.com
www.gstatic.com
2 adservice.google.com 10586810.fls.doubleclick.net
2 www.google.de labs.bishopfox.com
2 googleads.g.doubleclick.net www.youtube.com
www.googleadservices.com
2 px.ads.linkedin.com 2 redirects
2 munchkin.marketo.net labs.bishopfox.com
munchkin.marketo.net
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 app.hubspot.com labs.bishopfox.com
js.usemessages.com
2 platform.twitter.com labs.bishopfox.com
platform.twitter.com
2 connect.facebook.net labs.bishopfox.com
connect.facebook.net
2 www.googletagmanager.com labs.bishopfox.com
js.hsadspixel.net
2 know.bishopfox.com 1 redirects labs.bishopfox.com
1 www.googleadservices.com www.googletagmanager.com
1 insight.adsrvr.org js.adsrvr.org
1 api.hubapi.com js.hsadspixel.net
1 api.company-target.com tag.demandbase.com
1 id.rlcdn.com labs.bishopfox.com
1 136-utj-516.mktoresp.com munchkin.marketo.net
1 js.usemessages.com labs.bishopfox.com
1 js.hsadspixel.net labs.bishopfox.com
1 js.hs-analytics.net labs.bishopfox.com
1 js.hs-banner.com labs.bishopfox.com
1 c.6sc.co j.6sc.co
1 secure.adnxs.com j.6sc.co
1 i.ytimg.com www.youtube.com
1 yt3.ggpht.com www.youtube.com
1 syndication.twitter.com platform.twitter.com
1 static.doubleclick.net www.youtube.com
1 stats.g.doubleclick.net www.google-analytics.com
1 px4.ads.linkedin.com labs.bishopfox.com
1 www.linkedin.com 1 redirects
1 fonts.gstatic.com www.youtube.com
1 tag.demandbase.com labs.bishopfox.com
1 js.adsrvr.org www.googletagmanager.com
1 snap.licdn.com www.googletagmanager.com
1 j.6sc.co labs.bishopfox.com
1 api-na1.hubapi.com labs.bishopfox.com
1 p.typekit.net use.typekit.net
1 cdn2.hubspot.net labs.bishopfox.com
1 platform.linkedin.com labs.bishopfox.com
118 54
Subject Issuer Validity Valid
labs.bishopfox.com
Cloudflare Inc ECC CA-3		 2021-06-09 -
2022-06-08		 a year crt.sh
use.typekit.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-08-16 -
2022-08-16		 a year crt.sh
platform.linkedin.com
DigiCert SHA2 Secure Server CA		 2021-09-10 -
2022-09-10		 a year crt.sh
hubspot.net
Cloudflare Inc ECC CA-3		 2021-06-04 -
2022-06-03		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
*.typekit.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-07-16 -
2022-07-21		 a year crt.sh
*.google.com
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
know.bishopfox.com
Cloudflare Inc ECC CA-3		 2021-06-06 -
2022-06-05		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2021-09-09 -
2021-12-08		 3 months crt.sh
*.twimg.com
DigiCert TLS RSA SHA256 2020 CA1		 2020-11-05 -
2021-11-09		 a year crt.sh
hubapi.com
Cloudflare Inc ECC CA-3		 2021-06-07 -
2022-06-06		 a year crt.sh
hubspot.com
Cloudflare Inc ECC CA-3		 2021-06-26 -
2022-06-25		 a year crt.sh
*.6sc.co
DigiCert SHA2 Secure Server CA		 2021-03-09 -
2022-03-16		 a year crt.sh
*.licdn.com
DigiCert SHA2 Secure Server CA		 2021-04-30 -
2022-05-11		 a year crt.sh
*.doubleclick.net
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
www.bing.com
Microsoft RSA TLS CA 02		 2021-07-06 -
2022-01-06		 6 months crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2021-03-18 -
2022-04-19		 a year crt.sh
*.marketo.net
DigiCert SHA2 Secure Server CA		 2021-03-29 -
2022-04-06		 a year crt.sh
tag.demandbase.com
Go Daddy Secure Certificate Authority - G2		 2020-10-14 -
2021-11-15		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
px.ads.linkedin.com
DigiCert SHA2 Secure Server CA		 2021-09-16 -
2022-03-16		 6 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
www.google.com
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
syndication.twitter.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-02-05 -
2022-02-04		 a year crt.sh
*.googleusercontent.com
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
edgestatic.com
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2021-03-05 -
2022-02-19		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-07-03 -
2022-07-02		 a year crt.sh
www.google.de
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
*.mktoresp.com
DigiCert SHA2 Secure Server CA		 2020-01-17 -
2022-01-21		 2 years crt.sh
*.google.de
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
*.company-target.com
Amazon		 2021-08-31 -
2022-09-29		 a year crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2021-02-25 -
2022-03-28		 a year crt.sh
api.demandbase.com
Go Daddy Secure Certificate Authority - G2		 2020-10-09 -
2021-10-28		 a year crt.sh
hsappstatic.net
Cloudflare Inc ECC CA-3		 2021-06-10 -
2022-06-09		 a year crt.sh
www.googleadservices.com
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh

This page contains 11 frames:

Primary Page: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Frame ID: BB7B4889FD915778E5F2B3B0817859A0
Requests: 86 HTTP requests in this frame

Frame: https://www.youtube.com/embed/--6PiuvBGAU
Frame ID: FABDCEB211A7ECEBD0F8F36822F04EEA
Requests: 18 HTTP requests in this frame

Frame: https://10586810.fls.doubleclick.net/activityi;dc_pre=CMv2go2fkfMCFcxf4AodxPMK3A;src=10586810;type=conve0;cat=allpa0;ord=924829596464;gtm=2wg9k0;auiddc=397745784.1632267720;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui
Frame ID: E20A703ED98C0FBEE74E47B485B1CC74
Requests: 1 HTTP requests in this frame

Frame: https://10586810.fls.doubleclick.net/activityi;dc_pre=CKazg42fkfMCFdJ34AodWHMF4A;src=10586810;type=conve0;cat=uniqu0;ord=1;num=9663574749017;gtm=2wg9k0;auiddc=397745784.1632267720;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui
Frame ID: 49C06A2B597D898E12B287B23972BBDB
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.f88235f49a156f8b4cab34c7bc1a0acc.html?origin=https%3A%2F%2Flabs.bishopfox.com
Frame ID: 2758B1338145B1AACFD3E6956E9E8BD0
Requests: 2 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CMv2go2fkfMCFcxf4AodxPMK3A;src=10586810;type=conve0;cat=allpa0;ord=924829596464;gtm=2wg9k0;auiddc=397745784.1632267720;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui
Frame ID: 079F67E407B68F226F9CF269A8D3E489
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CKazg42fkfMCFdJ34AodWHMF4A;src=10586810;type=conve0;cat=uniqu0;ord=1;num=9663574749017;gtm=2wg9k0;auiddc=397745784.1632267720;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui
Frame ID: 1B3A9195E7596CBDB0A9394C724BEC86
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.de/ddm/fls/i/dc_pre=CKazg42fkfMCFdJ34AodWHMF4A;src=10586810;type=conve0;cat=uniqu0;ord=1;num=9663574749017;gtm=2wg9k0;auiddc=397745784.1632267720;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui
Frame ID: FC6FD2EBAA669692240CC6D95181C5F4
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.de/ddm/fls/i/dc_pre=CMv2go2fkfMCFcxf4AodxPMK3A;src=10586810;type=conve0;cat=allpa0;ord=924829596464;gtm=2wg9k0;auiddc=397745784.1632267720;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui
Frame ID: CB5E39A1A9F5C7EB3EE36BAA029FCFD4
Requests: 1 HTTP requests in this frame

Frame: https://app.hubspot.com/conversations-visitor/5632775/threads/utk/2fdb116ad6d747e0b4950822ab806e72?uuid=285bf17b31d94042b87e55d234ffc1da&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=labs.bishopfox.com&inApp53=false&messagesUtk=2fdb116ad6d747e0b4950822ab806e72&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=false&enableWidgetCookieBanner=false&isInCMS=true
Frame ID: 99965AFBA6007F816B1BBA0A7F75FE8E
Requests: 9 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=g03mf9d&ref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&upid=793w4qu&upv=1.1.0
Frame ID: 53B3BFC48EA5F1EE3202D4AF24AE6235
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

CVE-2019-18935: Remote Code Execution via Insecure Deserialization in Telerik UITwitterLinkedInGitHubFacebookTwitterLinkedInGitHubFacebookTwitterLinkedInFacebook

Page URL History Show full URLs

  1. https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui HTTP 301
    https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • js\.hs-analytics\.net/analytics
Overall confidence: 100%
Detected patterns
  • //platform\.linkedin\.com/in\.js
Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js
Overall confidence: 100%
Detected patterns
  • munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js
Overall confidence: 100%
Detected patterns
  • //platform\.twitter\.com/widgets\.js
Overall confidence: 100%
Detected patterns
  • <link [^>]*href="[^"]+use\.typekit\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

118
Requests

100 %
HTTPS

69 %
IPv6

34
Domains

54
Subdomains

46
IPs

5
Countries

2925 kB
Transfer

7657 kB
Size

36
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui HTTP 301
    https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 47
  • https://10586810.fls.doubleclick.net/activityi;src=10586810;type=conve0;cat=allpa0;ord=924829596464;gtm=2wg9k0;auiddc=397745784.1632267720;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui HTTP 302
  • https://10586810.fls.doubleclick.net/activityi;dc_pre=CMv2go2fkfMCFcxf4AodxPMK3A;src=10586810;type=conve0;cat=allpa0;ord=924829596464;gtm=2wg9k0;auiddc=397745784.1632267720;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui
Request Chain 48
  • https://10586810.fls.doubleclick.net/activityi;src=10586810;type=conve0;cat=uniqu0;ord=1;num=9663574749017;gtm=2wg9k0;auiddc=397745784.1632267720;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui HTTP 302
  • https://10586810.fls.doubleclick.net/activityi;dc_pre=CKazg42fkfMCFdJ34AodWHMF4A;src=10586810;type=conve0;cat=uniqu0;ord=1;num=9663574749017;gtm=2wg9k0;auiddc=397745784.1632267720;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui
Request Chain 61
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2404668&time=1632267719950&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2404668%26time%3D1632267719950%26url%3Dhttps%253A%252F%252Flabs.bishopfox.com%252Ftech-blog%252Fcve-2019-18935-remote-code-execution-in-telerik-ui%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2404668&time=1632267719950&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2404668&time=1632267719950&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&liSync=true&e_ipv6=AQJxqw_MtFRv7AAAAXwKvNhbA1B_Pc7o6SiO-jivtoS-bv1SA_IYx2pk-KVNtV9tbqJC0RfxsA
Request Chain 93
  • https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
  • https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 HTTP 303
  • https://segments.company-target.com/log?vendor=choca&user_id=AACKMU7ClNwAABYQdUIFoA HTTP 303
  • https://segments.company-target.com/validateCookie?vendor=choca&user_id=AACKMU7ClNwAABYQdUIFoA&verifyHash=20ba272dc9365c65200762cf91a8496ea00cfd
Request Chain 118
  • https://api.hubspot.com/userpreferences/v1/avatar/04963c130de0c8b0740e38f085c9e984/100 HTTP 307
  • https://avatars.hubspot.net/04963c130de0c8b0740e38f085c9e984-100
Request Chain 119
  • https://api.hubspot.com/userpreferences/v1/avatar/d5e344d61def6c6a18f68fceb2582d49/100 HTTP 307
  • https://avatars.hubspot.net/d5e344d61def6c6a18f68fceb2582d49-100

118 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request cve-2019-18935-remote-code-execution-in-telerik-ui
labs.bishopfox.com/tech-blog/
Redirect Chain
  • https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui
  • https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
183 KB
30 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / HubSpot
Resource Hash
e4c5354e3facb50d1b974362b6f22c46adae91a5a69aa51155aed0fd6722b2bb
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

:method
GET
:authority
labs.bishopfox.com
:scheme
https
:path
/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

date
Tue, 21 Sep 2021 23:41:59 GMT
content-type
text/html;charset=utf-8
cf-ray
692725b7b967dfdb-FRA
age
629
cache-control
s-maxage=7200,max-age=5
link
</hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js>; rel=preload; as=script, </hs/hsstatic/HubspotToolsMenu/static-1.109/js/index.js>; rel=preload; as=script, </hs/hsstatic/cos-i18n/static-1.37/bundles/project.js>; rel=preload; as=script, </hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js>; rel=preload; as=script, </_hcms/forms/v2.js>; rel=preload; as=script, </hs/hsstatic/AsyncSupport/static-1.94/js/comment_listing_asset.js>; rel=preload; as=script
strict-transport-security
max-age=31536000
vary
Accept-Encoding
cf-cache-status
HIT
access-control-allow-credentials
false
content-security-policy
upgrade-insecure-requests
edge-cache-tag
CT-11941922563,CT-23317514002,CT-29248014118,CT-41736538695,CG-10492047050,P-5632775,L-10469805076,L-28319293718,L-28320962156,W-28178011569,CW-10478305230,CW-28294170921,CW-28294377142,CW-28295816956,CW-28509734887,CW-8297568409,CW-8297800340,CW-8297800344,CW-8302667608,CW-8302667698,CW-8303015327,CW-8303015408,DB-2620645,E-28144332160,E-28145500502,E-28550993871,E-32348863542,E-32348863607,MENU-28178011569,PGS-ALL,SW-2,GC-29551615800,GC-30358366903
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
referrer-policy
no-referrer-when-downgrade
x-hs-cache-config
BrowserCache-5s-EdgeCache-7200s
x-hs-content-campaign-id
b6523efd-8992-4338-8c60-aa879679ef57
x-hs-content-id
23317514002
x-hs-hub-id
5632775
x-hubspot-correlation-id
f6d0497f-98c2-4e47-bd04-6ac41c00a99c
x-powered-by
HubSpot
x-trace
2B1B2C0EE80068918A7D5A04330BCF4464AE662FFA000000000000000000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rsN6FDI%2Fr89YelTCE5UA4xKvmD89%2B39Bh5%2FrO1yyFw3%2Fffcqc4niFKBEm1xLXEwbeamXjkfrcAnx%2FUJh9qHUYFXQR3IJT78%2FLCHA78uOga4bmbR9fZ5cl4H%2FazreZo803tZxIFARulUtrfrE8RQjbw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie
__cfruid=75aa4fa7cc0bbfcacf7f0e9eb2b8a9b8acda52a6-1632267719; path=/; domain=.labs.bishopfox.com; HttpOnly; Secure; SameSite=None
server
cloudflare
content-encoding
br
cf-h2-pushed
</hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js>,</hs/hsstatic/HubspotToolsMenu/static-1.109/js/index.js>,</hs/hsstatic/cos-i18n/static-1.37/bundles/project.js>,</hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js>,</_hcms/forms/v2.js>,</hs/hsstatic/AsyncSupport/static-1.94/js/comment_listing_asset.js>

Redirect headers

date
Tue, 21 Sep 2021 23:41:58 GMT
location
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
cf-ray
692725b16ed705fd-FRA
cache-control
no-transform, max-age=120
expires
Tue, 21 Sep 2021 23:43:58 GMT
vary
Accept-Encoding
cf-cache-status
EXPIRED
access-control-allow-credentials
false
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-hs-mapping-id
31405034559
x-hs-mapping-only-after-not-found
yes
x-hs-route-prefix
http://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui
x-hubspot-correlation-id
8012072c-edaa-4e0a-a3fe-cb46c1e35246
x-trace
2B0C59A9960283773EBC58E754C4DEE5C4FCB319AE000000000000000000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gmw%2FZ5tUoX5bXsEyPATa1JzTIUuHM4b6OkTgnxiNjA9KsHQtWEGeJzqw8fiEhtLyB%2F5osO8sGtUkJ51tQX0oZ%2FvVJp%2FZQVjVtzrVbr3DBOIExnb3iLZXCIIViymIgT%2FhFv4eUSTaSzuVPIyL2nPYCg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie
__cfruid=ad0ed914fa40b4699e7063ef0657b3800e679779-1632267718; path=/; domain=.know.bishopfox.com; HttpOnly; Secure; SameSite=None
server
cloudflare
jquery-1.11.2.js
labs.bishopfox.com/hs/hsstatic/jquery-libs/static-1.4/jquery/ 		94 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://labs.bishopfox.com/hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:41:59 GMT
via
1.1 355e7d579c41c1dcc2113e41403be663.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2498913
cf-ray
692725bd2c57dfdb-FRA
x-cache
Hit from cloudfront
x-amz-cf-pop
FRA56-C2
content-encoding
br
last-modified
Thu, 08 Jan 2015 18:08:00 GMT
server
cloudflare
etag
W/"5790ead7ad3ba27397aedfa3d263b867"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ux1Ius5gzfgXdkuE4%2BsXC8%2FGColWhEw2H1eopyyUVAK%2BZ%2BId%2BwqwThSSOuAHGelfH8BqoaqMhXGcRtAo0Z1uAjaAbM8iNn4XMJ38HT1UMrtJ5tXof9%2BPJqRUUVVSGp7jBd1IPoxJLvtJa%2BPp1jlVuQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
null
cache-control
public, max-age=31536000
set-cookie
__cfruid=75aa4fa7cc0bbfcacf7f0e9eb2b8a9b8acda52a6-1632267719; path=/; domain=.labs.bishopfox.com; HttpOnly; Secure; SameSite=None
content-type
application/javascript
x-amz-cf-id
qQSCbF1GTkm4UX9jvZEdkLnuHq_b3XC4AH51fb0t-odVZOZshEnuLw==
expires
Wed, 21 Sep 2022 23:41:59 GMT
index.js
labs.bishopfox.com/hs/hsstatic/HubspotToolsMenu/static-1.109/js/ 		52 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://labs.bishopfox.com/hs/hsstatic/HubspotToolsMenu/static-1.109/js/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
43ac0ae9e90f01a0afabe35cc0aaa377336aac90759e74770251de89db0af44c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:41:59 GMT
via
1.1 9ab847fabb8c9edbd39cff57c2a2f4c0.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3730690
x-amz-server-side-encryption
AES256
cf-ray
692725bd2c58dfdb-FRA
x-cache
Miss from cloudfront
x-amz-replication-status
COMPLETED
x-amz-cf-pop
FRA50-C1
content-encoding
br
last-modified
Fri, 06 Aug 2021 19:39:07 GMT
server
cloudflare
etag
W/"d0801ffff23e81a99fd8046c0846ba93"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IeH0UXaIKdxnTebKcS6Dj1Rf3ivrKRS1PDXWP1Fdf45BRpzc4j3GNMf1SE1wlg8xjqK128pVbNLK7rT07QWGeNz5%2BSeIyQh1z%2BXbYiyX0vAJkhVvD0hbphud%2FMitZHf7e0uLqlkzQ%2FPNaI6M2DxoDw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
WCB.Owk3aP2vvRplDI.5pUwB8LkSH.e_
cache-control
public, max-age=31536000
set-cookie
__cfruid=75aa4fa7cc0bbfcacf7f0e9eb2b8a9b8acda52a6-1632267719; path=/; domain=.labs.bishopfox.com; HttpOnly; Secure; SameSite=None
content-type
application/javascript
x-amz-cf-id
pSsLw65tntFDEdA1Wfzw2gZ1r1sYewn82AJ23gwJ4tbHPJEd6QN2gQ==
expires
Wed, 21 Sep 2022 23:41:59 GMT
project.js
labs.bishopfox.com/hs/hsstatic/cos-i18n/static-1.37/bundles/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://labs.bishopfox.com/hs/hsstatic/cos-i18n/static-1.37/bundles/project.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
69aea70ed00c6297e407afc0b1ccf6db9629eedc412bf0779467f3e462d346e3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:41:59 GMT
via
1.1 e1e056e45a0f8d6bc22b223900511170.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
8238957
x-amz-server-side-encryption
AES256
cf-ray
692725bd2c59dfdb-FRA
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
x-amz-cf-pop
FRA2-C2
content-encoding
br
last-modified
Mon, 14 Jun 2021 16:41:38 GMT
server
cloudflare
etag
W/"6c562b3f1d6a0148fda97d4847422c6f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1eq53XyEZJqkpT5AWcvyqgsR4TisJjA3VLt1si9p140dDKcYPLGUo69FpL%2BKjL4GEPhywnygb0aQTwp61muUXHn6PwHfGZDWYvcy4Ed%2FK611%2Fk%2B9%2B9sr46JxOf79n8kcYGd%2B9qiE%2BzudtfHCHreP5A%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
M9oUePGbwt7hrJpARSIQzQLaIi7kmGEy
cache-control
public, max-age=31536000
set-cookie
__cfruid=75aa4fa7cc0bbfcacf7f0e9eb2b8a9b8acda52a6-1632267719; path=/; domain=.labs.bishopfox.com; HttpOnly; Secure; SameSite=None
content-type
application/javascript
x-amz-cf-id
DUXbRLuhPxzxlhKqx2KMF2WMfvTtTR6IQDORvdAyUi-gNVGhIKhf-Q==
expires
Wed, 21 Sep 2022 23:41:59 GMT
project.js
labs.bishopfox.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://labs.bishopfox.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:41:59 GMT
via
1.1 ae3f020e2e89e632d339db198e9ba75b.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
15820853
x-amz-server-side-encryption
AES256
cf-ray
692725bd2c5adfdb-FRA
x-cache
RefreshHit from cloudfront
x-amz-replication-status
COMPLETED
x-amz-cf-pop
MUC50-C1
content-encoding
br
last-modified
Wed, 19 Aug 2020 22:24:11 GMT
server
cloudflare
etag
W/"ef84f26c310485299d6b75777414eddb"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q7ByEO%2B9joa%2BjhXpmaZLxoKcMApdCW63h8Kel%2BAUzGQaFA0qX4aGQJ53Xf9wEUFyUtP6uZfnLMyd76NwMY1Ps5eL5pVWYXhhQy3nBW1bUfvfI1%2Fhd3Vq5f%2F3PKnhK5KpmSAWKFxWcTl4OE4uVlY62Q%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
gEenO44eZUewxnIWfgj9q6LB.g9OszNv
cache-control
public, max-age=31536000
set-cookie
__cfruid=75aa4fa7cc0bbfcacf7f0e9eb2b8a9b8acda52a6-1632267719; path=/; domain=.labs.bishopfox.com; HttpOnly; Secure; SameSite=None
content-type
application/javascript
x-amz-cf-id
cqvrxixsJGu7xknZVpeNZIIugPJs9Gybqb6Ts_bfIy_dZMvA-0Dp7A==
expires
Wed, 21 Sep 2022 23:41:59 GMT
v2.js
labs.bishopfox.com/_hcms/forms/ 		562 KB
143 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://labs.bishopfox.com/_hcms/forms/v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8c83ead4df620cfe935b691ddd20665037e1582cae7bb3440a9e439e6f144cd9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:41:59 GMT
via
1.1 22e9d361a9c4153886c1c8aa0eb4ffa8.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
44
x-amz-server-side-encryption
AES256
cf-ray
692725bd2c5cdfdb-FRA
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
x-amz-cf-pop
IAD89-C3
content-encoding
br
last-modified
Mon, 20 Sep 2021 03:06:45 UTC
server
cloudflare
etag
W/"630c4058cadb3fc715f112d2cf6b796a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ylIAhq3%2F%2BGBNqFzTnYPTL2GsjGce17dubEkMZBElY2zpTctOB1DNa6zsjln7WOrB03lTmCHuWubSvORp1wLTRESPWBG%2BcNCvM%2FpJ1tVzlH%2FgCmEEafv0vcZb9LyUnZN4VQqPB%2Fu5GtGzKYLNVrdZ1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
DXYshb3V7aEOuJ9zF5pU.Zf9sZWNVJnH
access-control-allow-origin
*
cache-control
s-maxage=600, max-age=0
x-hs-cache-status
HIT
set-cookie
__cfruid=75aa4fa7cc0bbfcacf7f0e9eb2b8a9b8acda52a6-1632267719; path=/; domain=.labs.bishopfox.com; HttpOnly; Secure; SameSite=None
content-type
application/javascript; charset=utf-8
x-amz-cf-id
F1ujGOcGjKl924XEUOB0MNyYRcqx8YpXPwxiwYsrHrDLe7Z8RAATXQ==
x-hs-target-asset
FormsNext/static-5.375/bundles/project_with_deps.js
comment_listing_asset.js
labs.bishopfox.com/hs/hsstatic/AsyncSupport/static-1.94/js/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://labs.bishopfox.com/hs/hsstatic/AsyncSupport/static-1.94/js/comment_listing_asset.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a3a4acc91750315f26ccfdff67b14bdc2ff153fd397500ad60a5ce9e0bafa3b1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:41:59 GMT
via
1.1 4699c08b44211e17f977ca0133ec5e8f.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
15820778
x-amz-server-side-encryption
AES256
cf-ray
692725bd2c5fdfdb-FRA
x-cache
Miss from cloudfront
x-amz-replication-status
COMPLETED
x-amz-cf-pop
MUC50-C1
content-encoding
br
last-modified
Thu, 04 Feb 2021 19:41:00 GMT
server
cloudflare
etag
W/"dead139f9e90162ef18faec5c6658b27"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bemUt9nI80vBjkJ9%2F8GKkEz4AlKdjCMJ64sMq8LNyP6RnHVYBAifyUy0Z38e2yhgAyyhhTub%2F5wAyJYtUg4XNT0QptmpHqaPJuyGVAq4eBeqN1IHTaGBRhOFFtr4NONHoLV40CIUKS3TAJlbZ3XtxA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
rrf8fzfUXW6uWWsBbWfcrt_M5GaKpGIN
cache-control
public, max-age=31536000
set-cookie
__cfruid=75aa4fa7cc0bbfcacf7f0e9eb2b8a9b8acda52a6-1632267719; path=/; domain=.labs.bishopfox.com; HttpOnly; Secure; SameSite=None
content-type
application/javascript
x-amz-cf-id
hSTppcqd7f7gYNCeV8VeplkA7Ike39FQ1U30rnCnpLrLAdmSigubqA==
expires
Wed, 21 Sep 2022 23:41:59 GMT
comments_listing_asset.css
labs.bishopfox.com/hs/hsstatic/AsyncSupport/static-1.94/sass/ 		1 KB
996 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://labs.bishopfox.com/hs/hsstatic/AsyncSupport/static-1.94/sass/comments_listing_asset.css
Requested by
Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
72230de642a6e6a4cc0059fd8555dcdace5fe8ca702e9e8d9f7030f0aa8e07c0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

