blog.sonatype.com Open in urlscan Pro
2606:4700::6811:74b4 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.sonatype.com/e2t/tc/VWq2zw3xkrl3W1XHxQG7fM-ttW3QbRmh4dsJgMN4dVQ9Z5nxG7V3Zsc37CgZj_W3Bm5vx8kJrw0W725HLB8ZqcybV...
Effective URL:
https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%2...
Submission: On August 07 via manual (August 7th 2020, 4:48:42 pm UTC) from US

Summary HTTP 152 Redirects Links 67 Behaviour Indicators

Summary

This website contacted 54 IPs in 7 countries across 49 domains to perform 152 HTTP transactions. The main IP is 2606:4700::6811:74b4, located in United States and belongs to CLOUDFLARENET, US. The main domain is blog.sonatype.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 21st 2020. Valid for: a year.

This is the only time blog.sonatype.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 6	2606:4700::68... 2606:4700::6811:73b4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
47	2606:4700::68... 2606:4700::6811:74b4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.139.128.11 151.139.128.11	20446 (HIGHWINDS3) (HIGHWINDS3)
2	2a02:26f0:6c0... 2a02:26f0:6c00::210:bb40	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:815::2008	15169 (GOOGLE) (GOOGLE)
1	2a01:4a0:1338... 2a01:4a0:1338:28::c38a:ff0b	201011 (NETZBETRI...) (NETZBETRIEB-GMBH)
7	2606:4700::68... 2606:4700::6811:f0cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	108.161.188.228 108.161.188.228	33438 (HIGHWINDS2) (HIGHWINDS2)
2	143.204.201.80 143.204.201.80	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:6c0... 2a02:26f0:6c00:196::19fd	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
6 7	2a00:1450:400... 2a00:1450:4001:814::200e	15169 (GOOGLE) (GOOGLE)
1	2a01:4a0:1338... 2a01:4a0:1338:28::c38a:ff08	201011 (NETZBETRI...) (NETZBETRIEB-GMBH)
1 2	172.217.23.130 172.217.23.130	15169 (GOOGLE) (GOOGLE)
7	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	151.101.112.157 151.101.112.157	54113 (FASTLY) (FASTLY)
1	2a02:26f0:f1:... 2a02:26f0:f1:29c::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	199.232.53.140 199.232.53.140	54113 (FASTLY) (FASTLY)
1	163.171.132.119 163.171.132.119	54994 (QUANTILNE...) (QUANTILNETWORKS)
6 6	2a00:1450:400... 2a00:1450:400c:c00::9a	15169 (GOOGLE) (GOOGLE)
6 10	2a00:1450:400... 2a00:1450:4001:81c::2004	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
1	152.199.19.77 152.199.19.77	15133 (EDGECAST) (EDGECAST)
1 2	2a05:f500:11:... 2a05:f500:11:101::b93f:9005	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	104.244.42.197 104.244.42.197	13414 (TWITTER) (TWITTER)
1	2a00:1450:400... 2a00:1450:4001:81c::2002	15169 (GOOGLE) (GOOGLE)
1	206.19.49.24 206.19.49.24	7018 (ATT-INTER...) (ATT-INTERNET4)
7	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	34.230.159.139 34.230.159.139	14618 (AMAZON-AES) (AMAZON-AES)
6	143.204.201.47 143.204.201.47	16509 (AMAZON-02) (AMAZON-02)
2	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
5	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.244.42.131 104.244.42.131	13414 (TWITTER) (TWITTER)
1	2606:4700::68... 2606:4700::6811:cacc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:47b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:14bf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:e9cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	143.204.201.79 143.204.201.79	16509 (AMAZON-02) (AMAZON-02)
2 2	52.215.1.63 52.215.1.63	16509 (AMAZON-02) (AMAZON-02)
1 2	143.204.201.111 143.204.201.111	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:81d::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:5605	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	3.85.187.26 3.85.187.26	14618 (AMAZON-AES) (AMAZON-AES)
1 5	23.210.248.216 23.210.248.216	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15 18	54.171.23.184 54.171.23.184	16509 (AMAZON-02) (AMAZON-02)
2 2	18.197.47.23 18.197.47.23	16509 (AMAZON-02) (AMAZON-02)
1	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
1 2	23.210.249.164 23.210.249.164	16625 (AKAMAI-AS) (AKAMAI-AS)
1	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
1 2	64.202.112.95 64.202.112.95	23352 (SERVERCEN...) (SERVERCENTRAL)
1	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	2a00:1288:f03... 2a00:1288:f03d:1fa::2000	10310 (YAHOO-1) (YAHOO-1)
1	141.226.228.48 141.226.228.48	200478 (TABOOLA-AS) (TABOOLA-AS)
1 2	52.59.125.145 52.59.125.145	16509 (AMAZON-02) (AMAZON-02)
1 2	52.59.50.21 52.59.50.21	16509 (AMAZON-02) (AMAZON-02)
1 2	37.252.172.36 37.252.172.36	29990 (ASN-APPNEX) (ASN-APPNEX)
1	35.244.245.222 35.244.245.222	15169 (GOOGLE) (GOOGLE)
1 2	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
152	54

6 2606:4700::6811:73b4 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.sonatype.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

47 2606:4700::6811:74b4 (United States)

ASN13335 (CLOUDFLARENET, US)

blog.sonatype.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.139.128.11 (Dallas, United States)

ASN20446 (HIGHWINDS3, US)

use.fonticons.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:6c00::210:bb40 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

consent.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:815::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a01:4a0:1338:28::c38a:ff0b (Germany)

ASN201011 (NETZBETRIEB-GMBH, DE)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700::6811:f0cc (United States)

ASN13335 (CLOUDFLARENET, US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.161.188.228 (United States)

ASN33438 (HIGHWINDS2, US)

fonticons-free-fonticons.netdna-ssl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.201.80 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-201-80.fra53.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:196::19fd (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:814::200e (Frankfurt am Main, Germany) 6 redirects

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a01:4a0:1338:28::c38a:ff08 (Germany)

ASN201011 (NETZBETRIEB-GMBH, DE)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.23.130 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s18-in-f130.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.112.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:f1:29c::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.232.53.140 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 163.171.132.119 (Germany)

ASN54994 (QUANTILNETWORKS, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:400c:c00::9a (Brussels, Belgium) 6 redirects

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:81c::2004 (Frankfurt am Main, Germany) 6 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 152.199.19.77 (United States)

ASN15133 (EDGECAST, US)

consentcdn.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:f500:11:101::b93f:9005 (Ireland) 1 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.197 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81c::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 206.19.49.24 (United States)

ASN7018 (ATT-INTERNET4, US)

apt.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.230.159.139 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-230-159-139.compute-1.amazonaws.com

t.sf14g.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 143.204.201.47 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-201-47.fra53.r.cloudfront.net

tag.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
scripts.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.131 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:cacc (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:47b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:14bf (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:e9cc (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.201.79 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-201-79.fra53.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.215.1.63 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.201.111 (Seattle, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-143-204-201-111.fra53.r.cloudfront.net

segments.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5605 (United States)

ASN13335 (CLOUDFLARENET, US)

perf.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.85.187.26 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-85-187-26.compute-1.amazonaws.com

tracking.leadlander.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.210.248.216 (Netherlands) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-248-216.deploy.static.akamaitechnologies.com

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 54.171.23.184 (Dublin, Ireland) 15 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-171-23-184.eu-west-1.compute.amazonaws.com

d.adroll.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.197.47.23 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-47-23.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.126.56.137 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.210.249.164 (Netherlands) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-249-164.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.165 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.202.112.95 (United States) 1 redirects

ASN23352 (SERVERCENTRAL, US)
PTR: ny.outbrain.com

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:f03d:1fa::2000 (United Kingdom) 1 redirects

