labs.bishopfox.com Open in urlscan Pro
2606:2c40::c73c:67fe Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui
Effective URL:
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Submission: On August 02 via api (August 2nd 2021, 5:35:26 pm UTC) from US

Summary HTTP 106 Redirects Links 66 Behaviour Indicators

Summary

This website contacted 39 IPs in 4 countries across 29 domains to perform 106 HTTP transactions. The main IP is 2606:2c40::c73c:67fe, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is labs.bishopfox.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 9th 2021. Valid for: a year.

This is the only time labs.bishopfox.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 28	2606:2c40::c7... 2606:2c40::c73c:67fe	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
8	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba2a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:2800:233... 2606:2800:233:66b5:799a:7cd3:f74d:7071	15133 (EDGECAST) (EDGECAST)
3	2606:4700::68... 2606:4700::6811:f2cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:82b::2008	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:6c0... 2a02:26f0:6c00:28d::19fd	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:811::200e	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
2	2606:4700::68... 2606:4700::6811:cbcc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:6c0... 2a02:26f0:6c00:296::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 6	142.250.74.198 142.250.74.198	15169 (GOOGLE) (GOOGLE)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.224.100.124 13.224.100.124	16509 (AMAZON-02) (AMAZON-02)
2	104.111.234.67 104.111.234.67	16625 (AKAMAI-AS) (AKAMAI-AS)
8	2a00:1450:400... 2a00:1450:4001:802::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:14bf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:45b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:ebcc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:70b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	2620:119:50e1... 2620:119:50e1:101::6cae:b25	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	108.174.10.14 108.174.10.14	14413 (LINKEDIN) (LINKEDIN)
1	2a00:1450:400... 2a00:1450:400c:c00::9d	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:828::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::2006	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:801::2016	15169 (GOOGLE) (GOOGLE)
1	104.244.42.136 104.244.42.136	13414 (TWITTER) (TWITTER)
4	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
5	2606:4700::68... 2606:4700::6811:6d2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.13.27 151.101.13.27	54113 (FASTLY) (FASTLY)
3	162.247.242.20 162.247.242.20	23467 (NEWRELIC-...) (NEWRELIC-AS-1)
1	34.254.108.170 34.254.108.170	16509 (AMAZON-02) (AMAZON-02)
1	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
2 2	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
106	39

28 2606:2c40::c73c:67fe (United States) 1 redirects

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

know.bishopfox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
labs.bishopfox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a02:26f0:6c00::210:ba2a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:233:66b5:799a:7cd3:f74d:7071 (United States)

ASN15133 (EDGECAST, US)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:f2cc (United States)

ASN13335 (CLOUDFLARENET, US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
avatars.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:28d::19fd (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:cbcc (United States)

ASN13335 (CLOUDFLARENET, US)

api-na1.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:296::25ea (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.74.198 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f6.1e100.net

10586810.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.100.124 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-100-124.zrh50.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.234.67 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-234-67.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:802::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:14bf (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:45b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:ebcc (United States)

ASN13335 (CLOUDFLARENET, US)

js.usemessages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:70b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:119:50e1:101::6cae:b25 (United States) 2 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.174.10.14 (United States)

ASN14413 (LINKEDIN, US)
PTR: 108-174-10-14.fwd.linkedin.com

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

yt3.ggpht.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2016 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.136 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6811:6d2 (United States)

ASN13335 (CLOUDFLARENET, US)

static.hsappstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.13.27 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 162.247.242.20 (United States)

ASN23467 (NEWRELIC-AS-1, US)
PTR: bam-8.nr-data.net

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.254.108.170 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6813:9b53 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

api.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
28	bishopfox.com 1 redirects know.bishopfox.com labs.bishopfox.com	1 MB
10	doubleclick.net 2 redirects 10586810.fls.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net static.doubleclick.net	3 KB
9	youtube.com www.youtube.com	662 KB
9	typekit.net use.typekit.net p.typekit.net	235 KB
6	hubspot.com 2 redirects app.hubspot.com api.hubspot.com track.hubspot.com	20 KB
5	hsappstatic.net static.hsappstatic.net	237 KB
5	google.com www.google.com adservice.google.com	14 KB
5	linkedin.com 3 redirects platform.linkedin.com px.ads.linkedin.com www.linkedin.com px4.ads.linkedin.com	58 KB
3	nr-data.net bam.nr-data.net	639 B
3	bing.com bat.bing.com	9 KB
3	twitter.com platform.twitter.com syndication.twitter.com	133 KB
3	hubspot.net cdn2.hubspot.net avatars.hubspot.net	33 KB
2	google.de www.google.de	171 B
2	gstatic.com fonts.gstatic.com www.gstatic.com	17 KB
2	marketo.net munchkin.marketo.net	7 KB
2	adsrvr.org js.adsrvr.org insight.adsrvr.org	3 KB
2	google-analytics.com www.google-analytics.com	19 KB
2	hubapi.com api-na1.hubapi.com api.hubapi.com	1 KB
2	facebook.net connect.facebook.net	68 KB
2	googletagmanager.com www.googletagmanager.com	93 KB
1	googleadservices.com www.googleadservices.com	14 KB
1	newrelic.com js-agent.newrelic.com	14 KB
1	ytimg.com i.ytimg.com	9 KB
1	ggpht.com yt3.ggpht.com	6 KB
1	hsadspixel.net js.hsadspixel.net	3 KB
1	usemessages.com js.usemessages.com	21 KB
1	hs-analytics.net js.hs-analytics.net	19 KB
1	hs-banner.com js.hs-banner.com	15 KB
1	licdn.com snap.licdn.com	2 KB
106	29

	Domain	Requested by
26	labs.bishopfox.com	labs.bishopfox.com js.usemessages.com
9	www.youtube.com	labs.bishopfox.com www.youtube.com
8	use.typekit.net	labs.bishopfox.com use.typekit.net
6	10586810.fls.doubleclick.net	2 redirects www.googletagmanager.com labs.bishopfox.com
5	static.hsappstatic.net	app.hubspot.com
3	bam.nr-data.net	app.hubspot.com
3	api.hubspot.com	2 redirects static.hsappstatic.net
3	www.google.com	labs.bishopfox.com www.youtube.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com labs.bishopfox.com
2	avatars.hubspot.net	app.hubspot.com
2	track.hubspot.com
2	adservice.google.com	10586810.fls.doubleclick.net
2	googleads.g.doubleclick.net	www.youtube.com www.googleadservices.com
2	www.google.de	labs.bishopfox.com
2	px.ads.linkedin.com	2 redirects
2	munchkin.marketo.net	labs.bishopfox.com munchkin.marketo.net
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	platform.twitter.com	labs.bishopfox.com platform.twitter.com
2	connect.facebook.net	labs.bishopfox.com connect.facebook.net
2	www.googletagmanager.com	labs.bishopfox.com js.hsadspixel.net
2	know.bishopfox.com	1 redirects labs.bishopfox.com
1	www.googleadservices.com	www.googletagmanager.com
1	insight.adsrvr.org	js.adsrvr.org
1	api.hubapi.com	js.hsadspixel.net
1	js-agent.newrelic.com	app.hubspot.com
1	www.gstatic.com	www.youtube.com
1	app.hubspot.com	js.usemessages.com
1	syndication.twitter.com	platform.twitter.com
1	i.ytimg.com	www.youtube.com
1	yt3.ggpht.com	www.youtube.com
1	static.doubleclick.net	www.youtube.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	px4.ads.linkedin.com	labs.bishopfox.com
1	www.linkedin.com	1 redirects
1	js.hsadspixel.net	labs.bishopfox.com
1	js.usemessages.com	labs.bishopfox.com
1	js.hs-analytics.net	labs.bishopfox.com
1	js.hs-banner.com	labs.bishopfox.com
1	fonts.gstatic.com	www.youtube.com
1	js.adsrvr.org	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	api-na1.hubapi.com	labs.bishopfox.com
1	p.typekit.net	use.typekit.net
1	cdn2.hubspot.net	labs.bishopfox.com
1	platform.linkedin.com	labs.bishopfox.com
106	45

This site contains links to these domains. Also see Links.

Domain
www.bishopfox.com
twitter.com
www.linkedin.com
github.com
www.facebook.com
www.telerik.com
www.the-s-unit.nl
codewhitesec.blogspot.com
docs.microsoft.com
www.slideshare.net
threatvector.cylance.com
www.blackhat.com
thewover.github.io
portswigger.net
docs.telerik.com
services.bishopfox.com
know.bishopfox.com
www.youtube.com

Subject Issuer	Validity	Valid
labs.bishopfox.com Cloudflare Inc ECC CA-3	`2021-06-09` - `2022-06-08`	a year	crt.sh
use.typekit.net DigiCert TLS RSA SHA256 2020 CA1	`2020-11-03` - `2021-11-07`	a year	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2019-10-10` - `2021-10-14`	2 years	crt.sh
hubspot.net Cloudflare Inc ECC CA-3	`2021-06-06` - `2022-06-05`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
*.typekit.net DigiCert TLS RSA SHA256 2020 CA1	`2021-07-16` - `2022-07-21`	a year	crt.sh
*.google.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
know.bishopfox.com Cloudflare Inc ECC CA-3	`2021-06-06` - `2022-06-05`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-07-20` - `2021-10-18`	3 months	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-05` - `2021-11-09`	a year	crt.sh
hubapi.com Cloudflare Inc ECC CA-3	`2021-06-07` - `2022-06-06`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2021-04-30` - `2022-05-11`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2021-07-06` - `2022-01-06`	6 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2021-03-29` - `2022-04-06`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-03` - `2022-07-02`	a year	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2021-04-15` - `2021-10-15`	6 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-07-05` - `2021-09-27`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
edgestatic.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
syndication.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2021-06-26` - `2022-06-25`	a year	crt.sh
hsappstatic.net Cloudflare Inc ECC CA-3	`2021-06-10` - `2022-06-09`	a year	crt.sh
*.newrelic.com GlobalSign Atlas R3 DV TLS CA 2020	`2021-05-05` - `2022-06-06`	a year	crt.sh
*.nr-data.net DigiCert SHA2 Secure Server CA	`2020-02-05` - `2022-02-08`	2 years	crt.sh
www.googleadservices.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-07-05` - `2021-09-27`	3 months	crt.sh

This page contains 7 frames:

Primary Page: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Frame ID: A97E36D5612A0DAAF74F2FB4A095D1B9
Requests: 73 HTTP requests in this frame

Frame: https://www.youtube.com/embed/--6PiuvBGAU
Frame ID: 0EE9DA1BA163FB83A0E19A60CBC4C6CE
Requests: 17 HTTP requests in this frame

Frame: https://10586810.fls.doubleclick.net/activityi;dc_pre=CJyjsOzvkvICFUxy0wodsZUIXg;src=10586810;type=conve0;cat=allpa0;ord=7076045664506;gtm=2wg7s0;auiddc=1760576005.1627925708;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui
Frame ID: 838E5637C53BFD4C67A92E2A5AB5FB8D
Requests: 2 HTTP requests in this frame

Frame: https://10586810.fls.doubleclick.net/activityi;dc_pre=CIapsOzvkvICFUkf0wodE3IJSA;src=10586810;type=conve0;cat=uniqu0;ord=1;num=5310827557592;gtm=2wg7s0;auiddc=1760576005.1627925708;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui
Frame ID: 0B2E6BEEDE01D4A607C4822443B2C08B
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.0504c5db6e58d499a7ba93c246a8554d.html?origin=https%3A%2F%2Flabs.bishopfox.com
Frame ID: E8D34522445D0C389E203467D886ACAF
Requests: 2 HTTP requests in this frame

Frame: https://app.hubspot.com/conversations-visitor/5632775/threads/utk/bc3325dfaaa44870a3b1e1c98ae66939?uuid=0b0e8872b8aa428e9ad51a341f3d6e0d&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=labs.bishopfox.com&inApp53=false&messagesUtk=bc3325dfaaa44870a3b1e1c98ae66939&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=false&enableWidgetCookieBanner=false&isInCMS=true
Frame ID: 8BF49726BE410CE83FCDE04422A96C50
Requests: 13 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=g03mf9d&ref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&upid=793w4qu&upv=1.1.0
Frame ID: A32DD6545BBA30A5879B283194DC9F55
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui HTTP 301
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

html //i

Linkedin (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/platform\.linkedin\.com\/in\.js/i

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/platform\.twitter\.com\/widgets\.js/i

Page Statistics

106
Requests

100 %
HTTPS

78 %
IPv6

29
Domains

45
Subdomains

39
IPs

4
Countries

2782 kB
Transfer

7372 kB
Size

15
Cookies

66 Outgoing links

These are links going to different origins than the main page.

URL: https://www.bishopfox.com/
Title: Return to BishopFox.com

Search URL Search Domain Scan URL

URL: https://twitter.com/bishopfox
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/bishop-fox/
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://github.com/BishopFox
Title: GitHub

Search URL Search Domain Scan URL

URL: https://www.facebook.com/BishopFoxConsulting/
Title: Facebook

Search URL Search Domain Scan URL

URL: https://github.com/noperator/CVE-2019-18935
Title: CVE-2019-18935 GitHub repo

Search URL Search Domain Scan URL

URL: https://www.telerik.com/products/aspnet-ajax.aspx
Title: Telerik UI for ASP.NET AJAX

Search URL Search Domain Scan URL

URL: https://www.telerik.com/support/kb/aspnet-ajax/details/allows-javascriptserializer-deserialization
Title: security advisory for CVE-2019-18935

Search URL Search Domain Scan URL

URL: https://twitter.com/mwulftange
Title: @mwulftange

Search URL Search Domain Scan URL

URL: https://github.com/bao7uo
Title: (@bao7uo

Search URL Search Domain Scan URL

URL: https://www.the-s-unit.nl/node/78
Title: CVE-2014-2217

Search URL Search Domain Scan URL

URL: https://github.com/straightblast/UnRadAsyncUpload/wiki
Title: @straightblast's write-up

Search URL Search Domain Scan URL

URL: https://www.telerik.com/support/kb/aspnet-ajax/upload-(async)/details/unrestricted-file-upload
Title: security advisory

Search URL Search Domain Scan URL

URL: https://codewhitesec.blogspot.com/2019/02/telerik-revisited.html
Title: took a closer look

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/dotnet/api/system.web.script.serialization.javascriptserializer.deserialize?view=netframework-4.8
Title: JavaScriptSerializer.Deserialize()

Search URL Search Domain Scan URL

URL: https://www.slideshare.net/frohoff1/appseccali-2015-marshalling-pickles
Title: gadget

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/dotnet/api/system.configuration.install.assemblyinstaller?view=netframework-4.8
Title: System.Configuration.Install.AssemblyInstaller

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/dotnet/api/system.configuration.install.assemblyinstaller.path?view=netframework-4.8#System_Configuration_Install_AssemblyInstaller_Path
Title: Path

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/win32/dlls/dllmain
Title: DLLMain()

Search URL Search Domain Scan URL

URL: https://threatvector.cylance.com/en_us/home/implications-of-loading-net-assemblies.html
Title: Implications of Loading .NET Assemblies

Search URL Search Domain Scan URL

URL: https://www.blackhat.com/docs/us-17/thursday/us-17-Munoz-Friday-The-13th-JSON-Attacks-wp.pdf
Title: Friday the 13th JSON Attacks

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/cpp/dotnet/mixed-native-and-managed-assemblies?view=vs-2019
Title: mixed mode assembly

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/dotnet/standard/assembly/
Title: assembly

Search URL Search Domain Scan URL

URL: https://thewover.github.io/Introducing-Donut/
Title: article about injecting .NET assemblies

Search URL Search Domain Scan URL

URL: https://thewover.github.io/Mixed-Assemblies/
Title: mixed assemblies

Search URL Search Domain Scan URL

URL: https://www.telerik.com/support/whats-new/aspnet-ajax/release-history
Title: release history

Search URL Search Domain Scan URL

URL: https://portswigger.net/burp/documentation/desktop/functions/search
Title: search

Search URL Search Domain Scan URL

URL: https://github.com/bao7uo/RAU_crypto
Title: RAU_crypto

Search URL Search Domain Scan URL

URL: https://github.com/noperator/CVE-2019-18935/blob/master/sleep.c
Title: sleep.c

Search URL Search Domain Scan URL

URL: https://github.com/noperator/CVE-2019-18935/blob/master/build_dll.bat
Title: build_dll.bat

Search URL Search Domain Scan URL

URL: https://github.com/noperator/CVE-2019-18935/blob/master/CVE-2019-18935.py
Title: CVE-2019-18935.py

Search URL Search Domain Scan URL

URL: https://github.com/noperator/CVE-2019-18935/blob/master/rev_shell.c
Title: rev_shell.c

Search URL Search Domain Scan URL

URL: https://www.telerik.com/support/whats-new/aspnet-ajax/release-history/ui-for-asp-net-ajax-r3-2019-sp1-(version-2019-3-1023)
Title: R3 2019 SP1

Search URL Search Domain Scan URL

URL: https://docs.telerik.com/devtools/aspnet-ajax/controls/asyncupload/security
Title: RadAsyncUpload security guide

Search URL Search Domain Scan URL

URL: https://docs.telerik.com/devtools/aspnet-ajax/controls/asyncupload/security#recommended-settings
Title: recommended security settings

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?original_referer=https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui&url=https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui&source=tweetbutton&text=CVE-2019-18935%3A+Remote+Code+Execution+via+Insecure+Deserialization+in+Telerik+UI
Title: Twitter

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Title: LinkedIn

Search URL Search Domain Scan URL

URL: http://www.facebook.com/share.php?u=https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.bishopfox.com/continuous-attack-surface-testing/
Title: Continuous Attack Surface Testing (CAST)

Search URL Search Domain Scan URL

URL: https://www.bishopfox.com/continuous-attack-surface-testing/how-cast-works/
Title: How CAST Works

Search URL Search Domain Scan URL

URL: https://www.bishopfox.com/continuous-attack-surface-testing/cast-use-cases/
Title: CAST Use Cases

Search URL Search Domain Scan URL

URL: https://www.bishopfox.com/services/application-penetration-testing/
Title: Application Penetration Testing

Search URL Search Domain Scan URL

URL: https://www.bishopfox.com/services/mobile-application-assessment/
Title: Mobile Application Assessment

Search URL Search Domain Scan URL

URL: https://www.bishopfox.com/services/hybrid-application-assessment/
Title: Hybrid Application Assessment

Search URL Search Domain Scan URL

URL: https://www.bishopfox.com/services/cloud-security-review/
Title: Cloud Security Review

Search URL Search Domain Scan URL

URL: https://www.bishopfox.com/services/product-security-review/
Title: Product Security Review

Search URL Search Domain Scan URL

URL: https://www.bishopfox.com/services/red-teaming/
Title: Red Teaming

Search URL Search Domain Scan URL

URL: https://www.bishopfox.com/services/external-penetration-testing/
Title: External Penetration Testing

Search URL Search Domain Scan URL

URL: https://www.bishopfox.com/services/internal-penetration-testing/
Title: Internal Penetration Testing

Search URL Search Domain Scan URL

URL: https://services.bishopfox.com/amazon-alexa-built-in-devices
Title: Alexa Built-In Devices Assessment

Search URL Search Domain Scan URL

URL: https://services.bishopfox.com/google
Title: Google Partner Gmail/Oauth Assessment

Search URL Search Domain Scan URL

URL: https://services.bishopfox.com/google-alphabet-vendor-security-assessment-vsa
Title: Google/Alphabet VSA

Search URL Search Domain Scan URL

URL: https://services.bishopfox.com/nest
Title: Nest Partner Program

Search URL Search Domain Scan URL

URL: https://services.bishopfox.com/workplace-from-facebook
Title: Workplace Partner Program

Search URL Search Domain Scan URL

URL: https://www.bishopfox.com/vulnerability-disclosure-policy/
Title: Vulnerability Disclosure Policy

Search URL Search Domain Scan URL

URL: https://www.bishopfox.com/jobs/
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.bishopfox.com/jobs/internships/
Title: Internships

Search URL Search Domain Scan URL

URL: https://know.bishopfox.com/foxtales
Title: Fox Tales

Search URL Search Domain Scan URL

URL: https://www.bishopfox.com/about/
Title: About Us

Search URL Search Domain Scan URL

URL: https://know.bishopfox.com/customer-stories
Title: Customer Stories

Search URL Search Domain Scan URL

URL: https://know.bishopfox.com/news
Title: News

Search URL Search Domain Scan URL

URL: https://know.bishopfox.com/events
Title: Events

Search URL Search Domain Scan URL

URL: http://www.bishopfox.com/privacy-statement/
Title: Bishop Fox Privacy Statement