:path
/hs/hsstatic/AsyncSupport/static-1.94/sass/comments_listing_asset.css
pragma
no-cache
cookie
__cfruid=75aa4fa7cc0bbfcacf7f0e9eb2b8a9b8acda52a6-1632267719
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
labs.bishopfox.com
referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:41:59 GMT
via
1.1 47b2ce4c0cbd550c326fba9b552b2177.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
15820779
x-amz-server-side-encryption
AES256
cf-ray
692725bd7c8ddfdb-FRA
x-cache
Miss from cloudfront
x-amz-replication-status
COMPLETED
content-encoding
br
last-modified
Thu, 04 Feb 2021 19:41:00 GMT
server
cloudflare
etag
W/"b8ee8eabaab596a61f9dce917ea44a73"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wkWu%2FdcyYwedz1FZBQdz%2FwLY7vGubetcE1V4OkGRrnDs%2BGnNXN0LfitMyZKswdi3ato4da8rd20JbTXNRxWhnZUNSxT5iRM0xpdjAQtKR14iRfIXSqN8%2BFWjhmUgmy2eehQbsuJmdCktV02BIuLDsg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
9bHcd_ft.zS_ljDQKZIJC6FKEZ_yO.ou
cache-control
public, max-age=31536000
x-amz-cf-pop
MUC50-C1
content-type
text/css
x-amz-cf-id
klQIHiiILiwZ2Bb1RtEHtrdZa2FGWA9Wy1AACu52uMd1VRYfYHBeYw==
expires
Wed, 21 Sep 2022 23:41:59 GMT
module_10478305230_Social_Icons.min.css
labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/module_assets/10478305230/1587759185112/ 		288 B
914 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/module_assets/10478305230/1587759185112/module_10478305230_Social_Icons.min.css
Requested by
Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d0665aad66140bedfae8ee86351e3123060565001e33867552dd4b0f4a5a23d1

Request headers

:path
/hs-fs/hub/5632775/hub_generated/module_assets/10478305230/1587759185112/module_10478305230_Social_Icons.min.css
pragma
no-cache
cookie
__cfruid=75aa4fa7cc0bbfcacf7f0e9eb2b8a9b8acda52a6-1632267719
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
labs.bishopfox.com
referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:41:59 GMT
via
1.1 b5e757a7da6f6fe6261f56a8a9646881.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
627
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 11
content-encoding
br
x-amz-request-id
T5S8XPNKBDY3CRNT
x-amz-id-2
Hx/qv83Qza9aT4NYGI1PT/082pyf8z8HETzl10lkbVcbuEOFpglHSY6zq16F+q2eOESvlsyy1xQ=
last-modified
Fri, 24 Apr 2020 20:13:06 GMT
server
cloudflare
etag
W/"f9a21447ab17cc1cf5127e2a9fdef72a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R8EwbnlK9ltDf%2BAEW57tHH2slttzlnZtZfNZsMqjZ6zqNvIrjNR1FEpNHOQHAJBkGxqs28tXshxFVxBf2odaFl2RI8OuFg0czvuwUerG93OAp%2FlbPN0vacBYL8o5TKmqFvN2qWnMTRyJs5sCn66bkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
z3NVlkKDFe3SWmID3h_gz_034msu3TZx
x-amz-cf-pop
IAD89-C1
cf-ray
692725bd7c8edfdb-FRA
x-amz-cf-id
07xOPrMtXoz8XoYipksOEoxDNsubSCHpQkNrPURf3Xc2vEVaVDGpvA==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 11
eml7xva.css
use.typekit.net/ 		9 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/eml7xva.css
Requested by
Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba0a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
0e4330fc42b9bc471699a995039181f9a8d98deba31c84c6961c7057e23c447c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains;
content-encoding
gzip
server
nginx
date
Tue, 21 Sep 2021 23:41:59 GMT
vary
Accept-Encoding
content-type
text/css;charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
1056
in.js
platform.linkedin.com/ 		201 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.linkedin.com/in.js
Requested by
Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:66b5:799a:7cd3:f74d:7071 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F0A) /
Resource Hash
6cbb1738fe282734c8ddc440165f5debb94786a1ee3cecc6e625d77736cfdb60

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:41:59 GMT
content-encoding
gzip
vary
Accept-Encoding
x-cdn-client-ip-version
IPV6
x-cdn
ECST
age
2052
x-cache
HIT
x-cdn-proto
HTTP2
content-length
62393
x-li-uuid
8urI4vn4phbQocjdMSsAAA==
server
ECAcc (frc/8F0A)
last-modified
Tue, 21 Sep 2021 23:07:47 GMT
x-li-pop
prod-eda6
nel
{"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=3600
accept-ranges
bytes
x-li-proto
http/1.1
x-li-fabric
prod-ltx1
expires
Wed, 22 Sep 2021 00:07:47 GMT
layout.min.css
cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1632238886108/hubspot/hubspot_default/shared/responsive/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1632238886108/hubspot/hubspot_default/shared/responsive/layout.min.css
Requested by
Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:f1cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
341a4d40ad1b2560db940f906716d0e9539d4c0785399d7e0348fd0d3af00170

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis
1632238886170
date
Tue, 21 Sep 2021 23:41:59 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
28527
x-hs-alternate-content-type
text/plain
x-amz-server-side-encryption
AES256
x-edge-origin-shield-skipped
0
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6dqeNUwgEYCZyReDAIva4Yopf2XwQxNJO2zqy9EBFHO2NneP3RCO8wV14%2Bjm4072COIytsAwa3TCSB8acMPEBCNT8rx42pF6LwHhDtBDS1oxQrAo3pyVHUGik3b6KBEkiID6NPgwuUV9Dx0Wa6Y%3D"}],"group":"cf-nel","max_age":604800}
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
last-modified
Tue, 21 Sep 2021 15:41:27 GMT
server
cloudflare
etag
W/"0b0c633d59ab0af9553a98c0e7d97349"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-cf-pop
IAD89-C1
cf-ray
692725bdbfd85bf9-FRA
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
styles.min.css
labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/template_assets/28144332160/1597184910188/Custom/Bishop_Fox_2020/Coded_Files/ 		91 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/template_assets/28144332160/1597184910188/Custom/Bishop_Fox_2020/Coded_Files/styles.min.css
Requested by
Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1701e3fa666b6218db2a8b8034f8c843270e92c7244a5028f48e26e80420591

Request headers

:path
/hs-fs/hub/5632775/hub_generated/template_assets/28144332160/1597184910188/Custom/Bishop_Fox_2020/Coded_Files/styles.min.css
pragma
no-cache
cookie
__cfruid=75aa4fa7cc0bbfcacf7f0e9eb2b8a9b8acda52a6-1632267719
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
labs.bishopfox.com
referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis
1597184910188
date
Tue, 21 Sep 2021 23:41:59 GMT
via
1.1 6b8cdd1ce925ccd88cc918dd35811d07.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
627
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 11
content-encoding
br
x-amz-request-id
T5S04FPVYZVW6NB5
x-amz-id-2
I0Cy6Dg7F5+AyPfT9RCEWNJMCGzDaSjLVvW5veK9uNKYfxErSqy+etQhdPVYfp166y/NHJDNYJc=
last-modified
Tue, 11 Aug 2020 22:28:31 GMT
server
cloudflare
etag
W/"17da206b34e3090886773a9125c8f744"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HUc7KN6CaqjIUcn%2BD6hQIbwtHHaTV4Au9U8Zk3tFm6PkY%2FgwFmA9nHk%2B4BCWK0sAy2t%2Fk9onYwjReJz9HTyr%2FULxps0ITBHId15EvI5p2Ir9YFLyhsl5h%2FxAaU7nYqTVq8B4z5EvYqHMTATJ7m8nXA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
CBIjujsdV8rN8yLa7muuXN894DnV3sW6
x-amz-cf-pop
IAD89-C1
cf-ray
692725bd7c8fdfdb-FRA
x-amz-cf-id
i7LcXWfXvuBEh4DE24CkDOLHF34tghLlMFIaaNyEnUlMez1Jr9wGQA==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 11
prism.min.css
labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/template_assets/32348863542/1595255868968/Custom/Bishop_Fox_2020/Coded_Files/ 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/template_assets/32348863542/1595255868968/Custom/Bishop_Fox_2020/Coded_Files/prism.min.css
Requested by
Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
53bbbcda593dc7d2483e3225fa353d9e8cad17c46baa7088ba0db94d66f0bf9e

Request headers

:path
/hs-fs/hub/5632775/hub_generated/template_assets/32348863542/1595255868968/Custom/Bishop_Fox_2020/Coded_Files/prism.min.css
pragma
no-cache
cookie
__cfruid=75aa4fa7cc0bbfcacf7f0e9eb2b8a9b8acda52a6-1632267719
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
labs.bishopfox.com
referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis
1595255868968
date
Tue, 21 Sep 2021 23:41:59 GMT
via
1.1 7154e2f13d02d1cc12281ca90f1bd47f.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
627
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
content-encoding
br
x-amz-request-id
NERCBJJ1187ZP0KN
x-amz-id-2
sijlvb79nzT/rvgrdK/L6Afc0oMWB234sR/QcncpXz+TJQ0OcbhXrww3xSXObrlByZ4Hgk8PcSQ=
last-modified
Mon, 20 Jul 2020 14:37:49 GMT
server
cloudflare
etag
W/"a43baa16da2d3f3c255e6df5d2fcda20"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PGsYf0dLRfWc8cyVlxEAhTw5mDpF0uNO8BZbK2K4B10IDcBKMJdEnYScoDURmbc%2FHKo%2BwxB2QpcXROW%2F6woe6g%2BjoK0EBCLf5J4H3GoohbgWLlJh4%2BYLSaSJ72uKSDbbMN5ptgQ%2BQ50oi6Dd0HcvPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
M8kW4g.fpbVz3EcLbuF7t8DRivL39XdS
x-amz-cf-pop
IAD66-C1
cf-ray
692725bd7c90dfdb-FRA
x-amz-cf-id
ggAb5RKabFm8qFcBTJxUkY8VCSIXHZncuqbgezHQbghBsNAzJw4myQ==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
BishopFoxLabs-Logo-Black.svg
labs.bishopfox.com/hubfs/Logos/ 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://labs.bishopfox.com/hubfs/Logos/BishopFoxLabs-Logo-Black.svg
Requested by
Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
482764a09e130bd7446e86016ab44a442d73e2b295879cbb2666f7790478b187

Request headers

:path
/hubfs/Logos/BishopFoxLabs-Logo-Black.svg
pragma
no-cache
cookie
__cfruid=75aa4fa7cc0bbfcacf7f0e9eb2b8a9b8acda52a6-1632267719
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
labs.bishopfox.com
referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-methods
GET
date
Tue, 21 Sep 2021 23:41:59 GMT
via
1.1 414a05dee9c365a2a2079013f9d53671.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-28955847558,FD-28955967354,P-5632775,FLS-ALL
age
1090972
x-amz-server-side-encryption
AES256
edge-cache-tag
F-28955847558,FD-28955967354,P-5632775,FLS-ALL
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 11
content-encoding
br
x-amz-request-id
8PW0FBRC47PGXBWB
x-amz-id-2
3zEPEHsRSgj5tt2spn8PkBB8arFXwUsnTVsaK+fzrbYVDQHDpuMePfLb/ERNeihbNqRsM5zYhDE=
last-modified
Thu, 30 Apr 2020 14:06:23 GMT
server
cloudflare
etag
W/"c092105e6b23817d8977a1afc51faa1e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JWu1BVGZwDljh9tzF5LK6%2BYGfOixkHmRqkhg%2FZqE37CgOmneWSblnQbi5n%2BwEWHLtK6NoeHYFy8X9LFvLd%2BxZ6EuPRU%2BVEXG%2FphN2bBIyO7l9bKs0uvCNIG6CZmXEsvLSWQRCqIbDZjMnBiowTiqhw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id
mXuZz95KgSwgTAxdzh8jlE_hq5mcuNck
x-amz-cf-pop
DUS51-C1
cf-ray
692725becda3dfdb-FRA
x-amz-cf-id
UGnFzWCgQ6w4qxxRFHmq2cLOSR4DfRW7WRc0Sjyn-UV2zGuSGVnXxg==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 11
BishopFoxLabs-Logo-Simplified-Black.svg
labs.bishopfox.com/hubfs/Logos/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://labs.bishopfox.com/hubfs/Logos/BishopFoxLabs-Logo-Simplified-Black.svg
Requested by
Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c34dbb609c6387f6175474daf591365e75a67780b5b5f10ca1e3a069187c694b

Request headers

:path
/hubfs/Logos/BishopFoxLabs-Logo-Simplified-Black.svg
pragma
no-cache
cookie
__cfruid=75aa4fa7cc0bbfcacf7f0e9eb2b8a9b8acda52a6-1632267719
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
labs.bishopfox.com
referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-methods
GET
date
Tue, 21 Sep 2021 23:41:59 GMT
via
1.1 2bbba694ff55d664208103e9c25dce14.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-28955848741,FD-28955967354,P-5632775,FLS-ALL
age
759083
x-amz-server-side-encryption
AES256
edge-cache-tag
F-28955848741,FD-28955967354,P-5632775,FLS-ALL
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
content-encoding
br
x-amz-request-id
VP50K6SY9TP1V11Q
x-amz-id-2
q7AHrI/s4g8bSYLOf/pvEqoLFl2flnapdBTsfKCpFFFh/x5j7WNxY4hhHW31WWXeodVlSa6YW30=
last-modified
Thu, 30 Apr 2020 14:27:27 GMT
server
cloudflare
etag
W/"b3c81c94ed4ebc1b8523c5a7ec33e6a7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DfAm2q53mF2fXK9U7uBG957XOhHPHz5wGZI%2BaPaFbKt10ypOFpkNEKm%2B0wejInnqkrL3g5wAOs6BLDgKR0s6gwY1k3zJbKmuFPA4D2IjvYMtQ8mkYvYNAOTaHwKhO23KJburSNlzf2jALr3aaP1aCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id
mAlYJd53qS3J6KxX_rRFXLrBvOkX2Kle
x-amz-cf-pop
FRA2-C1
cf-ray
692725becdb1dfdb-FRA
x-amz-cf-id
Ed_bGXXYAwry3eqR_clueItAyd_91EN85iTH7HUIXUel6z-Rwr91LQ==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
tocbot.min.js
labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/template_assets/28550993871/1589569483649/Custom/Bishop_Fox_2020/Coded_Files/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/template_assets/28550993871/1589569483649/Custom/Bishop_Fox_2020/Coded_Files/tocbot.min.js
Requested by
Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c8d76f539c79c8169dd727ae8842c1dfa3513378fada30cd91dbaf26a1290801

Request headers

:path
/hs-fs/hub/5632775/hub_generated/template_assets/28550993871/1589569483649/Custom/Bishop_Fox_2020/Coded_Files/tocbot.min.js
pragma
no-cache
cookie
__cfruid=75aa4fa7cc0bbfcacf7f0e9eb2b8a9b8acda52a6-1632267719
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
labs.bishopfox.com
referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:41:59 GMT
via
1.1 7a99ed3f39c18af8fe138a695e5f657d.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
627
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 11
content-encoding
br
x-amz-request-id
Q0F4FN9M97WCW199
x-amz-id-2
haMH0ieRDPkkqyTQRMmSpvIChtECUbf7SyO19tmaNUChGTKoRviVVtyhsciwdpJtQohFkrhXDJg=
last-modified
Fri, 15 May 2020 19:04:44 GMT
server
cloudflare
etag
W/"6b37b978ab743d97ee63b9d31ef21556"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ApHKvxn5H8CUWX5Uz40p99xcKhhdyE2q%2Fab1wdbr4SqtbB8xwsU8PII%2BYfjmz%2FoENQIyxIBLtZR%2BD4ZZbsNzlUnFfj6OnFV5D3xsH%2BHHZxSyDXveibBWcg%2FhgdOaT%2F2hTCQG2aginrdWpflgurDzSw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
4HTBarBewLbln.aAV_20fQkSKYnW.Z7p
x-amz-cf-pop
IAD89-C1
cf-ray
692725be3d02dfdb-FRA
x-amz-cf-id
_isgVj_FFR6I-dWFRFDWgBxFzsx9uCN_tCiT22OTCLJFvw9OdhQ22A==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 11
main.min.js
labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/template_assets/28145500502/1589569486311/Custom/Bishop_Fox_2020/Coded_Files/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/template_assets/28145500502/1589569486311/Custom/Bishop_Fox_2020/Coded_Files/main.min.js
Requested by
Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
07d59d11e10a2e559c0ce70c86b9736aed6a46a3b0b55c6cab658215ecb3ba57