ASN10310 (YAHOO-1, US)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.226.228.48 (Netherlands)

ASN200478 (TABOOLA-AS, IL)

sync.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.59.125.145 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-59-125-145.eu-central-1.compute.amazonaws.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.59.50.21 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.252.172.36 (Ascension Island) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.245.222 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 222.245.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.98.64.218 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
53	sonatype.com 1 redirects www.sonatype.com blog.sonatype.com	3 MB
22	adroll.com 15 redirects s.adroll.com d.adroll.com	26 KB
10	google.com 6 redirects www.google.com	2 KB
8	doubleclick.net 7 redirects stats.g.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net	3 KB
7	facebook.com www.facebook.com	1 KB
7	google.de www.google.de	789 B
7	facebook.net connect.facebook.net	626 KB
7	google-analytics.com 6 redirects www.google-analytics.com	19 KB
7	hubspot.net cdn2.hubspot.net	116 KB
6	hubspot.com app.hubspot.com track.hubspot.com forms.hubspot.com	3 KB
6	demandbase.com tag.demandbase.com scripts.demandbase.com	92 KB
4	twitter.com platform.twitter.com analytics.twitter.com	29 KB
4	linkedin.com 2 redirects platform.linkedin.com px.ads.linkedin.com www.linkedin.com	58 KB
3	company-target.com 1 redirects api.company-target.com segments.company-target.com	2 KB
3	cookiebot.com consent.cookiebot.com consentcdn.cookiebot.com	18 KB
2	openx.net 1 redirects us-u.openx.net	480 B
2	adnxs.com 1 redirects ib.adnxs.com	2 KB
2	bidswitch.net 1 redirects x.bidswitch.net	1007 B
2	3lift.com 1 redirects eb2.3lift.com	738 B
2	outbrain.com 1 redirects sync.outbrain.com	829 B
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com	2 KB
2	yahoo.com 1 redirects ups.analytics.yahoo.com ads.yahoo.com	1 KB
2	advertising.com 2 redirects pixel.advertising.com	818 B
2	leadlander.com 1 redirects tracking.leadlander.com	423 B
2	bidr.io 2 redirects match.prod.bidr.io	1019 B
2	t.co t.co	574 B
2	techtarget.com trk.techtarget.com apt.techtarget.com	3 KB
2	typekit.net p.typekit.net use.typekit.net	19 KB
2	driftt.com js.driftt.com	45 KB
2	googletagmanager.com www.googletagmanager.com	73 KB
1	rlcdn.com idsync.rlcdn.com	66 B
1	taboola.com sync.taboola.com	219 B
1	pubmatic.com simage2.pubmatic.com	886 B
1	rubiconproject.com pixel.rubiconproject.com	796 B
1	consensu.org 1 redirects d.adroll.mgr.consensu.org	137 B
1	hsforms.com perf.hsforms.com	525 B
1	gstatic.com www.gstatic.com	130 KB
1	hsleadflows.net js.hsleadflows.net	66 KB
1	hs-banner.com js.hs-banner.com	7 KB
1	hs-analytics.net js.hs-analytics.net	19 KB
1	hubapi.com api.hubapi.com	550 B
1	sf14g.com t.sf14g.com	37 KB
1	reddit.com alb.reddit.com	213 B
1	redditstatic.com www.redditstatic.com	6 KB
1	licdn.com snap.licdn.com	2 KB
1	ads-twitter.com static.ads-twitter.com	2 KB
1	googleadservices.com www.googleadservices.com	12 KB
1	netdna-ssl.com fonticons-free-fonticons.netdna-ssl.com	6 KB
1	fonticons.com use.fonticons.com	661 B
152	49

	Domain	Requested by
47	blog.sonatype.com	www.sonatype.com blog.sonatype.com
17	d.adroll.com	14 redirects
10	www.google.com	6 redirects blog.sonatype.com www.gstatic.com
7	www.facebook.com	blog.sonatype.com
7	www.google.de	blog.sonatype.com
7	connect.facebook.net	www.sonatype.com connect.facebook.net blog.sonatype.com
7	www.google-analytics.com	6 redirects www.googletagmanager.com
7	cdn2.hubspot.net	blog.sonatype.com
6	stats.g.doubleclick.net	6 redirects
6	www.sonatype.com	1 redirects blog.sonatype.com js.hsleadflows.net
5	s.adroll.com	1 redirects blog.sonatype.com s.adroll.com
4	track.hubspot.com
4	tag.demandbase.com	blog.sonatype.com tag.demandbase.com
2	us-u.openx.net	1 redirects
2	ib.adnxs.com	1 redirects
2	x.bidswitch.net	1 redirects
2	eb2.3lift.com	1 redirects
2	sync.outbrain.com	1 redirects
2	dsum-sec.casalemedia.com	1 redirects
2	pixel.advertising.com	2 redirects
2	tracking.leadlander.com	1 redirects
2	scripts.demandbase.com	tag.demandbase.com blog.sonatype.com
2	segments.company-target.com	1 redirects blog.sonatype.com
2	match.prod.bidr.io	2 redirects
2	analytics.twitter.com	static.ads-twitter.com
2	platform.twitter.com	blog.sonatype.com platform.twitter.com
2	t.co	blog.sonatype.com static.ads-twitter.com
2	px.ads.linkedin.com	1 redirects blog.sonatype.com
2	js.driftt.com	blog.sonatype.com js.driftt.com
2	www.googletagmanager.com	blog.sonatype.com
2	consent.cookiebot.com	blog.sonatype.com consent.cookiebot.com
1	cm.g.doubleclick.net	1 redirects
1	idsync.rlcdn.com
1	sync.taboola.com
1	ads.yahoo.com	1 redirects
1	simage2.pubmatic.com
1	pixel.rubiconproject.com
1	ups.analytics.yahoo.com
1	d.adroll.mgr.consensu.org	1 redirects
1	forms.hubspot.com	js.hsleadflows.net
1	perf.hsforms.com	blog.sonatype.com
1	www.gstatic.com	www.google.com
1	api.company-target.com	tag.demandbase.com
1	js.hsleadflows.net	blog.sonatype.com
1	js.hs-banner.com	blog.sonatype.com
1	js.hs-analytics.net	blog.sonatype.com
1	api.hubapi.com	blog.sonatype.com
1	app.hubspot.com	blog.sonatype.com
1	t.sf14g.com	blog.sonatype.com
1	alb.reddit.com	blog.sonatype.com
1	apt.techtarget.com	blog.sonatype.com
1	googleads.g.doubleclick.net	www.googleadservices.com
1	www.linkedin.com	1 redirects
1	consentcdn.cookiebot.com	consent.cookiebot.com
1	trk.techtarget.com	www.sonatype.com
1	www.redditstatic.com	www.sonatype.com
1	snap.licdn.com	www.sonatype.com
1	static.ads-twitter.com	www.sonatype.com
1	www.googleadservices.com	www.googletagmanager.com
1	use.typekit.net	blog.sonatype.com
1	p.typekit.net	blog.sonatype.com
1	fonticons-free-fonticons.netdna-ssl.com	use.fonticons.com
1	platform.linkedin.com	blog.sonatype.com
1	use.fonticons.com	blog.sonatype.com
152	64

This site contains links to these domains. Also see Links.