Search URL Search Domain Scan URL

URL: https://www.facebook.com/BishopFoxConsulting

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/bishop-fox

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/Bishopfox

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui HTTP 301
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 45

https://10586810.fls.doubleclick.net/activityi;src=10586810;type=conve0;cat=allpa0;ord=7076045664506;gtm=2wg7s0;auiddc=1760576005.1627925708;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui HTTP 302
https://10586810.fls.doubleclick.net/activityi;dc_pre=CJyjsOzvkvICFUxy0wodsZUIXg;src=10586810;type=conve0;cat=allpa0;ord=7076045664506;gtm=2wg7s0;auiddc=1760576005.1627925708;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui

Request Chain 46

https://10586810.fls.doubleclick.net/activityi;src=10586810;type=conve0;cat=uniqu0;ord=1;num=5310827557592;gtm=2wg7s0;auiddc=1760576005.1627925708;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui HTTP 302
https://10586810.fls.doubleclick.net/activityi;dc_pre=CIapsOzvkvICFUkf0wodE3IJSA;src=10586810;type=conve0;cat=uniqu0;ord=1;num=5310827557592;gtm=2wg7s0;auiddc=1760576005.1627925708;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui

Request Chain 64

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2404668&time=1627925708024&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2404668%26time%3D1627925708024%26url%3Dhttps%253A%252F%252Flabs.bishopfox.com%252Ftech-blog%252Fcve-2019-18935-remote-code-execution-in-telerik-ui%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2404668&time=1627925708024&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2404668&time=1627925708024&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&liSync=true&e_ipv6=AQK0OpRrKxxlBQAAAXsH7wB2T67UwxXLPqxb8U9RmdtpRVFhFkm4abDSg2-5ickhzJsRqk3A

Request Chain 105

https://api.hubspot.com/userpreferences/v1/avatar/04963c130de0c8b0740e38f085c9e984/100 HTTP 307
https://avatars.hubspot.net/04963c130de0c8b0740e38f085c9e984-100

Request Chain 106

https://api.hubspot.com/userpreferences/v1/avatar/d5e344d61def6c6a18f68fceb2582d49/100 HTTP 307
https://avatars.hubspot.net/d5e344d61def6c6a18f68fceb2582d49-100

106 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request cve-2019-18935-remote-code-execution-in-telerik-ui Show response
labs.bishopfox.com/tech-blog/
Redirect Chain

https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui
https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui

183 KB
30 KB

116ms
83ms

Document
text/html

2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / HubSpot

Resource Hash

c7e759103c707a1be91a2c66badd674496967cd9034b36f7a72a1fabaa46dd1f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=0

Request headers

:method: GET
:authority: labs.bishopfox.com
:scheme: https
:path: /tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:07 GMT
content-type: text/html; charset=UTF-8
cache-control: s-maxage=10800, max-age=0
etag: W/"6d1a745a11b399bf70309aedb448b620"
last-modified: Mon, 02 Aug 2021 16:44:30 GMT
link: </hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js>; rel=preload; as=script,</hs/hsstatic/cos-i18n/static-1.37/bundles/project.js>; rel=preload; as=script,</hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js>; rel=preload; as=script,</hs/hsstatic/HubspotToolsMenu/static-1.103/js/index.js>; rel=preload; as=script,</_hcms/forms/v2.js>; rel=preload; as=script,</hs/hsstatic/AsyncSupport/static-1.94/js/comment_listing_asset.js>; rel=preload; as=script
strict-transport-security: max-age=0
cache-tag: CT-11829155136,CT-23317514002,CT-29248014118,CT-41736538695,CG-10492047050,P-5632775,L-10469805076,L-28319293718,L-28320962156,W-28178011569,CW-10478305230,CW-28294170921,CW-28294377142,CW-28295816956,CW-28509734887,CW-8297568409,CW-8297800340,CW-8297800344,CW-8302667608,CW-8302667698,CW-8303015327,CW-8303015408,DB-2620645,E-28144332160,E-28145500502,E-28550993871,E-32348863542,E-32348863607,MENU-28178011569,PGS-ALL,SW-2,GC-29551615800,GC-30358366903
content-security-policy: upgrade-insecure-requests
edge-cache-tag: CT-11829155136,CT-23317514002,CT-29248014118,CT-41736538695,CG-10492047050,P-5632775,L-10469805076,L-28319293718,L-28320962156,W-28178011569,CW-10478305230,CW-28294170921,CW-28294377142,CW-28295816956,CW-28509734887,CW-8297568409,CW-8297800340,CW-8297800344,CW-8302667608,CW-8302667698,CW-8303015327,CW-8303015408,DB-2620645,E-28144332160,E-28145500502,E-28550993871,E-32348863542,E-32348863607,MENU-28178011569,PGS-ALL,SW-2,GC-29551615800,GC-30358366903
referrer-policy: no-referrer-when-downgrade
x-hs-cache-config: BrowserCache-5s-EdgeCache-180s
x-hs-cf-cache-status: HIT
x-hs-combine-css: Disabled
x-hs-content-campaign-id: b6523efd-8992-4338-8c60-aa879679ef57
x-hs-content-id: 23317514002
x-hs-hub-id: 5632775
x-hs-prerendered: Mon, 02 Aug 2021 16:44:30 GMT
x-powered-by: HubSpot
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6iyevvmnhrqG7GbCLfEdlRqQ%2BZSZTJ8fUaFWR0PWZ6PQ2g9e1vSfSR3UDWCZ5Cw0tjI28AbYgtwZO9G35bq6CCs0Pqm3dCtYwzoqghTHydTFIn9RzZH5OQ9IuOmeuM%2BS%2BFcFR0D1GwBeOmoYYKm4UQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: __cfruid=4c4e76b8222312989b04b9ea4e0eb30ba7f88c7c-1627925707; path=/; domain=.labs.bishopfox.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 67890f95de2805bb-FRA
content-encoding: br
cf-h2-pushed: </hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js>,</hs/hsstatic/cos-i18n/static-1.37/bundles/project.js>,</hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js>,</hs/hsstatic/HubspotToolsMenu/static-1.103/js/index.js>,</_hcms/forms/v2.js>,</hs/hsstatic/AsyncSupport/static-1.94/js/comment_listing_asset.js>

Redirect headers

date: Mon, 02 Aug 2021 17:35:07 GMT
location: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
cf-ray: 67890f953b3a4de2-FRA
age: 116
cache-control: no-transform, max-age=120
expires: Mon, 02 Aug 2021 17:35:11 GMT
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-credentials: false
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-hs-mapping-id: 31405034559
x-hs-mapping-only-after-not-found: yes
x-hs-route-prefix: http://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui
x-hubspot-correlation-id: 59db3c79-8305-4433-8e6b-d145d235d599
x-trace: 2B2DDE5F1988E25AE6DB171201D978080B4F67F5F3000000000000000000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RBXWh2Lj1RpTfC2BplmyJELGZlNYARtVwWjTIgJSeHiDRaN2CDI9exowuNtYOiWNXxBC2b4oyCDUmHaveGWZPYB6zLr0Vip5YihV%2Fja%2FA%2F3NuWI5lTZRTquoyVDpGSX1Dz%2BOzKW0CnO8z7oP0qocSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
set-cookie: __cfruid=4c4e76b8222312989b04b9ea4e0eb30ba7f88c7c-1627925707; path=/; domain=.know.bishopfox.com; HttpOnly; Secure; SameSite=None
server: cloudflare

GET
H2 200 jquery-1.11.2.js Show response
labs.bishopfox.com/hs/hsstatic/jquery-libs/static-1.4/jquery/ 94 KB
36 KB 22ms
0ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.bishopfox.com/hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:07 GMT
via: 1.1 fc6dca2df1221c0bec817610bc20e505.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 11478603
cf-ray: 67890f964f2505bb-FRA
x-cache: Miss from cloudfront
x-amz-cf-pop: MUC50-C1
content-encoding: br
last-modified: Thu, 08 Jan 2015 18:08:00 GMT
server: cloudflare
etag: W/"5790ead7ad3ba27397aedfa3d263b867"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VRjQjljwFi74MnG7E6s63EVEObqQHK7IfkCkX0B30Dv7c45Pe15cKa%2BxRD8TZBUu%2FXFnzQYQMeyiq7Qj10Tko4WJx67tdMFVD8p2K9SnSQXDkPMe8zOKPL2%2Fb4u1otqZ7cKK2iCD1oCAU%2Bn9l4MFRA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: null
cache-control: public, max-age=31536000
set-cookie: __cfruid=4c4e76b8222312989b04b9ea4e0eb30ba7f88c7c-1627925707; path=/; domain=.labs.bishopfox.com; HttpOnly; Secure; SameSite=None
content-type: application/javascript
x-amz-cf-id: j0uxu44Fmw6l7XI0jwNOqLWvnvA6bO55qT4moDX0Y1npxbcu592mAg==
expires: Tue, 02 Aug 2022 17:35:07 GMT

GET
H2 200 project.js Show response
labs.bishopfox.com/hs/hsstatic/cos-i18n/static-1.37/bundles/ 1 KB
1 KB 60ms
0ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.bishopfox.com/hs/hsstatic/cos-i18n/static-1.37/bundles/project.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

69aea70ed00c6297e407afc0b1ccf6db9629eedc412bf0779467f3e462d346e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:07 GMT
via: 1.1 e1e056e45a0f8d6bc22b223900511170.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 3896945
x-amz-server-side-encryption: AES256
cf-ray: 67890f964f2905bb-FRA
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-amz-cf-pop: FRA2-C2
content-encoding: br
last-modified: Mon, 14 Jun 2021 16:41:38 GMT
server: cloudflare
etag: W/"6c562b3f1d6a0148fda97d4847422c6f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3iKz71oyBNSzHgS6pbT8QrWz%2BfXkMWBZTaHzexyjGEG4GhfuAYiosSWWXho2eU7luq%2Bxipp2qHiU80K48DoDpd9wNSmHbU%2BHqX%2FSn6%2BMxRAY%2FjcQCJNfqfKZZWGN5m1ojxPN%2Fd7Xewsmm8Cwj4ne6A%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: M9oUePGbwt7hrJpARSIQzQLaIi7kmGEy
cache-control: public, max-age=31536000
set-cookie: __cfruid=4c4e76b8222312989b04b9ea4e0eb30ba7f88c7c-1627925707; path=/; domain=.labs.bishopfox.com; HttpOnly; Secure; SameSite=None
content-type: application/javascript
x-amz-cf-id: DUXbRLuhPxzxlhKqx2KMF2WMfvTtTR6IQDORvdAyUi-gNVGhIKhf-Q==
expires: Tue, 02 Aug 2022 17:35:07 GMT

GET
H2 200 project.js Show response
labs.bishopfox.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/ 2 KB
1 KB 17ms
0ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.bishopfox.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:07 GMT
via: 1.1 ae3f020e2e89e632d339db198e9ba75b.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 11478841
x-amz-server-side-encryption: AES256
cf-ray: 67890f964f2a05bb-FRA
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-amz-cf-pop: MUC50-C1
content-encoding: br
last-modified: Wed, 19 Aug 2020 22:24:11 GMT
server: cloudflare
etag: W/"ef84f26c310485299d6b75777414eddb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w%2FsuMUKpuXOw5rRel6hxzxJhISnTLfX48O7%2BDYXkFWmwAqGNSTYw05C6D%2B6Xdg3W3kd%2F8S9sNAFN%2BR1EyV55p6IrcuVhmmbQJtyh5XeRTtALvQOuDIcgWw5CZ3poaGrTDHcwIckgikDE7yWX3x8X5g%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: gEenO44eZUewxnIWfgj9q6LB.g9OszNv
cache-control: public, max-age=31536000
set-cookie: __cfruid=4c4e76b8222312989b04b9ea4e0eb30ba7f88c7c-1627925707; path=/; domain=.labs.bishopfox.com; HttpOnly; Secure; SameSite=None
content-type: application/javascript
x-amz-cf-id: cqvrxixsJGu7xknZVpeNZIIugPJs9Gybqb6Ts_bfIy_dZMvA-0Dp7A==
expires: Tue, 02 Aug 2022 17:35:07 GMT

GET
H2 200 index.js Show response
labs.bishopfox.com/hs/hsstatic/HubspotToolsMenu/static-1.103/js/ 51 KB
20 KB 48ms
0ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.bishopfox.com/hs/hsstatic/HubspotToolsMenu/static-1.103/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e4a38b04932e2ad77d85997f5cef0de384ecc1bb0b854cf619cb32501158692e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:07 GMT
via: 1.1 9c7e5857d78c5dc89042979317de5843.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 6931003
x-amz-server-side-encryption: AES256
cf-ray: 67890f964f2b05bb-FRA
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-amz-cf-pop: DEN50-C2
content-encoding: br
last-modified: Fri, 14 May 2021 12:13:32 GMT
server: cloudflare
etag: W/"006946e614d6ef469f5c9e46b4836d15"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DJZET6imbJXfea4MN0hZt7%2Fa9CBhOlMnWQzXggy5%2BUa%2FDY8u0dPInvFM3d5ztNOB1BetIiczyLr6jJISI4Ul0e5ry%2BzqbpG1ZgfrFZCILfJmsbWhzcN%2FpYsgRhDCfSBpT0HmutGjNvM2m7D1VD87NQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: NS5brkaR0OO1ViABjiLPNZKumB_gwu3c
cache-control: public, max-age=31536000
set-cookie: __cfruid=4c4e76b8222312989b04b9ea4e0eb30ba7f88c7c-1627925707; path=/; domain=.labs.bishopfox.com; HttpOnly; Secure; SameSite=None
content-type: application/javascript
x-amz-cf-id: I1j6RqtXQalDbXMhdqYXqor4a2LFOh4E-WrqLmy0b_M1v_wzGxNReA==
expires: Tue, 02 Aug 2022 17:35:07 GMT

GET
H2 200 v2.js Show response
labs.bishopfox.com/_hcms/forms/ 569 KB
145 KB 64ms
0ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.bishopfox.com/_hcms/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

336032e8b6a0e53594ef6fd0333f2c8f791accdd85de58bfbbbcd134347672af

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:07 GMT
via: 1.1 c35f767218cbd1125d801b52fa785c8d.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 374
x-amz-server-side-encryption: AES256
cf-ray: 67890f964f2f05bb-FRA
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-amz-cf-pop: IAD89-C3
content-encoding: br
last-modified: Mon, 26 Jul 2021 08:58:31 UTC
server: cloudflare
etag: W/"54f88eaced1496c532226765043c50e7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IkdciZN1xo1OIKxFWntzd%2BoGZSxA46sLGpQKncxWTOTzpMvlgImaG44IdgAHx3NlCIjOzTpCuhHmHgEuO3K89svUbtJtGdSOlH8hKcrHs9zk18pMKjDXX%2BeRr1I6rigFo%2BlbNK5u%2Fg9jJrR%2FdLs6RQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: CD.EJgxkQT0UFVsMcBVdkshUHUGkYwIo
access-control-allow-origin: *
cache-control: s-maxage=600, max-age=0
x-hs-cache-status: HIT
set-cookie: __cfruid=4c4e76b8222312989b04b9ea4e0eb30ba7f88c7c-1627925707; path=/; domain=.labs.bishopfox.com; HttpOnly; Secure; SameSite=None
content-type: application/javascript; charset=utf-8
x-amz-cf-id: 9iM22pYIda2wxozqtJMUK6aAIZEJtsvUT12dCLey7qiPKHXgQEUNdQ==
x-hs-target-asset: FormsNext/static-5.349/bundles/project_with_deps.js

GET
H2 200 comment_listing_asset.js Show response
labs.bishopfox.com/hs/hsstatic/AsyncSupport/static-1.94/js/ 8 KB
3 KB 46ms
0ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.bishopfox.com/hs/hsstatic/AsyncSupport/static-1.94/js/comment_listing_asset.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3a4acc91750315f26ccfdff67b14bdc2ff153fd397500ad60a5ce9e0bafa3b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:07 GMT
via: 1.1 4699c08b44211e17f977ca0133ec5e8f.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 11478766
x-amz-server-side-encryption: AES256
cf-ray: 67890f964f3105bb-FRA
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
x-amz-cf-pop: MUC50-C1
content-encoding: br
last-modified: Thu, 04 Feb 2021 19:41:00 GMT
server: cloudflare
etag: W/"dead139f9e90162ef18faec5c6658b27"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d9mioaj8CUVcC%2FBrCIFVBFc9iTBpARt5AYGhJDIfThOykH2%2F4Htyx%2B4iNOa4bIoe2gPY4QxLPxKLgZbYicgHdGMc19nouNBzoEgWL6AxFASasUJuj7m1bw0E%2B79ht6hUMbwTjfzNbrgtU%2FLZ%2BAF3jA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: rrf8fzfUXW6uWWsBbWfcrt_M5GaKpGIN
cache-control: public, max-age=31536000
set-cookie: __cfruid=4c4e76b8222312989b04b9ea4e0eb30ba7f88c7c-1627925707; path=/; domain=.labs.bishopfox.com; HttpOnly; Secure; SameSite=None
content-type: application/javascript
x-amz-cf-id: hSTppcqd7f7gYNCeV8VeplkA7Ike39FQ1U30rnCnpLrLAdmSigubqA==
expires: Tue, 02 Aug 2022 17:35:07 GMT

GET
H2 200 comments_listing_asset.css
labs.bishopfox.com/hs/hsstatic/AsyncSupport/static-1.94/sass/ 1 KB
991 B 46ms
44ms Stylesheet
text/css 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.bishopfox.com/hs/hsstatic/AsyncSupport/static-1.94/sass/comments_listing_asset.css

Requested by

Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

72230de642a6e6a4cc0059fd8555dcdace5fe8ca702e9e8d9f7030f0aa8e07c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

:path: /hs/hsstatic/AsyncSupport/static-1.94/sass/comments_listing_asset.css
pragma: no-cache
cookie: __cfruid=4c4e76b8222312989b04b9ea4e0eb30ba7f88c7c-1627925707
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: labs.bishopfox.com
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:07 GMT
via: 1.1 47b2ce4c0cbd550c326fba9b552b2177.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 11478767
x-amz-server-side-encryption: AES256
cf-ray: 67890f966f6605bb-FRA
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
content-encoding: br
last-modified: Thu, 04 Feb 2021 19:41:00 GMT
server: cloudflare
etag: W/"b8ee8eabaab596a61f9dce917ea44a73"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lb0GkCZKJQzWiuLwpLPHG7UqJIGlZn2LNr%2F1XqhwLs8x86ot8wGBvdC5I7Z1snsrQQXAb9q1Hu%2FPuCtwNma6gqDTg6%2F6Bbb7e829C74KMOc%2FngAS%2BmRCZIEkxH1zV8Vv%2BnLiIpnxzRbdyq4NpJlDow%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 9bHcd_ft.zS_ljDQKZIJC6FKEZ_yO.ou
cache-control: public, max-age=31536000
x-amz-cf-pop: MUC50-C1
content-type: text/css
x-amz-cf-id: klQIHiiILiwZ2Bb1RtEHtrdZa2FGWA9Wy1AACu52uMd1VRYfYHBeYw==
expires: Tue, 02 Aug 2022 17:35:07 GMT

GET
H2 200 module_10478305230_Social_Icons.min.css
labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/module_assets/10478305230/1587759185112/ 288 B
869 B 54ms
53ms Stylesheet
text/css 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/module_assets/10478305230/1587759185112/module_10478305230_Social_Icons.min.css
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d0665aad66140bedfae8ee86351e3123060565001e33867552dd4b0f4a5a23d1

Request headers

:path: /hs-fs/hub/5632775/hub_generated/module_assets/10478305230/1587759185112/module_10478305230_Social_Icons.min.css
pragma: no-cache
cookie: __cfruid=4c4e76b8222312989b04b9ea4e0eb30ba7f88c7c-1627925707
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: labs.bishopfox.com
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:07 GMT
via: 1.1 b5e757a7da6f6fe6261f56a8a9646881.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 114
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
x-amz-request-id: T5S8XPNKBDY3CRNT
x-amz-id-2: Hx/qv83Qza9aT4NYGI1PT/082pyf8z8HETzl10lkbVcbuEOFpglHSY6zq16F+q2eOESvlsyy1xQ=
last-modified: Fri, 24 Apr 2020 20:13:06 GMT
server: cloudflare
etag: W/"f9a21447ab17cc1cf5127e2a9fdef72a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pbLQHfEjhjb0zkhAtIx4QNSCBYHm4R4AnJ1RuTBO%2BAncItNB3HFhB3c96Ay7aTVKbK6b%2Fq3Ce1TDWyJCNcLcvqc52sHR%2FGHejtvdaSQsme3AHyfCdISUbPvIwiA%2F9r9mF7Eymg4FIjL4MdBRVht0NA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: z3NVlkKDFe3SWmID3h_gz_034msu3TZx
x-amz-cf-pop: IAD89-C1
cf-ray: 67890f967f6805bb-FRA
x-amz-cf-id: 07xOPrMtXoz8XoYipksOEoxDNsubSCHpQkNrPURf3Xc2vEVaVDGpvA==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 eml7xva.css
use.typekit.net/ 9 KB
1 KB 158ms
128ms Stylesheet
text/css 2a02:26f0:6c00::210:ba2a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/eml7xva.css