Request headers

:path
/hs-fs/hub/5632775/hub_generated/template_assets/28145500502/1589569486311/Custom/Bishop_Fox_2020/Coded_Files/main.min.js
pragma
no-cache
cookie
__cfruid=75aa4fa7cc0bbfcacf7f0e9eb2b8a9b8acda52a6-1632267719
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
labs.bishopfox.com
referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:41:59 GMT
via
1.1 2e50d9b1ee017f302768660f02b7418e.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
626
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 11
content-encoding
br
x-amz-request-id
M0NXFCSHFAJ5WWCR
x-amz-id-2
HznbQ3/Q7bdpRIpcLCNTWIFtojBrNQIIaMkq38ssOUuOSyrEw1XtNkCkve9Y7OprKBz6AfVPZHs=
last-modified
Fri, 15 May 2020 19:04:47 GMT
server
cloudflare
etag
W/"a039532aed6a100a7d84cba1d22eb293"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IMd0C4o3hPE1tFFsFG%2BkRAiR13aupFJG3X9bHN6GNOYlekdMFDDOiNiEFTdCwbgrmIr%2B4N4L4PTI7wGF8oyCSDZw4mD5gvkMBCi2Mgxaw2x%2FzTg40g7UxmgMhYJ8mOTQYGeNHZ4XnIRRgXlHLZ1H9A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
.ih4zeutrPQaWWEAOA_M53biY2uOb9Qg
x-amz-cf-pop
IAD89-C1
cf-ray
692725be6d5fdfdb-FRA
x-amz-cf-id
yQybS3OL61BWkMh8k8M7o7zLPNS2mujQX2bJ9Ykpefs6ds_H4fBRCQ==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 11
prism.min.js
labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/template_assets/32348863607/1595255713736/Custom/Bishop_Fox_2020/Coded_Files/ 		439 KB
162 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/template_assets/32348863607/1595255713736/Custom/Bishop_Fox_2020/Coded_Files/prism.min.js
Requested by
Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
397ea9453748b35f255a67e3d8e3b4ea0451490297295b643d6cbcd01764885a

Request headers

:path
/hs-fs/hub/5632775/hub_generated/template_assets/32348863607/1595255713736/Custom/Bishop_Fox_2020/Coded_Files/prism.min.js
pragma
no-cache
cookie
__cfruid=75aa4fa7cc0bbfcacf7f0e9eb2b8a9b8acda52a6-1632267719
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
labs.bishopfox.com
referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis
1595255713737
date
Tue, 21 Sep 2021 23:41:59 GMT
via
1.1 5195de19cbc5ce842ac6538e9a6850cb.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
627
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 11
content-encoding
br
x-amz-request-id
AWM94ZSDJG55FQEW
x-amz-id-2
52AMrwgSmckq2iXPGpyq4/zG3a5UY4Yst93pzkEdnbIlizMWDhwW/k64lQ9eCTrLMttl+0jv0M0=
last-modified
Mon, 20 Jul 2020 14:35:14 GMT
server
cloudflare
etag
W/"7cb7749663fb165d3803c8bbcc284e55"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K3tTXeideDYXKaXrZXPwl%2BfIkGeSKQLgJNUsHQOqgTK1yWu8Cimyl1X%2Bq6lG8bhchwTG6fdN5V9oUnF9Lgx4eGK625Vv8huxvztX0Jg%2FkXpVnPQt3fLFYQeBFhtun%2BbKxxfTcKcwwkefq3brskFzAA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
jiSK5D.JQHVI.2.XQsiW63K.Y7e23I8c
x-amz-cf-pop
IAD89-C1
cf-ray
692725bead90dfdb-FRA
x-amz-cf-id
vmprDa1-dxpLQ-L_4i08chEqsMxPjrgkHXz_-9b5S1vb48oL20gNsQ==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 11
module_28294170921_2020_Hub_-_Header_-_Search.js
labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/module_assets/1588605389426/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/module_assets/1588605389426/module_28294170921_2020_Hub_-_Header_-_Search.js
Requested by
Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
72ad15be9ebaf0ccb9f542bd82398a4ec5f69f1f30593eff9807473af1a907e7

Request headers

:path
/hs-fs/hub/5632775/hub_generated/module_assets/1588605389426/module_28294170921_2020_Hub_-_Header_-_Search.js
pragma
no-cache
cookie
__cfruid=75aa4fa7cc0bbfcacf7f0e9eb2b8a9b8acda52a6-1632267719
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
labs.bishopfox.com
referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:41:59 GMT
via
1.1 c1802b2f6f4e591b6df12b5a8a9876a7.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
626
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 11
content-encoding
br
x-amz-request-id
0WB3Q2VG15E715PK
x-amz-id-2
ZXnDTq38YO61aCYcfVmudV5AugrZN30xzie2d6EuBX+TttAC7JCC5PDvIffz146mP8++JGGjB+0=
last-modified
Mon, 04 May 2020 15:16:30 GMT
server
cloudflare
etag
W/"97a06edce2100b01bbbe4d2cfb7421da"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=psSX3R4oVVsukVpXRRbcXv8puQZmNfLVwW7LrlsgkR4cFTcANv8CQ9Sohgy8aDltMnlZecPkEwgHt4Q1Oo0DiUCYqACl1CZrwo7r%2BWAraO2t4hzD3Q0UKxPjVbK7JeIBVi1H%2Fx2OvU%2BTnfEdlCzd3A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
8EiDD8763pINn_VkZJo4ueKMFK8LI78T
x-amz-cf-pop
IAD89-C1
cf-ray
692725becda1dfdb-FRA
x-amz-cf-id
XupzU1CplonBcvkJn7x-F7giTNasUxFuWfZUkfY7FVWujVAUdX1f4Q==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 11
module_28295816956_2020_Hub_-_Header_-_Hamburger_Menu.min.js
labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/module_assets/28295816956/1588605379768/ 		367 B
986 B 		Script
General
Check archive.org
Download Go to
Full URL
https://labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/module_assets/28295816956/1588605379768/module_28295816956_2020_Hub_-_Header_-_Hamburger_Menu.min.js
Requested by
Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
afee3609c2d320fbe4ff5a90eaccd92d9628453944181649631dee0081de9d9b

Request headers

:path
/hs-fs/hub/5632775/hub_generated/module_assets/28295816956/1588605379768/module_28295816956_2020_Hub_-_Header_-_Hamburger_Menu.min.js
pragma
no-cache
cookie
__cfruid=75aa4fa7cc0bbfcacf7f0e9eb2b8a9b8acda52a6-1632267719
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
labs.bishopfox.com
referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:41:59 GMT
via
1.1 14d757a67b913f1bc93427e69819362d.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
626
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
content-encoding
br
x-amz-request-id
0A63CA9SDZEDHQ2K
x-amz-id-2
HrrLKPCAEBLLoHlfA5bfOe1AMRTuwtP4PZ6iuX0r2k56PIyg0WKKFcavKbX1ktDMS4VzVDNrZgE=
last-modified
Mon, 04 May 2020 15:16:20 GMT
server
cloudflare
etag
W/"18321dc2c6d1bd60c0c3f15d9b6d02e0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cJUu%2FxUBWcr7%2BA0X8unbOj0XVIs0Y55b3nPCnlZhhNQ5kQVFIm0q5DJGh6DEll4rV9A6CqdHUv4pCM3ctWXAIwV1X%2BrH52r5I0mhDADiGS3oAjRHAvHN2989DcWcdOiV%2FlHxgxikjMmipnV3FrSPaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
Otv2h8oRWUzZyogF.jSbKepn8wtGXreV
x-amz-cf-pop
IAD89-C1
cf-ray
692725becda2dfdb-FRA
x-amz-cf-id
guv2bsnZNl9j3CoLhfVawZE5_tYLQqueeGHqi7HfHIbrrIBujQj0Dg==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
5632775.js
labs.bishopfox.com/hs/scriptloader/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://labs.bishopfox.com/hs/scriptloader/5632775.js
Requested by
Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
da4a58c48eea08aca7856d4798deab2f58f969de1482678d47286c58b0bb9fd0

Request headers

:path
/hs/scriptloader/5632775.js
pragma
no-cache
cookie
__cfruid=75aa4fa7cc0bbfcacf7f0e9eb2b8a9b8acda52a6-1632267719
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
labs.bishopfox.com
referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:41:59 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
347c1e64-a786-4741-abee-db3534218a4e
server
cloudflare
x-trace
2B09E32CC4DD9ABFCBF30C01C18EE0E2818CFC499F000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3600
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u%2B5oEMJD6%2F6cE1txXcFrFmXLfmLvX0jTN4Vy3YJaMn%2B6nQHiETqhlp8jM%2Bz8MnpQbBFUCKOi8vQ1baVqdeLP%2FCC2dFjZv1wxnU%2BznyMVwPpbmoXecRgh1dt6PkbU4Szhcap86WpvUYYQtXY1ToHkvA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript;charset=utf-8
cache-control
public, max-age=60
access-control-allow-credentials
true
cf-ray
692725becdb7dfdb-FRA
expires
Tue, 21 Sep 2021 23:42:59 GMT
gtm.js
www.googletagmanager.com/ 		184 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-TCFGBGH
Requested by
Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
bdce309d9f719feeab7a41bd8fa7d853ad50b3892f60df79e3f80d5a12ed5467
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:41:59 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
65819
x-xss-protection
0
last-modified
Tue, 21 Sep 2021 21:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 21 Sep 2021 23:41:59 GMT
p.css
p.typekit.net/ 		5 B
162 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://p.typekit.net/p.css?s=1&k=eml7xva&ht=tk&f=139.140.173.174.175.176.143.144.145.146.147.148&a=16561858&app=typekit&e=css
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/eml7xva.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:2ae::19fd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://use.typekit.net/eml7xva.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:41:59 GMT
last-modified
Thu, 05 Nov 2020 13:49:42 GMT
server
nginx
etag
"5fa402f6-5"
content-type
text/css
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
5
--6PiuvBGAU
www.youtube.com/embed/ Frame FABD 		56 KB
25 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/embed/--6PiuvBGAU
Requested by
Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
adbbd83a1c6f81c5ccfbdf3e6e73147f59f349b11c6313ab664f6206bccbb776
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
www.youtube.com
:scheme
https
:path
/embed/--6PiuvBGAU
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Response headers

content-type
text/html; charset=utf-8
x-content-type-options
nosniff
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Tue, 21 Sep 2021 23:41:59 GMT
strict-transport-security
max-age=31536000
report-to
{"group":"AZM8irYOyGiHPUipdmT4ndw90h_PnG3TnL0unA","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8irYOyGiHPUipdmT4ndw90h_PnG3TnL0unA"}]}
cross-origin-opener-policy-report-only
same-origin; report-to="AZM8irYOyGiHPUipdmT4ndw90h_PnG3TnL0unA"
permissions-policy
ch-ua-full-version=*, ch-ua-platform=*, ch-ua-platform-version=*, ch-ua-arch=*, ch-ua-model=*
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
content-encoding
br
server
ESF
x-xss-protection
0
set-cookie
YSC=TWHt9PMpXo4; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none VISITOR_INFO1_LIVE=CPwDcRkdYkw; Domain=.youtube.com; Expires=Sun, 20-Mar-2022 23:41:59 GMT; Path=/; Secure; HttpOnly; SameSite=none CONSENT=PENDING+719; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.youtube.com; Secure
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
BishopFox-Labs-Background.svg
know.bishopfox.com/hubfs/Backgrounds/ 		621 KB
457 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://know.bishopfox.com/hubfs/Backgrounds/BishopFox-Labs-Background.svg
Requested by
Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/template_assets/28144332160/1597184910188/Custom/Bishop_Fox_2020/Coded_Files/styles.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f60e5f09897f9af1a4190159019fa7617df27856207b153888844ffc5ac3790b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-methods
GET
date
Tue, 21 Sep 2021 23:41:59 GMT
via
1.1 cfe78f21e6a560afb18f3b92eb4e9605.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-28956062666,P-5632775,FLS-ALL
age
1090971
x-amz-server-side-encryption
AES256
edge-cache-tag
F-28956062666,P-5632775,FLS-ALL
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 11
content-encoding
br
x-amz-request-id
087VSKE4MQRTVAR4
x-amz-id-2
VqW7P7LFIrWkReK6iNSJD1daJGrRIMDCyZznml/hgoHIPc8LBsSPOZOlpwRJTActul+0K9pK3ao=
last-modified
Thu, 30 Apr 2020 14:15:22 GMT
server
cloudflare
etag
W/"33d52a645e21be569cf58f161c039515"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1JJcUk%2BtfAi8AuHseYtRnQcXo3owXhBdrZvOIX8XFAXbn0%2FmwPqcRVu4YClPpzSawNVRY%2FP%2FKJUcfgaKMglEC2xTWRmkZeQXBxFbUbdNusSPcm08GFHGeTY4C3s3SkI5OMlM%2F5YOculiWayE04fZoA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id
OwVJGcfkYdK8E.fT1cEyLmumLb895CnU
x-amz-cf-pop
DUS51-C1
cf-ray
692725beda0905fd-FRA
x-amz-cf-id
wjtXjQeW-InWJ1Bm8P08vYufu2IweYFPVikjXj7YoFxqbOwCt6Oxpw==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 11
truncated
/ 		700 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
09c4cb3040f901cc5a13fb0be1cd920cbb7a8d6dc2b3774f745ccac459462e19

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		650 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9c9b17aaa6d7189ffe7cd7623f61f63b60df3178aaa8ced604a464c237178bce

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/svg+xml
Caleb%20%20-%20Profile.jpg
labs.bishopfox.com/hs-fs/hubfs/ 		580 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://labs.bishopfox.com/hs-fs/hubfs/Caleb%20%20-%20Profile.jpg?width=32&name=Caleb%20%20-%20Profile.jpg
Requested by
Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a86b8c1fa9a765b51d4954ea0ca03f07280c044c999d11609689d044eee7eb24

Request headers

:path
/hs-fs/hubfs/Caleb%20%20-%20Profile.jpg?width=32&name=Caleb%20%20-%20Profile.jpg
pragma
no-cache
cookie
__cfruid=75aa4fa7cc0bbfcacf7f0e9eb2b8a9b8acda52a6-1632267719
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
labs.bishopfox.com
referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:41:59 GMT
via
1.1 55b6418a8a2f714a67d8e4d292154ef3.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
484719
cf-polished
qual=85, origFmt=jpeg, origSize=1649
edge-cache-tag
F-30821200118,FD-9004383487,P-5632775,FLS-ALL
x-edge-origin-shield-skipped
0
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="Caleb%20%20-%20Profile.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
content-length
580
x-amz-server-side-encryption
AES256
last-modified
Thu, 26 Aug 2021 19:13:58 GMT
server
cloudflare
x-cache
Miss from cloudfront
etag
"293489825efda97ca899500dbf71c155"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gYsjjtG7ljjryUuTDMpNtgT%2B3puk3b6gd%2Fp3JB%2BQRuq4pC1XUyzrcSlfHaYZJNxsgO2Cz%2BSgSEy4omnE%2FvwjODCQyaZO2I4P2CyfMS%2BulOlAiUSiDD8HxaIiA1T97twqucnc%2FC%2BtuyQ9T7OSG8bkxg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cf-bgj
imgq:85,h2pri
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials
false
x-amz-cf-pop
IAD89-C1
accept-ranges
bytes
cf-ray
692725beedb9dfdb-FRA
x-amz-cf-id
vKINm9ATrIsLDypQU1xTiDCFr4G08wqwgtocVUNZ5QfXrIhSHuIRZg==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
truncated
/ 		388 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cfe0094ec9c1e414159e1f064b9004d6af663e7b3c2d61c20a18e40e63d6a647

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/svg+xml
Bishop-Fox-Labs-ZIGDIGGITY.jpg
labs.bishopfox.com/hubfs/Logos/ 		66 KB
67 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://labs.bishopfox.com/hubfs/Logos/Bishop-Fox-Labs-ZIGDIGGITY.jpg
Requested by
Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
da25be71af88ccd751ae40782ff8c30e65e3ecf0770f03ae06c872d87b7a02e9

Request headers

:path
/hubfs/Logos/Bishop-Fox-Labs-ZIGDIGGITY.jpg
pragma
no-cache
cookie
__cfruid=75aa4fa7cc0bbfcacf7f0e9eb2b8a9b8acda52a6-1632267719
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
labs.bishopfox.com
referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-meta-cache-tag
F-29912613070,P-5632775,FLS-ALL
age
1011621
x-amz-server-side-encryption
AES256
edge-cache-tag
F-29912613070,P-5632775,FLS-ALL
content-disposition
inline; filename="Bishop-Fox-Labs-ZIGDIGGITY.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 11
x-amz-request-id
S9W901D58BARG088
cf-bgj
imgq:85,h2pri
etag
"618d3970d5bf4c25d91f2b8dbc92d7dc"
vary
Accept, Accept-Encoding
content-type
image/webp
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 11
date
Tue, 21 Sep 2021 23:41:59 GMT
via
1.1 91528fdf97ef415d04fa66a0fbb562d7.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
DUS51-C1
cf-polished
qual=85, origFmt=jpeg, origSize=452053
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
content-length
67666
x-amz-id-2
z5+bPZdcgOmyn8P2Z9c4eeKg9LLZTNmpQ9gfcTaiVV5cPcyiMBYuT/62t/xvMDAfntMAiJktg1E=
last-modified
Mon, 01 Jun 2020 20:40:38 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OsN%2B%2FnzOF4rIiJFTFCf8hUIwpaKXOZnxZUgVj405qRU%2Fvbo4iuqldcxqLYWEZMzVrtwrygy0kSoNRZXbjRevlhuoD9%2F2JP9W9EqHsCq6BI2rT49aDRZhCSvY9kGJnlNIc8jdx9d3W2efCf0A2BSRjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
4vVOICHuAgKKTPicsNLS1xZtieadTeJC
accept-ranges
bytes
cf-ray
692725beedbadfdb-FRA
x-amz-cf-id
8kiuFqUOhisTq2seNqF83e41Sjbd0dEcPxWnfLqX0nTlY81bKMJbWA==
200508-Twitter-01-RMIScout.png
labs.bishopfox.com/hubfs/Research/ 		102 KB
103 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://labs.bishopfox.com/hubfs/Research/200508-Twitter-01-RMIScout.png
Requested by
Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
5d80a514d4ff6c64bab3d3c0a422e32ca989a0af6e05a0c6c4b721176ef08d16

Request headers

:path
/hubfs/Research/200508-Twitter-01-RMIScout.png
pragma
no-cache
cookie
__cfruid=75aa4fa7cc0bbfcacf7f0e9eb2b8a9b8acda52a6-1632267719
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
labs.bishopfox.com
referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-meta-cache-tag
F-29915756613,P-5632775,FLS-ALL
age
1305270
x-amz-server-side-encryption
AES256
edge-cache-tag
F-29915756613,P-5632775,FLS-ALL
content-disposition
inline; filename="200508-Twitter-01-RMIScout.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
x-amz-request-id
XSBQ4F2QM5FWZXC3
cf-bgj
imgq:85,h2pri
etag
"ed74b184547ace51869044bbbdd96ca0"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
date
Tue, 21 Sep 2021 23:41:59 GMT
via
1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA50-C1
cf-polished
origFmt=png, origSize=152798
x-cache
Miss from cloudfront
x-amz-meta-index-tag
all
content-length
104106
x-amz-id-2
+s33/W+mrbSap4XUpn4YtCWMIwvuLd/27X85kSua8jRG4k0AcuOh2g6rd0YVjLViizN5s8jR6zw=
last-modified
Fri, 05 Jun 2020 22:37:04 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZGFCPJ1y4RYRbLWml4rvwlZA7libGRAiJPV2IgZerUioi2MaVPPDGQbsjwbBfYHIMM1m%2BloC5vnAo2w6snvRGBVz7xHW05Xz5psi01vcEPyosAj7Mozc0%2FWKBsgAu5eYRdpfEL4%2BSPRBfgTbVGSIgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
o4Hbu1kotL9lspjRwe_z1FKpepli2bzq
accept-ranges
bytes
cf-ray
692725beedbbdfdb-FRA
x-amz-cf-id
OPsxZ4NdWVpgmWtrulO2PYhB2ae7BKYa6EGfybMZ48rA30geM-DTlw==
FI%20Code%20Snippet%20700px%20Wide.png
labs.bishopfox.com/hubfs/ 		55 KB
56 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://labs.bishopfox.com/hubfs/FI%20Code%20Snippet%20700px%20Wide.png
Requested by
Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
87dc0517423f932aab0dabb2f41ab2f5ac41a4ba435794dcc6c6af663603df75