Domain
www.sonatype.com
twitter.com
www.linkedin.com
www.facebook.com
www.instagram.com
www.youtube.com
github.com
ossindex.sonatype.org
video.sonatype.com
help.sonatype.com
my.sonatype.com
exchange.sonatype.com
support.sonatype.com
en.wikipedia.org
portswigger.net
docs.spring.io

Subject Issuer	Validity	Valid
www.sonatype.com CloudFlare Inc ECC CA-2	`2019-09-17` - `2020-09-16`	a year	crt.sh
blog.sonatype.com Cloudflare Inc ECC CA-3	`2020-07-21` - `2021-07-21`	a year	crt.sh
use.fonticons.com DigiCert SHA2 Secure Server CA	`2019-10-28` - `2020-12-17`	a year	crt.sh
consent.cookiebot.com DigiCert ECC Extended Validation Server CA	`2020-06-11` - `2022-06-11`	2 years	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-07-15` - `2020-10-07`	3 months	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2020-07-03` - `2022-07-08`	2 years	crt.sh
hubspot.net Cloudflare Inc ECC CA-3	`2020-07-03` - `2021-07-03`	a year	crt.sh
*.netdna-ssl.com Sectigo RSA Domain Validation Secure Server CA	`2020-02-18` - `2021-03-18`	a year	crt.sh
drift.com Amazon	`2019-10-03` - `2020-11-03`	a year	crt.sh
*.typekit.net DigiCert SHA2 Secure Server CA	`2019-12-06` - `2021-12-10`	2 years	crt.sh
use.typekit.net DigiCert SHA2 Secure Server CA	`2020-01-28` - `2022-02-01`	2 years	crt.sh
www.googleadservices.com GTS CA 1O1	`2020-07-15` - `2020-10-07`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-07-21` - `2020-10-12`	3 months	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2019-08-14` - `2020-08-18`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
www.redditstatic.com DigiCert SHA2 Secure Server CA	`2020-04-06` - `2020-10-03`	6 months	crt.sh
trk.techtarget.com Sectigo RSA Domain Validation Secure Server CA	`2020-02-17` - `2022-05-17`	2 years	crt.sh
www.google.de GTS CA 1O1	`2020-07-15` - `2020-10-07`	3 months	crt.sh
sa473gl.wpc.edgecastcdn.net DigiCert SHA2 Secure Server CA	`2020-03-03` - `2022-04-12`	2 years	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2020-08-05` - `2021-02-05`	6 months	crt.sh
t.co DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-07-15` - `2020-10-07`	3 months	crt.sh
www.google.com GTS CA 1O1	`2020-07-15` - `2020-10-07`	3 months	crt.sh
*.techtarget.com Sectigo RSA Domain Validation Secure Server CA	`2019-10-25` - `2021-10-24`	2 years	crt.sh
*.reddit.com DigiCert SHA2 Secure Server CA	`2020-04-06` - `2020-10-03`	6 months	crt.sh
t.sf14g.com Go Daddy Secure Certificate Authority - G2	`2019-07-09` - `2020-09-07`	a year	crt.sh
*.demandbase.com Go Daddy Secure Certificate Authority - G2	`2018-09-20` - `2020-11-19`	2 years	crt.sh
*.twimg.com DigiCert SHA2 High Assurance Server CA	`2019-11-12` - `2020-11-18`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2020-07-27` - `2021-07-27`	a year	crt.sh
*.twitter.com DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh
hubapi.com Cloudflare Inc ECC CA-3	`2020-07-03` - `2021-07-03`	a year	crt.sh
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2020-04-07` - `2020-10-09`	6 months	crt.sh
*.company-target.com Go Daddy Secure Certificate Authority - G2	`2019-06-19` - `2021-08-18`	2 years	crt.sh
*.gstatic.com GTS CA 1O1	`2020-07-15` - `2020-10-07`	3 months	crt.sh
*.leadlander.com Go Daddy Secure Certificate Authority - G2	`2020-04-28` - `2022-04-28`	2 years	crt.sh
*.adroll.com DigiCert SHA2 Secure Server CA	`2020-01-29` - `2021-04-29`	a year	crt.sh
adroll.mgr.consensu.org Amazon	`2019-11-06` - `2020-12-06`	a year	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2020-05-27` - `2020-11-23`	6 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2020-03-02` - `2021-04-01`	a year	crt.sh
*.rubiconproject.com DigiCert SHA2 Secure Server CA	`2019-01-10` - `2021-01-14`	2 years	crt.sh
*.outbrain.com Thawte RSA CA 2018	`2019-10-29` - `2021-11-23`	2 years	crt.sh
*.pubmatic.com Sectigo RSA Organization Validation Secure Server CA	`2019-02-22` - `2021-02-21`	2 years	crt.sh
*.taboola.com DigiCert ECC Secure Server CA	`2019-09-03` - `2020-09-10`	a year	crt.sh
*.3lift.com Amazon	`2020-07-04` - `2021-08-05`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2020-04-23` - `2022-05-04`	2 years	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-14` - `2021-04-23`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2020-06-18` - `2021-08-17`	a year	crt.sh

This page contains 6 frames:

Primary Page: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Frame ID: FB01F1712A5C7EECD86D5D8980E2F944
Requests: 147 HTTP requests in this frame

Frame: https://consentcdn.cookiebot.com/sdk/bc.min.html
Frame ID: 0A9FC8E65FBC92A867A0E7D7D2C49D61
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.3c5aa8e2a38bbbee4b6d88e6846fc657.html?origin=https%3A%2F%2Fblog.sonatype.com
Frame ID: E92ED370C7C72B084660F3DCD4C07384
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc2_RsUAAAAAAYBSd4rxsgeQz7whuL9COCsHeET&co=aHR0cHM6Ly9ibG9nLnNvbmF0eXBlLmNvbTo0NDM.&hl=en&v=IU7gZ7o6RDdDE6U4Y1YJJWnN&size=invisible&badge=inline&cb=4vozpl5kh9r1
Frame ID: F2B7F3A02DC82878181989A284D313E1
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=IU7gZ7o6RDdDE6U4Y1YJJWnN&k=6Lc2_RsUAAAAAAYBSd4rxsgeQz7whuL9COCsHeET&cb=xidepsx6bf03
Frame ID: A0785687AABF878A9A7075626D06264E
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/deploy/assets/index.html
Frame ID: 431EDCD1B8CF189C6314FFBF8A34D407
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.sonatype.com/e2t/tc/VWq2zw3xkrl3W1XHxQG7fM-ttW3QbRmh4dsJgMN4dVQ9Z5nxG7V3Zsc37CgZj_W3Bm5vx... Page URL
https://www.sonatype.com/events/public/v1/track/tc/VWq2zw3xkrl3W1XHxQG7fM-ttW3QbRmh4dsJgMN4dVQ9Z5nxG7... HTTP 307
https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_camp... Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

152
Requests

100 %
HTTPS

47 %
IPv6

49
Domains

64
Subdomains

54
IPs

7
Countries

4827 kB
Transfer

8817 kB
Size

19
Cookies

67 Outgoing links

These are links going to different origins than the main page.

URL: https://www.sonatype.com/press-release-blog/one-in-six-developers-in-healthcare-industry-report-open-source-software-breaches-sonatype-finds
Title: Press Release

Search URL Search Domain Scan URL

URL: https://twitter.com/sonatype

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/sonatype

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Sonatype

Search URL Search Domain Scan URL

URL: https://www.instagram.com/sonatypedotcom/?hl=en

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/sonatype

Search URL Search Domain Scan URL

URL: https://github.com/sonatype

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/product-nexus-lifecycle
Title: Lifecycle

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/product-nexus-firewall
Title: Firewall

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/products-nexus-lifecycle-foundation
Title: Lifecycle Foundation

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/product-nexus-auditor
Title: Auditor

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/product-nexus-repository
Title: Professional Edition

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/nexus-repository-oss
Title: OSS Edition

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/nexus-intelligence
Title: Nexus Intelligence

Search URL Search Domain Scan URL

URL: https://ossindex.sonatype.org/?__hstc=31049440.56fb664a9e8bbf2910b869edc7d409b2.1596818905556.1596818905556.1596818905556.1&__hssc=31049440.1.1596818905556&__hsfp=2017058934
Title: OSS Index

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/oss-licensing
Title: OSS Licensing