Requested by

Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:ba2a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx /

Resource Hash

0e4330fc42b9bc471699a995039181f9a8d98deba31c84c6961c7057e23c447c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
server: nginx
date: Mon, 02 Aug 2021 17:35:07 GMT
vary: Accept-Encoding
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 1056

GET
H2 200 in.js Show response
platform.linkedin.com/ 181 KB
55 KB 33ms
11ms Script
text/javascript 2606:2800:233:66b5:799a:7cd3:f74d:7071
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.linkedin.com/in.js
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:66b5:799a:7cd3:f74d:7071 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/8F0A) /
Resource Hash: dc40e303edf30aaeff3b6cca7b7037e7e728cc736f7c3b659ac60ec0945c8ccf

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:07 GMT
content-encoding: gzip
vary: Accept-Encoding
x-cdn-client-ip-version: IPV6
x-cdn: ECST
age: 90
x-cache: HIT
x-cdn-proto: HTTP2
content-length: 55565
x-li-uuid: Tdq4ZrmNlxYA7OeOgysAAA==
server: ECAcc (frc/8F0A)
last-modified: Mon, 02 Aug 2021 17:33:37 GMT
x-li-pop: prod-eda6
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
accept-ranges: bytes
x-li-proto: http/1.1
x-li-fabric: prod-ltx1
expires: Mon, 2 Aug 2021 18:33:37 GMT

GET
H2 200 layout.min.css
cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1627921168057/hubspot/hubspot_default/shared/responsive/ 5 KB
2 KB 51ms
31ms Stylesheet
text/css 2606:4700::6811:f2cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1627921168057/hubspot/hubspot_default/shared/responsive/layout.min.css
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 341a4d40ad1b2560db940f906716d0e9539d4c0785399d7e0348fd0d3af00170

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1627921168160
date: Mon, 02 Aug 2021 17:35:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 4415
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GS4mwV0Z7SOU1Qxhnv%2F8NbZAnfZRY0lL7snMcdsq4k6s%2B89tGm4pdmc1IdIR7Yf%2Fux8AtCIaQKu0oyLHO6xNdmJzm7oCvZPF%2FU2FTbrYiGH9ydZaZWezLvfwqxFK3NZrw0B6gy8C17giuVg1on4%3D"}],"group":"cf-nel","max_age":604800}
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 12
last-modified: Mon, 02 Aug 2021 16:19:29 GMT
server: cloudflare
etag: W/"0b0c633d59ab0af9553a98c0e7d97349"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-cf-pop: IAD89-C1
cf-ray: 67890f9698394db2-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 12

GET
H2 200 styles.min.css
labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/template_assets/28144332160/1597184910188/Custom/Bishop_Fox_2020/Coded_Files/ 91 KB
17 KB 95ms
94ms Stylesheet
text/css 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/template_assets/28144332160/1597184910188/Custom/Bishop_Fox_2020/Coded_Files/styles.min.css
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1701e3fa666b6218db2a8b8034f8c843270e92c7244a5028f48e26e80420591

Request headers

:path: /hs-fs/hub/5632775/hub_generated/template_assets/28144332160/1597184910188/Custom/Bishop_Fox_2020/Coded_Files/styles.min.css
pragma: no-cache
cookie: __cfruid=4c4e76b8222312989b04b9ea4e0eb30ba7f88c7c-1627925707
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: labs.bishopfox.com
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1597184910188
date: Mon, 02 Aug 2021 17:35:07 GMT
via: 1.1 6b8cdd1ce925ccd88cc918dd35811d07.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 114
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
x-amz-request-id: T5S04FPVYZVW6NB5
x-amz-id-2: I0Cy6Dg7F5+AyPfT9RCEWNJMCGzDaSjLVvW5veK9uNKYfxErSqy+etQhdPVYfp166y/NHJDNYJc=
last-modified: Tue, 11 Aug 2020 22:28:31 GMT
server: cloudflare
etag: W/"17da206b34e3090886773a9125c8f744"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2OFTukxMgjFakfAUIFV%2FIcGqaem0Ugj1uGvro4SqdxrbGHd63aSy9uPFZM52%2FtdY5bFFxm1poUEC2e2gjgoCFFg6oOl4t%2B%2FQBXhWX%2FkRByAd2IkNcYtVUOm3yKOeaXK%2BzkzWgEAZajchoXnkG9j%2BnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: CBIjujsdV8rN8yLa7muuXN894DnV3sW6
x-amz-cf-pop: IAD89-C1
cf-ray: 67890f967f6905bb-FRA
x-amz-cf-id: i7LcXWfXvuBEh4DE24CkDOLHF34tghLlMFIaaNyEnUlMez1Jr9wGQA==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 prism.min.css
labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/template_assets/32348863542/1595255868968/Custom/Bishop_Fox_2020/Coded_Files/ 1 KB
1 KB 48ms
48ms Stylesheet
text/css 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/template_assets/32348863542/1595255868968/Custom/Bishop_Fox_2020/Coded_Files/prism.min.css
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 53bbbcda593dc7d2483e3225fa353d9e8cad17c46baa7088ba0db94d66f0bf9e

Request headers

:path: /hs-fs/hub/5632775/hub_generated/template_assets/32348863542/1595255868968/Custom/Bishop_Fox_2020/Coded_Files/prism.min.css
pragma: no-cache
cookie: __cfruid=4c4e76b8222312989b04b9ea4e0eb30ba7f88c7c-1627925707
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: labs.bishopfox.com
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1595255868968
date: Mon, 02 Aug 2021 17:35:07 GMT
via: 1.1 b5e757a7da6f6fe6261f56a8a9646881.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 114
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 12
content-encoding: br
x-amz-request-id: 37B9H1FRRSQFSH35
x-amz-id-2: bRu/TZbB3i9sK8iIoJg3qeTmse3q1MphiUpjs9WGbfikRzpp798F83+wcD++ZShuruWIwarBChk=
last-modified: Mon, 20 Jul 2020 14:37:49 GMT
server: cloudflare
etag: W/"a43baa16da2d3f3c255e6df5d2fcda20"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K4CTxT2Qv7GHfkFzZhloaz7Uuify70wPgFnv3TQnoqlPzVToMue5RZo8y39Ba%2BfR%2FkdLliVtsJA0578a5eKMH32MKLeMBs52BBYKgxXf4H0dgpuMygGXtf1WXf00yEy2Nh6rbQNwwTJbqGfh3Za3zw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: M8kW4g.fpbVz3EcLbuF7t8DRivL39XdS
x-amz-cf-pop: IAD89-C1
cf-ray: 67890f967f6b05bb-FRA
x-amz-cf-id: U2BCAQu30cIF2NQtaSN-Z2rSjAXL4WIQg4rXBMzYKAba3NCLP9of-g==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 12

GET
H2 200 BishopFoxLabs-Logo-Black.svg
labs.bishopfox.com/hubfs/Logos/ 3 KB
2 KB 58ms
56ms Image
image/svg+xml 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.bishopfox.com/hubfs/Logos/BishopFoxLabs-Logo-Black.svg
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 482764a09e130bd7446e86016ab44a442d73e2b295879cbb2666f7790478b187

Request headers

:path: /hubfs/Logos/BishopFoxLabs-Logo-Black.svg
pragma: no-cache
cookie: __cfruid=4c4e76b8222312989b04b9ea4e0eb30ba7f88c7c-1627925707
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: labs.bishopfox.com
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-methods: GET
date: Mon, 02 Aug 2021 17:35:07 GMT
via: 1.1 414a05dee9c365a2a2079013f9d53671.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-28955847558,FD-28955967354,P-5632775,FLS-ALL
age: 378980
x-amz-server-side-encryption: AES256
edge-cache-tag: F-28955847558,FD-28955967354,P-5632775,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
x-amz-request-id: 8PW0FBRC47PGXBWB
x-amz-id-2: 3zEPEHsRSgj5tt2spn8PkBB8arFXwUsnTVsaK+fzrbYVDQHDpuMePfLb/ERNeihbNqRsM5zYhDE=
last-modified: Thu, 30 Apr 2020 14:06:23 GMT
server: cloudflare
etag: W/"c092105e6b23817d8977a1afc51faa1e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uK7S2O%2FKOqVwq1mgkS%2FZEcn%2FQm%2F6ODaFivexc7rh3zgZDkJJs2ttVdeDFDcJqjTZkDvBhtlDviZGuE1lsVkmSPYJYELNhYLvkkE%2BXFZ%2FcRZF41ULQJywvfE9CD3181RN58GywQOJwx2oh5JS%2FxnTfw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: mXuZz95KgSwgTAxdzh8jlE_hq5mcuNck
x-amz-cf-pop: DUS51-C1
cf-ray: 67890f97ba0405bb-FRA
x-amz-cf-id: UGnFzWCgQ6w4qxxRFHmq2cLOSR4DfRW7WRc0Sjyn-UV2zGuSGVnXxg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 BishopFoxLabs-Logo-Simplified-Black.svg
labs.bishopfox.com/hubfs/Logos/ 1 KB
2 KB 38ms
36ms Image
image/svg+xml 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.bishopfox.com/hubfs/Logos/BishopFoxLabs-Logo-Simplified-Black.svg
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c34dbb609c6387f6175474daf591365e75a67780b5b5f10ca1e3a069187c694b

Request headers

:path: /hubfs/Logos/BishopFoxLabs-Logo-Simplified-Black.svg
pragma: no-cache
cookie: __cfruid=4c4e76b8222312989b04b9ea4e0eb30ba7f88c7c-1627925707
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: labs.bishopfox.com
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-methods: GET
date: Mon, 02 Aug 2021 17:35:07 GMT
via: 1.1 847372cac152a2575995d0b13be85a88.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-28955848741,FD-28955967354,P-5632775,FLS-ALL
age: 301747
x-amz-server-side-encryption: AES256
edge-cache-tag: F-28955848741,FD-28955967354,P-5632775,FLS-ALL
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 12
content-encoding: br
x-amz-request-id: JG6RFBRVWCCVNG9K
x-amz-id-2: KItTm2RdgfNj99Dh9yTL6B9XAfUgFff1f5o8Vd0Kl9DcYWDh3U5UV6JdEZH3l2OkRlT/JmIFx6w=
last-modified: Thu, 30 Apr 2020 14:27:27 GMT
server: cloudflare
etag: W/"b3c81c94ed4ebc1b8523c5a7ec33e6a7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R8LxX%2BT5aduEqSe8FiNrk55xaevSXnZydeAiIjgwjiBk3IX6iUyJOd3Utm1ydlTQiSvqp21olWQ3tAUN%2BkPtLoxMMTaxcatkTEDP8z7nb5dwVd86AMoYchy2fqri2tH%2FkL6CfwIt1rx3iBRhCvURLw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: mAlYJd53qS3J6KxX_rRFXLrBvOkX2Kle
x-amz-cf-pop: MUC50-C1
cf-ray: 67890f97ba0605bb-FRA
x-amz-cf-id: 2vWK8Bu6nrVuppgCddKbQ3N1UZZGXkAoMX1URUSFYfojlz4L9GrOBw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 12

GET
H2 200 tocbot.min.js Show response
labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/template_assets/28550993871/1589569483649/Custom/Bishop_Fox_2020/Coded_Files/ 9 KB
4 KB 50ms
50ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/template_assets/28550993871/1589569483649/Custom/Bishop_Fox_2020/Coded_Files/tocbot.min.js
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c8d76f539c79c8169dd727ae8842c1dfa3513378fada30cd91dbaf26a1290801

Request headers

:path: /hs-fs/hub/5632775/hub_generated/template_assets/28550993871/1589569483649/Custom/Bishop_Fox_2020/Coded_Files/tocbot.min.js
pragma: no-cache
cookie: __cfruid=4c4e76b8222312989b04b9ea4e0eb30ba7f88c7c-1627925707
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: labs.bishopfox.com
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:07 GMT
via: 1.1 7a99ed3f39c18af8fe138a695e5f657d.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 113
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
x-amz-request-id: Q0F4FN9M97WCW199
x-amz-id-2: haMH0ieRDPkkqyTQRMmSpvIChtECUbf7SyO19tmaNUChGTKoRviVVtyhsciwdpJtQohFkrhXDJg=
last-modified: Fri, 15 May 2020 19:04:44 GMT
server: cloudflare
etag: W/"6b37b978ab743d97ee63b9d31ef21556"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bwvjWVVIjOuCmLEV4sEpYVBw%2Fr3SZkQuYYGtaamBrHDe3HxEkl2CjFt7Ub7PNabyAYZvvLjD44ie%2F3%2FoLhilZeXxXAGr88Cs8Bc%2BlyJEzIktMpkV9hxu2suIYfA3VQWJbwQsaFA%2BlF8Onv3KottZzg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: 4HTBarBewLbln.aAV_20fQkSKYnW.Z7p
x-amz-cf-pop: IAD89-C1
cf-ray: 67890f9718b505bb-FRA
x-amz-cf-id: _isgVj_FFR6I-dWFRFDWgBxFzsx9uCN_tCiT22OTCLJFvw9OdhQ22A==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 main.min.js Show response
labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/template_assets/28145500502/1589569486311/Custom/Bishop_Fox_2020/Coded_Files/ 1 KB
1 KB 64ms
63ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/template_assets/28145500502/1589569486311/Custom/Bishop_Fox_2020/Coded_Files/main.min.js
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 07d59d11e10a2e559c0ce70c86b9736aed6a46a3b0b55c6cab658215ecb3ba57

Request headers

:path: /hs-fs/hub/5632775/hub_generated/template_assets/28145500502/1589569486311/Custom/Bishop_Fox_2020/Coded_Files/main.min.js
pragma: no-cache
cookie: __cfruid=4c4e76b8222312989b04b9ea4e0eb30ba7f88c7c-1627925707
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: labs.bishopfox.com
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:07 GMT
via: 1.1 2e50d9b1ee017f302768660f02b7418e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 113
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
x-amz-request-id: M0NXFCSHFAJ5WWCR
x-amz-id-2: HznbQ3/Q7bdpRIpcLCNTWIFtojBrNQIIaMkq38ssOUuOSyrEw1XtNkCkve9Y7OprKBz6AfVPZHs=
last-modified: Fri, 15 May 2020 19:04:47 GMT
server: cloudflare
etag: W/"a039532aed6a100a7d84cba1d22eb293"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t5obVOCgWB71fQb5CVsB1p1emGwDVphaLAuTwBLtg2LEnpQEwBOZ9lndpObgrjWroA4zt%2BhNOsddB9WogqEukaY6OL4OcI4LrXyKN66hCEImXWUwOXqUgQuFN1q6s5Dc0c7MqD1zzVPPLNgUlDirGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: .ih4zeutrPQaWWEAOA_M53biY2uOb9Qg
x-amz-cf-pop: IAD89-C1
cf-ray: 67890f97797105bb-FRA
x-amz-cf-id: yQybS3OL61BWkMh8k8M7o7zLPNS2mujQX2bJ9Ykpefs6ds_H4fBRCQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 prism.min.js Show response
labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/template_assets/32348863607/1595255713736/Custom/Bishop_Fox_2020/Coded_Files/ 439 KB
162 KB 32ms
31ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/template_assets/32348863607/1595255713736/Custom/Bishop_Fox_2020/Coded_Files/prism.min.js
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 397ea9453748b35f255a67e3d8e3b4ea0451490297295b643d6cbcd01764885a

Request headers

:path: /hs-fs/hub/5632775/hub_generated/template_assets/32348863607/1595255713736/Custom/Bishop_Fox_2020/Coded_Files/prism.min.js
pragma: no-cache
cookie: __cfruid=4c4e76b8222312989b04b9ea4e0eb30ba7f88c7c-1627925707
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: labs.bishopfox.com
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1595255713737
date: Mon, 02 Aug 2021 17:35:07 GMT
via: 1.1 5195de19cbc5ce842ac6538e9a6850cb.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 113
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
x-amz-request-id: AWM94ZSDJG55FQEW
x-amz-id-2: 52AMrwgSmckq2iXPGpyq4/zG3a5UY4Yst93pzkEdnbIlizMWDhwW/k64lQ9eCTrLMttl+0jv0M0=
last-modified: Mon, 20 Jul 2020 14:35:14 GMT
server: cloudflare
etag: W/"7cb7749663fb165d3803c8bbcc284e55"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fitqcrQ%2Bj%2FwiYG3X3hXMonOy6COzY1FuIfvWGIogwNbIsr%2F7eNgEzSFryHdWwOy4T1m6BHOSNW%2BAUCl01yuolIeCUmSvCAvle0sSpX0PU4XYe5UeT5iULaWMhTg%2BQP1ZlNpbGudo4uUElyTDJ6BVBg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: jiSK5D.JQHVI.2.XQsiW63K.Y7e23I8c
x-amz-cf-pop: IAD89-C1
cf-ray: 67890f97797305bb-FRA
x-amz-cf-id: vmprDa1-dxpLQ-L_4i08chEqsMxPjrgkHXz_-9b5S1vb48oL20gNsQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 module_28294170921_2020_Hub_-_Header_-_Search.js Show response
labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/module_assets/1588605389426/ 6 KB
2 KB 28ms
26ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/module_assets/1588605389426/module_28294170921_2020_Hub_-_Header_-_Search.js
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 72ad15be9ebaf0ccb9f542bd82398a4ec5f69f1f30593eff9807473af1a907e7

Request headers

:path: /hs-fs/hub/5632775/hub_generated/module_assets/1588605389426/module_28294170921_2020_Hub_-_Header_-_Search.js
pragma: no-cache
cookie: __cfruid=4c4e76b8222312989b04b9ea4e0eb30ba7f88c7c-1627925707
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: labs.bishopfox.com
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:07 GMT
via: 1.1 c1802b2f6f4e591b6df12b5a8a9876a7.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 113
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
x-amz-request-id: 0WB3Q2VG15E715PK
x-amz-id-2: ZXnDTq38YO61aCYcfVmudV5AugrZN30xzie2d6EuBX+TttAC7JCC5PDvIffz146mP8++JGGjB+0=
last-modified: Mon, 04 May 2020 15:16:30 GMT
server: cloudflare
etag: W/"97a06edce2100b01bbbe4d2cfb7421da"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tl48YEY8EqJ4MggDMcb743mMZZ%2B5tWs82NViX5su0FtVPL9QOxBDzvHUTWWT9xHp7GjWngJfBXIHtbqFM%2Ff6EN5Clce%2FkNSLiNx%2Bd%2FI%2FTikS5T2m3QGXxR%2BM6XJJzKAjlaEAFYF6HO2S5Ws737uEbA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: 8EiDD8763pINn_VkZJo4ueKMFK8LI78T
x-amz-cf-pop: IAD89-C1
cf-ray: 67890f97b9fe05bb-FRA
x-amz-cf-id: XupzU1CplonBcvkJn7x-F7giTNasUxFuWfZUkfY7FVWujVAUdX1f4Q==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 module_28295816956_2020_Hub_-_Header_-_Hamburger_Menu.min.js Show response
labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/module_assets/28295816956/1588605379768/ 367 B
777 B 35ms
32ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/module_assets/28295816956/1588605379768/module_28295816956_2020_Hub_-_Header_-_Hamburger_Menu.min.js
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: afee3609c2d320fbe4ff5a90eaccd92d9628453944181649631dee0081de9d9b

Request headers

:path: /hs-fs/hub/5632775/hub_generated/module_assets/28295816956/1588605379768/module_28295816956_2020_Hub_-_Header_-_Hamburger_Menu.min.js
pragma: no-cache
cookie: __cfruid=4c4e76b8222312989b04b9ea4e0eb30ba7f88c7c-1627925707
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: labs.bishopfox.com
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:07 GMT
via: 1.1 7fc4d53a17d950b206cd9fccf1108b8b.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 113
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
x-amz-request-id: 8ERYR1PCK16VT1E5
x-amz-id-2: Q1jhd8MWf5lboSkRve1ucWN50kjPONjCwsfARNUiSvOH7LwXJzMG5odGdt0mbu3NoTEVgpEQppk=
last-modified: Mon, 04 May 2020 15:16:20 GMT
server: cloudflare
etag: W/"18321dc2c6d1bd60c0c3f15d9b6d02e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OUZpb9%2BBfeBMRkuqH2TFZT9y9NoxOqQq8dEriEgI3EZl47usjYi%2FJur5JfBxP6JeGOSHSjw%2BssBN8GleigiMTq3EYDXZIvn5L6X88dpq6q9bt5Qb2x7zWS7%2BGoSEZzLNiO%2BzV1zQAH94hnqcGYjcFg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: Otv2h8oRWUzZyogF.jSbKepn8wtGXreV
x-amz-cf-pop: IAD89-C1
cf-ray: 67890f97ba0005bb-FRA
x-amz-cf-id: dKNfg_1Gvvec3sHiQk48GxFCcDmpEVoZ6oz8vKbeLjXymXewDacw0Q==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 5632775.js Show response
labs.bishopfox.com/hs/scriptloader/ 2 KB
1 KB 403ms
402ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.bishopfox.com/hs/scriptloader/5632775.js
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ee2d1581955a8d6951640535ffd3f4d0396c7ced74dffdac58d140af5a60da5d