Request headers

:path
/hubfs/FI%20Code%20Snippet%20700px%20Wide.png
pragma
no-cache
cookie
__cfruid=75aa4fa7cc0bbfcacf7f0e9eb2b8a9b8acda52a6-1632267719
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
labs.bishopfox.com
referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-meta-cache-tag
F-41933881541,P-5632775,FLS-ALL
age
458884
x-amz-server-side-encryption
AES256
edge-cache-tag
F-41933881541,P-5632775,FLS-ALL
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="FI%20Code%20Snippet%20700px%20Wide.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
x-amz-request-id
82AS2MVEH7DANVA5
cf-bgj
imgq:85,h2pri
etag
"2c6f1df57b8aedf256fce506ed70699e"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis
1614197872074
date
Tue, 21 Sep 2021 23:41:59 GMT
via
1.1 4162b603e4967e54c2386fa354705d6e.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA56-C1
x-hs-alternate-content-type
text/plain
cf-polished
origFmt=png, origSize=81071
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
content-length
56328
x-amz-id-2
Y0QjIPBGqWqsGrktWLAXTzrW6GZ+RQXOy3vqXwE1K93eTOtsPLlWIyR9rvfRO33UhxmWlCxvm+E=
last-modified
Fri, 26 Mar 2021 22:30:05 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YCmu1pJC0CPY3bOLQZFaLJdwwz%2BFJEwXkpd%2F%2FbkBMy1Xy1ykGa0YvPbFrenXGS3wXbfgFcrDrkZCZQvEyb%2Fzk1xpOnU1YJgrfnaoVItJ%2FTeYtQeQUbJRgC618KHAhLx9hpzZbFzUTmdvcTwmlaP7kg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
GiH8PG2dhkD4DUMldJkDPqxb.vD1aJ0W
accept-ranges
bytes
cf-ray
692725beedbcdfdb-FRA
x-amz-cf-id
Auu8UCAgrm9zZ3b_xYHsy3Cdi6Hhnurk4AA2xGYr3sKmKZkuMcueZA==
l
use.typekit.net/af/705e94/00000000000000003b9b3062/27/ 		33 KB
33 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/705e94/00000000000000003b9b3062/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/eml7xva.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba0a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
f37e21c653607facbf39ad55a0d09b23fbda4ee1be8202257bd4c218eb1544ee

Request headers

Referer
https://use.typekit.net/eml7xva.css
Origin
https://labs.bishopfox.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:41:59 GMT
server
nginx
etag
"79fea02668402fc378c129193093131a2db2577c"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
33568
l
use.typekit.net/af/949f99/00000000000000003b9b3068/27/ 		34 KB
34 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/949f99/00000000000000003b9b3068/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/eml7xva.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba0a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
3302ef568a096b5d784190fc4a27a5360a9e0a22c069d90253c6341e311024d8

Request headers

Referer
https://use.typekit.net/eml7xva.css
Origin
https://labs.bishopfox.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:41:59 GMT
server
nginx
etag
"b5fef031a96fc670f9c3b1b64dd52243a29d7531"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
34344
l
use.typekit.net/af/0ff5e1/00000000000000003b9b3078/27/ 		33 KB
34 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/0ff5e1/00000000000000003b9b3078/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/eml7xva.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba0a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
f1e795a81ef9726704c4c4c7176d2853aef32a7afd9d2aa7da1b4ebdf93cd7af

Request headers

Referer
https://use.typekit.net/eml7xva.css
Origin
https://labs.bishopfox.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:41:59 GMT
server
nginx
etag
"5604717ace233ade2de274e8019e41d7eecd75db"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
34104
l
use.typekit.net/af/8e2bbd/00000000000000003b9b3072/27/ 		33 KB
33 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/8e2bbd/00000000000000003b9b3072/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/eml7xva.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba0a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
25df7745c61ea8874fe9ec932de0beafff58b79398cc5fbdf304b87d5ba1fc11

Request headers

Referer
https://use.typekit.net/eml7xva.css
Origin
https://labs.bishopfox.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:41:59 GMT
server
nginx
etag
"dd3ed5a051a56eebcd930c279014a0f1613402d5"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
33344
l
use.typekit.net/af/5c70f2/00000000000000003b9b3063/27/ 		34 KB
35 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/5c70f2/00000000000000003b9b3063/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i4&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/eml7xva.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba0a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
f685d36f3f62589ffc7cb9633a82850958978f8803780ece24c613ca6f8cf563

Request headers

Referer
https://use.typekit.net/eml7xva.css
Origin
https://labs.bishopfox.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:41:59 GMT
server
nginx
etag
"d9c559430b0162ff50e16cf6dad5514fa963f9ff"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
35116
l
use.typekit.net/af/30f4b6/00000000000000003b9b3070/27/ 		33 KB
33 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/30f4b6/00000000000000003b9b3070/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/eml7xva.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba0a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
b16d98329e42d0a88591acdde3183e9eb4265d23be18534b6bfba20332fb4483

Request headers

Referer
https://use.typekit.net/eml7xva.css
Origin
https://labs.bishopfox.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:41:59 GMT
server
nginx
etag
"ef4723cacc2d2381040becd10eea57a772fb6a45"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
33332
l
use.typekit.net/af/576d53/00000000000000003b9b3066/27/ 		33 KB
33 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/576d53/00000000000000003b9b3066/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n6&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/eml7xva.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba0a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
e08069362721d144d84f24395fd827901ad1eb93254333b4090971e4bad7a4a6

Request headers

Referer
https://use.typekit.net/eml7xva.css
Origin
https://labs.bishopfox.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:41:59 GMT
server
nginx
etag
"fa333b49edecc210478c16168adee736b2ad6c1f"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
33280
bf7cf23a-dadb-44fe-a34a-8298a231677f
labs.bishopfox.com/_hcms/forms//embed/v3/form/5632775/ 		20 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://labs.bishopfox.com/_hcms/forms//embed/v3/form/5632775/bf7cf23a-dadb-44fe-a34a-8298a231677f?callback=hs_reqwest_0&hutk=
Requested by
Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/_hcms/forms/v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ddeee3b3509ce9f1b333de73a9cd42e3302da2d0dfd7289b7eb851cf76048fca
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

:path
/_hcms/forms//embed/v3/form/5632775/bf7cf23a-dadb-44fe-a34a-8298a231677f?callback=hs_reqwest_0&hutk=
pragma
no-cache
cookie
__cfruid=75aa4fa7cc0bbfcacf7f0e9eb2b8a9b8acda52a6-1632267719
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
labs.bishopfox.com
referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:41:59 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
61475085-3ccd-4e0a-a81d-04cb47012449
cf-ray
692725c0cecfdfdb-FRA
content-disposition
attachment; filename=no-rfd.txt
vary
Accept-Encoding
server
cloudflare
x-trace
2B8820283D93D2EDF3035897C9876754E453E2FDFF000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KtCS2DT78R6lw%2BZ03XKfVwZHSfP1suNzMQiP3eMZuoE26PQxLAXoavV5zsOmdCM9w%2FXjVWXRxfVRcnDZR1%2FGTGnNNzFYyhFEZ2Hq98MbJSaKsovNh6%2BHVz2xPlTJN%2BLWC7PW%2BYZ89%2BNgCRGl4EDGZA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript;charset=utf-8
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-robots-tag
none
all.js
connect.facebook.net/en_GB/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_GB/all.js
Requested by
Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
d0e967c2ea9405b1a4da4459bc85d996dd276c41c10ca4ea5fbbe569f8391217
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
YgMZdFi3zYjxGDWrJrdBeQ==
cross-origin-resource-policy
cross-origin
expires
Tue, 21 Sep 2021 23:58:49 GMT
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
1687
x-fb-rlafr
0
x-fb-debug
rL7KfEsq10RomUSc0Q5aU5q2/pA1C1g0DihA0q/t+dYGAYsEzOmnF1czp/VVKsJdfdixCpYTfonY/ETVmJvANQ==
x-fb-trip-id
686109401
x-fb-content-md5
18ecd1ace925b579bb7a6ba88240b7fc
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Tue, 21 Sep 2021 23:41:59 GMT
x-frame-options
DENY
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"c31b0aecdc7f03aa3d631cf184deef7c"
timing-allow-origin
*
priority
u=3,i
access-control-expose-headers
X-FB-Content-MD5
widgets.js
platform.twitter.com/ 		96 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6752) /
Resource Hash
8db61f95a8f3554830efc6c3942b7322efef09b9d7f0cbfe32135e0fac106d18

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Tue, 21 Sep 2021 23:41:59 GMT
Content-Encoding
gzip
Last-Modified
Mon, 02 Aug 2021 20:34:57 GMT
Server
ECS (frb/6752)
Age
890
Etag
"d405b816322f9770c70cbd10cfa87be4+gzip"
Vary
Accept-Encoding
x-tw-cdn
VZ
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=1800
X-Cache
HIT
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Content-Length
28872
public
api-na1.hubapi.com/comments/v3/comments/thread/ 		232 B
922 B 		Script
General
Check archive.org
Download Go to
Full URL
https://api-na1.hubapi.com/comments/v3/comments/thread/public?portalId=5632775&offset=0&limit=10000&contentId=23317514002&collectionId=10492047050&callback=jsonp_1632267719811_55735
Requested by
Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/hs/hsstatic/AsyncSupport/static-1.94/js/comment_listing_asset.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:cacc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
54014a3250d65d0b907510a5dc4914be09000a6110ea28375331867dc5aca6b5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:42:00 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-hubspot-correlation-id
02aa7c50-3c51-4f69-943e-51542128093a
x-trace
2BA8C0EEEAF8DD3297242272A58BD117B70279268F000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jMjSqoYjTzhseCso%2FqCkfRVDuuNZcXissvG4Meigvm5Yil8RmLKzaZkLT%2Fs3%2BjiCFJ7lCPejC9wz1JwjiHWYMAaFcnxwEbBdiZwLnfvDQMbOEh3UQXTtloinjI5tXb90z0O0QtQxuK2JZNRU0Z%2BXnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-credentials
false
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
692725c11c125bfd-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
has-permission
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 		0
770 B 		Script
General
Check archive.org
Download Go to
Full URL
https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=5632775&callback=jsonpHandler
Requested by
Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/hs/hsstatic/HubspotToolsMenu/static-1.109/js/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-hs-worker-debug-mode
false
server
cloudflare
x-hubspot-correlation-id
64bde1d4-df44-4cb8-b112-5e236fed59a9
x-trace
2BBEAAC419DDC8A692CE71D747E752FCE5A6281A2F000000000000000000
date
Tue, 21 Sep 2021 23:41:59 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET
cf-cache-status
DYNAMIC
report-to
{"group":"default","max_age":86400,"endpoints":[{"url":"https://exceptions.hubspot.com/csp/reports"}]}
cache-control
max-age=0
access-control-allow-credentials
true
cf-ray
692725c11f0d5c08-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
6si.min.js
j.6sc.co/ 		26 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://j.6sc.co/6si.min.js
Requested by
Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
9ec1002988b30be58344be55afcc9b1075519b3e2a96380b35ad343922e0d7ec
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Tue, 21 Sep 2021 23:41:59 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
8542
Pragma
no-cache
Last-Modified
Fri, 06 Aug 2021 19:26:06 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"610d8cce-69e1"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
application/javascript
Access-Control-Allow-Origin
Cache-Control
private, no-cache, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Tue, 21 Sep 2021 23:41:59 GMT
analytics.js
www.google-analytics.com/ 		48 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TCFGBGH
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 11 Aug 2021 00:32:57 GMT
server
Golfe2
age
2999
date
Tue, 21 Sep 2021 22:52:00 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19747
expires
Wed, 22 Sep 2021 00:52:00 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TCFGBGH
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:2b0::25ea Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Tue, 21 Sep 2021 23:41:59 GMT
Content-Encoding
gzip
Last-Modified
Fri, 13 Aug 2021 21:34:05 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=76582
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2036
activityi;dc_pre=CMv2go2fkfMCFcxf4AodxPMK3A;src=10586810;type=conve0;cat=allpa0;ord=924829596464;gtm=2wg9k0;auiddc=397745784.1632267720;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019...
10586810.fls.doubleclick.net/ Frame E20A
Redirect Chain
  • https://10586810.fls.doubleclick.net/activityi;src=10586810;type=conve0;cat=allpa0;ord=924829596464;gtm=2wg9k0;auiddc=397745784.1632267720;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2...
  • https://10586810.fls.doubleclick.net/activityi;dc_pre=CMv2go2fkfMCFcxf4AodxPMK3A;src=10586810;type=conve0;cat=allpa0;ord=924829596464;gtm=2wg9k0;auiddc=397745784.1632267720;~oref=https%3A%2F%2Flabs...
544 B
604 B 		Document
General
Check archive.org
Download Go to
Full URL
https://10586810.fls.doubleclick.net/activityi;dc_pre=CMv2go2fkfMCFcxf4AodxPMK3A;src=10586810;type=conve0;cat=allpa0;ord=924829596464;gtm=2wg9k0;auiddc=397745784.1632267720;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui?
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TCFGBGH
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.198 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f6.1e100.net
Software
cafe /
Resource Hash
4660862fdf67da23977e13bcd1733cc317cd67109a029538f651d25af7dd6289
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
10586810.fls.doubleclick.net
:scheme
https
:path
/activityi;dc_pre=CMv2go2fkfMCFcxf4AodxPMK3A;src=10586810;type=conve0;cat=allpa0;ord=924829596464;gtm=2wg9k0;auiddc=397745784.1632267720;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui?
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
about:blank

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Tue, 21 Sep 2021 23:42:00 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
strict-transport-security
max-age=21600
content-type
text/html; charset=UTF-8
pragma
no-cache
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
427
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Tue, 21-Sep-2021 23:57:00 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Tue, 21 Sep 2021 23:41:59 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
follow-only-when-prerender-shown
1
strict-transport-security
max-age=21600
location
https://10586810.fls.doubleclick.net/activityi;dc_pre=CMv2go2fkfMCFcxf4AodxPMK3A;src=10586810;type=conve0;cat=allpa0;ord=924829596464;gtm=2wg9k0;auiddc=397745784.1632267720;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui?
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
activityi;dc_pre=CKazg42fkfMCFdJ34AodWHMF4A;src=10586810;type=conve0;cat=uniqu0;ord=1;num=9663574749017;gtm=2wg9k0;auiddc=397745784.1632267720;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fc...
10586810.fls.doubleclick.net/ Frame 49C0
Redirect Chain
  • https://10586810.fls.doubleclick.net/activityi;src=10586810;type=conve0;cat=uniqu0;ord=1;num=9663574749017;gtm=2wg9k0;auiddc=397745784.1632267720;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%...
  • https://10586810.fls.doubleclick.net/activityi;dc_pre=CKazg42fkfMCFdJ34AodWHMF4A;src=10586810;type=conve0;cat=uniqu0;ord=1;num=9663574749017;gtm=2wg9k0;auiddc=397745784.1632267720;~oref=https%3A%2F...
551 B
460 B 		Document
General
Check archive.org
Download Go to
Full URL
https://10586810.fls.doubleclick.net/activityi;dc_pre=CKazg42fkfMCFdJ34AodWHMF4A;src=10586810;type=conve0;cat=uniqu0;ord=1;num=9663574749017;gtm=2wg9k0;auiddc=397745784.1632267720;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui?
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TCFGBGH
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.198 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f6.1e100.net
Software
cafe /
Resource Hash
973fe0e9bec6376bdb70f4f1dc15ef3cf655c7c836fe4d874c19a8d236d70f91
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
10586810.fls.doubleclick.net
:scheme
https
:path
/activityi;dc_pre=CKazg42fkfMCFdJ34AodWHMF4A;src=10586810;type=conve0;cat=uniqu0;ord=1;num=9663574749017;gtm=2wg9k0;auiddc=397745784.1632267720;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui?
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
about:blank

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Tue, 21 Sep 2021 23:42:00 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
strict-transport-security
max-age=21600
content-type
text/html; charset=UTF-8
pragma
no-cache
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
435
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Tue, 21-Sep-2021 23:57:00 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Tue, 21 Sep 2021 23:41:59 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
follow-only-when-prerender-shown
1
strict-transport-security
max-age=21600
location
https://10586810.fls.doubleclick.net/activityi;dc_pre=CKazg42fkfMCFdJ34AodWHMF4A;src=10586810;type=conve0;cat=uniqu0;ord=1;num=9663574749017;gtm=2wg9k0;auiddc=397745784.1632267720;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui?
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
bat.js
bat.bing.com/ 		34 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TCFGBGH
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
bbb8a9ae5ce61d328c7904045c107506055c81333bd224b2244e2ff39ae882e6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:41:59 GMT
content-encoding
gzip
last-modified
Wed, 15 Sep 2021 18:56:21 GMT
x-msedge-ref
Ref A: 7763755FF90243249D2A4F350A8CB036 Ref B: FRAEDGE1512 Ref C: 2021-09-21T23:41:59Z
etag
"80386a5f63aad71:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
access-control-allow-origin
*
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
9827
up_loader.1.1.0.js
js.adsrvr.org/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.adsrvr.org/up_loader.1.1.0.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TCFGBGH
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.96.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Tue, 21 Sep 2021 02:51:47 GMT
Content-Encoding
gzip
Last-Modified
Thu, 24 Sep 2020 15:15:34 GMT
Server
AmazonS3
Age
75013
ETag
W/"98d98b3499058b76d58073cf8ede2f10"
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
Content-Type
application/x-javascript
Via
1.1 f4137273db9ae377298b8f8daf5b93f1.cloudfront.net (CloudFront)
Connection
keep-alive
Transfer-Encoding
chunked
X-Amz-Cf-Pop
FRA56-P2
X-Amz-Cf-Id
QO0YLBTOAJ6EnXwDa9aWyOBV5Iba2hOBV8cUKDXNgWuByrleqqd-pQ==
munchkin.js
munchkin.marketo.net/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://munchkin.marketo.net/munchkin.js
Requested by
Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.234.67 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-234-67.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
026c5db877da222d2316bf1197b8947a96c7623d51a4d462c91bf927dece3429

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Tue, 21 Sep 2021 23:41:59 GMT
Content-Encoding
gzip
Last-Modified
Fri, 28 May 2021 01:40:41 GMT
Server
AkamaiNetStorage
ETag
"5379c4a40ff8ae9d2fc6484dd1c57349:1622166041.794746"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
753
c2c38ab5628106fb.min.js
tag.demandbase.com/ 		67 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.demandbase.com/c2c38ab5628106fb.min.js
Requested by
Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.63 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9826596e9da9431b8142f51beecb47b47288564667b7fed3380616a48783fcd5

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-version-id
YodFy_JkblLoM7icuoDebBoW.J5rTuZF
content-encoding
gzip
last-modified
Wed, 08 Sep 2021 18:59:22 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P5
etag
W/"2176065972f40f8b4a4da2f4c15af8cf"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript; charset=utf-8
via
1.1 0341da327f4c4c49034aa07ebeeab1f1.cloudfront.net (CloudFront)
cache-control
public, max-age=3600
date
Tue, 21 Sep 2021 23:42:01 GMT
x-amz-cf-id
jmfG9jVGFCv7NbyX_Zn4ba9SYfXWA-sMl1duR2gOlsF3SNwOLAJs6g==
www-player-webp.css
www.youtube.com/s/player/202721c6/ Frame FABD 		329 KB
45 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/202721c6/www-player-webp.css
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/--6PiuvBGAU
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5c548c151337a815c681c21526d74a2a18d333af03de18c3416b7ecbec5efa49
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/embed/--6PiuvBGAU
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 20 Sep 2021 15:44:18 GMT
content-encoding
br
x-content-type-options
nosniff
age
115061
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
46356
x-xss-protection
0
last-modified
Mon, 20 Sep 2021 00:16:39 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Tue, 20 Sep 2022 15:44:18 GMT
www-embed-player.js
www.youtube.com/s/player/202721c6/www-embed-player.vflset/ Frame FABD 		201 KB
66 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/202721c6/www-embed-player.vflset/www-embed-player.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/--6PiuvBGAU
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d246d268ccbb30f7aadd23581fb30e4e790b9570fe1906c8ecbaa451427dc283
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/embed/--6PiuvBGAU
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 20 Sep 2021 15:44:18 GMT
content-encoding
br
x-content-type-options
nosniff
age
115061
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
67318
x-xss-protection
0
last-modified
Mon, 20 Sep 2021 00:16:39 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Tue, 20 Sep 2022 15:44:18 GMT
base.js
www.youtube.com/s/player/202721c6/player_ias.vflset/de_DE/ Frame FABD 		2 MB
505 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/202721c6/player_ias.vflset/de_DE/base.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/--6PiuvBGAU
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0fc4119bc1cbfb84c3decc599049a609d37530c85c6272d2babb5e6f8aea51d4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/embed/--6PiuvBGAU
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 20 Sep 2021 15:44:53 GMT
content-encoding
br
x-content-type-options
nosniff
age
115026
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
517198
x-xss-protection
0
last-modified
Mon, 20 Sep 2021 00:16:39 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Tue, 20 Sep 2022 15:44:53 GMT
fetch-polyfill.js
www.youtube.com/s/player/202721c6/fetch-polyfill.vflset/ Frame FABD 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/202721c6/fetch-polyfill.vflset/fetch-polyfill.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/--6PiuvBGAU
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/embed/--6PiuvBGAU
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 20 Sep 2021 15:44:18 GMT
content-encoding
br
x-content-type-options
nosniff
age
115061
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/youtube
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2830
x-xss-protection
0
last-modified
Mon, 20 Sep 2021 00:16:39 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Tue, 20 Sep 2022 15:44:18 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame FABD 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/--6PiuvBGAU
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.youtube.com/
Origin
https://www.youtube.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 09:07:47 GMT
x-content-type-options
nosniff
age
52452
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 21 Sep 2022 09:07:47 GMT
widget_iframe.f88235f49a156f8b4cab34c7bc1a0acc.html
platform.twitter.com/widgets/ Frame 2758 		319 KB
103 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/widget_iframe.f88235f49a156f8b4cab34c7bc1a0acc.html?origin=https%3A%2F%2Flabs.bishopfox.com
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6724) /
Resource Hash
c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e