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/products-integrations
Title: Nexus Integrations

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/products-dev-tools
Title: Free Developer Tools

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/appscan
Title: Nexus Vulnerability Scanner

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/product-pricing
Title: Nexus Platform Pricing

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/customer-success
Title: Success Stories

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/developers-solutions
Title: Developers

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/appsec-solutions
Title: Application Security

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/devsecops-solutions
Title: DevSecOps

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/government
Title: Government

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/financialservices
Title: Financial Services

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/manufacturing
Title: Manufacturing

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/technology
Title: Technology

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/healthcare
Title: Healthcare

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/learn-white-papers
Title: White Papers

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/learn-webinars
Title: Webinars

Search URL Search Domain Scan URL

URL: http://video.sonatype.com/
Title: Videos

Search URL Search Domain Scan URL

URL: https://help.sonatype.com/
Title: Documentation

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/partners
Title: Partner Program

Search URL Search Domain Scan URL

URL: https://my.sonatype.com/
Title: my.sonatype.com

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/training
Title: Workshops

Search URL Search Domain Scan URL

URL: https://exchange.sonatype.com/
Title: Nexus Exchange

Search URL Search Domain Scan URL

URL: https://support.sonatype.com/hc/en-us
Title: Support

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/upcoming-events
Title: Events

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/management-team
Title: Management

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/investors
Title: Investors

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/press-release-blog
Title: Press Releases

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/media
Title: Media

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/contactus
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/get-nexus-sonatype
Title: SCHEDULE A CALL

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/legal-compliance
Title: Legal & Compliance

Search URL Search Domain Scan URL

URL: https://my.sonatype.com/exchange
Title: Nexus Exchange

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/2020survey

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/about-sonatype
Title: About Sonatype

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/press-release-blog/
Title: Press Releases

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/careers-sonatype
Title: Careers

Search URL Search Domain Scan URL

URL: http://www.facebook.com/share.php?u=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_medium%3Dsocial%26utm_source%3Dfacebook

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_medium%3Dsocial%26utm_source%3Dlinkedin

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?original_referer=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_medium%3Dsocial%26utm_source%3Dtwitter&url=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_medium%3Dsocial%26utm_source%3Dtwitter&source=tweetbutton&text=Nexus%20Intelligence%20Insights%3A%20CVE-2019-3773%20Spring%20Web%20Services%20XML%20External%20Entity%20Injection%20%28XXE%29

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Model%E2%80%93view%E2%80%93controller
Title: MVC applications

Search URL Search Domain Scan URL

URL: https://portswigger.net/web-security/xxe
Title: https://portswigger.net/web-security/xxe

Search URL Search Domain Scan URL

URL: https://github.com/spring-projects/spring-ws/commit/1f05307d61d525ed74a7d6d70a2a3b132948cdfc
Title: in the fix for the vulnerability

Search URL Search Domain Scan URL

URL: https://docs.spring.io/autorepo/docs/spring-ws/2.4.x-SNAPSHOT/api/org/springframework/xml/transform/TransformerFactoryUtils.html
Title: external entities from accessing

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/nexus-intelligence-insights
Title: Nexus Intelligence Insights

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/axsharma/

Search URL Search Domain Scan URL

URL: https://twitter.com/Ax_Sharma

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/careers
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/contact-us
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/products-overview
Title: Products

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/terms-of-service
Title: Terms of Service

Search URL Search Domain Scan URL

URL: https://www.sonatype.com/privacy-policy
Title: Privacy Policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.sonatype.com/e2t/tc/VWq2zw3xkrl3W1XHxQG7fM-ttW3QbRmh4dsJgMN4dVQ9Z5nxG7V3Zsc37CgZj_W3Bm5vx8kJrw0W725HLB8ZqcybVqKf288-0zHvW2Cyk5m4pVxRvW16YS5r3xPfjlW41gZXs1_3gnSW8Zp-lw28wPFhN1LSGyXNDNqrW7X3XP81dMThmVScJ637qwBHlV70Mwl7D-T2ZN6ptmqHR4dBPW88sFny3GFHfVW5sNdzj8N1ksPW6PQrtG19z67tW6_tKss3dRxD5W1cb2lC5KYgDbW4D5v5F1wM1vLW7KpNJv5TKDz6W8ZlSSG56c_R4W1VGxy52RlrykW7hSg0Z3t0FY_W5WFkzN6KCl7XW5KZJsT6SMGC9W7z8R_08MXxPmW8wmdMh78fdxSW973Hpt86fj1TW8938h84F0HNPMyfx-qmMqVMW7gnnkD7N1JQwN3vFDYldYPZDW6CQFzR653zxS36621 Page URL
https://www.sonatype.com/events/public/v1/track/tc/VWq2zw3xkrl3W1XHxQG7fM-ttW3QbRmh4dsJgMN4dVQ9Z5nxG7V3Zsc37CgZj_W3Bm5vx8kJrw0W725HLB8ZqcybVqKf288-0zHvW2Cyk5m4pVxRvW16YS5r3xPfjlW41gZXs1_3gnSW8Zp-lw28wPFhN1LSGyXNDNqrW7X3XP81dMThmVScJ637qwBHlV70Mwl7D-T2ZN6ptmqHR4dBPW88sFny3GFHfVW5sNdzj8N1ksPW6PQrtG19z67tW6_tKss3dRxD5W1cb2lC5KYgDbW4D5v5F1wM1vLW7KpNJv5TKDz6W8ZlSSG56c_R4W1VGxy52RlrykW7hSg0Z3t0FY_W5WFkzN6KCl7XW5KZJsT6SMGC9W7z8R_08MXxPmW8wmdMh78fdxSW973Hpt86fj1TW8938h84F0HNPMyfx-qmMqVMW7gnnkD7N1JQwN3vFDYldYPZDW6CQFzR653zxS36621?_ud=de097225-2b68-43c6-873a-e35c506cbe4b&_ch=p&_pr2=p&_pl=0&_lg=en-US&_dr=b&_ts=p HTTP 307
https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 70

https://www.google-analytics.com/r/collect?v=1&_v=j83&a=9249170&t=pageview&_s=1&dl=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-%2520Vertical%2520-%2520Tech%26utm_medium%3Demail%26_hsmi%3D91363000%26_hsenc%3Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%26utm_content%3D91363000%26utm_source%3Dhs_automation&ul=en-us&de=UTF-8&dt=Nexus%20Intelligence%20Insights%3A%20CVE-2019-3773%20Spring%20Web%20Services%20XML%20External%20Entity%20Injection%20(XXE)&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUAB~&jid=75189778&gjid=1596779959&cid=1241948883.1596818904&tid=UA-137036301-1&_gid=38960446.1596818904&_r=1&gtm=2ou7v1&z=682060214 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-137036301-1&cid=1241948883.1596818904&jid=75189778&_gid=38960446.1596818904&gjid=1596779959&_v=j83&z=682060214 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-137036301-1&cid=1241948883.1596818904&jid=75189778&_v=j83&z=682060214 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-137036301-1&cid=1241948883.1596818904&jid=75189778&_v=j83&z=682060214&slf_rd=1&random=3429637821

Request Chain 72

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39209&url=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-%2520Vertical%2520-%2520Tech%26utm_medium%3Demail%26_hsmi%3D91363000%26_hsenc%3Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%26utm_content%3D91363000%26utm_source%3Dhs_automation&time=1596818903890 HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D39209%26url%3Dhttps%253A%252F%252Fblog.sonatype.com%252Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%253Futm_campaign%253DQ2%2525202020%252520-%252520Vertical%252520-%252520Tech%2526utm_medium%253Demail%2526_hsmi%253D91363000%2526_hsenc%253Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%2526utm_content%253D91363000%2526utm_source%253Dhs_automation%26time%3D1596818903890%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39209&url=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-%2520Vertical%2520-%2520Tech%26utm_medium%3Demail%26_hsmi%3D91363000%26_hsenc%3Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%26utm_content%3D91363000%26utm_source%3Dhs_automation&time=1596818903890&liSync=true