Request headers

:path: /hs/scriptloader/5632775.js
pragma: no-cache
cookie: __cfruid=4c4e76b8222312989b04b9ea4e0eb30ba7f88c7c-1627925707
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: labs.bishopfox.com
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:07 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: EXPIRED
nel: {"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 5b2e755d-f4ca-4e75-ba7b-9f165e5a18f6
server: cloudflare
x-trace: 2B10704D9D87885AE9D4B33F96A784BBF6236AF95E000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JGapb0IQd7eK%2FAAwgu7XjucoYxsc3DMgcTBQKQQ4G20lrio3Eer3K3pZtJWwhnv37m0WIrJYmqfkUbNMGnunsvDWy0t%2BmoAvLufYOe0ePgen8818uFrTvixMeI%2F0Jxra4IhX5F3ynBZq%2BZu2TkR1IQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 67890f97ba0805bb-FRA
expires: Mon, 02 Aug 2021 17:36:07 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 158 KB
56 KB 36ms
35ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TCFGBGH

Requested by

Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7bad2c1b4ab79c7992f83969f5360ad2f6ab57a542002d54d6b37f2506176102

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:07 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56805
x-xss-protection: 0
last-modified: Mon, 02 Aug 2021 17:03:27 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 02 Aug 2021 17:35:07 GMT

GET
H2 200 p.css
p.typekit.net/ 5 B
162 B 22ms
6ms Stylesheet
text/css 2a02:26f0:6c00:28d::19fd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=eml7xva&ht=tk&f=139.140.173.174.175.176.143.144.145.146.147.148&a=16561858&app=typekit&e=css
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/eml7xva.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28d::19fd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

Referer: https://use.typekit.net/eml7xva.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:07 GMT
last-modified: Thu, 05 Nov 2020 13:49:42 GMT
server: nginx
etag: "5fa402f6-5"
content-type: text/css
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 5

GET
H2 200 --6PiuvBGAU Show response
www.youtube.com/embed/ Frame 0EE9 55 KB
23 KB 59ms
59ms Document
text/html 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/--6PiuvBGAU

Requested by

Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d9d1553fa2ebad676d1123019ee10cb4d36eb83125176e7b6ba100d19ebc10b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/--6PiuvBGAU
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Response headers

content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 02 Aug 2021 17:35:07 GMT
strict-transport-security: max-age=31536000
permissions-policy: ch-ua-full-version=*, ch-ua-platform=*, ch-ua-platform-version=*, ch-ua-arch=*, ch-ua-model=*
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=wzrpmjuXnvU; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none VISITOR_INFO1_LIVE=f0-qBSVx2Vs; Domain=.youtube.com; Expires=Sat, 29-Jan-2022 17:35:07 GMT; Path=/; Secure; HttpOnly; SameSite=none CONSENT=PENDING+997; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 BishopFox-Labs-Background.svg
know.bishopfox.com/hubfs/Backgrounds/ 621 KB
457 KB 36ms
35ms Image
image/svg+xml 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://know.bishopfox.com/hubfs/Backgrounds/BishopFox-Labs-Background.svg
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/hs-fs/hub/5632775/hub_generated/template_assets/28144332160/1597184910188/Custom/Bishop_Fox_2020/Coded_Files/styles.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: f60e5f09897f9af1a4190159019fa7617df27856207b153888844ffc5ac3790b

Request headers

Referer: https://labs.bishopfox.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-methods: GET
date: Mon, 02 Aug 2021 17:35:07 GMT
via: 1.1 cfe78f21e6a560afb18f3b92eb4e9605.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-28956062666,P-5632775,FLS-ALL
age: 378979
x-amz-server-side-encryption: AES256
edge-cache-tag: F-28956062666,P-5632775,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
x-amz-request-id: 087VSKE4MQRTVAR4
x-amz-id-2: VqW7P7LFIrWkReK6iNSJD1daJGrRIMDCyZznml/hgoHIPc8LBsSPOZOlpwRJTActul+0K9pK3ao=
last-modified: Thu, 30 Apr 2020 14:15:22 GMT
server: cloudflare
etag: W/"33d52a645e21be569cf58f161c039515"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ah8kstQlvPDYQKGP6TW9Kzg9M9x%2Bd1ECgCltd3mvhYdecrPosSvnA5Wjy4e5rggDSu%2FBNxpnHhGZQdC83mA5EBHfUQn3zMPll3W0C1GY0MImQx9cWBHK4ThoHsGQpA%2BA8Hi8JIcwtwdFQKg%2B4UERXw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: OwVJGcfkYdK8E.fT1cEyLmumLb895CnU
x-amz-cf-pop: DUS51-C1
cf-ray: 67890f97c9224de2-FRA
x-amz-cf-id: wjtXjQeW-InWJ1Bm8P08vYufu2IweYFPVikjXj7YoFxqbOwCt6Oxpw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
DATA 200
OK truncated
/ 700 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 09c4cb3040f901cc5a13fb0be1cd920cbb7a8d6dc2b3774f745ccac459462e19

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 650 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9c9b17aaa6d7189ffe7cd7623f61f63b60df3178aaa8ced604a464c237178bce

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 Caleb%20%20-%20Profile.jpg
labs.bishopfox.com/hs-fs/hubfs/ 580 B
1 KB 58ms
58ms Image
image/webp 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.bishopfox.com/hs-fs/hubfs/Caleb%20%20-%20Profile.jpg?width=32&name=Caleb%20%20-%20Profile.jpg
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: a86b8c1fa9a765b51d4954ea0ca03f07280c044c999d11609689d044eee7eb24

Request headers

:path: /hs-fs/hubfs/Caleb%20%20-%20Profile.jpg?width=32&name=Caleb%20%20-%20Profile.jpg
pragma: no-cache
cookie: __cfruid=4c4e76b8222312989b04b9ea4e0eb30ba7f88c7c-1627925707
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: labs.bishopfox.com
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:07 GMT
via: 1.1 9b097dfab92228268a37145aac5629c1.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 386993
cf-polished: qual=85, origFmt=jpeg, origSize=1649
edge-cache-tag: F-30821200118,FD-9004383487,P-5632775,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="Caleb%20%20-%20Profile.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 12
content-length: 580
x-amz-server-side-encryption: AES256
last-modified: Thu, 15 Jul 2021 21:25:12 GMT
server: cloudflare
x-cache: Miss from cloudfront
etag: "293489825efda97ca899500dbf71c155"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O0FlRQ%2BLj2vi4ryuh6gX6f7ZYVnRguZFLAcxINOGl5bbOowQjgy1ZbJkBGjRLF18U1hqDfUn9D7p3Vwj6%2B8N7xZ%2F2l5a4r3ZClb9C2JDnLX%2Fs4QL3TgjEr6ds60SgQLEv9wB1lN2ipty4dDc3tWS4g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C1
accept-ranges: bytes
cf-ray: 67890f97da3c05bb-FRA
x-amz-cf-id: 99poeXLSIItWrHNuUJqGLKSjdJH2D4FktFM4heEsBO-YXaAt7JF97A==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 12

GET
DATA 200
OK truncated
/ 388 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cfe0094ec9c1e414159e1f064b9004d6af663e7b3c2d61c20a18e40e63d6a647

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 Research%20&%20Tools%20Listing%20-%20Sliver.png
labs.bishopfox.com/hubfs/Labs-Implementation/ 10 KB
11 KB 51ms
50ms Image
image/webp 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.bishopfox.com/hubfs/Labs-Implementation/Research%20&%20Tools%20Listing%20-%20Sliver.png
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 82bee595afdc8aaafc016bf51cc1c5d27d8690b5a36bb2c7326b00b7da87840d

Request headers

:path: /hubfs/Labs-Implementation/Research%20&%20Tools%20Listing%20-%20Sliver.png
pragma: no-cache
cookie: __cfruid=4c4e76b8222312989b04b9ea4e0eb30ba7f88c7c-1627925707
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: labs.bishopfox.com
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-31205322673,P-5632775,FLS-ALL
age: 454223
x-amz-server-side-encryption: AES256
edge-cache-tag: F-31205322673,P-5632775,FLS-ALL
content-disposition: inline; filename="Research%20&%20Tools%20Listing%20-%20Sliver.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 12
x-amz-request-id: 1X2RGEAMVMVME1W0
cf-bgj: imgq:85,h2pri
etag: "3f9beb6eb7236974d55a296467bfe708"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 12
date: Mon, 02 Aug 2021 17:35:07 GMT
via: 1.1 6b38a2e1db230db568190464ab7177db.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: FRA56-C1
cf-polished: origFmt=png, origSize=22679
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
content-length: 10414
x-amz-id-2: kvMV3z+sSheve86Qc0wz7h9A0tmqxWPz3XAZdKchv+ASCkKbvzFl34u1ZS55m2XFOadUn1rJVLI=
last-modified: Wed, 24 Jun 2020 23:58:42 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MZwsNDWddGtYGlp0lBgLk4TjkmaA9Zdx3PaY9X4DsqaKZcv3OwWb60OCdmuhIg3gTHJ1zsG7xE2Uy0dszLKRrsRu5psiiRFYeSSbEjuC3wpuZMIf4PHT4Kajh9ulQGETiShFG%2Bvou%2FeAvMxc5whJHA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: CnUWBJO3v81VYrhgg0y8tPsZZJBsRtS7
accept-ranges: bytes
cf-ray: 67890f97da4d05bb-FRA
x-amz-cf-id: FyRbqMeuFS7MvdUshJ3XQBzPTt0m4pcPBRU22YbZqtDaGsa7sJJ6Xw==

GET
H2 200 200508-Twitter-01-RMIScout.png
labs.bishopfox.com/hubfs/Research/ 102 KB
103 KB 48ms
47ms Image
image/webp 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.bishopfox.com/hubfs/Research/200508-Twitter-01-RMIScout.png
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d80a514d4ff6c64bab3d3c0a422e32ca989a0af6e05a0c6c4b721176ef08d16

Request headers

:path: /hubfs/Research/200508-Twitter-01-RMIScout.png
pragma: no-cache
cookie: __cfruid=4c4e76b8222312989b04b9ea4e0eb30ba7f88c7c-1627925707
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: labs.bishopfox.com
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-29915756613,P-5632775,FLS-ALL
age: 676695
x-amz-server-side-encryption: AES256
edge-cache-tag: F-29915756613,P-5632775,FLS-ALL
content-disposition: inline; filename="200508-Twitter-01-RMIScout.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 12
x-amz-request-id: XSBQ4F2QM5FWZXC3
cf-bgj: imgq:85,h2pri
etag: "ed74b184547ace51869044bbbdd96ca0"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 12
date: Mon, 02 Aug 2021 17:35:07 GMT
via: 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: FRA50-C1
cf-polished: origFmt=png, origSize=152798
x-cache: Miss from cloudfront
x-amz-meta-index-tag: all
content-length: 104106
x-amz-id-2: +s33/W+mrbSap4XUpn4YtCWMIwvuLd/27X85kSua8jRG4k0AcuOh2g6rd0YVjLViizN5s8jR6zw=
last-modified: Fri, 05 Jun 2020 22:37:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H8xBZNxWa72OjlCj3y5CzEnVd3inB3dUS%2BDvIFtK%2BtRpDWOSWTtYArQsYDHqhQT416XS9GecMUZQTWj%2FTzC5OlFjl7mmzAzHK%2BVZas9e%2Fqup61cp%2BZH9QcrmLTTYTlHYvfy6u7typA3ty2mkfJAZ2w%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: o4Hbu1kotL9lspjRwe_z1FKpepli2bzq
accept-ranges: bytes
cf-ray: 67890f97da4e05bb-FRA
x-amz-cf-id: OPsxZ4NdWVpgmWtrulO2PYhB2ae7BKYa6EGfybMZ48rA30geM-DTlw==

GET
H2 200 FI%20Code%20Snippet%20700px%20Wide.png
labs.bishopfox.com/hubfs/ 55 KB
56 KB 52ms
51ms Image
image/webp 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.bishopfox.com/hubfs/FI%20Code%20Snippet%20700px%20Wide.png
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 87dc0517423f932aab0dabb2f41ab2f5ac41a4ba435794dcc6c6af663603df75

Request headers

:path: /hubfs/FI%20Code%20Snippet%20700px%20Wide.png
pragma: no-cache
cookie: __cfruid=4c4e76b8222312989b04b9ea4e0eb30ba7f88c7c-1627925707
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: labs.bishopfox.com
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-41933881541,P-5632775,FLS-ALL
age: 123365
x-amz-server-side-encryption: AES256
edge-cache-tag: F-41933881541,P-5632775,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="FI%20Code%20Snippet%20700px%20Wide.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 12
x-amz-request-id: QDX80GCH7DSJGXHF
cf-bgj: imgq:85,h2pri
etag: "2c6f1df57b8aedf256fce506ed70699e"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis: 1614197872074
date: Mon, 02 Aug 2021 17:35:07 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: FRA56-C1
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=81071
x-cache: Miss from cloudfront
x-amz-meta-index-tag: all
content-length: 56328
x-amz-id-2: BnJ8vfij/vsW8gpN2GB10hnbwnk9Z2KKgVsTUyQ4l6+Ybi78drSxPd4CZ+xB6CRDYkoyaDjVQNE=
last-modified: Fri, 26 Mar 2021 22:30:05 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A%2F4NNDn%2FOpplRieg%2FK3I4vJOCuIlmZ8O5PsEFH5ju89GF4PufJNCiFyMijPXAdHDwQ2ZuIji9cuWa1e%2FwdaSDcG3%2F0qieXoSm%2FsMaY9Z8w3wimoV1QFApUQBJMy%2BXzi3XO%2FKiCRUKinzGoxxbbqeFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: GiH8PG2dhkD4DUMldJkDPqxb.vD1aJ0W
accept-ranges: bytes
cf-ray: 67890f97da5005bb-FRA
x-amz-cf-id: oi_M1xPoaECJHYaxRAIwIf6VnvukrSPSHCgIwWMml-FqwdEY4KU6Pw==

GET
H2 200 l
use.typekit.net/af/705e94/00000000000000003b9b3062/27/ 33 KB
33 KB 34ms
6ms Font
application/font-woff2 2a02:26f0:6c00::210:ba2a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/705e94/00000000000000003b9b3062/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/eml7xva.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba2a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: f37e21c653607facbf39ad55a0d09b23fbda4ee1be8202257bd4c218eb1544ee

Request headers

Origin: https://labs.bishopfox.com
Referer: https://use.typekit.net/eml7xva.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:07 GMT
server: nginx
etag: "79fea02668402fc378c129193093131a2db2577c"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 33568

GET
H2 200 l
use.typekit.net/af/949f99/00000000000000003b9b3068/27/ 34 KB
34 KB 48ms
19ms Font
application/font-woff2 2a02:26f0:6c00::210:ba2a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/949f99/00000000000000003b9b3068/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/eml7xva.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba2a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 3302ef568a096b5d784190fc4a27a5360a9e0a22c069d90253c6341e311024d8

Request headers

Origin: https://labs.bishopfox.com
Referer: https://use.typekit.net/eml7xva.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:07 GMT
server: nginx
etag: "b5fef031a96fc670f9c3b1b64dd52243a29d7531"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 34344

GET
H2 200 l
use.typekit.net/af/0ff5e1/00000000000000003b9b3078/27/ 33 KB
34 KB 39ms
11ms Font
application/font-woff2 2a02:26f0:6c00::210:ba2a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/0ff5e1/00000000000000003b9b3078/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/eml7xva.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba2a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: f1e795a81ef9726704c4c4c7176d2853aef32a7afd9d2aa7da1b4ebdf93cd7af

Request headers

Origin: https://labs.bishopfox.com
Referer: https://use.typekit.net/eml7xva.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:07 GMT
server: nginx
etag: "5604717ace233ade2de274e8019e41d7eecd75db"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 34104

GET
H2 200 l
use.typekit.net/af/8e2bbd/00000000000000003b9b3072/27/ 33 KB
33 KB 44ms
17ms Font
application/font-woff2 2a02:26f0:6c00::210:ba2a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/8e2bbd/00000000000000003b9b3072/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/eml7xva.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba2a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 25df7745c61ea8874fe9ec932de0beafff58b79398cc5fbdf304b87d5ba1fc11

Request headers

Origin: https://labs.bishopfox.com
Referer: https://use.typekit.net/eml7xva.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:07 GMT
server: nginx
etag: "dd3ed5a051a56eebcd930c279014a0f1613402d5"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 33344

GET
H2 200 l
use.typekit.net/af/5c70f2/00000000000000003b9b3063/27/ 34 KB
35 KB 35ms
7ms Font
application/font-woff2 2a02:26f0:6c00::210:ba2a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/5c70f2/00000000000000003b9b3063/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/eml7xva.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba2a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: f685d36f3f62589ffc7cb9633a82850958978f8803780ece24c613ca6f8cf563

Request headers

Origin: https://labs.bishopfox.com
Referer: https://use.typekit.net/eml7xva.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:07 GMT
server: nginx
etag: "d9c559430b0162ff50e16cf6dad5514fa963f9ff"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 35116

GET
H2 200 l
use.typekit.net/af/30f4b6/00000000000000003b9b3070/27/ 33 KB
33 KB 42ms
18ms Font
application/font-woff2 2a02:26f0:6c00::210:ba2a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/30f4b6/00000000000000003b9b3070/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/eml7xva.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba2a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: b16d98329e42d0a88591acdde3183e9eb4265d23be18534b6bfba20332fb4483

Request headers

Origin: https://labs.bishopfox.com
Referer: https://use.typekit.net/eml7xva.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:07 GMT
server: nginx
etag: "ef4723cacc2d2381040becd10eea57a772fb6a45"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 33332

GET
H2 200 l
use.typekit.net/af/576d53/00000000000000003b9b3066/27/ 33 KB
33 KB 29ms
13ms Font
application/font-woff2 2a02:26f0:6c00::210:ba2a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/576d53/00000000000000003b9b3066/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n6&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/eml7xva.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba2a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: e08069362721d144d84f24395fd827901ad1eb93254333b4090971e4bad7a4a6

Request headers

Origin: https://labs.bishopfox.com
Referer: https://use.typekit.net/eml7xva.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:07 GMT
server: nginx
etag: "fa333b49edecc210478c16168adee736b2ad6c1f"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 33280

GET
H2 200 bf7cf23a-dadb-44fe-a34a-8298a231677f Show response
labs.bishopfox.com/_hcms/forms//embed/v3/form/5632775/ 20 KB
5 KB 416ms
416ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.bishopfox.com/_hcms/forms//embed/v3/form/5632775/bf7cf23a-dadb-44fe-a34a-8298a231677f?callback=hs_reqwest_0&hutk=

Requested by

Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/_hcms/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

33c16e8b942235527c3034d54a7bbb3f5bd5fa956ad34cf06dfb18add28dcc50

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /_hcms/forms//embed/v3/form/5632775/bf7cf23a-dadb-44fe-a34a-8298a231677f?callback=hs_reqwest_0&hutk=
pragma: no-cache
cookie: __cfruid=4c4e76b8222312989b04b9ea4e0eb30ba7f88c7c-1627925707
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: labs.bishopfox.com
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:08 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 96c39281-d81d-43b8-a235-fd40f548f402
content-disposition: attachment; filename=no-rfd.txt
vary: Accept-Encoding
server: cloudflare
x-trace: 2B87273F2284508C038E888422FCCB676B4AA6CB15000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kb0m1xDE%2Bs%2B4BpKnm42C3O11bcrUJCTzuuyluLuCMxPSuTEbQxdK%2Bubj%2BlsbfNB0vu3k2e9HZFFosqjJns%2FRxhe9uwdI2jzS%2FiO92RV9Xn1Lt2attAAgv65veoGlI7muisJBVnJIKqKs8nwkAgisww%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
cf-ray: 67890f9a487105bb-FRA