Request headers

Host
platform.twitter.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Response headers

Content-Encoding
gzip
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
697344
Cache-Control
public, max-age=315360000
Content-Type
text/html; charset=utf-8
Date
Tue, 21 Sep 2021 23:41:59 GMT
Etag
"8321d7cf58d70200c1423dfa0bca40f6+gzip"
Last-Modified
Mon, 02 Aug 2021 20:33:53 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (frb/6724)
Vary
Accept-Encoding
X-Cache
HIT
x-tw-cdn
VZ
Content-Length
105433
all.js
connect.facebook.net/en_GB/ 		228 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_GB/all.js?hash=201d71fcd580a7d497b89acd67a1c158
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/all.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
c9abbda67c1d434a2680d971349fd8392f52abdeebc6d0cfe6a8627601d5fd0c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Origin
https://labs.bishopfox.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
pdwn2ZL5BpIl8r6jTVPgHA==
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
68461
x-fb-rlafr
0
x-fb-debug
Jtv9DiN6lJ8X1FVegL4Xl7rAb/IGbNHePQ/sZBA2QQl2bBm1PSE/fXoTQyGu7astH2/LxZOtMNxL0BI64sTu6Q==
x-fb-trip-id
686109401
x-fb-content-md5
cc325123a902413ae91a044ce409ab09
x-frame-options
DENY
date
Tue, 21 Sep 2021 23:41:59 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
etag
"e85118b81bba2d7479a8a1d7c669a615"
timing-allow-origin
*
expires
Wed, 21 Sep 2022 23:26:23 GMT
collect
www.google-analytics.com/j/ 		2 B
209 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j93&a=699506826&t=pageview&_s=1&dl=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&ul=en-us&de=UTF-8&dt=CVE-2019-18935%3A%20Remote%20Code%20Execution%20via%20Insecure%20Deserialization%20in%20Telerik%20UI&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=850065845&gjid=2015592390&cid=677533317.1632267720&tid=UA-41346121-1&_gid=1160524313.1632267720&_r=1&gtm=2wg9k0TCFGBGH&z=335206674
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 21 Sep 2021 23:41:59 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://labs.bishopfox.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2404668&time=1632267719950&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2404668%26time%3D1632267719950%26url%3Dhttps%253A%252F%252Flabs.bishopfox.com%252...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2404668&time=1632267719950&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&liSync=true
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2404668&time=1632267719950&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&liSync=true&e_ip...
0
155 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2404668&time=1632267719950&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&liSync=true&e_ipv6=AQJxqw_MtFRv7AAAAXwKvNhbA1B_Pc7o6SiO-jivtoS-bv1SA_IYx2pk-KVNtV9tbqJC0RfxsA
Requested by
Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.174.10.14 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS
108-174-10-14.fwd.linkedin.com
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:42:01 GMT
server
Play
linkedin-action
1
x-li-fabric
prod-lor1
x-li-proto
http/2
x-li-pop
prod-edc2
content-type
application/javascript
content-length
0
x-li-uuid
24OfINj6phYQU8rmzCoAAA==

Redirect headers

date
Tue, 21 Sep 2021 23:42:00 GMT
server
Play
linkedin-action
1
x-li-fabric
prod-lor1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2404668&time=1632267719950&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&liSync=true&e_ipv6=AQJxqw_MtFRv7AAAAXwKvNhbA1B_Pc7o6SiO-jivtoS-bv1SA_IYx2pk-KVNtV9tbqJC0RfxsA
x-li-proto
http/2
x-li-pop
prod-esv5
content-length
0
x-li-uuid
W8A8C9j6phbw5aBDaysAAA==
134000327.js
bat.bing.com/p/action/ 		0
132 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/134000327.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-origin
*
date
Tue, 21 Sep 2021 23:42:00 GMT
cache-control
private,max-age=86400
x-msedge-ref
Ref A: 8E2A023D61B647C9B6FD196CBBD81882 Ref B: FRAEDGE1512 Ref C: 2021-09-21T23:41:59Z
x-cache
CONFIG_NOCACHE
0
bat.bing.com/action/ 		0
148 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=134000327&tm=gtm002&Ver=2&mid=0a8b43e9-855f-4a92-9238-83056442e0da&sid=83ccbb801b3511ec9c722d70340cd463&vid=83cce2301b3511ec8e53ad4e5a2defe0&vids=1&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=CVE-2019-18935%3A%20Remote%20Code%20Execution%20via%20Insecure%20Deserialization%20in%20Telerik%20UI&p=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&r=&lt=2551&evt=pageLoad&msclkid=N&sv=1&rn=310405
Requested by
Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-origin
*
pragma
no-cache
date
Tue, 21 Sep 2021 23:41:59 GMT
cache-control
no-cache, must-revalidate
x-msedge-ref
Ref A: 75E3D451AAE44FADAE019658982049A9 Ref B: FRAEDGE1512 Ref C: 2021-09-21T23:42:00Z
x-cache
CONFIG_NOCACHE
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
465 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-41346121-1&cid=677533317.1632267720&jid=850065845&gjid=2015592390&_gid=1160524313.1632267720&_u=YEBAAEAAAAAAAC~&z=1660855376
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c08::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Tue, 21 Sep 2021 23:42:00 GMT
content-type
text/plain
access-control-allow-origin
https://labs.bishopfox.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
id
googleads.g.doubleclick.net/pagead/ Frame FABD 		113 B
962 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/id
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/202721c6/www-embed-player.vflset/www-embed-player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e614df2805bb1eae4e5e9d50581d78f83afe811ca500e040b47f236f41f55bb6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:42:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
133
x-xss-protection
0
pragma
no-cache
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad_status.js
static.doubleclick.net/instream/ Frame FABD 		29 B
609 B 		Script
General
Check archive.org
Download Go to
Full URL
https://static.doubleclick.net/instream/ad_status.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/202721c6/www-embed-player.vflset/www-embed-player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:39:16 GMT
x-content-type-options
nosniff
age
164
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29
x-xss-protection
0
last-modified
Thu, 12 Dec 2013 23:40:16 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 21 Sep 2021 23:54:16 GMT
remote.js
www.youtube.com/s/player/202721c6/player_ias.vflset/de_DE/ Frame FABD 		95 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/202721c6/player_ias.vflset/de_DE/remote.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/202721c6/player_ias.vflset/de_DE/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
375ed48cd9e95d6226f860a4e264e95d284f7f2e1afd3e273a487b523a4667b3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/embed/--6PiuvBGAU
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 20 Sep 2021 15:44:54 GMT
content-encoding
br
x-content-type-options
nosniff
age
115026
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29973
x-xss-protection
0
last-modified
Mon, 20 Sep 2021 00:16:39 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Tue, 20 Sep 2022 15:44:54 GMT
PxKgO0L4LVFhGG72tZdtkRkX920XJx0tR7ZkYMc_JlY.js
www.google.com/js/th/ Frame FABD 		35 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/js/th/PxKgO0L4LVFhGG72tZdtkRkX920XJx0tR7ZkYMc_JlY.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/202721c6/player_ias.vflset/de_DE/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3f12a03b42f82d5161186ef6b5976d911917f76d17271d2d47b66460c73f2656
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 19 Sep 2021 11:48:46 GMT
content-encoding
br
x-content-type-options
nosniff
age
215594
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13311
x-xss-protection
0
last-modified
Mon, 13 Sep 2021 14:30:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="botguard-scs"
expires
Mon, 19 Sep 2022 11:48:46 GMT
embed.js
www.youtube.com/s/player/202721c6/player_ias.vflset/de_DE/ Frame FABD 		25 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/202721c6/player_ias.vflset/de_DE/embed.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/202721c6/player_ias.vflset/de_DE/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6fc0154a9a3bb9f72d51c7dc2438412bf3e5b7fd637af7947d78ba3260e20d21
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/embed/--6PiuvBGAU
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 20 Sep 2021 15:44:54 GMT
content-encoding
br
x-content-type-options
nosniff
age
115026
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7353
x-xss-protection
0
last-modified
Mon, 20 Sep 2021 00:16:39 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Tue, 20 Sep 2022 15:44:54 GMT
settings
syndication.twitter.com/ Frame 2758 		232 B
432 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://syndication.twitter.com/settings?session_id=75d77c51d0a2427cbfb4680e716464d69a8ecc94
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.f88235f49a156f8b4cab34c7bc1a0acc.html?origin=https%3A%2F%2Flabs.bishopfox.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.136 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
726906ee6ce6dfe1b6e35ddad151196c50277e31520de30e916e9cd9affc0ef3
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://platform.twitter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:41:59 GMT
content-encoding
gzip
last-modified
Tue, 21 Sep 2021 23:42:00 GMT
server
tsa_o
vary
Origin
strict-transport-security
max-age=631138519
content-type
application/json; charset=utf-8
access-control-allow-origin
https://platform.twitter.com
cache-control
must-revalidate, max-age=600
access-control-allow-credentials
true
x-connection-hash
43f5a78685339b6c7d658fb06d477cdd89c438c06ff63dc0032066a7d385cfa2
content-length
166
truncated
/ Frame FABD 		175 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/png
AKedOLTnNTrlvH5lxMBnziStuFcUPvuj94BWnqOw3CIM=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ytc/ Frame FABD 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://yt3.ggpht.com/ytc/AKedOLTnNTrlvH5lxMBnziStuFcUPvuj94BWnqOw3CIM=s68-c-k-c0x00ffffff-no-rj
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/--6PiuvBGAU
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
9c1162a622bc982328d9c7d2768c7c90116b2002fc8d5823ff4f06bf309f18c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 20:49:56 GMT
x-content-type-options
nosniff
age
10324
content-disposition
inline;filename="unnamed.jpg"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5921
x-xss-protection
0
server
fife
etag
"v9"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Thu, 16 Sep 2021 21:37:47 GMT
sddefault.webp
i.ytimg.com/vi_webp/--6PiuvBGAU/ Frame FABD 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.ytimg.com/vi_webp/--6PiuvBGAU/sddefault.webp
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/--6PiuvBGAU
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1943f3b04a44d0c87b27581e293ae88f0550384fdedb54719cd3959251b39cac
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:42:00 GMT
x-content-type-options
nosniff
server
sffe
age
0
etag
"0"
vary
Origin
content-type
image/webp
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8740
x-xss-protection
0
expires
Wed, 22 Sep 2021 01:42:00 GMT
getuidj
secure.adnxs.com/ 		11 B
694 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/getuidj
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.100 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
399.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 21 Sep 2021 23:42:00 GMT
X-Proxy-Origin
168.119.25.196; 168.119.25.196; 399.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
4e600387-a0dc-45b5-a437-d9b0d77f237e
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://labs.bishopfox.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
11
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
/
c.6sc.co/ 		47 B
374 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e44ab19d4e0d2b9d38f5623df2bc83fbf5b7e0d62dedff8f8732ee4c3da61754

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Tue, 21 Sep 2021 23:42:00 GMT
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
text/plain
Access-Control-Allow-Origin
https://labs.bishopfox.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
47
5632775.js
js.hs-banner.com/ 		61 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/5632775.js
Requested by
Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/hs/scriptloader/5632775.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:15bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
04299792f02b690d39bc12cdfa2106f8e30f0fe856c1db98518a3b2212cff140

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:42:00 GMT
content-encoding
br
cf-cache-status
HIT
age
276
x-amz-server-side-encryption
AES256
content-type
text/javascript; charset=UTF-8
access-control-max-age
604800
x-amz-request-id
2YE87YC9ZXAM8T9Z
x-amz-id-2
3YvHM7jOHKZIXGu/5sKF1swEST7vHYzOkxize52BN+c+Q3LdKkA4fgu0oaYViHRhCGSHeK9c6Cw=
timing-allow-origin
*
last-modified
Fri, 03 Sep 2021 20:18:25 GMT
server
cloudflare
etag
W/"1d07f333e70e7ef1594387d5b2c98fb1"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-amz-version-id
uayisSNVHm8s1k0i7jQj2XyOryXJcX0u
access-control-allow-origin
https://resources.bishopfox.com
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control
max-age=300, public
access-control-allow-credentials
true
cf-ray
692725c36f186993-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires
Tue, 21 Sep 2021 23:42:24 GMT
5632775.js
js.hs-analytics.net/analytics/1632267600000/ 		62 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-analytics.net/analytics/1632267600000/5632775.js
Requested by
Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/hs/scriptloader/5632775.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:47b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6ee10a591b0a0848531baa06c5996e740e8d7bc77a0589bc625e21c0c7777682

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:42:00 GMT
content-encoding
br
cf-cache-status
MISS
x-amz-request-id
WG0G956H2PTQ9CMR
x-amz-server-side-encryption
AES256
cf-ray
692725c379665be5-FRA
x-amz-id-2
CrR0gCdlafxCqkEb6AwqnO5uYiR/l010LOCyJKtf6uIeL0dP/KwX6V322lXBz3RYzpXIfxpCKl0=
last-modified
Mon, 19 Jul 2021 15:14:40 GMT
server
cloudflare
etag
W/"0d7f731cdd93d14a5d4ada92f54258ba"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
null
cache-control
max-age=300, public
access-control-allow-credentials
false
content-type
text/javascript
expires
Tue, 21 Sep 2021 23:47:00 GMT
fb.js
js.hsadspixel.net/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsadspixel.net/fb.js
Requested by
Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/hs/scriptloader/5632775.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:72b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3580f6192b07e6adf20bee13a293fa896d94bfa1a6ae178a1dc2c0cdfdddee10

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:42:00 GMT
via
1.1 1fa3f854976309f3d11907ad7125291a.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
438
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=adsscriptloaderstatic/static-1.249/bundles/pixels-release.js&cfRay=69271b113bc296bc-IAD
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
x-amz-replication-status
COMPLETED
content-encoding
br
last-modified
Wed, 15 Sep 2021 03:28:21 UTC
server
cloudflare
etag
W/"017aa1ba42249a33ae8828d1b3419e60"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
Z6tNN4l67.OGsYaj9b4D5V0rrFjuYW3s
cache-control
max-age=600
x-hs-cache-status
HIT
x-amz-cf-pop
IAD89-C3
cf-ray
692725c36eeb2488-FRA
x-amz-cf-id
DHwlaN_-yWDqZN5BGekp8gkip6NZb9wMRtXKUFvpPyDMFWkQjr8z3w==
x-hs-target-asset
adsscriptloaderstatic/static-1.249/bundles/pixels-release.js
conversations-embed.js
js.usemessages.com/ 		80 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.usemessages.com/conversations-embed.js
Requested by
Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/hs/scriptloader/5632775.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:edcc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
832fcb7a625f828fb8cd99e39ef1b9abe50f1bc164a0aeeeed1ef15fa7505deb

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:42:00 GMT
via
1.1 f7a968b55c3516da72549b98f99704a4.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
217
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=conversations-embed/static-1.9209/bundles/project.js&cfRay=692720760c054ab5-IAD
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
x-amz-replication-status
COMPLETED
content-encoding
br
last-modified
Thu, 16 Sep 2021 05:13:43 UTC
server
cloudflare
etag
W/"cecb2964faa8bf5b647ff0431628c01f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
HAX2I11puR0RrwmgvE3LmLBDwNOOTMQz
cache-control
max-age=600
x-hs-cache-status
HIT
x-amz-cf-pop
IAD89-C3
cf-ray
692725c37f266993-FRA
x-amz-cf-id
sQIqWWj4-wbnwZVvztD-UhnOR7yVC-iKbJGvjqwnlZ7byIa0l2H8CA==
x-hs-target-asset
conversations-embed/static-1.9209/bundles/project.js
ga-audiences
www.google.com/ads/ 		42 B
293 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-41346121-1&cid=677533317.1632267720&jid=850065845&_u=YEBAAEAAAAAAAC~&z=628430445
Requested by
Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 21 Sep 2021 23:42:00 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
522 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-41346121-1&cid=677533317.1632267720&jid=850065845&_u=YEBAAEAAAAAAAC~&z=628430445
Requested by
Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 21 Sep 2021 23:42:00 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
munchkin.js
munchkin.marketo.net/160/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://munchkin.marketo.net/160/munchkin.js
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.234.67 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-234-67.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
99fa5a280296b5fc7b63433ee121a359fc68c4a37f04a87d363e751164b96ff1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Tue, 21 Sep 2021 23:42:00 GMT
Content-Encoding
gzip
Last-Modified
Fri, 19 Feb 2021 02:54:38 GMT
Server
AkamaiNetStorage
ETag
"19a9335fd71267d56e65bc19390f3100:1613703278.138281"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control
max-age=8640000
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
4811
Expires
Thu, 30 Dec 2021 23:42:00 GMT
dc_pre=CMv2go2fkfMCFcxf4AodxPMK3A;src=10586810;type=conve0;cat=allpa0;ord=924829596464;gtm=2wg9k0;auiddc=397745784.1632267720;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-rem...
adservice.google.com/ddm/fls/i/ Frame 079F 		543 B
497 B 		Document
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/ddm/fls/i/dc_pre=CMv2go2fkfMCFcxf4AodxPMK3A;src=10586810;type=conve0;cat=allpa0;ord=924829596464;gtm=2wg9k0;auiddc=397745784.1632267720;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui
Requested by
Host: 10586810.fls.doubleclick.net
URL: https://10586810.fls.doubleclick.net/activityi;dc_pre=CMv2go2fkfMCFcxf4AodxPMK3A;src=10586810;type=conve0;cat=allpa0;ord=924829596464;gtm=2wg9k0;auiddc=397745784.1632267720;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3ef21c69adf185324af1900fad6d0adda4a936d9b8f2fa6fc3adcad77402039a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
adservice.google.com
:scheme
https
:path
/ddm/fls/i/dc_pre=CMv2go2fkfMCFcxf4AodxPMK3A;src=10586810;type=conve0;cat=allpa0;ord=924829596464;gtm=2wg9k0;auiddc=397745784.1632267720;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://10586810.fls.doubleclick.net/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://10586810.fls.doubleclick.net/

Response headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Tue, 21 Sep 2021 23:42:00 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
content-type
text/html; charset=UTF-8
pragma
no-cache
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
427
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
dc_pre=CKazg42fkfMCFdJ34AodWHMF4A;src=10586810;type=conve0;cat=uniqu0;ord=1;num=9663574749017;gtm=2wg9k0;auiddc=397745784.1632267720;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18...
adservice.google.com/ddm/fls/i/ Frame 1B3A 		550 B
924 B 		Document
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/ddm/fls/i/dc_pre=CKazg42fkfMCFdJ34AodWHMF4A;src=10586810;type=conve0;cat=uniqu0;ord=1;num=9663574749017;gtm=2wg9k0;auiddc=397745784.1632267720;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui
Requested by
Host: 10586810.fls.doubleclick.net
URL: https://10586810.fls.doubleclick.net/activityi;dc_pre=CKazg42fkfMCFdJ34AodWHMF4A;src=10586810;type=conve0;cat=uniqu0;ord=1;num=9663574749017;gtm=2wg9k0;auiddc=397745784.1632267720;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a28d5f760a77c14f0a805b8468c5b9ef32fc0cea36fb54eee11518b3bfee53f8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
adservice.google.com
:scheme
https
:path
/ddm/fls/i/dc_pre=CKazg42fkfMCFdJ34AodWHMF4A;src=10586810;type=conve0;cat=uniqu0;ord=1;num=9663574749017;gtm=2wg9k0;auiddc=397745784.1632267720;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://10586810.fls.doubleclick.net/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://10586810.fls.doubleclick.net/