Request Chain 86

https://www.google-analytics.com/r/collect?v=1&_v=j83&a=9249170&t=pageview&_s=1&dl=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-%2520Vertical%2520-%2520Tech%26utm_medium%3Demail%26_hsmi%3D91363000%26_hsenc%3Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%26utm_content%3D91363000%26utm_source%3Dhs_automation&ul=en-us&de=UTF-8&dt=Nexus%20Intelligence%20Insights%3A%20CVE-2019-3773%20Spring%20Web%20Services%20XML%20External%20Entity%20Injection%20(XXE)&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=KEDAAUAB~&jid=1640731522&gjid=2113002630&cid=1241948883.1596818904&tid=UA-1693297-38&_gid=38960446.1596818904&_r=1&z=999009364 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-1693297-38&cid=1241948883.1596818904&jid=1640731522&_gid=38960446.1596818904&gjid=2113002630&_v=j83&z=999009364 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1693297-38&cid=1241948883.1596818904&jid=1640731522&_v=j83&z=999009364 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1693297-38&cid=1241948883.1596818904&jid=1640731522&_v=j83&z=999009364&slf_rd=1&random=1402750327

Request Chain 87

https://www.google-analytics.com/r/collect?v=1&_v=j83&a=9249170&t=pageview&_s=1&dl=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-%2520Vertical%2520-%2520Tech%26utm_medium%3Demail%26_hsmi%3D91363000%26_hsenc%3Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%26utm_content%3D91363000%26utm_source%3Dhs_automation&ul=en-us&de=UTF-8&dt=Nexus%20Intelligence%20Insights%3A%20CVE-2019-3773%20Spring%20Web%20Services%20XML%20External%20Entity%20Injection%20(XXE)&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=KEDAAUAB~&jid=975559244&gjid=1806729304&cid=1241948883.1596818904&tid=UA-1693297-29&_gid=38960446.1596818904&_r=1&z=825774056 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-1693297-29&cid=1241948883.1596818904&jid=975559244&_gid=38960446.1596818904&gjid=1806729304&_v=j83&z=825774056 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1693297-29&cid=1241948883.1596818904&jid=975559244&_v=j83&z=825774056 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1693297-29&cid=1241948883.1596818904&jid=975559244&_v=j83&z=825774056&slf_rd=1&random=98358926

Request Chain 102

https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 HTTP 303
https://segments.company-target.com/log?vendor=choca&user_id=AALOeE6-WwwAAA-odKtCoA HTTP 303
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AALOeE6-WwwAAA-odKtCoA&verifyHash=978a74cd3ff6a84080ab8d7bd5553ca486f7511c

Request Chain 109

https://www.google-analytics.com/r/collect?v=1&_v=j83&a=9249170&t=event&ni=1&_s=1&dl=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-%2520Vertical%2520-%2520Tech%26utm_medium%3Demail%26_hsmi%3D91363000%26_hsenc%3Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%26utm_content%3D91363000%26utm_source%3Dhs_automation&ul=en-us&de=UTF-8&dt=Nexus%20Intelligence%20Insights%3A%20CVE-2019-3773%20Spring%20Web%20Services%20XML%20External%20Entity%20Injection%20(XXE)&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Demandbase&ea=API%20Resolution&el=IP%20API&_u=aHDAAUAB~&jid=2050981696&gjid=1437367557&cid=1241948883.1596818904&tid=UA-137036301-1&_gid=38960446.1596818904&_r=1&gtm=2wg7v1TT8R4P&cd1=(Non-Company%20Visitor)&cd2=(Non-Company%20Visitor)&cd3=(Non-Company%20Visitor)&cd4=(Non-Company%20Visitor)&cd5=(Non-Company%20Visitor)&cd6=Bot&cd7=&cd8=(Non-Company%20Visitor)&cd9=(Non-Company%20Visitor)&cd10=(Non-Company%20Visitor)&cd11=country_name&cd12=(Non-AccountWatch%20Visitor)&cd13=(Non-AccountWatch%20Visitor)&cd14=(Non-AccountWatch%20Visitor)&cd15=(Non-AccountWatch%20Visitor)&cd16=(Non-AccountWatch%20Visitor)&cd17=(Non-Company%20Visitor)&cd18=(Non-AccountWatch%20Visitor)&cd19=(Non-AccountWatch%20Visitor)&cd20=(Non-AccountWatch%20Visitor)&z=979686873 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-137036301-1&cid=1241948883.1596818904&jid=2050981696&_gid=38960446.1596818904&gjid=1437367557&_v=j83&z=979686873 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-137036301-1&cid=1241948883.1596818904&jid=2050981696&_v=j83&z=979686873 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-137036301-1&cid=1241948883.1596818904&jid=2050981696&_v=j83&z=979686873&slf_rd=1&random=2658090892

Request Chain 110

https://www.google-analytics.com/r/collect?v=1&_v=j83&a=9249170&t=event&ni=1&_s=1&dl=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-%2520Vertical%2520-%2520Tech%26utm_medium%3Demail%26_hsmi%3D91363000%26_hsenc%3Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%26utm_content%3D91363000%26utm_source%3Dhs_automation&ul=en-us&de=UTF-8&dt=Nexus%20Intelligence%20Insights%3A%20CVE-2019-3773%20Spring%20Web%20Services%20XML%20External%20Entity%20Injection%20(XXE)&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Demandbase&ea=API%20Resolution&el=IP%20API&_u=aHDAAUAB~&jid=296431996&gjid=588582862&cid=1241948883.1596818904&tid=UA-1693297-38&_gid=38960446.1596818904&_r=1&gtm=2wg7v1TT8R4P&cd1=(Non-Company%20Visitor)&cd2=(Non-Company%20Visitor)&cd3=(Non-Company%20Visitor)&cd4=(Non-Company%20Visitor)&cd5=(Non-Company%20Visitor)&cd6=Bot&cd7=&cd8=(Non-Company%20Visitor)&cd9=(Non-Company%20Visitor)&cd10=(Non-Company%20Visitor)&cd11=country_name&cd12=(Non-AccountWatch%20Visitor)&cd13=(Non-AccountWatch%20Visitor)&cd14=(Non-AccountWatch%20Visitor)&cd15=(Non-AccountWatch%20Visitor)&cd16=(Non-AccountWatch%20Visitor)&cd17=(Non-Company%20Visitor)&cd18=(Non-AccountWatch%20Visitor)&cd19=(Non-AccountWatch%20Visitor)&cd20=(Non-AccountWatch%20Visitor)&z=1557769233 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-1693297-38&cid=1241948883.1596818904&jid=296431996&_gid=38960446.1596818904&gjid=588582862&_v=j83&z=1557769233 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1693297-38&cid=1241948883.1596818904&jid=296431996&_v=j83&z=1557769233 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1693297-38&cid=1241948883.1596818904&jid=296431996&_v=j83&z=1557769233&slf_rd=1&random=294667378