GET
H2 200 all.js Show response
connect.facebook.net/en_GB/ 3 KB
2 KB 7ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/all.js

Requested by

Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

1638c2e6f6f94f1d3b63b4878ef78a12dc868dcdaf840b66e0afcf63cef0bf88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 1ZLWmuiIfvBhkmUT+iaRKQ==
cross-origin-resource-policy: cross-origin
expires: Mon, 02 Aug 2021 17:53:30 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1689
x-fb-rlafr: 0
x-fb-debug: dJgjTGpTt1FOBKWnaMTQ8LMmSN/D4wrbvPMnfqKeguurJqZ+i0HWzAb0FVOm285xa6Q0NfrdoaWzc23R2uW+0w==
x-fb-trip-id: 686109401
x-fb-content-md5: b1c717513b1f5467a372a11e5898e38f
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coop_report"
date: Mon, 02 Aug 2021 17:35:07 GMT
x-frame-options: DENY
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coop_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "8ba7586032ab5906ac9dddc32b361ea3"
timing-allow-origin: *
priority: u=3,i
access-control-expose-headers: X-FB-Content-MD5

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 96 KB
29 KB 7ms
7ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6752) /
Resource Hash: 70a12c6c00f6fed722c0b46ad1ebb8a2c11c27121f3b8d65c254a9221965ed72

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 02 Aug 2021 17:35:07 GMT
Content-Encoding: gzip
Last-Modified: Thu, 29 Jul 2021 21:46:55 GMT
Server: ECS (frb/6752)
Age: 819
Etag: "69dea0a9b81d008237dc222450b4485f+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 29075

GET
H2 200 public Show response
api-na1.hubapi.com/comments/v3/comments/thread/ 232 B
580 B 412ms
408ms Script
application/javascript 2606:4700::6811:cbcc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api-na1.hubapi.com/comments/v3/comments/thread/public?portalId=5632775&offset=0&limit=10000&contentId=23317514002&collectionId=10492047050&callback=jsonp_1627925707890_64094

Requested by

Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/hs/hsstatic/AsyncSupport/static-1.94/js/comment_listing_asset.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:cbcc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9c70203837590e2fe2d997f6fc41e64e7278e49d58274eec5f75cdf29c3ecd03

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:08 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-hubspot-correlation-id: c0e286d0-ea01-4fa0-a23e-12f1508d761e
x-trace: 2B24F169B6C7CB3D42085039B259D52020EDF5E21B000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BH7gEPP15C06OuZcUBgBjXafhkG98Fn%2Fo9CXeCQd%2FT6e6Kyp4GluU%2FwK2VVF1PvWVyIns3NOGfbeYpT6vvlzNPSSmLHLt4Vwlv7bA0iYRNblX69lF4Fe2TvxXyTDZVN3tzlwObDQCPG76UA4mtaGBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 67890f9a5f0264c7-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TCFGBGH

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 1286
date: Mon, 02 Aug 2021 17:13:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Mon, 02 Aug 2021 19:13:41 GMT

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 5 KB
2 KB 27ms
11ms Script
application/x-javascript 2a02:26f0:6c00:296::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TCFGBGH
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:296::25ea Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 6e6e6a03e72a528c28884b50bf296425667f38dd0aaf1dd17ce89199ffc85271

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 02 Aug 2021 17:35:07 GMT
Content-Encoding: gzip
Last-Modified: Tue, 15 Jun 2021 01:25:13 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=48776
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2079

GET
H3-29

200

activityi;dc_pre=CJyjsOzvkvICFUxy0wodsZUIXg;src=10586810;type=conve0;cat=allpa0;ord=7076045664506;gtm=2wg7s0;auiddc=1760576005.1627925708;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fc... Show response
10586810.fls.doubleclick.net/ Frame 838E
Redirect Chain

https://10586810.fls.doubleclick.net/activityi;src=10586810;type=conve0;cat=allpa0;ord=7076045664506;gtm=2wg7s0;auiddc=1760576005.1627925708;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%...
https://10586810.fls.doubleclick.net/activityi;dc_pre=CJyjsOzvkvICFUxy0wodsZUIXg;src=10586810;type=conve0;cat=allpa0;ord=7076045664506;gtm=2wg7s0;auiddc=1760576005.1627925708;ps=1;~oref=https%3A%2F...

462 B
407 B

80ms
42ms

Document
text/html

142.250.74.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10586810.fls.doubleclick.net/activityi;dc_pre=CJyjsOzvkvICFUxy0wodsZUIXg;src=10586810;type=conve0;cat=allpa0;ord=7076045664506;gtm=2wg7s0;auiddc=1760576005.1627925708;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TCFGBGH

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.74.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f6.1e100.net

Software

cafe /

Resource Hash

47f935dcb10e66888de5ccc89bb473971dcfd63f33eb4a198c91e1f6cf2f723b

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 10586810.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=CJyjsOzvkvICFUxy0wodsZUIXg;src=10586810;type=conve0;cat=allpa0;ord=7076045664506;gtm=2wg7s0;auiddc=1760576005.1627925708;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: about:blank

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 02 Aug 2021 17:35:08 GMT
expires: Mon, 02 Aug 2021 17:35:08 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 382
x-xss-protection: 0
set-cookie: IDE=AHWqTUnAJMOwT5RGLmFgafyvXZ0eUIWq-vFyVvQoGjjef6Du6Bbhv8cyYkBuzapXU2E; expires=Sat, 27-Aug-2022 17:35:08 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 02 Aug 2021 17:35:08 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://10586810.fls.doubleclick.net/activityi;dc_pre=CJyjsOzvkvICFUxy0wodsZUIXg;src=10586810;type=conve0;cat=allpa0;ord=7076045664506;gtm=2wg7s0;auiddc=1760576005.1627925708;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29

200

activityi;dc_pre=CIapsOzvkvICFUkf0wodE3IJSA;src=10586810;type=conve0;cat=uniqu0;ord=1;num=5310827557592;gtm=2wg7s0;auiddc=1760576005.1627925708;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-bl... Show response
10586810.fls.doubleclick.net/ Frame 0B2E
Redirect Chain

https://10586810.fls.doubleclick.net/activityi;src=10586810;type=conve0;cat=uniqu0;ord=1;num=5310827557592;gtm=2wg7s0;auiddc=1760576005.1627925708;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech...
https://10586810.fls.doubleclick.net/activityi;dc_pre=CIapsOzvkvICFUkf0wodE3IJSA;src=10586810;type=conve0;cat=uniqu0;ord=1;num=5310827557592;gtm=2wg7s0;auiddc=1760576005.1627925708;ps=1;~oref=https...

468 B
411 B

78ms
40ms

Document
text/html

142.250.74.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10586810.fls.doubleclick.net/activityi;dc_pre=CIapsOzvkvICFUkf0wodE3IJSA;src=10586810;type=conve0;cat=uniqu0;ord=1;num=5310827557592;gtm=2wg7s0;auiddc=1760576005.1627925708;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TCFGBGH

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.74.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f6.1e100.net

Software

cafe /

Resource Hash

98a792bc94dc803bb2219e842100dc8a1a760bee994afb9bb3bf8d7421d89260

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 10586810.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=CIapsOzvkvICFUkf0wodE3IJSA;src=10586810;type=conve0;cat=uniqu0;ord=1;num=5310827557592;gtm=2wg7s0;auiddc=1760576005.1627925708;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: about:blank

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 02 Aug 2021 17:35:08 GMT
expires: Mon, 02 Aug 2021 17:35:08 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 386
x-xss-protection: 0
set-cookie: IDE=AHWqTUnu88kyZ0rf__cPQNLMXmR-uXInM6H22BN4HnWSD2HHQ7wNCUxwEijvFqcMt98; expires=Sat, 27-Aug-2022 17:35:08 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 02 Aug 2021 17:35:08 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://10586810.fls.doubleclick.net/activityi;dc_pre=CIapsOzvkvICFUkf0wodE3IJSA;src=10586810;type=conve0;cat=uniqu0;ord=1;num=5310827557592;gtm=2wg7s0;auiddc=1760576005.1627925708;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 bat.js Show response
bat.bing.com/ 30 KB
9 KB 28ms
27ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TCFGBGH
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 5c1282fb121104f5a505ecbfd7194e64c98db6b830684450dcfc478021d05257

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:07 GMT
content-encoding: gzip
last-modified: Wed, 28 Jul 2021 18:27:37 GMT
x-msedge-ref: Ref A: FE428B86FFAC4F05B33E1F818994D477 Ref B: FRAEDGE1209 Ref C: 2021-08-02T17:35:07Z
etag: "80f2963dde83d71:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 9024

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 4 KB
2 KB 135ms
39ms Script
application/x-javascript 13.224.100.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TCFGBGH
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.100.124 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-100-124.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 01 Aug 2021 18:56:15 GMT
Content-Encoding: gzip
Last-Modified: Thu, 24 Sep 2020 15:15:34 GMT
Server: AmazonS3
Age: 81534
ETag: W/"98d98b3499058b76d58073cf8ede2f10"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/x-javascript
Via: 1.1 c76347c8ef1f3a2b6fb69cd7d1c6f749.cloudfront.net (CloudFront)
Connection: keep-alive
Transfer-Encoding: chunked
X-Amz-Cf-Pop: ZRH50-C1
X-Amz-Cf-Id: v9Tsk74W_UTDNgeJcuLxZ19R0iOjANOF6FaYjnV6XhAGAhdm5w9SIw==

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 132ms
37ms Script
application/x-javascript 104.111.234.67
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.234.67 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-234-67.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 026c5db877da222d2316bf1197b8947a96c7623d51a4d462c91bf927dece3429

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 02 Aug 2021 17:35:08 GMT
Content-Encoding: gzip
Last-Modified: Fri, 28 May 2021 01:40:41 GMT
Server: AkamaiNetStorage
ETag: "5379c4a40ff8ae9d2fc6484dd1c57349:1622166041.794746"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 753

GET
H2 200 activityi;register_conversion=1;src=10586810;type=conve0;cat=allpa0;ord=7076045664506;gtm=2wg7s0;auiddc=1760576005.1627925708;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-1893...
10586810.fls.doubleclick.net/ 0
0 111ms
47ms Image
text/html 142.250.74.198
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://10586810.fls.doubleclick.net/activityi;register_conversion=1;src=10586810;type=conve0;cat=allpa0;ord=7076045664506;gtm=2wg7s0;auiddc=1760576005.1627925708;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui?
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.74.198 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s02-in-f6.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 activityi;register_conversion=1;src=10586810;type=conve0;cat=uniqu0;ord=1;num=5310827557592;gtm=2wg7s0;auiddc=1760576005.1627925708;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-201...
10586810.fls.doubleclick.net/ 0
0 112ms
48ms Image
text/html 142.250.74.198
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://10586810.fls.doubleclick.net/activityi;register_conversion=1;src=10586810;type=conve0;cat=uniqu0;ord=1;num=5310827557592;gtm=2wg7s0;auiddc=1760576005.1627925708;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui?
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.74.198 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s02-in-f6.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 www-player-webp.css
www.youtube.com/s/player/3c3086a1/ Frame 0EE9 327 KB
45 KB 23ms
15ms Stylesheet
text/css 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/3c3086a1/www-player-webp.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/--6PiuvBGAU

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d64bea7d525ed5fb9b6c89ad17257f77862c2b95f98efb6e8ea9ca711e411cfd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/--6PiuvBGAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Aug 2021 19:50:43 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 29 Jul 2021 00:19:05 GMT
server: sffe
age: 78264
vary: Accept-Encoding, Origin
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46052
x-xss-protection: 0
expires: Mon, 01 Aug 2022 19:50:43 GMT

GET
H3-29 200 www-embed-player.js Show response
www.youtube.com/s/player/3c3086a1/www-embed-player.vflset/ Frame 0EE9 192 KB
64 KB 32ms
24ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/3c3086a1/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/--6PiuvBGAU

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

542cf0a96a64d6b0e72b759fc6cfcd33e4af5b20a26130fa433fc52f91ed43ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/--6PiuvBGAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 02:04:41 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 29 Jul 2021 00:19:05 GMT
server: sffe
age: 55826
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 65155
x-xss-protection: 0
expires: Tue, 02 Aug 2022 02:04:41 GMT

GET
H3-29 200 base.js Show response
www.youtube.com/s/player/3c3086a1/player_ias.vflset/en_US/ Frame 0EE9 2 MB
491 KB 36ms
31ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/3c3086a1/player_ias.vflset/en_US/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/--6PiuvBGAU

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e181aae64580371759fd9ab9c8e0023f094fb07ed464a8e4abe0a34a171ea01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/--6PiuvBGAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 01 Aug 2021 02:04:41 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 29 Jul 2021 00:19:05 GMT
server: sffe
age: 142226
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 502661
x-xss-protection: 0
expires: Mon, 01 Aug 2022 02:04:41 GMT

GET
H3-29 200 fetch-polyfill.js Show response
www.youtube.com/s/player/3c3086a1/fetch-polyfill.vflset/ Frame 0EE9 8 KB
3 KB 35ms
30ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/3c3086a1/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/--6PiuvBGAU

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/--6PiuvBGAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 16:08:59 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 29 Jul 2021 00:19:05 GMT
server: sffe
age: 5168
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2830
x-xss-protection: 0
expires: Tue, 02 Aug 2022 16:08:59 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 0EE9 15 KB
15 KB 7ms
5ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/--6PiuvBGAU

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.youtube.com
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:27:21 GMT
x-content-type-options: nosniff
age: 590866
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 26 Jul 2022 21:27:21 GMT

GET
H2 200 5632775.js Show response
js.hs-banner.com/ 60 KB
15 KB 28ms
22ms Script
text/javascript 2606:4700::6812:14bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/5632775.js
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/hs/scriptloader/5632775.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:14bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7fb8b3a958a39baa00cea459b26bcf33c2ff6f2407f1d6d5ae8b3efdaed0533b

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:07 GMT
content-encoding: br
cf-cache-status: HIT
age: 111
x-amz-server-side-encryption: AES256
content-type: text/javascript; charset=UTF-8
access-control-max-age: 604800
x-amz-request-id: 0ZC2QCGXD4XM6RJZ
x-amz-id-2: q0Wh6HlCcVU+Fg01ax6U1jbqtT0S/qbbfvRgwT4HlbyrLK0zIvmGpSoIKnChd8acJAIn/ugku9U=
timing-allow-origin: *
last-modified: Wed, 14 Jul 2021 15:16:46 GMT
server: cloudflare
etag: W/"06a35bdb53cc0d2901d7923dc1ea2048"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-amz-version-id: Ne0f5vMO79sOOoDCUdkSVJh4lfLXKWgp
access-control-allow-origin: https://labs.bishopfox.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300, public
access-control-allow-credentials: true
cf-ray: 67890f9ab82e4abd-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires: Mon, 02 Aug 2021 17:38:16 GMT

GET
H2 200 5632775.js Show response
js.hs-analytics.net/analytics/1627925700000/ 62 KB
19 KB 495ms
492ms Script
text/javascript 2606:4700::6811:45b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1627925700000/5632775.js
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/hs/scriptloader/5632775.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:45b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6ee10a591b0a0848531baa06c5996e740e8d7bc77a0589bc625e21c0c7777682

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:08 GMT
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: C5W84GERDHXJQFY0
x-amz-server-side-encryption: AES256
cf-ray: 67890f9ace234aaa-FRA
x-amz-id-2: 6OlKIl46Jkk3c+zz7T1VPBEFbMfTQEF0viQEtpgEjo4k+stLt92GJ3CeAt3p3RJMxwHCoMdubRY=
last-modified: Mon, 19 Jul 2021 15:14:40 GMT
server: cloudflare
etag: W/"0d7f731cdd93d14a5d4ada92f54258ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: null
cache-control: max-age=300, public
access-control-allow-credentials: false
content-type: text/javascript
expires: Mon, 02 Aug 2021 17:40:08 GMT

GET
H2 200 conversations-embed.js Show response
js.usemessages.com/ 81 KB
21 KB 39ms
16ms Script
application/javascript 2606:4700::6811:ebcc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.usemessages.com/conversations-embed.js
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/hs/scriptloader/5632775.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:ebcc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 147c50e0d0170d6ae612a9e78874d191965a2265f349544ed47c706d48f7168e

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:07 GMT
via: 1.1 d9057c384f4ac5ba2672d2ff44de7e09.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 136
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=conversations-embed/static-1.9095/bundles/project.js&cfRay=67890c45e83f4a80-FRA
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
x-amz-replication-status: COMPLETED
content-encoding: br
last-modified: Thu, 29 Jul 2021 05:32:25 UTC
server: cloudflare
etag: W/"a304d3ab6b9be313ab434364af937a46"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: esKZASEPP3piDOBy_NyKwHxySr.l.YE5
cache-control: max-age=600
x-hs-cache-status: HIT
x-amz-cf-pop: IAD89-C3
cf-ray: 67890f9ae94e05b3-FRA
x-amz-cf-id: l5_mbVCVQdMu9OXDmSUZsp8rBSUPYG50uv_IAqgaOr2b3Cc_KSSLaA==
x-hs-target-asset: conversations-embed/static-1.9095/bundles/project.js

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
3 KB 45ms
23ms Script
application/javascript 2606:4700::6811:70b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hsadspixel.net/fb.js
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/hs/scriptloader/5632775.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:70b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4c91959cba13f585a90c75338d4648c4a85ba1fa37bebc831ddc5570bb31b553

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:07 GMT
via: 1.1 e685e9e08c2e4b105f4d86b35da50629.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 14
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=adsscriptloaderstatic/static-1.239/bundles/pixels-release.js&cfRay=67890f3f7dce16f2-FRA
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
x-amz-replication-status: COMPLETED
content-encoding: br
last-modified: Mon, 02 Aug 2021 04:14:33 UTC
server: cloudflare
etag: W/"e44498e40f8702c62c71cd0534a32a9f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: g5yPrf7s3oYLkRu1P6pmcpnvL8S03uLm
cache-control: max-age=600
x-hs-cache-status: HIT
x-amz-cf-pop: IAD89-C3
cf-ray: 67890f9adb191f3d-FRA
x-amz-cf-id: aAVZuaLErHtTpXNCVQxDTqekvIplQ1WY1yRHDrRbkkYDqBONsRXI1g==
x-hs-target-asset: adsscriptloaderstatic/static-1.239/bundles/pixels-release.js

GET
H3-29 200 all.js Show response
connect.facebook.net/en_GB/ 228 KB
66 KB 13ms
11ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/all.js?hash=347642df9c67286a21853158761aa576

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/all.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

7b2c14d10bdcd00b346b588662e2a41f4213bcea6dd91ad220270c72d74ef6dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://labs.bishopfox.com
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: vS5mYZ4nlDx8XmYn/AtcTQ==
cross-origin-resource-policy: cross-origin
expires: Tue, 02 Aug 2022 16:53:45 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 67701
x-fb-rlafr: 0
x-fb-debug: 6HpmHCBO7MWs9MrRFvaIM1V0WQD3bk59UHsREwkFX0nhE4Y79DXr/J6Kj5iRMmMDXic/4Pot7MHfVVbJHQoGqQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coop_report"
x-fb-content-md5: 22c0f396b973e540a179832e928024de
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 02 Aug 2021 17:35:07 GMT
x-frame-options: DENY
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coop_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "29696c5869d55d7f2130c126af12c402"
timing-allow-origin: *
priority: u=3,i
access-control-expose-headers: X-FB-Content-MD5

GET
H/1.1 200
OK widget_iframe.0504c5db6e58d499a7ba93c246a8554d.html Show response
platform.twitter.com/widgets/ Frame E8D3 319 KB
103 KB 10ms
8ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.0504c5db6e58d499a7ba93c246a8554d.html?origin=https%3A%2F%2Flabs.bishopfox.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6723) /
Resource Hash: c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 329563
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Mon, 02 Aug 2021 17:35:07 GMT
Etag: "8321d7cf58d70200c1423dfa0bca40f6+gzip"
Last-Modified: Thu, 29 Jul 2021 21:42:40 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/6723)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 105433

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
23 B 22ms
22ms XHR
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j92&a=1211188743&t=pageview&_s=1&dl=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&ul=en-us&de=UTF-8&dt=CVE-2019-18935%3A%20Remote%20Code%20Execution%20via%20Insecure%20Deserialization%20in%20Telerik%20UI&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=727681396&gjid=384017387&cid=470494878.1627925708&tid=UA-41346121-1&_gid=1469765293.1627925708&_r=1&gtm=2wg7s0TCFGBGH&z=1286054188

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 02 Aug 2021 17:35:08 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://labs.bishopfox.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2404668&time=1627925708024&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2404668%26time%3D1627925708024%26url%3Dhttps%253A%252F%252Flabs.bishopfox.com%252...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2404668&time=1627925708024&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2404668&time=1627925708024&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&liSync=true&e_ip...