Response headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Tue, 21 Sep 2021 23:42:00 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
content-type
text/html; charset=UTF-8
pragma
no-cache
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
434
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
visitWebPage
136-utj-516.mktoresp.com/webevents/ 		2 B
311 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://136-utj-516.mktoresp.com/webevents/visitWebPage?_mchNc=1632267720240&_mchCn=&_mchId=136-UTJ-516&_mchTk=_mch-bishopfox.com-1632267720240-63264&_mchHo=labs.bishopfox.com&_mchPo=&_mchRu=%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&_mchPc=https%3A&_mchVr=160&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/160/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.28.147.68 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software
nginx /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Tue, 21 Sep 2021 23:42:01 GMT
Content-Encoding
gzip
Server
nginx
Transfer-Encoding
chunked
Content-Type
text/plain; charset=UTF-8
Access-Control-Allow-Origin
*
Connection
keep-alive
X-Request-Id
31f8271d-3eae-47fa-89db-67266c1278d4
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=46da313aa8ef51ce5d666ee13565a60d&svisitor=36bb10021b6b0000c76d4a61ab030000f5f46200&session=60a6bd97-6d3d-49dd-81cd-271cb11f5db9&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Tue%2C%2021%20Sep%202021%2023%3A42%3A00%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Telerik%20UI%20for%20ASP.NET%20AJAX%20insecurely%20deserializes%20JSON%20objects%20resulting%20in%20arbitrary%20RCE.%20Learn%20how%20to%20patch%20and%20securely%20configure%20this%20software.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22CVE-2019-18935%3A%20Remote%20Code%20Execution%20via%20Insecure%20Deserialization%20in%20Telerik%20UI%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&pageViewId=453cf50b-e6e7-4432-82b2-2916ae9f62ba&an_uid=0
Requested by
Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Tue, 21 Sep 2021 23:42:00 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Sat, 05 Jun 2021 07:56:05 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"60bb2e15-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
cast_sender.js
www.gstatic.com/cv/js/sender/v1/ Frame FABD 		4 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/202721c6/player_ias.vflset/de_DE/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:42:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2007
x-xss-protection
0
last-modified
Tue, 16 Feb 2021 23:57:06 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="cloudview"
expires
Tue, 21 Sep 2021 23:42:00 GMT
generate_204
www.youtube.com/ Frame FABD 		0
39 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.youtube.com/generate_204?q_Qi8g
Requested by
Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/embed/--6PiuvBGAU
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:42:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
widget
labs.bishopfox.com/_hcms/livechat/ 		3 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://labs.bishopfox.com/_hcms/livechat/widget?portalId=5632775&conversations-embed=static-1.9209&mobile=false&messagesUtk=2fdb116ad6d747e0b4950822ab806e72&traceId=2fdb116ad6d747e0b4950822ab806e72
Requested by
Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
912e397d06adbf4e81171ebf49c4c8815fa95cda5eee3a66318dcdbfacb4b1be
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-fetch-mode
cors
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
sec-fetch-dest
empty
cookie
__cfruid=75aa4fa7cc0bbfcacf7f0e9eb2b8a9b8acda52a6-1632267719; _gcl_au=1.1.397745784.1632267720; _ga=GA1.2.677533317.1632267720; _gid=GA1.2.1160524313.1632267720; _gat_UA-41346121-1=1; _uetsid=83ccbb801b3511ec9c722d70340cd463; _uetvid=83cce2301b3511ec8e53ad4e5a2defe0; _gd_svisitor=36bb10021b6b0000c76d4a61ab030000f5f46200; _mkto_trk=id:136-UTJ-516&token:_mch-bishopfox.com-1632267720240-63264; _an_uid=0; _gd_visitor=4412210e-d0e8-44c6-8057-feb57cb0e9d3; _gd_session=60a6bd97-6d3d-49dd-81cd-271cb11f5db9
x-hubspot-messages-uri
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:path
/_hcms/livechat/widget?portalId=5632775&conversations-embed=static-1.9209&mobile=false&messagesUtk=2fdb116ad6d747e0b4950822ab806e72&traceId=2fdb116ad6d747e0b4950822ab806e72
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
labs.bishopfox.com
referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme
https
sec-fetch-site
same-origin
:method
GET
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Accept-Language
de-DE,de;q=0.9
X-HubSpot-Messages-Uri
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Response headers

date
Tue, 21 Sep 2021 23:42:00 GMT
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
7855895a-9e19-4360-9cc5-e728964fe519
strict-transport-security
max-age=31536000; includeSubDomains; preload
server
cloudflare
x-trace
2BD3E82C4B28B44DB489E7B74BC6A9CB7C705609C2000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M5ASJmysQG2YNW8R0ZfjV%2FsopFaK%2FI41j0ATFKHC%2FjFGSXM2ntX1QarMFuywf86fDB2Qx7CuyatsbC%2FDqzTB%2FcV9K6TZDN2cBKCPjGrmOf5iRWit7Y7VJ3%2BUl2ZiTfpbn3LFpJXZuwyCDAGWf0cO4w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json;charset=utf-8
cache-control
no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials
false
set-cookie
__cf_bm=7w20c3VJzne8IMOb_Cwj6Ihyd6d3cTXnOHlqxk0c49o-1632267720-0-AX64oy7xVT1WoRyYLqKAtUJ8wSZv8kXBGuk0jXh1FuuQ6sT351UTF9Rrr5Y6IBUzD6D/QJxwSe1S/RqS5YQYIlI=; path=/; expires=Wed, 22-Sep-21 00:12:00 GMT; domain=.hubspot.com; HttpOnly; Secure; SameSite=None
cf-ray
692725c438d6dfdb-FRA
access-control-allow-headers
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
cast_sender.js
www.gstatic.com/eureka/clank/93/ Frame FABD 		52 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/eureka/clank/93/cast_sender.js
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d7a0b5f26abc2ee8452715addae1516723a88843bfb0a8b80537f4c334caf22d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 07:46:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
57342
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15359
x-xss-protection
0
last-modified
Mon, 12 Jul 2021 15:09:13 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type
text/javascript
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="cloudview-release"
expires
Wed, 22 Sep 2021 07:46:18 GMT
dc_pre=CKazg42fkfMCFdJ34AodWHMF4A;src=10586810;type=conve0;cat=uniqu0;ord=1;num=9663574749017;gtm=2wg9k0;auiddc=397745784.1632267720;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18...
adservice.google.de/ddm/fls/i/ Frame FC6F 		194 B
242 B 		Document
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/ddm/fls/i/dc_pre=CKazg42fkfMCFdJ34AodWHMF4A;src=10586810;type=conve0;cat=uniqu0;ord=1;num=9663574749017;gtm=2wg9k0;auiddc=397745784.1632267720;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui
Requested by
Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CKazg42fkfMCFdJ34AodWHMF4A;src=10586810;type=conve0;cat=uniqu0;ord=1;num=9663574749017;gtm=2wg9k0;auiddc=397745784.1632267720;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
adservice.google.de
:scheme
https
:path
/ddm/fls/i/dc_pre=CKazg42fkfMCFdJ34AodWHMF4A;src=10586810;type=conve0;cat=uniqu0;ord=1;num=9663574749017;gtm=2wg9k0;auiddc=397745784.1632267720;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://adservice.google.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://adservice.google.com/

Response headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Tue, 21 Sep 2021 23:42:00 GMT
expires
Tue, 21 Sep 2021 23:42:00 GMT
cache-control
private, max-age=0
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
177
x-xss-protection
0
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
dc_pre=CMv2go2fkfMCFcxf4AodxPMK3A;src=10586810;type=conve0;cat=allpa0;ord=924829596464;gtm=2wg9k0;auiddc=397745784.1632267720;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-rem...
adservice.google.de/ddm/fls/i/ Frame CB5E 		194 B
931 B 		Document
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/ddm/fls/i/dc_pre=CMv2go2fkfMCFcxf4AodxPMK3A;src=10586810;type=conve0;cat=allpa0;ord=924829596464;gtm=2wg9k0;auiddc=397745784.1632267720;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui
Requested by
Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CMv2go2fkfMCFcxf4AodxPMK3A;src=10586810;type=conve0;cat=allpa0;ord=924829596464;gtm=2wg9k0;auiddc=397745784.1632267720;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
adservice.google.de
:scheme
https
:path
/ddm/fls/i/dc_pre=CMv2go2fkfMCFcxf4AodxPMK3A;src=10586810;type=conve0;cat=allpa0;ord=924829596464;gtm=2wg9k0;auiddc=397745784.1632267720;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://adservice.google.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://adservice.google.com/

Response headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Tue, 21 Sep 2021 23:42:00 GMT
expires
Tue, 21 Sep 2021 23:42:00 GMT
cache-control
private, max-age=0
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
177
x-xss-protection
0
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
validateCookie
segments.company-target.com/
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/demandbase
  • https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1
  • https://segments.company-target.com/log?vendor=choca&user_id=AACKMU7ClNwAABYQdUIFoA
  • https://segments.company-target.com/validateCookie?vendor=choca&user_id=AACKMU7ClNwAABYQdUIFoA&verifyHash=20ba272dc9365c65200762cf91a8496ea00cfd
26 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AACKMU7ClNwAABYQdUIFoA&verifyHash=20ba272dc9365c65200762cf91a8496ea00cfd
Requested by
Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.222.214.8 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-214-8.fra56.r.cloudfront.net
Software
/
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Tue, 21 Sep 2021 23:42:00 GMT
Via
1.1 bfad099b4e1fa2ec7d21876e0293dc20.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA56-P3
Vary
Origin
X-Cache
Miss from cloudfront
Content-Type
image/gif
Transfer-Encoding
chunked
Connection
keep-alive
trace-id
9e76b962f91f3485
X-Amz-Cf-Id
q05tK77X2z2JDsuphzTTS-C7jMPjf9zySv-MftK1xhGHYe0xNejKRw==

Redirect headers

Date
Tue, 21 Sep 2021 23:42:00 GMT
Via
1.1 bfad099b4e1fa2ec7d21876e0293dc20.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA56-P3
Vary
Origin
X-Cache
Miss from cloudfront
Location
/validateCookie?vendor=choca&user_id=AACKMU7ClNwAABYQdUIFoA&verifyHash=20ba272dc9365c65200762cf91a8496ea00cfd
Connection
keep-alive
trace-id
7b784c2d715babd6
Content-Length
0
X-Amz-Cf-Id
z2nYAq9nlr5p-QsXmGa4miwwmI2XL7szTdQfjkG06nT_f_ifbPZRmQ==
464526.gif
id.rlcdn.com/ 		0
66 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id.rlcdn.com/464526.gif
Requested by
Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:42:00 GMT
via
1.1 google
alt-svc
clear
content-length
0
ip.json
api.company-target.com/api/v2/ 		3 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&page_title=CVE-2019-18935%3A%20Remote%20Code%20Execution%20via%20Insecure%20Deserialization%20in%20Telerik%20UI&src=tag&auth=VFES8582IfHJLdCEpH8luQweCBwDtxupNuOgSw00
Requested by
Host: tag.demandbase.com
URL: https://tag.demandbase.com/c2c38ab5628106fb.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.57 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
2d50308041f62ed58372ebea648295834c5e9712867e8014cab25b891f7cab98

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:42:00 GMT
identification-source
CENTRAL
vary
Accept-Encoding, Origin
x-amz-cf-pop
FRA56-P2
x-cache
Miss from cloudfront
request-id
45543c10-362b-45be-83a1-b168d83341b7
content-encoding
gzip
pragma
no-cache
access-control-allow-origin
https://labs.bishopfox.com
server
nginx
access-control-max-age
7200
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json;charset=utf-8
via
1.1 59d5785a1d012a54118141e7e216a493.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
api-version
v2
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
ReqBHzugSC3jUaysU9Atq-dZFdLH2KcEBeMXz7JlbYgSVrDuKkgUQw==
expires
Mon, 20 Sep 2021 23:42:00 GMT
2fdb116ad6d747e0b4950822ab806e72
app.hubspot.com/conversations-visitor/5632775/threads/utk/ Frame 9996 		45 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://app.hubspot.com/conversations-visitor/5632775/threads/utk/2fdb116ad6d747e0b4950822ab806e72?uuid=285bf17b31d94042b87e55d234ffc1da&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=labs.bishopfox.com&inApp53=false&messagesUtk=2fdb116ad6d747e0b4950822ab806e72&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=false&enableWidgetCookieBanner=false&isInCMS=true
Requested by
Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fb650f2e8e62e57cac5f5c9dc41416774d42c17621d63028dcec91ad63f20182
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

:method
GET
:authority
app.hubspot.com
:scheme
https
:path
/conversations-visitor/5632775/threads/utk/2fdb116ad6d747e0b4950822ab806e72?uuid=285bf17b31d94042b87e55d234ffc1da&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=labs.bishopfox.com&inApp53=false&messagesUtk=2fdb116ad6d747e0b4950822ab806e72&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=false&enableWidgetCookieBanner=false&isInCMS=true
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
accept-encoding
gzip, deflate, br
cookie
__cf_bm=DM7YcxUf8kd39zeX0fHL1v7jtzlawBXUUY36OraSkvQ-1632267719-0-Aaw2/xodXdv9j21OPQ29nPdfBFrRqPVUNKqRawaGRxZ7SUb60tMAlJHElGdJCY4gQ+HlwuZ1vSwDgqYEEGG+LCQ=
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Response headers

date
Tue, 21 Sep 2021 23:42:01 GMT
content-type
text/html; charset=utf-8
cf-ray
692725c79eba5c08-FRA
age
2059
cache-control
max-age=600
etag
W/"d3c0e41701f8608b19137269f5e5110a"
last-modified
Thu, 16 Sep 2021 05:13:43 UTC
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
via
1.1 d9057c384f4ac5ba2672d2ff44de7e09.cloudfront.net (CloudFront)
cf-cache-status
DYNAMIC
access-control-allow-credentials
false
content-security-policy-report-only
script-src 'unsafe-inline' 'self' www.hubspot.com js.hs-analytics.net js.hsforms.net js.hsleadflows.net *.hsappstatic.net js.hs-banner.com *.hs-scripts.com js.hubspotfeedback.com *.usemessages.com js.hubspot.com js.hsadspixel.net js.hscollectedforms.net js-agent.newrelic.com bam.nr-data.net *.google-analytics.com static.hotjar.com script.hotjar.com www.googletagmanager.com *.fullstory.com *.convertexperiments.com cdn.pdst.fm d.impactradius-event.com cdn.getambassador.com mbsy.co pixel.cdnwidget.com snap.licdn.com connect.facebook.net js.stripe.com checkout.stripe.com survey.survicate.com surveys-static.survicate.com sdk.canva.com www.dropbox.com www.google.com www.gstatic.com apis.google.com maps.googleapis.com www.googleadservices.com googleads.g.doubleclick.net static.ads-twitter.com analytics.twitter.com play.vidyard.com app.vidyard.com fast.wistia.com s.yimg.jp www.redditstatic.com 'unsafe-eval' * data:; report-uri https://exceptions.hubspot.com/csp/report?resource=conversations-visitor-ui/static-1.11662/html/index.html&cfRay=692725c79eba5c08&reqUrl=https%3A%2F%2Fapp.hubspot.com%2Fconversations-visitor%2F5632775%2Fthreads%2Futk%2F2fdb116ad6d747e0b4950822ab806e72%3Fuuid%3D285bf17b31d94042b87e55d234ffc1da%26mobile%3Dfalse%26mobileSafari%3Dfalse%26hideWelcomeMessage%3Dfalse%26hstc%3Dnull%26domain%3Dlabs.bishopfox.com%26inApp53%3Dfalse%26messagesUtk%3D2fdb116ad6d747e0b4950822ab806e72%26url%3Dhttps%253A%252F%252Flabs.bishopfox.com%252Ftech-blog%252Fcve-2019-18935-remote-code-execution-in-telerik-ui%26inline%3Dfalse%26isFullscreen%3Dfalse%26globalCookieOptOut%3Dnull%26isFirstVisitorSession%3Dtrue%26isAttachmentDisabled%3Dfalse%26enableWidgetCookieBanner%3Dfalse%26isInCMS%3Dtrue&referrer=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"group":"default","max_age":86400,"endpoints":[{"url":"https://exceptions.hubspot.com/csp/reports"}]}
x-amz-cf-id
2MfxmpqE3pMwrTxwiL8R0QemmlM2YDQiA7kvDlY9sVwj7VpdLnUNsQ==
x-amz-cf-pop
IAD89-C3
x-amz-replication-status
COMPLETED
x-amz-server-side-encryption
AES256
x-amz-version-id
EoFCKYoP0WloQtJbVpLJWYkFT7RoISJ.
x-cache
Hit from cloudfront
x-hs-cache-status
MISS
x-hs-worker-debug-mode
false
server
cloudflare
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=46da313aa8ef51ce5d666ee13565a60d&svisitor=36bb10021b6b0000c76d4a61ab030000f5f46200&session=60a6bd97-6d3d-49dd-81cd-271cb11f5db9&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2021%20Sep%202021%2023%3A42%3A01%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2021%20Sep%202021%2023%3A42%3A00%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%221001%22%7D&isIframe=false&m=%7B%22description%22%3A%22Telerik%20UI%20for%20ASP.NET%20AJAX%20insecurely%20deserializes%20JSON%20objects%20resulting%20in%20arbitrary%20RCE.%20Learn%20how%20to%20patch%20and%20securely%20configure%20this%20software.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22CVE-2019-18935%3A%20Remote%20Code%20Execution%20via%20Insecure%20Deserialization%20in%20Telerik%20UI%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&pageViewId=453cf50b-e6e7-4432-82b2-2916ae9f62ba&an_uid=0
Requested by
Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Tue, 21 Sep 2021 23:42:01 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Sat, 05 Jun 2021 07:56:05 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"60bb2e15-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
bundle.production.js
static.hsappstatic.net/head-dlb/static-1.156/ Frame 9996 		44 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hsappstatic.net/head-dlb/static-1.156/bundle.production.js
Requested by
Host: app.hubspot.com
URL: https://app.hubspot.com/conversations-visitor/5632775/threads/utk/2fdb116ad6d747e0b4950822ab806e72?uuid=285bf17b31d94042b87e55d234ffc1da&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=labs.bishopfox.com&inApp53=false&messagesUtk=2fdb116ad6d747e0b4950822ab806e72&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=false&enableWidgetCookieBanner=false&isInCMS=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:5d2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1a4651c562bac53f6d33b1d8093551a818571a6b595304ba4813bc7b5d503783
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://app.hubspot.com/
Origin
https://app.hubspot.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:42:01 GMT
via
1.1 3987a119dd762046470f5ba503a917ea.cloudfront.net (CloudFront)
vary
Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1068666
x-amz-server-side-encryption
AES256
cf-ray
692725cb3ed54a6d-FRA
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
access-control-allow-methods
GET
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Thu, 12 Aug 2021 03:52:03 GMT
server
cloudflare
etag
W/"92f1fce5bc1b104818f7bb3259fa0317"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ySdo9wpyyljyilqv6RfZ9919UuinJpUU%2BFp7PfEjr076C5LoBZnAjO0H%2BCI7CF5NnmrKmHGnP0PH2oRXx4vrZz3kJ6ge%2BaNDQxuh%2BxgpNX6rfDCogJjsBJG%2Bq%2BoMECXc%2BiZArMG%2BpKcWX52t0oxgW2YhmgE%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
jswq3j2Kf9rTWaLEvxg.3d09mCkFqVly
access-control-allow-origin
https://app.hubspot.com
cache-control
public, max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
TXL52-C1
content-type
application/javascript
x-amz-cf-id
gshpPGhkH8ue9XPwKJ_UCZ5L-IFxbcezfboIatjmr3RFMBVoLgVjfg==
expires
Wed, 21 Sep 2022 23:42:01 GMT
visitor.css
static.hsappstatic.net/conversations-visitor-ui/static-1.11642/sass/ Frame 9996 		20 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.hsappstatic.net/conversations-visitor-ui/static-1.11642/sass/visitor.css
Requested by
Host: app.hubspot.com
URL: https://app.hubspot.com/conversations-visitor/5632775/threads/utk/2fdb116ad6d747e0b4950822ab806e72?uuid=285bf17b31d94042b87e55d234ffc1da&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=labs.bishopfox.com&inApp53=false&messagesUtk=2fdb116ad6d747e0b4950822ab806e72&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=false&enableWidgetCookieBanner=false&isInCMS=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:5d2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
76e2bca54d321dfd4cebf8797b2c9a81ccb1c0619d4da3a7c53d4e6228c5a61d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://app.hubspot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:42:01 GMT
via
1.1 367a4718be97a49df7ac0500a986437b.cloudfront.net (CloudFront)
vary
Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1160397
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-type
text/css
x-amz-replication-status
PENDING
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 08 Sep 2021 13:21:31 GMT
server
cloudflare
etag
W/"370a89ea102d7b437eb549729472631f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BbrR6geVJNvN4Z0bfBNSc4Y5dfsOgAqGLpl7vhwU5SyXrVL4bUrg2YK1Eib%2FbEvISQlksWQRBamSEgHVcbrSzxDEEkDLRqDyB4OeMF36KKAUMiZtAbaKdQz1uEvxMewnvRp215EBCyqcu3R53Ca57ivrI60%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
wAlGYxiOpM6BHYPf9R9HBCZL6CF6twtJ
cache-control
public, max-age=31536000
x-amz-cf-pop
FRA56-P2
cf-ray
692725cb3fdf4ee0-FRA
x-amz-cf-id
06N1204YFN7t-dXgtkh2Xp3tBlYKVUsqGqdiCX_OmCuAl-0NY_8enQ==
expires
Wed, 21 Sep 2022 23:42:01 GMT
bundle.production.js
static.hsappstatic.net/hubspot-dlb/static-1.166/ Frame 9996 		294 KB
93 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hsappstatic.net/hubspot-dlb/static-1.166/bundle.production.js
Requested by
Host: app.hubspot.com
URL: https://app.hubspot.com/conversations-visitor/5632775/threads/utk/2fdb116ad6d747e0b4950822ab806e72?uuid=285bf17b31d94042b87e55d234ffc1da&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=labs.bishopfox.com&inApp53=false&messagesUtk=2fdb116ad6d747e0b4950822ab806e72&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=false&enableWidgetCookieBanner=false&isInCMS=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:5d2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e823fdd670bd4fdfd0258463a503ec5b50130267eb1b84701399d7b0ca7acf72
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://app.hubspot.com/
Origin
https://app.hubspot.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:42:01 GMT
via
1.1 458f29e42261f01e7368474593f44b66.cloudfront.net (CloudFront)
vary
Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
636126
x-amz-server-side-encryption
AES256
cf-ray
692725cb3ed94a6d-FRA
x-cache
Miss from cloudfront
x-amz-replication-status
COMPLETED
access-control-allow-methods
GET
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Mon, 13 Sep 2021 15:44:34 GMT
server
cloudflare
etag
W/"802e3486fdc14eb78308ea94be577408"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GZvR1sg5wJMfrTobWJbd4gKKGZX%2BTpQam6T7IPNSP4AAxfA%2B1zxRL6RPsHh1ryUygZZB9CJ%2Fo3GnJqIzIZC8Q2rfpPZNpBWHJHGo5qoQx%2BZXHKSVKFnuZ5eOuPAjJRJaDMxipQzao2hhsvUb0EFCSXFnxkM%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
pikCE7C5vvJiEo32Sscri2dFpJDlFC5s
access-control-allow-origin
https://app.hubspot.com
cache-control
public, max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
TXL52-C1
content-type
application/javascript
x-amz-cf-id
yPvuAq6mk4r_KqA5aRN1nlPe7Z2MQWiUlQRw_CkKfWXgSmg2o3QsVw==
expires
Wed, 21 Sep 2022 23:42:01 GMT
visitor.js
static.hsappstatic.net/conversations-visitor-ui/static-1.11662/bundles/ Frame 9996 		473 KB
127 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hsappstatic.net/conversations-visitor-ui/static-1.11662/bundles/visitor.js
Requested by
Host: app.hubspot.com
URL: https://app.hubspot.com/conversations-visitor/5632775/threads/utk/2fdb116ad6d747e0b4950822ab806e72?uuid=285bf17b31d94042b87e55d234ffc1da&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=labs.bishopfox.com&inApp53=false&messagesUtk=2fdb116ad6d747e0b4950822ab806e72&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=false&enableWidgetCookieBanner=false&isInCMS=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:5d2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
72861187418567acf3410b79e484e43597b7ad6dd6d194dddf5dd76a62f8f127
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://app.hubspot.com/
Origin
https://app.hubspot.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:42:01 GMT
via
1.1 e328b143eb69c36369a2def78300d502.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
455291
x-amz-server-side-encryption
AES256
cf-ray
692725cb3eda4a6d-FRA
x-cache
Hit from cloudfront
access-control-max-age
3000
x-amz-replication-status
COMPLETED
access-control-allow-methods
GET
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Thu, 16 Sep 2021 16:50:27 GMT
server
cloudflare
etag
W/"d2fc1b738ee89284faba64255192499c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SeXnZledyJzv7MmOefclpqPHvvfG5H69tpKvrVdVtzxnv%2FSWHsLrrVpySY%2BgARCrHwD6OyfVPc1Tfto8VrR8WpD8XPgpahfKHOnXidUAU6Y0F9TEUqo4wZehaXd7t5HG5QboGUBP1AIPNE9LoxDXOc1gzM8%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
epvhLiSyUpFikVzQgxuBB3MTEcLh9cRe
access-control-allow-origin
https://app.hubspot.com
cache-control
public, max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
AMS1-C1
content-type
application/javascript
x-amz-cf-id
3gSQEIKesw31eLvbs5Rj-jfAxk2jwaB911ur9nGKNTykj3FuV-58vA==
expires
Wed, 21 Sep 2022 23:42:01 GMT
i18n-data-data-locales-en-us.js
static.hsappstatic.net/conversations-visitor-ui/static-1.11646/ Frame 9996 		778 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hsappstatic.net/conversations-visitor-ui/static-1.11646/i18n-data-data-locales-en-us.js
Requested by
Host: static.hsappstatic.net
URL: https://static.hsappstatic.net/conversations-visitor-ui/static-1.11662/bundles/visitor.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:5d2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fc274ccf7e5cfcc1ccc258ded262f17f961d33a8ba35f7c55f051f5b5f612105
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://app.hubspot.com/
Origin
https://app.hubspot.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:42:01 GMT
via
1.1 24475cc722041223cf99f56b55432566.cloudfront.net (CloudFront)
vary
Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
982843
x-amz-server-side-encryption
AES256
cf-ray
692725cda8f04a6d-FRA
x-cache
Miss from cloudfront
x-amz-replication-status
COMPLETED
access-control-allow-methods
GET
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 08 Sep 2021 19:52:11 GMT
server
cloudflare
etag
W/"6b6f7cbbab43f8073b729dffc7fedd07"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UrAJzP%2FA9Nzjyh6IDLSlQCgPREuTm%2FYaQVqUH5DNrygdhTtcaxbEgGXCW%2B0UujpH52JWlVtoShnZiOS%2BlzA%2BqB9SDmBnsXFVo%2FJP1d6HlLxkVuOV9nApatiNvxEX322r9t0nJlrDvgzKTkFyr312aj%2FEGcQ%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
CnD_b6Y4KrPGJPoHgbVkUJBMwGUsZdlm
access-control-allow-origin
https://app.hubspot.com
cache-control
public, max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
FRA50-C1
content-type
application/javascript
x-amz-cf-id
ByOSTq4I2dnqOTJZ2rHpyNslzQPt-hjrFowUw5QTYl9-byf3KyimJQ==
expires
Wed, 21 Sep 2022 23:42:01 GMT
json
api.hubapi.com/hs-script-loader-public/v1/config/pixel/ 		67 B
940 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.hubapi.com/hs-script-loader-public/v1/config/pixel/json?portalId=5632775
Requested by
Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:cacc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
128456fa800b42cb5aaa2abfb7ea0b40f2ddac958d693581a57785ae1f50e7d3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:42:02 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
d3c368f3-8fa7-407b-92ba-90188f5079f5
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
server
cloudflare
x-trace
2B70FDCC97BF4CD387B92261B1F5AA16CD4D4FC5A9000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
180
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4VTmkTDhW025ohIU55Rc%2Bm4dp7o4pKwy2wXeZOJYekAz9eVkYqvGWDYq2prbxwYTNi6Q74sTEHdwVvKLrvpTCb0E7PflQ2CQvTFn7uaw6PFBrSxNWtH2Gqfad3Z46BTnQVV3hV5jnZkN0IQY"}],"group":"cf-nel","max_age":604800}
content-type
application/json;charset=utf-8
access-control-allow-origin
https://labs.bishopfox.com
access-control-allow-credentials
false
cf-ray
692725ce3f6942e1-FRA
access-control-allow-headers
*
__ptq.gif
track.hubspot.com/ 		45 B
729 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=15&fi=bf7cf23a-dadb-44fe-a34a-8298a231677f&fci=a0b3db29-e632-4922-a28d-e5aaf20e2576&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3169173831&v=1.1&a=5632775&pi=23317514002&ct=blog-post&ccu=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&cpi=23317514002&cgi=10492047050&lpi=23317514002&lvi=23317514002&lvc=en&pu=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&t=CVE-2019-18935%3A+Remote+Code+Execution+via+Insecure+Deserialization+in+Telerik+UI&cts=1632267721917&vi=5cba54307efbf9fd53b9219b7991b675&nc=true&u=24978341.5cba54307efbf9fd53b9219b7991b675.1632267721911.1632267721911.1632267721911.1&b=24978341.1.1632267721912&pt=0&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:42:01 GMT
vary
Accept-Encoding
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
41d9e5f5-f248-4c31-8450-cee26f379689
cf-ray
692725ce2e815c08-FRA
p3p
CP="NOI CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
45
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tTAQF4q8Ol7U3AnIlF3aAyLSqEhPVUi7NBRAnVDZ63dVkOetEib9Q4EmnQRtX%2B4CJapIb4mcp1B9CUNJHPBlTfZiLCi0qeJC%2F64WIXrmNUpDhILcasCcR7e%2FFjeeO0XP4xPLviq7Y1HhS27%2BpXAi"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
x-robots-tag
none
__ptq.gif
track.hubspot.com/ 		45 B
399 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3169173831&v=1.1&a=5632775&pi=23317514002&ct=blog-post&ccu=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&cpi=23317514002&cgi=10492047050&lpi=23317514002&lvi=23317514002&lvc=en&pu=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&t=CVE-2019-18935%3A+Remote+Code+Execution+via+Insecure+Deserialization+in+Telerik+UI&cts=1632267721919&vi=5cba54307efbf9fd53b9219b7991b675&nc=true&u=24978341.5cba54307efbf9fd53b9219b7991b675.1632267721911.1632267721911.1632267721911.1&b=24978341.1.1632267721912&pt=0&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:42:02 GMT
vary
Accept-Encoding
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
74740c3d-2446-48da-8115-543e41c09d71
cf-ray
692725ce2e825c08-FRA
p3p
CP="NOI CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
45
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R%2B8Nm0JAkalTDOY3kz0vhaEscIVy%2BVb%2BpmC1qrMeWZXd%2FQKIkOjMiVYDOkD6uG%2BjSRwPY2mHSSoNnudXy4WksEitTCOc0yvA3U43jcezQ03w2%2Fgt%2Bz6o80NPfLqGCKnPEBo13EcfG6HWHHKtE%2BCT"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
x-robots-tag
none
rhumb
api.hubspot.com/cartographer/v1/ Frame 9996 		0
1 KB 		Ping
General
Check archive.org
Download Go to
Full URL
https://api.hubspot.com/cartographer/v1/rhumb?hs_static_app=conversations-visitor-ui&hs_static_app_version=1.11662
Requested by
Host: static.hsappstatic.net
URL: https://static.hsappstatic.net/conversations-visitor-ui/static-1.11662/bundles/visitor.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://app.hubspot.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Tue, 21 Sep 2021 23:42:02 GMT
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
vary
Accept-Encoding
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
e17095c0-3e70-481e-8983-ae28f8b2dd1d
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
timing-allow-origin
*
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
604800
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tAJZdCR6tYlimRKZNnoQZnwiBkvqwRK26Yidvg0jIYnqV7lf1RAIwmkjTeK3BwS2ic%2BWPU6vXqMSK20PNn%2B9ZrVr4SwNXfoqQjNbcFpq8kesBiZ3Cy%2F4icscZMz3q14Naj0C%2F1KkL2q8Xh%2Bh0A%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
https://app.hubspot.com
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-allow-credentials
true
cf-ray
692725ce5eb25c08-FRA
access-control-allow-headers
Authorization, Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer
up
insight.adsrvr.org/track/ Frame 53B3 		0
182 B 		Document
General
Check archive.org
Download Go to
Full URL
https://insight.adsrvr.org/track/up?adv=g03mf9d&ref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&upid=793w4qu&upv=1.1.0
Requested by
Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.246.120.40 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-246-120-40.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method
GET
:authority
insight.adsrvr.org
:scheme
https
:path
/track/up?adv=g03mf9d&ref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&upid=793w4qu&upv=1.1.0
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Response headers