Request Chain 111

https://www.google-analytics.com/r/collect?v=1&_v=j83&a=9249170&t=event&ni=1&_s=1&dl=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-%2520Vertical%2520-%2520Tech%26utm_medium%3Demail%26_hsmi%3D91363000%26_hsenc%3Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%26utm_content%3D91363000%26utm_source%3Dhs_automation&ul=en-us&de=UTF-8&dt=Nexus%20Intelligence%20Insights%3A%20CVE-2019-3773%20Spring%20Web%20Services%20XML%20External%20Entity%20Injection%20(XXE)&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Demandbase&ea=API%20Resolution&el=IP%20API&_u=aHDAAUAB~&jid=654219816&gjid=1323277974&cid=1241948883.1596818904&tid=UA-1693297-29&_gid=38960446.1596818904&_r=1&gtm=2wg7v1TT8R4P&cd1=(Non-Company%20Visitor)&cd2=(Non-Company%20Visitor)&cd3=(Non-Company%20Visitor)&cd4=(Non-Company%20Visitor)&cd5=(Non-Company%20Visitor)&cd6=Bot&cd7=&cd8=(Non-Company%20Visitor)&cd9=(Non-Company%20Visitor)&cd10=(Non-Company%20Visitor)&cd11=country_name&cd12=(Non-AccountWatch%20Visitor)&cd13=(Non-AccountWatch%20Visitor)&cd14=(Non-AccountWatch%20Visitor)&cd15=(Non-AccountWatch%20Visitor)&cd16=(Non-AccountWatch%20Visitor)&cd17=(Non-Company%20Visitor)&cd18=(Non-AccountWatch%20Visitor)&cd19=(Non-AccountWatch%20Visitor)&cd20=(Non-AccountWatch%20Visitor)&z=1243025238 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-1693297-29&cid=1241948883.1596818904&jid=654219816&_gid=38960446.1596818904&gjid=1323277974&_v=j83&z=1243025238 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1693297-29&cid=1241948883.1596818904&jid=654219816&_v=j83&z=1243025238 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1693297-29&cid=1241948883.1596818904&jid=654219816&_v=j83&z=1243025238&slf_rd=1&random=315382113

Request Chain 123

https://tracking.leadlander.com/api/tracking?accountId=29592&page=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-%2520Vertical%2520-%2520Tech%26utm_medium%3Demail%26_hsmi%3D91363000%26_hsenc%3Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%26utm_content%3D91363000%26utm_source%3Dhs_automation&referer=&fp=f10d44237416b9907b2c88ae232a9574 HTTP 302
https://tracking.leadlander.com/tracking.png

Request Chain 127

https://s.adroll.com/j/exp/LVE6K7UX6ZF3TJCF5YYLLW/index.js HTTP 302
https://s.adroll.com/j/exp/index.js

Request Chain 129

https://d.adroll.mgr.consensu.org/consent/iabcheck/LVE6K7UX6ZF3TJCF5YYLLW?_s=5454b670295ff9a612fb20165339f577&_b=2 HTTP 302
https://d.adroll.com/consent/check/LVE6K7UX6ZF3TJCF5YYLLW/?_s=5454b670295ff9a612fb20165339f577&_b=2

Request Chain 131

https://d.adroll.com/pixel/LVE6K7UX6ZF3TJCF5YYLLW/QDMEQXRCGJGFVFHP7PP7BL?adroll_fpc=3b3c8845b2a55f0b9d35690d0f9bbba5-1596818905910&arrfrr=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-%2520Vertical%2520-%2520Tech%26utm_medium%3Demail%26_hsmi%3D91363000%26_hsenc%3Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%26utm_content%3D91363000%26utm_source%3Dhs_automation&xid_ch=f&pv=84495032320.94463&cookie=&adroll_s_ref=&keyw= HTTP 302
https://s.adroll.com/pixel/LVE6K7UX6ZF3TJCF5YYLLW/QDMEQXRCGJGFVFHP7PP7BL/PTFIWYGLSFCADG2J2CU4GM.js

Request Chain 133

https://d.adroll.com/cm/aol/out?adroll_fpc=3b3c8845b2a55f0b9d35690d0f9bbba5-1596818905910&arrfrr=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-%2520Vertical%2520-%2520Tech%26utm_medium%3Demail%26_hsmi%3D91363000%26_hsenc%3Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%26utm_content%3D91363000%26utm_source%3Dhs_automation&xid_ch=f&advertisable=LVE6K7UX6ZF3TJCF5YYLLW HTTP 302
https://pixel.advertising.com/ups/55980/sync?uid=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM&_origin=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA HTTP 302
https://pixel.advertising.com/ups/55980/sync?uid=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM&_origin=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/55980/sync?uid=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM&_origin=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UPd05618b8-d8cd-11ea-911c-0224bce09244

Request Chain 134

https://d.adroll.com/cm/index/out?adroll_fpc=3b3c8845b2a55f0b9d35690d0f9bbba5-1596818905910&arrfrr=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-%2520Vertical%2520-%2520Tech%26utm_medium%3Demail%26_hsmi%3D91363000%26_hsenc%3Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%26utm_content%3D91363000%26utm_source%3Dhs_automation&xid_ch=f&advertisable=LVE6K7UX6ZF3TJCF5YYLLW HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM&expiration=1628354906 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM&expiration=1628354906&C=1

Request Chain 135

https://d.adroll.com/cm/n/out?adroll_fpc=3b3c8845b2a55f0b9d35690d0f9bbba5-1596818905910&arrfrr=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-%2520Vertical%2520-%2520Tech%26utm_medium%3Demail%26_hsmi%3D91363000%26_hsenc%3Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%26utm_content%3D91363000%26utm_source%3Dhs_automation&xid_ch=f&advertisable=LVE6K7UX6ZF3TJCF5YYLLW HTTP 302
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM&expires=365

Request Chain 136

https://d.adroll.com/cm/outbrain/out?adroll_fpc=3b3c8845b2a55f0b9d35690d0f9bbba5-1596818905910&arrfrr=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-%2520Vertical%2520-%2520Tech%26utm_medium%3Demail%26_hsmi%3D91363000%26_hsenc%3Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%26utm_content%3D91363000%26utm_source%3Dhs_automation&xid_ch=f&advertisable=LVE6K7UX6ZF3TJCF5YYLLW HTTP 302
https://sync.outbrain.com/cookie-sync?p=adroll&uid=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM HTTP 302
https://sync.outbrain.com/cookie-sync?p=adroll&uid=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM&rdrctExp=true

Request Chain 137

https://d.adroll.com/cm/pubmatic/out?adroll_fpc=3b3c8845b2a55f0b9d35690d0f9bbba5-1596818905910&arrfrr=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-%2520Vertical%2520-%2520Tech%26utm_medium%3Demail%26_hsmi%3D91363000%26_hsenc%3Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%26utm_content%3D91363000%26utm_source%3Dhs_automation&xid_ch=f&advertisable=LVE6K7UX6ZF3TJCF5YYLLW HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM&gdpr=0&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA

Request Chain 138

https://d.adroll.com/cm/r/out?adroll_fpc=3b3c8845b2a55f0b9d35690d0f9bbba5-1596818905910&arrfrr=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-%2520Vertical%2520-%2520Tech%26utm_medium%3Demail%26_hsmi%3D91363000%26_hsenc%3Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%26utm_content%3D91363000%26utm_source%3Dhs_automation&xid_ch=f&advertisable=LVE6K7UX6ZF3TJCF5YYLLW HTTP 302
https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA HTTP 302
https://d.adroll.com/cm/r/in?xid=E0&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

Request Chain 139

https://d.adroll.com/cm/taboola/out?adroll_fpc=3b3c8845b2a55f0b9d35690d0f9bbba5-1596818905910&arrfrr=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-%2520Vertical%2520-%2520Tech%26utm_medium%3Demail%26_hsmi%3D91363000%26_hsenc%3Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%26utm_content%3D91363000%26utm_source%3Dhs_automation&xid_ch=f&advertisable=LVE6K7UX6ZF3TJCF5YYLLW HTTP 302
https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM

Request Chain 140

https://d.adroll.com/cm/triplelift/out?adroll_fpc=3b3c8845b2a55f0b9d35690d0f9bbba5-1596818905910&arrfrr=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-%2520Vertical%2520-%2520Tech%26utm_medium%3Demail%26_hsmi%3D91363000%26_hsenc%3Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%26utm_content%3D91363000%26utm_source%3Dhs_automation&xid_ch=f&advertisable=LVE6K7UX6ZF3TJCF5YYLLW HTTP 302
https://eb2.3lift.com/xuid?mid=4714&xuid=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM&dongle=c85e HTTP 302
https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=