0
156 B

378ms
179ms

Image
application/javascript

108.174.10.14
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2404668&time=1627925708024&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&liSync=true&e_ipv6=AQK0OpRrKxxlBQAAAXsH7wB2T67UwxXLPqxb8U9RmdtpRVFhFkm4abDSg2-5ickhzJsRqk3A
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.174.10.14 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS: 108-174-10-14.fwd.linkedin.com
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:09 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-proto: http/2
x-li-pop: prod-lva1
content-type: application/javascript
content-length: 0
x-li-uuid: koaPtM6NlxZQ1+LEUCsAAA==

Redirect headers

date: Mon, 02 Aug 2021 17:35:08 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2404668&time=1627925708024&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&liSync=true&e_ipv6=AQK0OpRrKxxlBQAAAXsH7wB2T67UwxXLPqxb8U9RmdtpRVFhFkm4abDSg2-5ickhzJsRqk3A
x-li-proto: http/2
x-li-pop: prod-esv5
content-length: 0
x-li-uuid: mPoXnc6NlxZgnQD4BysAAA==

GET
H2 204 134000327.js Show response
bat.bing.com/p/action/ 0
126 B 244ms
243ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/p/action/134000327.js
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ARR/3.0
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 02 Aug 2021 17:35:07 GMT
cache-control: private,max-age=86400
x-msedge-ref: Ref A: D46D88A237514428A605A75CE2C255FA Ref B: FRAEDGE1209 Ref C: 2021-08-02T17:35:08Z
x-powered-by: ARR/3.0
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
149 B 46ms
32ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=134000327&tm=gtm001&Ver=2&mid=d3dc510a-b2a5-433e-a906-95721e50c133&sid=fafd0530f3b711eb94656f6497722a85&vid=fafd2f60f3b711eb832121b24592fc2b&vids=1&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=CVE-2019-18935%3A%20Remote%20Code%20Execution%20via%20Insecure%20Deserialization%20in%20Telerik%20UI&p=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&r=&lt=840&evt=pageLoad&msclkid=N&sv=1&rn=24264
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Mon, 02 Aug 2021 17:35:07 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 4F1C1FF93CC74ECAB78EA92895D57696 Ref B: FRAEDGE1209 Ref C: 2021-08-02T17:35:08Z
x-cache: CONFIG_NOCACHE
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
90 B 18ms
17ms XHR
text/plain 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-41346121-1&cid=470494878.1627925708&jid=727681396&gjid=384017387&_gid=1469765293.1627925708&_u=YEBAAEAAAAAAAC~&z=146540650

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 02 Aug 2021 17:35:08 GMT
content-type: text/plain
access-control-allow-origin: https://labs.bishopfox.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 widget Show response
labs.bishopfox.com/_hcms/livechat/ 3 KB
4 KB 235ms
235ms XHR
application/json 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.bishopfox.com/_hcms/livechat/widget?portalId=5632775&conversations-embed=static-1.9095&mobile=false&messagesUtk=bc3325dfaaa44870a3b1e1c98ae66939&traceId=bc3325dfaaa44870a3b1e1c98ae66939

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b024e3c8e734080ab99d1595c812e583d220ff21a95ce4469b3fdce0568d6d6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-fetch-mode: cors
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: __cfruid=4c4e76b8222312989b04b9ea4e0eb30ba7f88c7c-1627925707; _gcl_au=1.1.1760576005.1627925708; _ga=GA1.2.470494878.1627925708; _gid=GA1.2.1469765293.1627925708; _gat_UA-41346121-1=1; _uetsid=fafd0530f3b711eb94656f6497722a85; _uetvid=fafd2f60f3b711eb832121b24592fc2b
x-hubspot-messages-uri: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:path: /_hcms/livechat/widget?portalId=5632775&conversations-embed=static-1.9095&mobile=false&messagesUtk=bc3325dfaaa44870a3b1e1c98ae66939&traceId=bc3325dfaaa44870a3b1e1c98ae66939
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: labs.bishopfox.com
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme: https
sec-fetch-site: same-origin
:method: GET
X-HubSpot-Messages-Uri: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Response headers

date: Mon, 02 Aug 2021 17:35:08 GMT
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: bff6d3e8-cb10-41f9-97c3-b00ce0140d83
server: cloudflare
x-trace: 2BA14C68E945C07C1DB0EB2BBAD1636C60FDC53BFA000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zBK%2F3ySINXvUvtd88o20yRo0x1sCs8No2gf26zYLjMzpZKIqx9gFsVsqWHkq8S8%2BpIqeATFolEIv%2Fzlwo41t4C%2FRSpnJcy18dhdJNGEg5Ni94GTRIXsUI%2F7aX9fUr3Cri5dKWLaMdvYRDgjKhFFgqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials: false
cf-ray: 67890f9bac7705bb-FRA
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 17ms
16ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-41346121-1&cid=470494878.1627925708&jid=727681396&_u=YEBAAEAAAAAAAC~&z=1434611933

Requested by

Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 02 Aug 2021 17:35:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 18ms
17ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-41346121-1&cid=470494878.1627925708&jid=727681396&_u=YEBAAEAAAAAAAC~&z=1434611933

Requested by

Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 02 Aug 2021 17:35:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 id Show response
googleads.g.doubleclick.net/pagead/ Frame 0EE9 113 B
230 B 15ms
15ms XHR
application/json 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/3c3086a1/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

64d88a6a46ef10c1cb1f314f7c2c639c6d6fff5fc3f7275ae6cee1c73c9f0109

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame 0EE9 29 B
91 B 6ms
6ms Script
text/javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/3c3086a1/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:29:42 GMT
x-content-type-options: nosniff
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
age: 326
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29
x-xss-protection: 0
expires: Mon, 02 Aug 2021 17:44:42 GMT

GET
H3-29 200 remote.js Show response
www.youtube.com/s/player/3c3086a1/player_ias.vflset/en_US/ Frame 0EE9 95 KB
29 KB 11ms
9ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/3c3086a1/player_ias.vflset/en_US/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/3c3086a1/player_ias.vflset/en_US/base.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

95985b28f48867e7d7cdb106bb1fa389a2ec5462a1826f77eac524800e14a694

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/--6PiuvBGAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 15:47:03 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 29 Jul 2021 00:19:05 GMT
server: sffe
age: 352085
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29811
x-xss-protection: 0
expires: Fri, 29 Jul 2022 15:47:03 GMT

GET
H3-29 200 IpK_nzIMvqxsiL01hYisGUC76qjlTM5KC_aHinAtNww.js Show response
www.google.com/js/th/ Frame 0EE9 35 KB
13 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/IpK_nzIMvqxsiL01hYisGUC76qjlTM5KC_aHinAtNww.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/3c3086a1/player_ias.vflset/en_US/base.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2292bf9f320cbeac6c88bd358588ac1940bbeaa8e54cce4a0bf6878a702d370c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 28 Jul 2021 05:35:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 475200
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13358
x-xss-protection: 0
last-modified: Mon, 19 Jul 2021 15:00:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 28 Jul 2022 05:35:08 GMT

GET
H3-29 200 embed.js Show response
www.youtube.com/s/player/3c3086a1/player_ias.vflset/en_US/ Frame 0EE9 25 KB
7 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/3c3086a1/player_ias.vflset/en_US/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/3c3086a1/player_ias.vflset/en_US/base.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5787bf5f935343a6b1deb535b441f8b217106b373fd7de7714e5d71aa51a930d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/--6PiuvBGAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 16:06:27 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 29 Jul 2021 00:19:05 GMT
server: sffe
age: 5321
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7435
x-xss-protection: 0
expires: Tue, 02 Aug 2022 16:06:27 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/160/ 11 KB
5 KB 59ms
58ms Script
application/x-javascript 104.111.234.67
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/160/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.234.67 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-234-67.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 99fa5a280296b5fc7b63433ee121a359fc68c4a37f04a87d363e751164b96ff1

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 02 Aug 2021 17:35:08 GMT
Content-Encoding: gzip
Last-Modified: Fri, 19 Feb 2021 02:54:38 GMT
Server: AkamaiNetStorage
ETag: "19a9335fd71267d56e65bc19390f3100:1613703278.138281"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 4811
Expires: Wed, 10 Nov 2021 17:35:08 GMT

GET
DATA 200
OK truncated
/ Frame 0EE9 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 AKedOLTnNTrlvH5lxMBnziStuFcUPvuj94BWnqOw3CIM=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ytc/ Frame 0EE9 6 KB
6 KB 29ms
7ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/ytc/AKedOLTnNTrlvH5lxMBnziStuFcUPvuj94BWnqOw3CIM=s68-c-k-c0x00ffffff-no-rj

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/--6PiuvBGAU

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

9c1162a622bc982328d9c7d2768c7c90116b2002fc8d5823ff4f06bf309f18c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:33:19 GMT
x-content-type-options: nosniff
age: 109
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5921
x-xss-protection: 0
server: fife
etag: "v9"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 25 Jul 2021 17:40:57 GMT

GET
H2 200 sddefault.webp
i.ytimg.com/vi_webp/--6PiuvBGAU/ Frame 0EE9 9 KB
9 KB 35ms
14ms Image
image/webp 2a00:1450:4001:801::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi_webp/--6PiuvBGAU/sddefault.webp

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/--6PiuvBGAU

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1943f3b04a44d0c87b27581e293ae88f0550384fdedb54719cd3959251b39cac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:08 GMT
x-content-type-options: nosniff
server: sffe
etag: "0"
vary: Origin
content-type: image/webp
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8740
x-xss-protection: 0
expires: Mon, 02 Aug 2021 19:35:08 GMT

GET
H2 200 settings Show response
syndication.twitter.com/ Frame E8D3 232 B
248 B 140ms
140ms Fetch
application/json 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=6c21bc25ceb15a1a8642b72a3378a581cf79051f

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.0504c5db6e58d499a7ba93c246a8554d.html?origin=https%3A%2F%2Flabs.bishopfox.com

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

726906ee6ce6dfe1b6e35ddad151196c50277e31520de30e916e9cd9affc0ef3

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:07 GMT
content-encoding: gzip
last-modified: Mon, 02 Aug 2021 17:35:08 GMT
server: tsa_o
vary: Origin
strict-transport-security: max-age=631138519
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
x-connection-hash: 4261cfa51c80e1506043121c586110c69d89c84eecc5309c4c729ca78d22e4e3
content-length: 166

GET
H2 200 dc_pre=CIapsOzvkvICFUkf0wodE3IJSA;src=10586810;type=conve0;cat=uniqu0;ord=1;num=5310827557592;gtm=2wg7s0;auiddc=*;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-cod...
adservice.google.com/ddm/fls/z/ Frame 0B2E 42 B
262 B 44ms
44ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CIapsOzvkvICFUkf0wodE3IJSA;src=10586810;type=conve0;cat=uniqu0;ord=1;num=5310827557592;gtm=2wg7s0;auiddc=*;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui

Requested by

Host: 10586810.fls.doubleclick.net
URL: https://10586810.fls.doubleclick.net/activityi;dc_pre=CIapsOzvkvICFUkf0wodE3IJSA;src=10586810;type=conve0;cat=uniqu0;ord=1;num=5310827557592;gtm=2wg7s0;auiddc=1760576005.1627925708;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10586810.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 02 Aug 2021 17:35:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pre=CJyjsOzvkvICFUxy0wodsZUIXg;src=10586810;type=conve0;cat=allpa0;ord=7076045664506;gtm=2wg7s0;auiddc=*;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-exec...
adservice.google.com/ddm/fls/z/ Frame 838E 42 B
107 B 77ms
77ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CJyjsOzvkvICFUxy0wodsZUIXg;src=10586810;type=conve0;cat=allpa0;ord=7076045664506;gtm=2wg7s0;auiddc=*;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui

Requested by

Host: 10586810.fls.doubleclick.net
URL: https://10586810.fls.doubleclick.net/activityi;dc_pre=CJyjsOzvkvICFUxy0wodsZUIXg;src=10586810;type=conve0;cat=allpa0;ord=7076045664506;gtm=2wg7s0;auiddc=1760576005.1627925708;ps=1;~oref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10586810.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 02 Aug 2021 17:35:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bc3325dfaaa44870a3b1e1c98ae66939 Show response
app.hubspot.com/conversations-visitor/5632775/threads/utk/ Frame 8BF4 44 KB
17 KB 161ms
159ms Document
text/html 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/conversations-visitor/5632775/threads/utk/bc3325dfaaa44870a3b1e1c98ae66939?uuid=0b0e8872b8aa428e9ad51a341f3d6e0d&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=labs.bishopfox.com&inApp53=false&messagesUtk=bc3325dfaaa44870a3b1e1c98ae66939&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=false&enableWidgetCookieBanner=false&isInCMS=true

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

43b524c05fee17b079d9a00dab147c4083ecf3a0ecf9311d334876eddbe15c81

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

:method: GET
:authority: app.hubspot.com
:scheme: https
:path: /conversations-visitor/5632775/threads/utk/bc3325dfaaa44870a3b1e1c98ae66939?uuid=0b0e8872b8aa428e9ad51a341f3d6e0d&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=labs.bishopfox.com&inApp53=false&messagesUtk=bc3325dfaaa44870a3b1e1c98ae66939&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=false&enableWidgetCookieBanner=false&isInCMS=true
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Response headers

date: Mon, 02 Aug 2021 17:35:08 GMT
content-type: text/html; charset=utf-8
cf-ray: 67890f9d3a8843b8-FRA
age: 3579
cache-control: max-age=600
etag: W/"fb0e441defdc786e704e9d1c21a84972"
last-modified: Thu, 29 Jul 2021 05:32:25 UTC
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 368146333bf1a1071e8432a7d4e41e1a.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
access-control-allow-credentials: false
content-security-policy-report-only: script-src 'unsafe-inline' 'self' www.hubspot.com js.hs-analytics.net js.hsforms.net js.hsleadflows.net *.hsappstatic.net js.hs-banner.com *.hs-scripts.com js.hubspotfeedback.com js.usemessages.com js.hubspot.com js.hsadspixel.net js.hscollectedforms.net js-agent.newrelic.com bam.nr-data.net www.google-analytics.com static.hotjar.com script.hotjar.com www.googletagmanager.com www.fullstory.com *.convertexperiments.com cdn.pdst.fm d.impactradius-event.com cdn.getambassador.com mbsy.co pixel.cdnwidget.com snap.licdn.com connect.facebook.net js.stripe.com checkout.stripe.com survey.survicate.com surveys-static.survicate.com sdk.canva.com www.dropbox.com www.google.com www.gstatic.com apis.google.com maps.googleapis.com www.googleadservices.com googleads.g.doubleclick.net static.ads-twitter.com analytics.twitter.com play.vidyard.com app.vidyard.com fast.wistia.com s.yimg.jp www.redditstatic.com 'unsafe-eval'; report-uri https://exceptions.hubspot.com/csp/report?resource=conversations-visitor-ui/static-1.11550/html/index.html&cfRay=67890f9d3a8843b8&reqUrl=https%3A%2F%2Fapp.hubspot.com%2Fconversations-visitor%2F5632775%2Fthreads%2Futk%2Fbc3325dfaaa44870a3b1e1c98ae66939%3Fuuid%3D0b0e8872b8aa428e9ad51a341f3d6e0d%26mobile%3Dfalse%26mobileSafari%3Dfalse%26hideWelcomeMessage%3Dfalse%26hstc%3Dnull%26domain%3Dlabs.bishopfox.com%26inApp53%3Dfalse%26messagesUtk%3Dbc3325dfaaa44870a3b1e1c98ae66939%26url%3Dhttps%253A%252F%252Flabs.bishopfox.com%252Ftech-blog%252Fcve-2019-18935-remote-code-execution-in-telerik-ui%26inline%3Dfalse%26isFullscreen%3Dfalse%26globalCookieOptOut%3Dnull%26isFirstVisitorSession%3Dtrue%26isAttachmentDisabled%3Dfalse%26enableWidgetCookieBanner%3Dfalse%26isInCMS%3Dtrue&referrer=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://exceptions.hubspot.com/csp/reports"}]}
x-amz-cf-id: xzcj0WQdewGESr47xW3gxVyzB9gqBESMhTCFjrxEOy62lfGZdCzAdg==
x-amz-cf-pop: IAD89-C3
x-amz-replication-status: COMPLETED
x-amz-server-side-encryption: AES256
x-amz-version-id: iMOWY3zswH8R4YPez0gNg0AmwHoKBek.
x-cache: Hit from cloudfront
x-hs-cache-status: MISS
x-hs-worker-debug-mode: false
server: cloudflare
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H2 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame 0EE9 4 KB
2 KB 15ms
13ms Script
text/javascript 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/3c3086a1/player_ias.vflset/en_US/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:08 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
x-content-type-options: nosniff
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2007
x-xss-protection: 0
expires: Mon, 02 Aug 2021 17:35:08 GMT

GET
H3-29 204 generate_204
www.youtube.com/ Frame 0EE9 0
9 B 6ms
6ms Image
text/plain 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?kcZDVw
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.youtube.com/embed/--6PiuvBGAU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:08 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 200 bundle.production.js Show response
static.hsappstatic.net/head-dlb/static-1.150/ Frame 8BF4 44 KB
17 KB 46ms
28ms Script
application/javascript 2606:4700::6811:6d2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/head-dlb/static-1.150/bundle.production.js

Requested by

Host: app.hubspot.com
URL: https://app.hubspot.com/conversations-visitor/5632775/threads/utk/bc3325dfaaa44870a3b1e1c98ae66939?uuid=0b0e8872b8aa428e9ad51a341f3d6e0d&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=labs.bishopfox.com&inApp53=false&messagesUtk=bc3325dfaaa44870a3b1e1c98ae66939&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=false&enableWidgetCookieBanner=false&isInCMS=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:6d2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

72fde0a4326ca24364dda3e635943a13fb33a9d9970ff6950f0c6ee1ff1ab7d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Origin: https://app.hubspot.com
Referer: https://app.hubspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:08 GMT
via: 1.1 182ef5a8d12abb5df1553676864737b1.cloudfront.net (CloudFront)
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1725754
x-amz-server-side-encryption: AES256
cf-ray: 67890f9e5f411f29-FRA
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
access-control-allow-methods: GET
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 13 Jul 2021 17:13:20 GMT
server: cloudflare
etag: W/"f5c429d456b32211b8661b2b57addfc9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BjVxWIEqpUNoCIPWdo7G2tkzM8RN1TM3%2F9OuqKGnUX1ahxx%2B2mIdyB3lX1UU1HUER8CguiY7hpMQ8%2BHbjeqSXkc7rjlueq3NILCIQqryGIPNMxQgPTxhu2xc6qgGd8O3Zv4wMvbtG2U1ZJ1zlIhoN%2F5SGEA%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: QJ1wynLZBrckS5DbB2XIVb0987VyCdyo
access-control-allow-origin: https://app.hubspot.com
cache-control: public, max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA2-C2
content-type: application/javascript
x-amz-cf-id: YtXp6dv72XlfqdX1PAOfZiRuZqmPTiURIRZf1mAtF2PoDJEupqEesQ==
expires: Tue, 02 Aug 2022 17:35:08 GMT

GET
H2 200 visitor.css
static.hsappstatic.net/conversations-visitor-ui/static-1.10899/sass/ Frame 8BF4 20 KB
5 KB 43ms
25ms Stylesheet
text/css 2606:4700::6811:6d2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/conversations-visitor-ui/static-1.10899/sass/visitor.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:6d2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

76e2bca54d321dfd4cebf8797b2c9a81ccb1c0619d4da3a7c53d4e6228c5a61d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.hubspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:08 GMT
via: 1.1 fc6dca2df1221c0bec817610bc20e505.cloudfront.net (CloudFront)
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1801917
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: text/css
x-amz-replication-status: COMPLETED
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Wed, 03 Mar 2021 21:09:00 GMT
server: cloudflare
etag: W/"370a89ea102d7b437eb549729472631f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PIOnSWKR0umGO0X2CHpC2v%2BdECRZfeMfZR3v0T7fPSd9o2jGqz5nsur18JXiet2jgEcjv3EiRLcgv9wPO%2FJG3QJOWKUtmptEawUjQkxMmyTQlFOcMnr4935rvQeRbxDM%2BbDiNkf4k3yZvWCxcozuzBrEc8Q%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 1rBCyHs_YjjDB1.HOpykpqteK2m6W_oL
cache-control: public, max-age=31536000
x-amz-cf-pop: MUC50-C1
cf-ray: 67890f9e5a67dfb7-FRA
x-amz-cf-id: ty8MEdjgGU_CHYbNJ3VAGai79DmhaUdHc0j1TA7E5ppRiixT4jKtqg==
expires: Tue, 02 Aug 2022 17:35:08 GMT