date
Tue, 21 Sep 2021 23:42:02 GMT
content-type
text/html
cache-control
private,no-cache, must-revalidate
pragma
no-cache
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
js
www.googletagmanager.com/gtag/ 		96 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-730614786
Requested by
Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
3f5f54cf0b3875709d21e75894cfa3c7aa36967e5c8ccd9dc474954dac963222
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:42:02 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39016
x-xss-protection
0
last-modified
Tue, 21 Sep 2021 21:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 21 Sep 2021 23:42:02 GMT
conversion_async.js
www.googleadservices.com/pagead/ 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-730614786
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
cafe /
Resource Hash
c9b2f25f41b7ff545aff01bca8720881b1f87a4a39980d6ce014fa00969d9c40
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:42:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14064
x-xss-protection
0
server
cafe
etag
13250159043023796785
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Tue, 21 Sep 2021 23:42:02 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=46da313aa8ef51ce5d666ee13565a60d&svisitor=36bb10021b6b0000c76d4a61ab030000f5f46200&session=60a6bd97-6d3d-49dd-81cd-271cb11f5db9&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2021%20Sep%202021%2023%3A42%3A02%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2021%20Sep%202021%2023%3A42%3A01%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%222003%22%7D&isIframe=false&m=%7B%22description%22%3A%22Telerik%20UI%20for%20ASP.NET%20AJAX%20insecurely%20deserializes%20JSON%20objects%20resulting%20in%20arbitrary%20RCE.%20Learn%20how%20to%20patch%20and%20securely%20configure%20this%20software.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22CVE-2019-18935%3A%20Remote%20Code%20Execution%20via%20Insecure%20Deserialization%20in%20Telerik%20UI%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&pageViewId=453cf50b-e6e7-4432-82b2-2916ae9f62ba&an_uid=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Tue, 21 Sep 2021 23:42:02 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Fri, 21 Feb 2020 18:57:20 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5e502810-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/730614786/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/730614786/?random=1632267722198&cv=9&fst=1632267722198&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9k0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&tiba=CVE-2019-18935%3A%20Remote%20Code%20Execution%20via%20Insecure%20Deserialization%20in%20Telerik%20UI&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
88f0974a56bb16506c2afbec592f3744b4cfda7693bc4c216833f9c778f527cd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 21 Sep 2021 23:42:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1126
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/730614786/ 		42 B
154 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/730614786/?random=1632267722198&cv=9&fst=1632265200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9k0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&tiba=CVE-2019-18935%3A%20Remote%20Code%20Execution%20via%20Insecure%20Deserialization%20in%20Telerik%20UI&async=1&fmt=3&is_vtc=1&random=2622436622&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 21 Sep 2021 23:42:02 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/730614786/ 		42 B
154 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/730614786/?random=1632267722198&cv=9&fst=1632265200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa9k0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&tiba=CVE-2019-18935%3A%20Remote%20Code%20Execution%20via%20Insecure%20Deserialization%20in%20Telerik%20UI&async=1&fmt=3&is_vtc=1&random=2622436622&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 21 Sep 2021 23:42:02 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
log_event
www.youtube.com/youtubei/v1/ Frame FABD 		28 B
342 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/202721c6/player_ias.vflset/de_DE/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
scaffolding on HTTPServer2 /
Resource Hash
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
application/json
X-YouTube-Utc-Offset
0
X-YouTube-Client-Name
56
Referer
https://www.youtube.com/embed/--6PiuvBGAU
X-YouTube-Client-Version
1.20210919.0.0
X-YouTube-Time-Zone
Etc/Unknown
X-Goog-Visitor-Id
CgtDUHdEY1JrZFlrdyjH26mKBg%3D%3D
X-YouTube-Ad-Signals
dt=1632267720027&flash=0&frm=2&u_tz&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_java&u_nplug=3&u_nmime=4&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C560%2C315&vis=1&wgl=true&ca_type=image&bid=ANyPxKpdgT-q1xhcj3SAasm9wXmZ-4V01q4l5Ti-7JpxOR733lLPwipUUX4M4ZW7Cp84Me4vDh6ljnjX75lWTH56LUWlPhkKfg

Response headers

date
Tue, 21 Sep 2021 23:42:02 GMT
content-encoding
br
x-content-type-options
nosniff
server
scaffolding on HTTPServer2
x-frame-options
SAMEORIGIN
vary
Origin, X-Origin, Referer
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control
private
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
31
x-xss-protection
0
expires
Tue, 21 Sep 2021 23:42:02 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=46da313aa8ef51ce5d666ee13565a60d&svisitor=36bb10021b6b0000c76d4a61ab030000f5f46200&session=60a6bd97-6d3d-49dd-81cd-271cb11f5db9&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2021%20Sep%202021%2023%3A42%3A03%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2021%20Sep%202021%2023%3A42%3A02%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%223005%22%7D&isIframe=false&m=%7B%22description%22%3A%22Telerik%20UI%20for%20ASP.NET%20AJAX%20insecurely%20deserializes%20JSON%20objects%20resulting%20in%20arbitrary%20RCE.%20Learn%20how%20to%20patch%20and%20securely%20configure%20this%20software.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22CVE-2019-18935%3A%20Remote%20Code%20Execution%20via%20Insecure%20Deserialization%20in%20Telerik%20UI%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&pageViewId=453cf50b-e6e7-4432-82b2-2916ae9f62ba&an_uid=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Tue, 21 Sep 2021 23:42:03 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Mon, 07 Jun 2021 21:53:38 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"60be9562-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=46da313aa8ef51ce5d666ee13565a60d&svisitor=36bb10021b6b0000c76d4a61ab030000f5f46200&session=60a6bd97-6d3d-49dd-81cd-271cb11f5db9&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2021%20Sep%202021%2023%3A42%3A04%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2021%20Sep%202021%2023%3A42%3A03%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224006%22%7D&isIframe=false&m=%7B%22description%22%3A%22Telerik%20UI%20for%20ASP.NET%20AJAX%20insecurely%20deserializes%20JSON%20objects%20resulting%20in%20arbitrary%20RCE.%20Learn%20how%20to%20patch%20and%20securely%20configure%20this%20software.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22CVE-2019-18935%3A%20Remote%20Code%20Execution%20via%20Insecure%20Deserialization%20in%20Telerik%20UI%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&pageViewId=453cf50b-e6e7-4432-82b2-2916ae9f62ba&an_uid=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Tue, 21 Sep 2021 23:42:04 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Mon, 07 Jun 2021 21:53:38 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"60be9562-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
perf
labs.bishopfox.com/_hcms/ 		2 B
404 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://labs.bishopfox.com/_hcms/perf
Requested by
Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

sec-fetch-mode
cors
origin
https://labs.bishopfox.com
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
sec-fetch-dest
empty
cookie
__cfruid=75aa4fa7cc0bbfcacf7f0e9eb2b8a9b8acda52a6-1632267719; _gcl_au=1.1.397745784.1632267720; _ga=GA1.2.677533317.1632267720; _gid=GA1.2.1160524313.1632267720; _gat_UA-41346121-1=1; _uetsid=83ccbb801b3511ec9c722d70340cd463; _uetvid=83cce2301b3511ec8e53ad4e5a2defe0; _gd_svisitor=36bb10021b6b0000c76d4a61ab030000f5f46200; _mkto_trk=id:136-UTJ-516&token:_mch-bishopfox.com-1632267720240-63264; _an_uid=0; _gd_visitor=4412210e-d0e8-44c6-8057-feb57cb0e9d3; _gd_session=60a6bd97-6d3d-49dd-81cd-271cb11f5db9; __hstc=24978341.5cba54307efbf9fd53b9219b7991b675.1632267721911.1632267721911.1632267721911.1; hubspotutk=5cba54307efbf9fd53b9219b7991b675; __hssrc=1; __hssc=24978341.1.1632267721912; messagesUtk=2fdb116ad6d747e0b4950822ab806e72
content-length
826
:path
/_hcms/perf
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type
application/json
accept
*/*
cache-control
no-cache
:authority
labs.bishopfox.com
referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme
https
sec-fetch-site
same-origin
:method
POST
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-type
application/json

Response headers

cf-ray
692725e0aa28dfdb-FRA
date
Tue, 21 Sep 2021 23:42:05 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-hubspot-correlation-id
6acef3c1-090c-498b-9fb4-75851da587ec
x-trace
2BD0B12243D166147CABCC86E28631898286B2C39C000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KtxIWfckJsh5omhNt3lj6M2mHhaDref2d13KfCzEe8mm%2BPXg%2FktbCJXUVttJ0157Bg77fUIRs53cwPwnrDmDYwKpIsuRtVdcqGUVCxJGoN%2BTjD3R1jM2BWwxN9fCuCsjcJvwHEiLNCueilCDqVjcoA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=utf-8
access-control-allow-credentials
false
x-robots-tag
none
content-length
2
04963c130de0c8b0740e38f085c9e984-100
avatars.hubspot.net/ Frame 9996
Redirect Chain
  • https://api.hubspot.com/userpreferences/v1/avatar/04963c130de0c8b0740e38f085c9e984/100
  • https://avatars.hubspot.net/04963c130de0c8b0740e38f085c9e984-100
13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://avatars.hubspot.net/04963c130de0c8b0740e38f085c9e984-100
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:f1cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
13063492037725c2fde3e391e81f71bab16ad215193960304e431a65ce5cc239

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://app.hubspot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:42:05 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
23928
x-amz-server-side-encryption
AES256
cf-ray
692725e3cb1a5bf9-FRA
content-length
13068
x-amz-id-2
PrWIg4/gvQxmdbxx7GtBLgksR8usLLlJJG0Cl2eTUwPikkD5NH2zxWXoKGNQ+MK6ATaF3NCMQJw=
last-modified
Fri, 18 Sep 2020 15:07:18 GMT
server
cloudflare
etag
"e66752fc96778c42c2ea90010afa5864"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FtmEmrGb9D00i7ho0p%2BiplTK%2BPP3HpSgmeASdAgP1C8nrRA0IHamvfZuzIo3p%2BeHVZBmml2mP3KD5sbMY7Sx1XgkNtiU2LuaH3CPwZ6HVT%2BG0W9MHQ74NZJ%2FRvT1vIhw8DFWC6SU2zsLDzHljT%2BFuoE%3D"}],"group":"cf-nel","max_age":604800}
x-amz-request-id
Q75S4ZAG1YPSMWC2
cache-control
max-age=0
cf-polished
origFmt=png, origSize=24646
accept-ranges
bytes
content-type
image/webp
cf-bgj
imgq:85,h2pri

Redirect headers

date
Tue, 21 Sep 2021 23:42:05 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-hubspot-correlation-id
c64f6c01-5b76-48e0-a19f-d20de7ceb0cf
x-trace
2BE26B1D3F1547D36FE09EB2900DE49F281B0C4F24000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gm04f6O6XmTrAR6mUASo%2FoJ%2BoM7QLZYFhgX%2BUruIkO3qq2QKDcwBrEKLGz1LPbL80eGF29TkcKt48uOmYm3xcqzIfjAEgfjcAgrS%2FBXDqJg0VtuAUyK3JasazMmQQeLjtx8XXpbZTLFIr8woZg%3D%3D"}],"group":"cf-nel","max_age":604800}
location
https://avatars.hubspot.net/04963c130de0c8b0740e38f085c9e984-100
access-control-allow-credentials
false
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
692725e2d83e5c08-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
d5e344d61def6c6a18f68fceb2582d49-100
avatars.hubspot.net/ Frame 9996
Redirect Chain
  • https://api.hubspot.com/userpreferences/v1/avatar/d5e344d61def6c6a18f68fceb2582d49/100
  • https://avatars.hubspot.net/d5e344d61def6c6a18f68fceb2582d49-100
18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://avatars.hubspot.net/d5e344d61def6c6a18f68fceb2582d49-100
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:f1cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b26ad6b0412de9b0f2bba15bbf871f8df78b3766f16d2ac594c23e31afa68984