Request Chain 141

https://d.adroll.com/cm/b/out?adroll_fpc=3b3c8845b2a55f0b9d35690d0f9bbba5-1596818905910&arrfrr=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-%2520Vertical%2520-%2520Tech%26utm_medium%3Demail%26_hsmi%3D91363000%26_hsenc%3Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%26utm_content%3D91363000%26utm_source%3Dhs_automation&xid_ch=f&advertisable=LVE6K7UX6ZF3TJCF5YYLLW HTTP 302
https://x.bidswitch.net/sync?dsp_id=44&user_id=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM

Request Chain 142

https://d.adroll.com/cm/x/out?adroll_fpc=3b3c8845b2a55f0b9d35690d0f9bbba5-1596818905910&arrfrr=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-%2520Vertical%2520-%2520Tech%26utm_medium%3Demail%26_hsmi%3D91363000%26_hsenc%3Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%26utm_content%3D91363000%26utm_source%3Dhs_automation&xid_ch=f&advertisable=LVE6K7UX6ZF3TJCF5YYLLW HTTP 302
https://ib.adnxs.com/setuid?entity=172&code=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM

Request Chain 143

https://d.adroll.com/cm/l/out?adroll_fpc=3b3c8845b2a55f0b9d35690d0f9bbba5-1596818905910&arrfrr=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-%2520Vertical%2520-%2520Tech%26utm_medium%3Demail%26_hsmi%3D91363000%26_hsenc%3Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%26utm_content%3D91363000%26utm_source%3Dhs_automation&xid_ch=f&advertisable=LVE6K7UX6ZF3TJCF5YYLLW HTTP 302
https://idsync.rlcdn.com/377928.gif?partner_uid=f42ffbc6c8cbfa875e0ff8a3cf391f33

Request Chain 144

https://d.adroll.com/cm/o/out?adroll_fpc=3b3c8845b2a55f0b9d35690d0f9bbba5-1596818905910&arrfrr=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-%2520Vertical%2520-%2520Tech%26utm_medium%3Demail%26_hsmi%3D91363000%26_hsenc%3Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%26utm_content%3D91363000%26utm_source%3Dhs_automation&xid_ch=f&advertisable=LVE6K7UX6ZF3TJCF5YYLLW HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537103138&val=f42ffbc6c8cbfa875e0ff8a3cf391f33 HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=f42ffbc6c8cbfa875e0ff8a3cf391f33

Request Chain 145

https://d.adroll.com/cm/g/out?adroll_fpc=3b3c8845b2a55f0b9d35690d0f9bbba5-1596818905910&arrfrr=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-%2520Vertical%2520-%2520Tech%26utm_medium%3Demail%26_hsmi%3D91363000%26_hsenc%3Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%26utm_content%3D91363000%26utm_source%3Dhs_automation&xid_ch=f&advertisable=LVE6K7UX6ZF3TJCF5YYLLW&google_nid=adroll4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=9C_7xsjL-odeD_ijzzkfMw HTTP 302
https://d.adroll.com/cm/g/in

152 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 VWq2zw3xkrl3W1XHxQG7fM-ttW3QbRmh4dsJgMN4dVQ9Z5nxG7V3Zsc37CgZj_W3Bm5vx8kJrw0W725HLB8ZqcybVqKf288-0zHvW2Cyk5m4pVxRvW16YS5r3xPfjlW41gZXs1_3gnSW8Zp-lw28wPFhN1LSGyXNDNqrW7X3XP81dMThmVScJ637qwBHlV70Mwl7D... Show response
www.sonatype.com/e2t/tc/ 9 KB
3 KB 160ms
77ms Document
text/html 2606:4700::6811:73b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sonatype.com/e2t/tc/VWq2zw3xkrl3W1XHxQG7fM-ttW3QbRmh4dsJgMN4dVQ9Z5nxG7V3Zsc37CgZj_W3Bm5vx8kJrw0W725HLB8ZqcybVqKf288-0zHvW2Cyk5m4pVxRvW16YS5r3xPfjlW41gZXs1_3gnSW8Zp-lw28wPFhN1LSGyXNDNqrW7X3XP81dMThmVScJ637qwBHlV70Mwl7D-T2ZN6ptmqHR4dBPW88sFny3GFHfVW5sNdzj8N1ksPW6PQrtG19z67tW6_tKss3dRxD5W1cb2lC5KYgDbW4D5v5F1wM1vLW7KpNJv5TKDz6W8ZlSSG56c_R4W1VGxy52RlrykW7hSg0Z3t0FY_W5WFkzN6KCl7XW5KZJsT6SMGC9W7z8R_08MXxPmW8wmdMh78fdxSW973Hpt86fj1TW8938h84F0HNPMyfx-qmMqVMW7gnnkD7N1JQwN3vFDYldYPZDW6CQFzR653zxS36621
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:73b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 57ef6096da778ae5c0e721d2681b4dcd8214ec18d74dd24c02eaa1532c74693f

Request headers

:method: GET
:authority: www.sonatype.com
:scheme: https
:path: /e2t/tc/VWq2zw3xkrl3W1XHxQG7fM-ttW3QbRmh4dsJgMN4dVQ9Z5nxG7V3Zsc37CgZj_W3Bm5vx8kJrw0W725HLB8ZqcybVqKf288-0zHvW2Cyk5m4pVxRvW16YS5r3xPfjlW41gZXs1_3gnSW8Zp-lw28wPFhN1LSGyXNDNqrW7X3XP81dMThmVScJ637qwBHlV70Mwl7D-T2ZN6ptmqHR4dBPW88sFny3GFHfVW5sNdzj8N1ksPW6PQrtG19z67tW6_tKss3dRxD5W1cb2lC5KYgDbW4D5v5F1wM1vLW7KpNJv5TKDz6W8ZlSSG56c_R4W1VGxy52RlrykW7hSg0Z3t0FY_W5WFkzN6KCl7XW5KZJsT6SMGC9W7z8R_08MXxPmW8wmdMh78fdxSW973Hpt86fj1TW8938h84F0HNPMyfx-qmMqVMW7gnnkD7N1JQwN3vFDYldYPZDW6CQFzR653zxS36621
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Fri, 07 Aug 2020 16:48:21 GMT
content-type: text/html;charset=utf-8
set-cookie: __cfduid=ddfe97adbe76b999b63ea2b24fa80d2791596818901; expires=Sun, 06-Sep-20 16:48:21 GMT; path=/; domain=.www.sonatype.com; HttpOnly; SameSite=Lax __cfruid=daa85ebd359bb2ae115f757208cd5fb736f794a6-1596818901; path=/; domain=.www.sonatype.com; HttpOnly; Secure; SameSite=None
cf-ray: 5bf27c139c209ab6-FRA
vary: Accept-Encoding
cf-cache-status: MISS
access-control-allow-credentials: false
cf-request-id: 046b6be04200009ab69c309200000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
referrer-policy: no-referrer
server: cloudflare
content-encoding: br

GET
H2

200

Primary Request cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe Show response
blog.sonatype.com/
Redirect Chain

https://www.sonatype.com/events/public/v1/track/tc/VWq2zw3xkrl3W1XHxQG7fM-ttW3QbRmh4dsJgMN4dVQ9Z5nxG7V3Zsc37CgZj_W3Bm5vx8kJrw0W725HLB8ZqcybVqKf288-0zHvW2Cyk5m4pVxRvW16YS5r3xPfjlW41gZXs1_3gnSW8Zp-lw...
https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLd...