GET
H2 200 bundle.production.js Show response
static.hsappstatic.net/hubspot-dlb/static-1.140/ Frame 8BF4 285 KB
89 KB 46ms
28ms Script
application/javascript 2606:4700::6811:6d2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/hubspot-dlb/static-1.140/bundle.production.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:6d2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a11d31336d81165454b7e760f4bf50d5a678c1d64009e7d9a1663965a6859f59

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Origin: https://app.hubspot.com
Referer: https://app.hubspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:08 GMT
via: 1.1 756f5290bceb9f9b2ec963e0ab326968.cloudfront.net (CloudFront)
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 432773
x-amz-server-side-encryption: AES256
cf-ray: 67890f9e5f441f29-FRA
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
access-control-allow-methods: GET
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 01 Jun 2021 20:39:15 GMT
server: cloudflare
etag: W/"cd5261d8c5cc818b9b4157fe38785198"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0nVMIm6g7DjqdV1B%2FAb9oGUFMM5TaWAl2oi4xvb2eQG0tlsdbS2fqiJezupX%2Fljqxspmbl7LlMI9C3dFTbMCaDqCP6t8AHD2VHlZxrCPdh%2BxTJCRKkImmyLTH%2F3rVlSdtV2Fn7xhH2BqRoYp5OcBNSak5ZM%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: B_NA.7YtlfN8zxwz9D0xnoukWnhZ1xR0
access-control-allow-origin: https://app.hubspot.com
cache-control: public, max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-C2
content-type: application/javascript
x-amz-cf-id: NzE3zVBF7vkmR6IQ0kGvzKROdszcgGrlT1AIFPMhSm8LXt-Ae6qsOg==
expires: Tue, 02 Aug 2022 17:35:08 GMT

GET
H2 200 visitor.js Show response
static.hsappstatic.net/conversations-visitor-ui/static-1.11550/bundles/ Frame 8BF4 467 KB
125 KB 57ms
40ms Script
application/javascript 2606:4700::6811:6d2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/conversations-visitor-ui/static-1.11550/bundles/visitor.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:6d2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c0e374665b6196337f6c3446ff336fe67c10a609ddb1a316367ac7f1bc581519

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Origin: https://app.hubspot.com
Referer: https://app.hubspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:08 GMT
via: 1.1 a267c4458d5587daaaf85f1d134a02d4.cloudfront.net (CloudFront)
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 345757
x-amz-server-side-encryption: AES256
cf-ray: 67890f9e5f471f29-FRA
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
access-control-allow-methods: GET
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 29 Jul 2021 15:07:41 GMT
server: cloudflare
etag: W/"2026a365d102dfa8357d0824941a6af0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bguc%2Bj2rhnXDFI2nzQExx4wSgfi6AZzqedHhshnz00oalfSLjMcA%2Bnwuwp4brFHVtsHE2NKFDc1kURizwp309oQJKSC8jwac7cVdpY53bENtyA6y04dTYdDx6aD97x4TOT3Jo5X4jW9%2BS6pEX9IbHmeNTy0%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: bWn0T3QyDmawGElK70rVk6W.f8y6uxK_
access-control-allow-origin: https://app.hubspot.com
cache-control: public, max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript
x-amz-cf-id: BoI8_CX9re3gC2HRFOlmj_Fd9Rn3a3BJSJ26bfIX1TashG79-be5uQ==
expires: Tue, 02 Aug 2022 17:35:08 GMT

GET
H3-29 200 i18n-data-data-locales-en-us.js Show response
static.hsappstatic.net/conversations-visitor-ui/static-1.11544/ Frame 8BF4 776 B
1 KB 41ms
17ms Script
application/javascript 2606:4700::6811:6d2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/conversations-visitor-ui/static-1.11544/i18n-data-data-locales-en-us.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:6d2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

47cbae4d7022045da8bf04e115862f64edadc7a5a4f368bbdf38942da765a501

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Origin: https://app.hubspot.com
Referer: https://app.hubspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:08 GMT
via: 1.1 ad46d498157a92ab1076f74db460670d.cloudfront.net (CloudFront)
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 345756
x-amz-server-side-encryption: AES256
cf-ray: 67890f9f4945c2ea-FRA
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
access-control-allow-methods: GET
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 27 Jul 2021 15:57:39 GMT
server: cloudflare
etag: W/"b9e981ef22ddad8e8bafa3b8d31c92ec"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NlY6UdqIuzPs7Hr5YuwXGF%2BNP%2FytEabM9zYUU%2Fx4m%2FGmJOQubWkqUaTzhrR8Y6ykvlpRzYlUyANuTm4rcakfaH4HHMfJhYZj0CdpSq%2Fg39dUdpVe%2BLiEbyawOxzsl6SwS1XKggz19kF4IqJ0q7R6hN4ygI8%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: cQl_OjMEJ3Aj08GHVjnzpY9DYNlioqnC
access-control-allow-origin: https://app.hubspot.com
cache-control: public, max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-type: application/javascript
x-amz-cf-id: 9Se-NykGm9jghxrWk6-PoC62YUWvrV_lMDc3gt0gxt3TxK8ON5lEYQ==
expires: Tue, 02 Aug 2022 17:35:08 GMT

GET
H2 200 nr-spa-1198.min.js Show response
js-agent.newrelic.com/ Frame 8BF4 38 KB
14 KB 28ms
28ms Script
application/javascript 151.101.13.27
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-spa-1198.min.js
Requested by: Host: app.hubspot.com
URL: https://app.hubspot.com/conversations-visitor/5632775/threads/utk/bc3325dfaaa44870a3b1e1c98ae66939?uuid=0b0e8872b8aa428e9ad51a341f3d6e0d&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=labs.bishopfox.com&inApp53=false&messagesUtk=bc3325dfaaa44870a3b1e1c98ae66939&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=false&enableWidgetCookieBanner=false&isInCMS=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.27 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8ec272b76ebdf8756da8e60cbec342b26e1e314d223b828e34b02aedea5d6d5a

Request headers

Referer: https://app.hubspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
etag: "498f8d87fcfe5e90fda6a3ae4c47c6b0"
x-amz-request-id: K794E69J7DE4F7NG
x-cache: HIT
content-length: 14594
x-amz-id-2: Bm/a2qqYBq/nyZsIUN4OQ4DNqM+9H/hL1X81kllB0Tp3JNjnuTjNxjngJwI39/SXVqNjNMv72mQ=
x-served-by: cache-fra19124-FRA
last-modified: Fri, 29 Jan 2021 19:19:10 GMT
server: AmazonS3
x-timer: S1627925709.732114,VS0,VE0
date: Mon, 02 Aug 2021 17:35:08 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 295

POST
H2 204 rhumb
api.hubspot.com/cartographer/v1/ Frame 8BF4 0
1 KB 161ms
160ms Ping
text/plain 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubspot.com/cartographer/v1/rhumb?hs_static_app=conversations-visitor-ui&hs_static_app_version=1.11550

Requested by

Host: static.hsappstatic.net
URL: https://static.hsappstatic.net/conversations-visitor-ui/static-1.11550/bundles/visitor.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.hubspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 02 Aug 2021 17:35:08 GMT
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 622d03f5-3516-4850-b916-2cdca973663b
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
timing-allow-origin: *
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 604800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hsgByLr9lVKCUbjYYwYW07q9GQcT6uDBpzlpO19Fp7bZ%2FwR5AN1PtYyg9iFfy%2FlHTqKsyhScAudI88yEYwxGVwWfnMpsLgfj9FztxBz%2FGTfecLzUvg%2FoRRNuZVOSgmaiCFAxC00B2sf6pDN%2FZA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://app.hubspot.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-allow-credentials: true
cf-ray: 67890f9faafe43b8-FRA
access-control-allow-headers: Authorization, Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer

GET
H/1.1 200
OK f9d051f404 Show response
bam.nr-data.net/1/ Frame 8BF4 57 B
275 B 107ms
107ms Script
text/javascript 162.247.242.20
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/f9d051f404?a=205242107&sa=1&v=1198.fe6ec20&t=Unnamed%20Transaction&rst=414&ck=1&ref=https://app.hubspot.com/conversations-visitor/5632775/threads/utk/bc3325dfaaa44870a3b1e1c98ae66939&be=227&fe=368&dc=304&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1627925708354,%22n%22:0,%22f%22:1,%22dn%22:1,%22dne%22:1,%22c%22:1,%22ce%22:1,%22rq%22:4,%22rp%22:163,%22rpe%22:165,%22dl%22:166,%22di%22:304,%22ds%22:304,%22de%22:304,%22dc%22:368,%22l%22:368,%22le%22:369%7D,%22navigation%22:%7B%7D%7D&fp=402&fcp=402&ja=%7B%22nrSnippetVersion%22:%221198%22,%22environment%22:%22prod%22,%22deployed%22:true,%22hublet%22:%22na1%22,%22userAgentRaw%22:%22Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/89.0.4389.72%20Safari/537.36%22,%22supportsPromiseRejectionEvent%22:true,%22deviceMemory%22:8,%22cpuCores%22:12,%22downloadSpeedMbps%22:9.5,%22effectiveConnectionType%22:%224g%22,%22networkLatencyMs%22:0,%22conditionalPolyfillsInstalled%22:false,%22portalId%22:5632775,%22package%22:%22conversations-visitor-ui%22,%22packageVersion%22:%221.11550%22,%22template%22:%22html/visitor-index.html.jade%22,%22user-online%22:true,%22visibility%22:%22visible%22,%22currentVisibility%22:%22visible%22,%22isEmbeddedInProduct%22:%22false%22,%22reactRhumbVersion%22:%221.6493%22,%22reaganVersion%22:%22react-rhumb%22,%22route%22:%22/%22,%22numReaganChecksStarted%22:1,%22numPreviousReaganChecksAborted%22:0,%22avgDurationBeforePreviousReaganAborts%22:0,%22numPreviousReaganChecksFailed%22:0,%22numPreviousReaganChecksSuccessful%22:0,%22supportsUserTiming%22:true,%22supportsPerformanceTimeline%22:true,%22supportsHighResolutionTime%22:true%7D&jsonp=NREUM.setToken
Requested by: Host: app.hubspot.com
URL: https://app.hubspot.com/conversations-visitor/5632775/threads/utk/bc3325dfaaa44870a3b1e1c98ae66939?uuid=0b0e8872b8aa428e9ad51a341f3d6e0d&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=labs.bishopfox.com&inApp53=false&messagesUtk=bc3325dfaaa44870a3b1e1c98ae66939&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=false&enableWidgetCookieBanner=false&isInCMS=true
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.247.242.20 , United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS: bam-8.nr-data.net
Software: /
Resource Hash: 5e864c2e3f674c60970513411eaeeeafd2d615d842e65ec01d09ccfcb4a7b38d

Request headers

Referer: https://app.hubspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 57
Content-Type: text/javascript;charset=ISO-8859-1

POST
H/1.1 200
OK f9d051f404 Show response
bam.nr-data.net/events/1/ Frame 8BF4 24 B
182 B 107ms
107ms XHR
image/gif 162.247.242.20
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/events/1/f9d051f404?a=205242107&sa=1&v=1198.fe6ec20&t=Unnamed%20Transaction&rst=529&ck=1&ref=https://app.hubspot.com/conversations-visitor/5632775/threads/utk/bc3325dfaaa44870a3b1e1c98ae66939
Requested by: Host: app.hubspot.com
URL: https://app.hubspot.com/conversations-visitor/5632775/threads/utk/bc3325dfaaa44870a3b1e1c98ae66939?uuid=0b0e8872b8aa428e9ad51a341f3d6e0d&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=labs.bishopfox.com&inApp53=false&messagesUtk=bc3325dfaaa44870a3b1e1c98ae66939&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=false&enableWidgetCookieBanner=false&isInCMS=true
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.247.242.20 , United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS: bam-8.nr-data.net
Software: /
Resource Hash: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer: https://app.hubspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: text/plain

Response headers

Access-Control-Allow-Origin: https://app.hubspot.com
Access-Control-Allow-Credentials: true
Content-Length: 24
Content-Type: image/gif

GET
H2 200 json Show response
api.hubapi.com/hs-script-loader-public/v1/config/pixel/ 67 B
927 B 149ms
134ms XHR
application/json 2606:4700::6811:cbcc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/hs-script-loader-public/v1/config/pixel/json?portalId=5632775

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:cbcc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

128456fa800b42cb5aaa2abfb7ea0b40f2ddac958d693581a57785ae1f50e7d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:09 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 28648f73-bf13-48e1-95da-a1c0eda53760
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server: cloudflare
x-trace: 2B0542C4754EE4957B0DBF26EE6D1965A95BC04F63000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zcVlN17bTuFot20J0k2lloOPLWTAz0Odv289xJxw2ZNSeG%2BLFje6tdkMmZGRwPLcHih9lFsHzRN8G6X46u5P82XmiyILapwVQC4pJeXJtzu6ZIvQyoXYguMEmkEYN%2B%2BDdIsbM%2BdcCmAsjK2s"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
access-control-allow-origin: https://labs.bishopfox.com
access-control-allow-credentials: false
cf-ray: 67890fa3d95c0621-FRA
access-control-allow-headers: *

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
357 B 52ms
52ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=bf7cf23a-dadb-44fe-a34a-8298a231677f&fci=1a2dd62a-633d-48a8-aa06-e88adfb81c71&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2736934676&v=1.1&a=5632775&pi=23317514002&ct=blog-post&ccu=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&cpi=23317514002&cgi=10492047050&lpi=23317514002&lvi=23317514002&lvc=en&pu=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&t=CVE-2019-18935%3A+Remote+Code+Execution+via+Insecure+Deserialization+in+Telerik+UI&cts=1627925709410&vi=2c614a31e71cae83ebd61bb53274975b&nc=true&u=24978341.2c614a31e71cae83ebd61bb53274975b.1627925709399.1627925709399.1627925709399.1&b=24978341.1.1627925709399&pt=0&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:09 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 6522e161-53ea-410b-9b2c-a25255b125a5
cf-ray: 67890fa3d8e243b8-FRA
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45
last-modified: Mon, 02 Aug 2021 17:35:09 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T3AM%2BqOozXG6ZGNNb34p7SlwCTHxCVu4AdkJni4vQW%2BGntsCkvs3df4CXrLX5%2F6ytg6AMoJVuZgzkF99Dgq8A5uNlLfA52pnXEtgb7A%2BMiwO051jPTnNoE3uNaRKtLr1h8i6DQO0y9QB7b9Berze"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
495 B 35ms
35ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2736934676&v=1.1&a=5632775&pi=23317514002&ct=blog-post&ccu=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&cpi=23317514002&cgi=10492047050&lpi=23317514002&lvi=23317514002&lvc=en&pu=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&t=CVE-2019-18935%3A+Remote+Code+Execution+via+Insecure+Deserialization+in+Telerik+UI&cts=1627925709415&vi=2c614a31e71cae83ebd61bb53274975b&nc=true&u=24978341.2c614a31e71cae83ebd61bb53274975b.1627925709399.1627925709399.1627925709399.1&b=24978341.1.1627925709399&pt=0&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:09 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: d21aeb6f-4d95-477c-87bb-1a7dfbf51ebb
cf-ray: 67890fa3d8e743b8-FRA
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 45
last-modified: Mon, 02 Aug 2021 17:35:09 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0EmTUb51s0WdRtPNWCJOIgYC6Na298639VaCqus3D%2B6idRWUReYWpt1rzSQLR731lUzkFZaAxgXVrjqUny76G%2F0W2qR8ZDzpHgwEnBeqFkBSK6xUSdDJ7bE9%2Fj5qMRqYm8BCyQzkEzQH%2F4h8YUx6"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 up Show response
insight.adsrvr.org/track/ Frame A32D 0
182 B 125ms
41ms Document
text/html 34.254.108.170
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=g03mf9d&ref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&upid=793w4qu&upv=1.1.0
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.254.108.170 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: insight.adsrvr.org
:scheme: https
:path: /track/up?adv=g03mf9d&ref=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&upid=793w4qu&upv=1.1.0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui

Response headers

date: Mon, 02 Aug 2021 17:35:09 GMT
content-type: text/html
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 95 KB
38 KB 17ms
15ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-730614786

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c644bcb59e73fca1d0ec58af126d588b3a918326feae732d7ddb5bf61adb2105

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:09 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38717
x-xss-protection: 0
last-modified: Mon, 02 Aug 2021 17:03:27 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 02 Aug 2021 17:35:09 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 36 KB
14 KB 39ms
39ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-730614786

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

8069956acb4c566506ff71f7a23c8e23f75ce9443384fe3393ed5c846924026e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13910
x-xss-protection: 0
server: cafe
etag: 8154934153164151798
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 02 Aug 2021 17:35:09 GMT

GET
H3-29 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/730614786/ 2 KB
1 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/730614786/?random=1627925709634&cv=9&fst=1627925709634&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7s0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&tiba=CVE-2019-18935%3A%20Remote%20Code%20Execution%20via%20Insecure%20Deserialization%20in%20Telerik%20UI&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d4b2a25e3c7a78cdabf7c861c1508a20388fb0223025240d7692147f8aa9b05f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 02 Aug 2021 17:35:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1105
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.com/pagead/1p-user-list/730614786/ 42 B
74 B 18ms
18ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/730614786/?random=1627925709634&cv=9&fst=1627923600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7s0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&tiba=CVE-2019-18935%3A%20Remote%20Code%20Execution%20via%20Insecure%20Deserialization%20in%20Telerik%20UI&async=1&fmt=3&is_vtc=1&random=3916370893&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 02 Aug 2021 17:35:09 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.de/pagead/1p-user-list/730614786/ 42 B
64 B 17ms
16ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/730614786/?random=1627925709634&cv=9&fst=1627923600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7s0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&tiba=CVE-2019-18935%3A%20Remote%20Code%20Execution%20via%20Insecure%20Deserialization%20in%20Telerik%20UI&async=1&fmt=3&is_vtc=1&random=3916370893&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 02 Aug 2021 17:35:09 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-29 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame 0EE9 28 B
54 B 21ms
21ms XHR
application/json 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/3c3086a1/player_ias.vflset/en_US/base.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json
X-YouTube-Utc-Offset: 120
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/--6PiuvBGAU
X-YouTube-Client-Version: 1.20210728.1.0
X-YouTube-Time-Zone: Europe/Berlin
X-Goog-Visitor-Id: CgtmMC1xQlNWeDJWcyjL2aCIBg%3D%3D
X-YouTube-Ad-Signals: dt=1627925708138&flash=0&frm=2&u_tz=120&u_his=2&u_java&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug&u_nmime&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C560%2C315&vis=1&wgl=true&ca_type=image&bid=ANyPxKrJjcymcZVH5SAJbQGJteC-D92QhxZAfIj08FNeebJerxGipXwxU_gMiuJoaOxL9Ui_uTBtdNOUWHlGCIIn-eS-QxsrnQ

Response headers

date: Mon, 02 Aug 2021 17:35:10 GMT
content-encoding: br
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31
x-xss-protection: 0
expires: Mon, 02 Aug 2021 17:35:10 GMT

GET
H2

200

04963c130de0c8b0740e38f085c9e984-100
avatars.hubspot.net/ Frame 8BF4
Redirect Chain

https://api.hubspot.com/userpreferences/v1/avatar/04963c130de0c8b0740e38f085c9e984/100
https://avatars.hubspot.net/04963c130de0c8b0740e38f085c9e984-100

13 KB
13 KB

23ms
22ms

Image
image/webp

2606:4700::6811:f2cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://avatars.hubspot.net/04963c130de0c8b0740e38f085c9e984-100
Requested by: Host: app.hubspot.com
URL: https://app.hubspot.com/conversations-visitor/5632775/threads/utk/bc3325dfaaa44870a3b1e1c98ae66939?uuid=0b0e8872b8aa428e9ad51a341f3d6e0d&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=labs.bishopfox.com&inApp53=false&messagesUtk=bc3325dfaaa44870a3b1e1c98ae66939&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=false&enableWidgetCookieBanner=false&isInCMS=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 13063492037725c2fde3e391e81f71bab16ad215193960304e431a65ce5cc239

Request headers

Referer: https://app.hubspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:11 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 105
x-amz-server-side-encryption: AES256
cf-ray: 67890fb38b014db2-FRA
content-length: 13068
x-amz-id-2: uinLmlW4ZkH9CevNgtGQy4B6OUFn332m1KEgH3PI/rdKPmnsVtJLVaBIJHAOUPdqkB7u+k1vj1Y=
last-modified: Fri, 18 Sep 2020 15:07:18 GMT
server: cloudflare
etag: "e66752fc96778c42c2ea90010afa5864"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X4VIekaxyVvafCejITa7OKi5y8%2FRd0VV1YWQWelsttbPase7D929qJPktxsaZmvU4wlXTBexIQaBwpnM72e3Gb%2FhL27yO9r8578Eh82UWmq2diB1d0GurxcPG2b%2FqzgWokxD0%2BCB9Y0ij4nWAFHQo%2BY%3D"}],"group":"cf-nel","max_age":604800}
x-amz-request-id: 0DXWKGQESW7RZ3TN
cache-control: max-age=0
cf-polished: origFmt=png, origSize=24646
accept-ranges: bytes
content-type: image/webp
cf-bgj: imgq:85,h2pri