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://app.hubspot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 21 Sep 2021 23:42:05 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
23928
x-amz-server-side-encryption
AES256
cf-ray
692725e3cb1c5bf9-FRA
content-length
18060
x-amz-id-2
56TRDBDnXFVvUTAJCKuR9DVs0Q/A9nacHGNdBt/PMI8/oevJkuRWl/x7ljJEH10ExxQmzXb8EBs=
last-modified
Thu, 10 Jun 2021 17:58:08 GMT
server
cloudflare
etag
"c9d5a6e59b07fadae69c9657df89a7fa"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tGcPW8Rs%2Bcib6jHxORk%2FCJTbKRBLMhRF%2B5JYHF0a9OGJRUjfwzZgzEVx%2FhVJtQ5RHb9Z5%2FFR6OlSzsVWNTNLSC9Cbu1qfBATiIqlpY3fQibJzg%2FIze6wrl54C3s71pwCMZE50UvDG1%2Fie%2FMMXdv8WBM%3D"}],"group":"cf-nel","max_age":604800}
x-amz-request-id
5N6PC892B7PC7V70
cache-control
max-age=0
cf-polished
origFmt=png, origSize=32213
accept-ranges
bytes
content-type
image/webp
cf-bgj
imgq:85,h2pri

Redirect headers

date
Tue, 21 Sep 2021 23:42:05 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-hubspot-correlation-id
bdfa8f65-df6f-4aaf-8b5a-abc11e2db17c
x-trace
2BC0994DC7FAFE697235A8517637AB923ED345730F5489AB778958EE4701
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=05caScjcXlUcdz4x8kLuh1ki7T5a8uETgoj7DZYlOLFKp0yGEDgV9vggRbQxupBiNg4tH8IbKfx%2FP6F%2BJa2EG1KdzSmD2kmMbH1ZZPAM4%2BCEo4ttNa9BbgStXdjEacFQeDkYBN9PbMTs6i61iw%3D%3D"}],"group":"cf-nel","max_age":604800}
location
https://avatars.hubspot.net/d5e344d61def6c6a18f68fceb2582d49-100
access-control-allow-credentials
false
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
692725e2d8405c08-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=46da313aa8ef51ce5d666ee13565a60d&svisitor=36bb10021b6b0000c76d4a61ab030000f5f46200&session=60a6bd97-6d3d-49dd-81cd-271cb11f5db9&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2021%20Sep%202021%2023%3A42%3A05%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2021%20Sep%202021%2023%3A42%3A04%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225007%22%7D&isIframe=false&m=%7B%22description%22%3A%22Telerik%20UI%20for%20ASP.NET%20AJAX%20insecurely%20deserializes%20JSON%20objects%20resulting%20in%20arbitrary%20RCE.%20Learn%20how%20to%20patch%20and%20securely%20configure%20this%20software.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22CVE-2019-18935%3A%20Remote%20Code%20Execution%20via%20Insecure%20Deserialization%20in%20Telerik%20UI%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&pageViewId=453cf50b-e6e7-4432-82b2-2916ae9f62ba&an_uid=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-140.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Tue, 21 Sep 2021 23:42:05 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Mon, 07 Jun 2021 21:53:38 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"60be9562-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT

Verdicts & Comments Add Verdict or Comment

115 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| onbeforexrselect boolean| originAgentCluster object| dataLayer object| __core-js_shared__ object| Sslac object| IN function| $ function| jQuery function| hsjQuery object| tocbot object| header number| sticky function| stickyHeader function| openInPopUp object| socialLinks object| socialLink object| postHeadings object| heading string| headingId object| _self object| Prism object| typescript function| hs_i18n_log function| hs_i18n_substituteStrings function| hs_i18n_insertPlaceholders function| hs_i18n_getMessage undefined| module_28294170921 function| i18n_getmessage function| i18n_getlanguage undefined| module_28295816956 function| bindToWindowOnError object| globalRoot function| hns object| hubspot object| hbspt object| __hsRoot object| hspreserve undefined| React undefined| reqwest function| OutpostErrorReporter undefined| Pikaday function| hns2 function| hmerge undefined| I18n undefined| ReactDOM undefined| require undefined| requirejs undefined| define undefined| exports undefined| module undefined| bootstrap object| options object| HSFR object| _hsq function| hs_reqwest_0 object| hsCommentListing function| hsPopulateCommentsFeed function| hsPopulateCommentFormOnFormReady function| hsPopulateCommentFormOnFormSubmitted function| hsPopulateCommentFormGetExtraMetaDataBeforeSubmit function| hsOnReadyPopulateCommentsFeed object| hsVars function| jsonp_1632267719811_55735 function| jsonpHandler function| postscribe object| google_tag_manager_external object| google_tag_manager object| _6si object| google_tag_data string| GoogleAnalyticsObject function| ga string| _linkedin_data_partner_id object| __twttrll object| twttr object| __twttr object| FB object| gaplugins object| gaGlobal object| gaData function| lintrk boolean| _already_called_lintrk function| ttd_dom_ready function| TTDUniversalPixelApi function| UET function| UET_init function| UET_push object| uetq object| _hsp function| mktoMunchkinFunction object| Munchkin function| mktoMunchkin object| MunchkinTracker boolean| _hspb_loaded boolean| PIXELS_RAN boolean| hubspot_live_messages_running object| HubSpotConversations object| Demandbase object| _paq function| sanitizeKey boolean| _hstc_loaded boolean| _hspb_ran boolean| _hstc_ran string| __hsUserToken number| expireDateTime function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO

36 Cookies

Domain/Path Name / Value
.know.bishopfox.com/ Name: __cfruid
Value: ad0ed914fa40b4699e7063ef0657b3800e679779-1632267718
.labs.bishopfox.com/ Name: __cfruid
Value: 75aa4fa7cc0bbfcacf7f0e9eb2b8a9b8acda52a6-1632267719
.youtube.com/ Name: YSC
Value: TWHt9PMpXo4
.youtube.com/ Name: VISITOR_INFO1_LIVE
Value: CPwDcRkdYkw
.bishopfox.com/ Name: _gcl_au
Value: 1.1.397745784.1632267720
.bishopfox.com/ Name: _ga
Value: GA1.2.677533317.1632267720
.bishopfox.com/ Name: _gid
Value: GA1.2.1160524313.1632267720
.bishopfox.com/ Name: _gat_UA-41346121-1
Value: 1
.bing.com/ Name: MUID
Value: 248A41B17335642A217F5108725E652C
.6sc.co/ Name: 6suuid
Value: 36bb10021b6b0000c76d4a61ab030000f5f46200
.hubspot.com/ Name: __cf_bm
Value: DM7YcxUf8kd39zeX0fHL1v7jtzlawBXUUY36OraSkvQ-1632267719-0-Aaw2/xodXdv9j21OPQ29nPdfBFrRqPVUNKqRawaGRxZ7SUb60tMAlJHElGdJCY4gQ+HlwuZ1vSwDgqYEEGG+LCQ=
.bishopfox.com/ Name: _uetsid
Value: 83ccbb801b3511ec9c722d70340cd463
.bishopfox.com/ Name: _uetvid
Value: 83cce2301b3511ec8e53ad4e5a2defe0
.doubleclick.net/ Name: IDE
Value: AHWqTUlB_lcwpFMODNjiaV9nyLKc42aAujwaTp6BjXGGpxqtwiMmsblHReMBU_vk
labs.bishopfox.com/ Name: _gd_svisitor
Value: 36bb10021b6b0000c76d4a61ab030000f5f46200
.bishopfox.com/ Name: _mkto_trk
Value: id:136-UTJ-516&token:_mch-bishopfox.com-1632267720240-63264
labs.bishopfox.com/ Name: _an_uid
Value: 0
labs.bishopfox.com/ Name: _gd_visitor
Value: 4412210e-d0e8-44c6-8057-feb57cb0e9d3
labs.bishopfox.com/ Name: _gd_session
Value: 60a6bd97-6d3d-49dd-81cd-271cb11f5db9
.linkedin.com/ Name: UserMatchHistory
Value: AQKdQQZFu5dJiAAAAXwKvNbEI9XR4aZ4_BrHGi1v9vR8AaWc58cHPfK-4sXCPbkirWdZh9VyWEwsPQ
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQIE0VJEAZ23fAAAAXwKvNbEn5luz0yJyCIKJ-tsaH6jXZ-5Qf16Lq1oyYJh5KMP54025bFTPhjGmjod5_l0dA
.ads.linkedin.com/ Name: lang
Value: v=2&lang=en-us
.linkedin.com/ Name: bcookie
Value: "v=2&1f167e34-b349-42d9-8f48-1ceea1c1eebf"
.linkedin.com/ Name: lidc
Value: "b=OGST03:s=O:r=O:a=O:p=O:g=2473:u=1:x=1:i=1632267720:t=1632354120:v=2:sig=AQFAIqSyoKZVza0-oI8jOB_rfEtom03l"
.bidr.io/ Name: bito
Value: AACKMU7ClNwAABYQdUIFoA
.bidr.io/ Name: bitoIsSecure
Value: ok
.company-target.com/ Name: tuuid
Value: 6e0b9a79-4a90-42ff-b497-eac22a691a31
.company-target.com/ Name: tuuid_lu
Value: 1632267720
.linkedin.com/ Name: lang
Value: v=2&lang=de-de
.www.linkedin.com/ Name: bscookie
Value: "v=1&20210921234200660bb5d8-4e6f-42f7-8f5d-de1297e34123AQEUd5fABjRbeKuh8mxLcfvDuMu2u9e0"
.linkedin.com/ Name: li_gc
Value: MTswOzE2MzIyNjc3MjA7MjswMjHb3x3qUykYylzXOU+eE3s4/mFUT07gBONm6tImKTKWTw==
.bishopfox.com/ Name: __hstc
Value: 24978341.5cba54307efbf9fd53b9219b7991b675.1632267721911.1632267721911.1632267721911.1
.bishopfox.com/ Name: hubspotutk
Value: 5cba54307efbf9fd53b9219b7991b675
.bishopfox.com/ Name: __hssrc
Value: 1
.bishopfox.com/ Name: __hssc
Value: 24978341.1.1632267721912
.labs.bishopfox.com/ Name: messagesUtk
Value: 2fdb116ad6d747e0b4950822ab806e72

1 Console Messages

Source Level URL
Text
network error URL: https://id.rlcdn.com/464526.gif
Message:
Failed to load resource: the server responded with a status of 451 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10586810.fls.doubleclick.net
136-utj-516.mktoresp.com
adservice.google.com
adservice.google.de
api-na1.hubapi.com
api.company-target.com
api.hubapi.com
api.hubspot.com
app.hubspot.com
avatars.hubspot.net
b.6sc.co
bat.bing.com
c.6sc.co
cdn2.hubspot.net
connect.facebook.net
fonts.gstatic.com
googleads.g.doubleclick.net
i.ytimg.com
id.rlcdn.com
insight.adsrvr.org
j.6sc.co
js.adsrvr.org
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.usemessages.com
know.bishopfox.com
labs.bishopfox.com
match.prod.bidr.io
munchkin.marketo.net
p.typekit.net
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
px4.ads.linkedin.com
secure.adnxs.com
segments.company-target.com
snap.licdn.com
static.doubleclick.net
static.hsappstatic.net
stats.g.doubleclick.net
syndication.twitter.com
tag.demandbase.com
track.hubspot.com
use.typekit.net
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
www.youtube.com
yt3.ggpht.com
104.111.233.140
104.111.234.67
104.244.42.136
108.174.10.14
142.250.185.198
142.250.186.130
18.66.112.63
18.66.96.113
18.66.97.57
185.33.220.100
192.28.147.68
2606:2800:233:66b5:799a:7cd3:f74d:7071
2606:2800:234:59:254c:406:2366:268c
2606:2c40::c73c:6702
2606:2c40::c73c:67fe
2606:4700::6811:47b0
2606:4700::6811:5d2
2606:4700::6811:72b0
2606:4700::6811:cacc
2606:4700::6811:edcc
2606:4700::6811:f1cc
2606:4700::6812:15bf
2606:4700::6813:9a53
2620:119:50e1:101::6cae:b25
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:802::200e
2a00:1450:4001:808::2002
2a00:1450:4001:809::2016
2a00:1450:4001:80f::2003
2a00:1450:4001:811::2002
2a00:1450:4001:811::2006
2a00:1450:4001:813::2001
2a00:1450:4001:813::200e
2a00:1450:4001:827::2003
2a00:1450:4001:828::2002
2a00:1450:4001:829::2003
2a00:1450:4001:82f::2008
2a00:1450:4001:830::2004
2a00:1450:400c:c08::9a
2a02:26f0:6c00:2ae::19fd
2a02:26f0:6c00:2b0::25ea
2a02:26f0:6c00::210:ba0a
2a03:2880:f01c:216:face:b00c:0:3
34.246.120.40
35.244.174.68
52.17.150.98
52.222.214.8
026c5db877da222d2316bf1197b8947a96c7623d51a4d462c91bf927dece3429
04299792f02b690d39bc12cdfa2106f8e30f0fe856c1db98518a3b2212cff140
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
07d59d11e10a2e559c0ce70c86b9736aed6a46a3b0b55c6cab658215ecb3ba57
09c4cb3040f901cc5a13fb0be1cd920cbb7a8d6dc2b3774f745ccac459462e19
0e4330fc42b9bc471699a995039181f9a8d98deba31c84c6961c7057e23c447c
0fc4119bc1cbfb84c3decc599049a609d37530c85c6272d2babb5e6f8aea51d4
128456fa800b42cb5aaa2abfb7ea0b40f2ddac958d693581a57785ae1f50e7d3
13063492037725c2fde3e391e81f71bab16ad215193960304e431a65ce5cc239
1943f3b04a44d0c87b27581e293ae88f0550384fdedb54719cd3959251b39cac
1a4651c562bac53f6d33b1d8093551a818571a6b595304ba4813bc7b5d503783
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
25df7745c61ea8874fe9ec932de0beafff58b79398cc5fbdf304b87d5ba1fc11
2d50308041f62ed58372ebea648295834c5e9712867e8014cab25b891f7cab98
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
3302ef568a096b5d784190fc4a27a5360a9e0a22c069d90253c6341e311024d8
341a4d40ad1b2560db940f906716d0e9539d4c0785399d7e0348fd0d3af00170
3580f6192b07e6adf20bee13a293fa896d94bfa1a6ae178a1dc2c0cdfdddee10
375ed48cd9e95d6226f860a4e264e95d284f7f2e1afd3e273a487b523a4667b3
397ea9453748b35f255a67e3d8e3b4ea0451490297295b643d6cbcd01764885a
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3ef21c69adf185324af1900fad6d0adda4a936d9b8f2fa6fc3adcad77402039a
3f12a03b42f82d5161186ef6b5976d911917f76d17271d2d47b66460c73f2656
3f5f54cf0b3875709d21e75894cfa3c7aa36967e5c8ccd9dc474954dac963222
43ac0ae9e90f01a0afabe35cc0aaa377336aac90759e74770251de89db0af44c
4660862fdf67da23977e13bcd1733cc317cd67109a029538f651d25af7dd6289
482764a09e130bd7446e86016ab44a442d73e2b295879cbb2666f7790478b187
53bbbcda593dc7d2483e3225fa353d9e8cad17c46baa7088ba0db94d66f0bf9e
54014a3250d65d0b907510a5dc4914be09000a6110ea28375331867dc5aca6b5
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5c548c151337a815c681c21526d74a2a18d333af03de18c3416b7ecbec5efa49
5d80a514d4ff6c64bab3d3c0a422e32ca989a0af6e05a0c6c4b721176ef08d16
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2
69aea70ed00c6297e407afc0b1ccf6db9629eedc412bf0779467f3e462d346e3
6cbb1738fe282734c8ddc440165f5debb94786a1ee3cecc6e625d77736cfdb60
6ee10a591b0a0848531baa06c5996e740e8d7bc77a0589bc625e21c0c7777682
6fc0154a9a3bb9f72d51c7dc2438412bf3e5b7fd637af7947d78ba3260e20d21
72230de642a6e6a4cc0059fd8555dcdace5fe8ca702e9e8d9f7030f0aa8e07c0
726906ee6ce6dfe1b6e35ddad151196c50277e31520de30e916e9cd9affc0ef3
72861187418567acf3410b79e484e43597b7ad6dd6d194dddf5dd76a62f8f127
72ad15be9ebaf0ccb9f542bd82398a4ec5f69f1f30593eff9807473af1a907e7
76e2bca54d321dfd4cebf8797b2c9a81ccb1c0619d4da3a7c53d4e6228c5a61d
832fcb7a625f828fb8cd99e39ef1b9abe50f1bc164a0aeeeed1ef15fa7505deb
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
87dc0517423f932aab0dabb2f41ab2f5ac41a4ba435794dcc6c6af663603df75
88f0974a56bb16506c2afbec592f3744b4cfda7693bc4c216833f9c778f527cd
8c83ead4df620cfe935b691ddd20665037e1582cae7bb3440a9e439e6f144cd9
8db61f95a8f3554830efc6c3942b7322efef09b9d7f0cbfe32135e0fac106d18
912e397d06adbf4e81171ebf49c4c8815fa95cda5eee3a66318dcdbfacb4b1be
973fe0e9bec6376bdb70f4f1dc15ef3cf655c7c836fe4d874c19a8d236d70f91
9826596e9da9431b8142f51beecb47b47288564667b7fed3380616a48783fcd5
99fa5a280296b5fc7b63433ee121a359fc68c4a37f04a87d363e751164b96ff1
9c1162a622bc982328d9c7d2768c7c90116b2002fc8d5823ff4f06bf309f18c1
9c9b17aaa6d7189ffe7cd7623f61f63b60df3178aaa8ced604a464c237178bce
9ec1002988b30be58344be55afcc9b1075519b3e2a96380b35ad343922e0d7ec
a28d5f760a77c14f0a805b8468c5b9ef32fc0cea36fb54eee11518b3bfee53f8
a3a4acc91750315f26ccfdff67b14bdc2ff153fd397500ad60a5ce9e0bafa3b1
a86b8c1fa9a765b51d4954ea0ca03f07280c044c999d11609689d044eee7eb24
adbbd83a1c6f81c5ccfbdf3e6e73147f59f349b11c6313ab664f6206bccbb776
afee3609c2d320fbe4ff5a90eaccd92d9628453944181649631dee0081de9d9b
b16d98329e42d0a88591acdde3183e9eb4265d23be18534b6bfba20332fb4483
b1701e3fa666b6218db2a8b8034f8c843270e92c7244a5028f48e26e80420591
b26ad6b0412de9b0f2bba15bbf871f8df78b3766f16d2ac594c23e31afa68984
bbb8a9ae5ce61d328c7904045c107506055c81333bd224b2244e2ff39ae882e6
bdce309d9f719feeab7a41bd8fa7d853ad50b3892f60df79e3f80d5a12ed5467
c34dbb609c6387f6175474daf591365e75a67780b5b5f10ca1e3a069187c694b
c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e
c8d76f539c79c8169dd727ae8842c1dfa3513378fada30cd91dbaf26a1290801
c9abbda67c1d434a2680d971349fd8392f52abdeebc6d0cfe6a8627601d5fd0c
c9b2f25f41b7ff545aff01bca8720881b1f87a4a39980d6ce014fa00969d9c40
cfe0094ec9c1e414159e1f064b9004d6af663e7b3c2d61c20a18e40e63d6a647
d0665aad66140bedfae8ee86351e3123060565001e33867552dd4b0f4a5a23d1
d0e967c2ea9405b1a4da4459bc85d996dd276c41c10ca4ea5fbbe569f8391217
d246d268ccbb30f7aadd23581fb30e4e790b9570fe1906c8ecbaa451427dc283
d7a0b5f26abc2ee8452715addae1516723a88843bfb0a8b80537f4c334caf22d
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
da25be71af88ccd751ae40782ff8c30e65e3ecf0770f03ae06c872d87b7a02e9
da4a58c48eea08aca7856d4798deab2f58f969de1482678d47286c58b0bb9fd0
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
ddeee3b3509ce9f1b333de73a9cd42e3302da2d0dfd7289b7eb851cf76048fca
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980
e08069362721d144d84f24395fd827901ad1eb93254333b4090971e4bad7a4a6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e44ab19d4e0d2b9d38f5623df2bc83fbf5b7e0d62dedff8f8732ee4c3da61754
e4c5354e3facb50d1b974362b6f22c46adae91a5a69aa51155aed0fd6722b2bb
e614df2805bb1eae4e5e9d50581d78f83afe811ca500e040b47f236f41f55bb6
e823fdd670bd4fdfd0258463a503ec5b50130267eb1b84701399d7b0ca7acf72
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1e795a81ef9726704c4c4c7176d2853aef32a7afd9d2aa7da1b4ebdf93cd7af
f37e21c653607facbf39ad55a0d09b23fbda4ee1be8202257bd4c218eb1544ee
f60e5f09897f9af1a4190159019fa7617df27856207b153888844ffc5ac3790b
f685d36f3f62589ffc7cb9633a82850958978f8803780ece24c613ca6f8cf563
fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5
fb650f2e8e62e57cac5f5c9dc41416774d42c17621d63028dcec91ad63f20182
fc274ccf7e5cfcc1ccc258ded262f17f961d33a8ba35f7c55f051f5b5f612105
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3