Redirect headers

date: Mon, 02 Aug 2021 17:35:11 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-hubspot-correlation-id: 08619cdf-cb08-4bcc-b011-e1681401ec9f
x-trace: 2BE4C52FDB865C303F5E06ED62C444202929A83B8F000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b0%2ButQlDOrFLTLjjj%2FYoW0u4W9IvVhtsOlNEhpmn0IljDr1bWvGbcKmBlew7mu0P3iF8lSIiZrbT4stCVPu2jGIxWvITAznF9%2FRB%2B36TdshJA5RZWQ41XBsoATW7ss0QefDur4j%2BIxc1gXNiCw%3D%3D"}],"group":"cf-nel","max_age":604800}
location: https://avatars.hubspot.net/04963c130de0c8b0740e38f085c9e984-100
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 67890fb29e5c325c-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H2

200

d5e344d61def6c6a18f68fceb2582d49-100
avatars.hubspot.net/ Frame 8BF4
Redirect Chain

https://api.hubspot.com/userpreferences/v1/avatar/d5e344d61def6c6a18f68fceb2582d49/100
https://avatars.hubspot.net/d5e344d61def6c6a18f68fceb2582d49-100

18 KB
18 KB

25ms
25ms

Image
image/webp

2606:4700::6811:f2cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://avatars.hubspot.net/d5e344d61def6c6a18f68fceb2582d49-100
Requested by: Host: app.hubspot.com
URL: https://app.hubspot.com/conversations-visitor/5632775/threads/utk/bc3325dfaaa44870a3b1e1c98ae66939?uuid=0b0e8872b8aa428e9ad51a341f3d6e0d&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=labs.bishopfox.com&inApp53=false&messagesUtk=bc3325dfaaa44870a3b1e1c98ae66939&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=false&enableWidgetCookieBanner=false&isInCMS=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b26ad6b0412de9b0f2bba15bbf871f8df78b3766f16d2ac594c23e31afa68984

Request headers

Referer: https://app.hubspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 02 Aug 2021 17:35:12 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 106
x-amz-server-side-encryption: AES256
cf-ray: 67890fb53f9a4db2-FRA
content-length: 18060
x-amz-id-2: veXZCNi7VHiF0DH5xDr5RNg1Em+AA+P8Cz4fu7Q+6V87iDrQsP9GUTOnMH+cMyzkuGojU2EYhRw=
last-modified: Thu, 10 Jun 2021 17:58:08 GMT
server: cloudflare
etag: "c9d5a6e59b07fadae69c9657df89a7fa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OFZyUg2uqcCKjVSfBnbAj779hOS5%2FxcAChQzIW4HGau89d1yb8VQelmZZt3xgoZefH449mW7FmD52nuJVG42agUaFIZ1YMaae%2BtmeIh5iNVdDzhSNZmcaINSK74mkVfzvJ7%2BgXi%2FkroQe70O6nR4SBo%3D"}],"group":"cf-nel","max_age":604800}
x-amz-request-id: 0DXM9GM5TVB6ZTY8
cache-control: max-age=0
cf-polished: origFmt=png, origSize=32213
accept-ranges: bytes
content-type: image/webp
cf-bgj: imgq:85,h2pri

Redirect headers

date: Mon, 02 Aug 2021 17:35:12 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-hubspot-correlation-id: 85cd3174-aec7-422b-a490-71e7bc3ff31c
x-trace: 2B3A239262DDC44E483E3343F08E2406BC8B541098000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ApmCVKZjZoXveMfQ97efg7OKpIIYB%2FmLlmpXb%2BSjr5clFgnVpk6uFojnpJvuf9eHYCmq69dGrN5vg%2FS2BqkBOLGTdqf8%2FLxR7xqlWQPXLTjr8P6lMm%2BurKMGwsaGQi6CsgX%2B1Os%2Bj28vQqKg9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
location: https://avatars.hubspot.net/d5e344d61def6c6a18f68fceb2582d49-100
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 67890fb29e5f325c-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

POST
H2 200 perf Show response
labs.bishopfox.com/_hcms/ 2 B
421 B 402ms
402ms XHR
text/plain 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.bishopfox.com/_hcms/perf
Requested by: Host: labs.bishopfox.com
URL: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

sec-fetch-mode: cors
origin: https://labs.bishopfox.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: __cfruid=4c4e76b8222312989b04b9ea4e0eb30ba7f88c7c-1627925707; _gcl_au=1.1.1760576005.1627925708; _ga=GA1.2.470494878.1627925708; _gid=GA1.2.1469765293.1627925708; _gat_UA-41346121-1=1; _uetsid=fafd0530f3b711eb94656f6497722a85; _uetvid=fafd2f60f3b711eb832121b24592fc2b; messagesUtk=bc3325dfaaa44870a3b1e1c98ae66939; __hstc=24978341.2c614a31e71cae83ebd61bb53274975b.1627925709399.1627925709399.1627925709399.1; hubspotutk=2c614a31e71cae83ebd61bb53274975b; __hssrc=1; __hssc=24978341.1.1627925709399
content-length: 826
:path: /_hcms/perf
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json
accept: */*
cache-control: no-cache
:authority: labs.bishopfox.com
referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: application/json

Response headers

cf-ray: 67890fb66f9305bb-FRA
date: Mon, 02 Aug 2021 17:35:12 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-hubspot-correlation-id: 162d2ece-a135-433a-a001-f597cffdeab9
x-trace: 2B715B7ED1EA430175D6499CBCC256D2027956811B000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TCI0K4CkY6trqvDs1OisQRU5IsR%2BGrv1ieYl2nZv2jE5ALYEHXMlByFne42Y62Eq6AJprnBKWfSlCKni027Sjq2o%2FnpkL98WNVeZT0Ac1UYszVLGZeefQG6D25KceJYRT0oJ1rYot7ybbl4yyLoW5g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
access-control-allow-credentials: false
x-robots-tag: none
content-length: 2

POST
H/1.1 200
OK f9d051f404 Show response
bam.nr-data.net/events/1/ Frame 8BF4 24 B
182 B 110ms
109ms XHR
image/gif 162.247.242.20
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/events/1/f9d051f404?a=205242107&sa=1&v=1198.fe6ec20&t=Unnamed%20Transaction&rst=10414&ck=1&ref=https://app.hubspot.com/conversations-visitor/5632775/threads/utk/bc3325dfaaa44870a3b1e1c98ae66939
Requested by: Host: app.hubspot.com
URL: https://app.hubspot.com/conversations-visitor/5632775/threads/utk/bc3325dfaaa44870a3b1e1c98ae66939?uuid=0b0e8872b8aa428e9ad51a341f3d6e0d&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=labs.bishopfox.com&inApp53=false&messagesUtk=bc3325dfaaa44870a3b1e1c98ae66939&url=https%3A%2F%2Flabs.bishopfox.com%2Ftech-blog%2Fcve-2019-18935-remote-code-execution-in-telerik-ui&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=false&enableWidgetCookieBanner=false&isInCMS=true
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.247.242.20 , United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS: bam-8.nr-data.net
Software: /
Resource Hash: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer: https://app.hubspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: text/plain

Response headers

Access-Control-Allow-Origin: https://app.hubspot.com
Access-Control-Allow-Credentials: true
Content-Length: 24
Content-Type: image/gif

Verdicts & Comments Add Verdict or Comment

119 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

15 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: wzrpmjuXnvU
.doubleclick.net/	1970-01-20 05:33:41	Name: IDE Value: AHWqTUnAJMOwT5RGLmFgafyvXZ0eUIWq-vFyVvQoGjjef6Du6Bbhv8cyYkBuzapXU2E
.bishopfox.com/	1970-01-19 20:12:07	Name: __hssc Value: 24978341.1.1627925709399
.bishopfox.com/	1970-01-20 13:43:17	Name: _ga Value: GA1.2.470494878.1627925708
.bishopfox.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.youtube.com/	1970-01-20 00:31:17	Name: VISITOR_INFO1_LIVE Value: f0-qBSVx2Vs
.bishopfox.com/	1970-01-20 05:33:41	Name: hubspotutk Value: 2c614a31e71cae83ebd61bb53274975b
.bishopfox.com/	1970-01-20 05:33:41	Name: __hstc Value: 24978341.2c614a31e71cae83ebd61bb53274975b.1627925709399.1627925709399.1627925709399.1
.bishopfox.com/	1970-01-19 20:12:05	Name: _gat_UA-41346121-1 Value: 1
.labs.bishopfox.com/	1970-01-20 05:33:41	Name: messagesUtk Value: bc3325dfaaa44870a3b1e1c98ae66939
.bishopfox.com/	1970-01-19 22:21:41	Name: _gcl_au Value: 1.1.1760576005.1627925708
.bishopfox.com/	1970-01-20 05:33:41	Name: _uetvid Value: fafd2f60f3b711eb832121b24592fc2b
.bishopfox.com/	1970-01-19 20:13:32	Name: _uetsid Value: fafd0530f3b711eb94656f6497722a85
.bishopfox.com/	1970-01-19 20:13:32	Name: _gid Value: GA1.2.1469765293.1627925708
.labs.bishopfox.com/	1969-12-31 23:59:59	Name: __cfruid Value: 4c4e76b8222312989b04b9ea4e0eb30ba7f88c7c-1627925707

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10586810.fls.doubleclick.net
adservice.google.com
api-na1.hubapi.com
api.hubapi.com
api.hubspot.com
app.hubspot.com
avatars.hubspot.net
bam.nr-data.net
bat.bing.com
cdn2.hubspot.net
connect.facebook.net
fonts.gstatic.com
googleads.g.doubleclick.net
i.ytimg.com
insight.adsrvr.org
js-agent.newrelic.com
js.adsrvr.org
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.usemessages.com
know.bishopfox.com
labs.bishopfox.com
munchkin.marketo.net
p.typekit.net
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
px4.ads.linkedin.com
snap.licdn.com
static.doubleclick.net
static.hsappstatic.net
stats.g.doubleclick.net
syndication.twitter.com
track.hubspot.com
use.typekit.net
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
www.youtube.com
yt3.ggpht.com
104.111.234.67
104.244.42.136
108.174.10.14
13.224.100.124
142.250.185.194
142.250.74.198
151.101.13.27
162.247.242.20
2606:2800:233:66b5:799a:7cd3:f74d:7071
2606:2800:234:59:254c:406:2366:268c
2606:2c40::c73c:67fe
2606:4700::6811:45b0
2606:4700::6811:6d2
2606:4700::6811:70b0
2606:4700::6811:cbcc
2606:4700::6811:ebcc
2606:4700::6811:f2cc
2606:4700::6812:14bf
2606:4700::6813:9a53
2606:4700::6813:9b53
2620:119:50e1:101::6cae:b25
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:800::2003
2a00:1450:4001:801::2016
2a00:1450:4001:802::200e
2a00:1450:4001:808::2006
2a00:1450:4001:80f::2003
2a00:1450:4001:811::200e
2a00:1450:4001:812::2003
2a00:1450:4001:828::2004
2a00:1450:4001:828::200e
2a00:1450:4001:829::2002
2a00:1450:4001:82b::2001
2a00:1450:4001:82b::2008
2a00:1450:400c:c00::9d
2a02:26f0:6c00:28d::19fd
2a02:26f0:6c00:296::25ea
2a02:26f0:6c00::210:ba2a
2a03:2880:f01c:8012:face:b00c:0:3
34.254.108.170
026c5db877da222d2316bf1197b8947a96c7623d51a4d462c91bf927dece3429
07d59d11e10a2e559c0ce70c86b9736aed6a46a3b0b55c6cab658215ecb3ba57
09c4cb3040f901cc5a13fb0be1cd920cbb7a8d6dc2b3774f745ccac459462e19
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
0e4330fc42b9bc471699a995039181f9a8d98deba31c84c6961c7057e23c447c
128456fa800b42cb5aaa2abfb7ea0b40f2ddac958d693581a57785ae1f50e7d3
13063492037725c2fde3e391e81f71bab16ad215193960304e431a65ce5cc239
147c50e0d0170d6ae612a9e78874d191965a2265f349544ed47c706d48f7168e
1638c2e6f6f94f1d3b63b4878ef78a12dc868dcdaf840b66e0afcf63cef0bf88
1943f3b04a44d0c87b27581e293ae88f0550384fdedb54719cd3959251b39cac
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
2292bf9f320cbeac6c88bd358588ac1940bbeaa8e54cce4a0bf6878a702d370c
25df7745c61ea8874fe9ec932de0beafff58b79398cc5fbdf304b87d5ba1fc11
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
3302ef568a096b5d784190fc4a27a5360a9e0a22c069d90253c6341e311024d8
336032e8b6a0e53594ef6fd0333f2c8f791accdd85de58bfbbbcd134347672af
33c16e8b942235527c3034d54a7bbb3f5bd5fa956ad34cf06dfb18add28dcc50
341a4d40ad1b2560db940f906716d0e9539d4c0785399d7e0348fd0d3af00170
397ea9453748b35f255a67e3d8e3b4ea0451490297295b643d6cbcd01764885a
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
43b524c05fee17b079d9a00dab147c4083ecf3a0ecf9311d334876eddbe15c81
47cbae4d7022045da8bf04e115862f64edadc7a5a4f368bbdf38942da765a501
47f935dcb10e66888de5ccc89bb473971dcfd63f33eb4a198c91e1f6cf2f723b
482764a09e130bd7446e86016ab44a442d73e2b295879cbb2666f7790478b187
4c91959cba13f585a90c75338d4648c4a85ba1fa37bebc831ddc5570bb31b553
53bbbcda593dc7d2483e3225fa353d9e8cad17c46baa7088ba0db94d66f0bf9e
542cf0a96a64d6b0e72b759fc6cfcd33e4af5b20a26130fa433fc52f91ed43ff
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5787bf5f935343a6b1deb535b441f8b217106b373fd7de7714e5d71aa51a930d
5c1282fb121104f5a505ecbfd7194e64c98db6b830684450dcfc478021d05257
5d80a514d4ff6c64bab3d3c0a422e32ca989a0af6e05a0c6c4b721176ef08d16
5e864c2e3f674c60970513411eaeeeafd2d615d842e65ec01d09ccfcb4a7b38d
64d88a6a46ef10c1cb1f314f7c2c639c6d6fff5fc3f7275ae6cee1c73c9f0109
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2
69aea70ed00c6297e407afc0b1ccf6db9629eedc412bf0779467f3e462d346e3
6e6e6a03e72a528c28884b50bf296425667f38dd0aaf1dd17ce89199ffc85271
6ee10a591b0a0848531baa06c5996e740e8d7bc77a0589bc625e21c0c7777682
70a12c6c00f6fed722c0b46ad1ebb8a2c11c27121f3b8d65c254a9221965ed72
72230de642a6e6a4cc0059fd8555dcdace5fe8ca702e9e8d9f7030f0aa8e07c0
726906ee6ce6dfe1b6e35ddad151196c50277e31520de30e916e9cd9affc0ef3
72ad15be9ebaf0ccb9f542bd82398a4ec5f69f1f30593eff9807473af1a907e7
72fde0a4326ca24364dda3e635943a13fb33a9d9970ff6950f0c6ee1ff1ab7d7
76e2bca54d321dfd4cebf8797b2c9a81ccb1c0619d4da3a7c53d4e6228c5a61d
7b2c14d10bdcd00b346b588662e2a41f4213bcea6dd91ad220270c72d74ef6dc
7bad2c1b4ab79c7992f83969f5360ad2f6ab57a542002d54d6b37f2506176102
7fb8b3a958a39baa00cea459b26bcf33c2ff6f2407f1d6d5ae8b3efdaed0533b
8069956acb4c566506ff71f7a23c8e23f75ce9443384fe3393ed5c846924026e
82bee595afdc8aaafc016bf51cc1c5d27d8690b5a36bb2c7326b00b7da87840d
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
87dc0517423f932aab0dabb2f41ab2f5ac41a4ba435794dcc6c6af663603df75
8ec272b76ebdf8756da8e60cbec342b26e1e314d223b828e34b02aedea5d6d5a
95985b28f48867e7d7cdb106bb1fa389a2ec5462a1826f77eac524800e14a694
98a792bc94dc803bb2219e842100dc8a1a760bee994afb9bb3bf8d7421d89260
99fa5a280296b5fc7b63433ee121a359fc68c4a37f04a87d363e751164b96ff1
9c1162a622bc982328d9c7d2768c7c90116b2002fc8d5823ff4f06bf309f18c1
9c70203837590e2fe2d997f6fc41e64e7278e49d58274eec5f75cdf29c3ecd03
9c9b17aaa6d7189ffe7cd7623f61f63b60df3178aaa8ced604a464c237178bce
9e181aae64580371759fd9ab9c8e0023f094fb07ed464a8e4abe0a34a171ea01
a11d31336d81165454b7e760f4bf50d5a678c1d64009e7d9a1663965a6859f59
a3a4acc91750315f26ccfdff67b14bdc2ff153fd397500ad60a5ce9e0bafa3b1
a86b8c1fa9a765b51d4954ea0ca03f07280c044c999d11609689d044eee7eb24
afee3609c2d320fbe4ff5a90eaccd92d9628453944181649631dee0081de9d9b
b024e3c8e734080ab99d1595c812e583d220ff21a95ce4469b3fdce0568d6d6e
b16d98329e42d0a88591acdde3183e9eb4265d23be18534b6bfba20332fb4483
b1701e3fa666b6218db2a8b8034f8c843270e92c7244a5028f48e26e80420591
b26ad6b0412de9b0f2bba15bbf871f8df78b3766f16d2ac594c23e31afa68984
c0e374665b6196337f6c3446ff336fe67c10a609ddb1a316367ac7f1bc581519
c34dbb609c6387f6175474daf591365e75a67780b5b5f10ca1e3a069187c694b
c644bcb59e73fca1d0ec58af126d588b3a918326feae732d7ddb5bf61adb2105
c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e
c7e759103c707a1be91a2c66badd674496967cd9034b36f7a72a1fabaa46dd1f
c8d76f539c79c8169dd727ae8842c1dfa3513378fada30cd91dbaf26a1290801
cfe0094ec9c1e414159e1f064b9004d6af663e7b3c2d61c20a18e40e63d6a647
d0665aad66140bedfae8ee86351e3123060565001e33867552dd4b0f4a5a23d1
d4b2a25e3c7a78cdabf7c861c1508a20388fb0223025240d7692147f8aa9b05f
d64bea7d525ed5fb9b6c89ad17257f77862c2b95f98efb6e8ea9ca711e411cfd
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
d9d1553fa2ebad676d1123019ee10cb4d36eb83125176e7b6ba100d19ebc10b0
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dc40e303edf30aaeff3b6cca7b7037e7e728cc736f7c3b659ac60ec0945c8ccf
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980
e08069362721d144d84f24395fd827901ad1eb93254333b4090971e4bad7a4a6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4a38b04932e2ad77d85997f5cef0de384ecc1bb0b854cf619cb32501158692e
e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
ee2d1581955a8d6951640535ffd3f4d0396c7ced74dffdac58d140af5a60da5d
ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1e795a81ef9726704c4c4c7176d2853aef32a7afd9d2aa7da1b4ebdf93cd7af
f37e21c653607facbf39ad55a0d09b23fbda4ee1be8202257bd4c218eb1544ee
f60e5f09897f9af1a4190159019fa7617df27856207b153888844ffc5ac3790b
f685d36f3f62589ffc7cb9633a82850958978f8803780ece24c613ca6f8cf563
fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5

labs.bishopfox.com Open in urlscan Pro 2606:2c40::c73c:67fe Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

106 Requests

100 %HTTPS

78 %IPv6

29 Domains

45 Subdomains

39 IPs

4 Countries

2782 kBTransfer

7372 kBSize

15 Cookies

66 Outgoing links

Page URL History

Redirected requests

106 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

labs.bishopfox.com Open in urlscan Pro
2606:2c40::c73c:67fe Public Scan

Screenshot
Live screenshot

Full Image

106
Requests

100 %
HTTPS

78 %
IPv6

29
Domains

45
Subdomains

39
IPs

4
Countries

2782 kB
Transfer

7372 kB
Size

15
Cookies

106 HTTP transactions
4 data transactions