129 KB
20 KB

1130ms
1111ms

Document
text/html

2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation

Requested by

Host: www.sonatype.com
URL: https://www.sonatype.com/e2t/tc/VWq2zw3xkrl3W1XHxQG7fM-ttW3QbRmh4dsJgMN4dVQ9Z5nxG7V3Zsc37CgZj_W3Bm5vx8kJrw0W725HLB8ZqcybVqKf288-0zHvW2Cyk5m4pVxRvW16YS5r3xPfjlW41gZXs1_3gnSW8Zp-lw28wPFhN1LSGyXNDNqrW7X3XP81dMThmVScJ637qwBHlV70Mwl7D-T2ZN6ptmqHR4dBPW88sFny3GFHfVW5sNdzj8N1ksPW6PQrtG19z67tW6_tKss3dRxD5W1cb2lC5KYgDbW4D5v5F1wM1vLW7KpNJv5TKDz6W8ZlSSG56c_R4W1VGxy52RlrykW7hSg0Z3t0FY_W5WFkzN6KCl7XW5KZJsT6SMGC9W7z8R_08MXxPmW8wmdMh78fdxSW973Hpt86fj1TW8938h84F0HNPMyfx-qmMqVMW7gnnkD7N1JQwN3vFDYldYPZDW6CQFzR653zxS36621

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / HubSpot

Resource Hash

f11012e5e3747f466ce2728454400a8290652d65b0bdb83099f0b11f2e000208

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=0

Request headers

:method: GET
:authority: blog.sonatype.com
:scheme: https
:path: /cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.sonatype.com/e2t/tc/VWq2zw3xkrl3W1XHxQG7fM-ttW3QbRmh4dsJgMN4dVQ9Z5nxG7V3Zsc37CgZj_W3Bm5vx8kJrw0W725HLB8ZqcybVqKf288-0zHvW2Cyk5m4pVxRvW16YS5r3xPfjlW41gZXs1_3gnSW8Zp-lw28wPFhN1LSGyXNDNqrW7X3XP81dMThmVScJ637qwBHlV70Mwl7D-T2ZN6ptmqHR4dBPW88sFny3GFHfVW5sNdzj8N1ksPW6PQrtG19z67tW6_tKss3dRxD5W1cb2lC5KYgDbW4D5v5F1wM1vLW7KpNJv5TKDz6W8ZlSSG56c_R4W1VGxy52RlrykW7hSg0Z3t0FY_W5WFkzN6KCl7XW5KZJsT6SMGC9W7z8R_08MXxPmW8wmdMh78fdxSW973Hpt86fj1TW8938h84F0HNPMyfx-qmMqVMW7gnnkD7N1JQwN3vFDYldYPZDW6CQFzR653zxS36621

Response headers

status: 200
date: Fri, 07 Aug 2020 16:48:22 GMT
content-type: text/html;charset=utf-8
set-cookie: __cfduid=de7f875080a8002c2ec5f27581c36361b1596818901; expires=Sun, 06-Sep-20 16:48:21 GMT; path=/; domain=.blog.sonatype.com; HttpOnly; SameSite=Lax __cfruid=6f2ef77db21117f0ec6beed90761ed0c3bad1298-1596818902; path=/; domain=.blog.sonatype.com; HttpOnly; Secure; SameSite=None
cf-ray: 5bf27c1689c3635f-FRA
cache-control: s-maxage=1800,max-age=0
link: </hs/hsstatic/HubspotToolsMenu/static-1.72/js/index.js>; rel=preload; as=script, </hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.7/bundles/project.js>; rel=preload; as=script, </hs/hsstatic/cos-i18n/static-1.16/bundles/project.js>; rel=preload; as=script, </hs/hsstatic/AsyncSupport/static-1.81/js/comment_listing_asset.js>; rel=preload; as=script, </_hcms/forms/v2.js>; rel=preload; as=script
strict-transport-security: max-age=0
vary: Accept-Encoding
cf-cache-status: MISS
access-control-allow-credentials: false
cf-request-id: 046b6be2150000635f181d6200000001
content-security-policy: upgrade-insecure-requests
edge-cache-tag: CT-24791792114,P-1958393,L-3906896744,L-4063610545,L-6651455434,CW-28632893861,CW-28681865486,CW-32122305720,CW-5737565851,CW-5737891429,E-3797839657,E-3937994511,E-5296077409,E-5296081041,MENU-28631988575,MENU-28744292279,MENU-4001614731,PGS-ALL,SW-4,B-3737438004,GC-29116883585,GC-32156494138
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-hs-cache-config: BrowserCache-0s-EdgeCache-1800s
x-hs-combine-css: Media
x-hs-content-campaign-id: ddfcfddd-bd33-448c-8f9b-1c7be06b31c5
x-hs-content-id: 24791792114
x-hs-hub-id: 1958393
x-powered-by: HubSpot
x-trace: 2BC7B2570BF66B4D85BB8736FC981EB7D0940C55D7000000000000000000
server: cloudflare
content-encoding: br
cf-h2-pushed: </hs/hsstatic/HubspotToolsMenu/static-1.72/js/index.js>,</hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.7/bundles/project.js>,</hs/hsstatic/cos-i18n/static-1.16/bundles/project.js>,</hs/hsstatic/AsyncSupport/static-1.81/js/comment_listing_asset.js>,</_hcms/forms/v2.js>

Redirect headers

status: 307
date: Fri, 07 Aug 2020 16:48:21 GMT
location: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
cf-ray: 5bf27c142ca29ab6-FRA
link: <https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation>; rel="canonical"
vary: Accept-Encoding
cf-cache-status: MISS
access-control-allow-credentials: false
cf-request-id: 046b6be09800009ab69c30c200000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
referrer-policy: no-referrer
x-robots-tag: none
server: cloudflare

GET
H2 200 index.js Show response
blog.sonatype.com/hs/hsstatic/HubspotToolsMenu/static-1.72/js/ 9 KB
3 KB 26ms
0ms Script
application/javascript 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.sonatype.com/hs/hsstatic/HubspotToolsMenu/static-1.72/js/index.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1bd7c3200bda02262090f6ca46a5928d152bfdd6201ab98f4041f9d3c2447167

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:22 GMT
via: 1.1 6115ccbf06ce7bea7cea8806dfa86752.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 880652
x-amz-server-side-encryption: AES256
cf-ray: 5bf27c1d6d65635f-FRA
x-cache: Hit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
content-encoding: br
cf-request-id: 046b6be6620000635f1822a200000001
last-modified: Mon, 27 Jul 2020 19:07:57 GMT
server: cloudflare
etag: W/"8e0f41fe10dafcb878a6cf6f260ad3c6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: IWqYILzZrU2yHF48nbSvpYDBYBO7qJVI
cache-control: s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-cf-pop: IAD79-C3
content-type: application/javascript; charset=utf-8
x-amz-cf-id: MIIKxazY7cLKQPFd2gHzPY0-rmnVKbA3ZH93CJGdamj7lYkbd2BxLw==

GET
H2 200 project.js Show response
blog.sonatype.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.7/bundles/ 2 KB
948 B 21ms
0ms Script
application/javascript 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.sonatype.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.7/bundles/project.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c2c02e9614363683f8e388045ca9fd63a691125c5904c17ae76bb61994a46fda

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:22 GMT
via: 1.1 1fa3f854976309f3d11907ad7125291a.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 2403207
x-amz-server-side-encryption: AES256
cf-ray: 5bf27c1d6d66635f-FRA
x-cache: Hit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
content-encoding: br
cf-request-id: 046b6be6620000635f1822b200000001
last-modified: Mon, 09 Mar 2020 16:45:22 GMT
server: cloudflare
etag: W/"13d7f6663fd3c647b1222db945cca06a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: F8BNQrrKLCj8R5Pce1ocuLgFrUYw7rqF
cache-control: s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C3
content-type: application/javascript; charset=utf-8
x-amz-cf-id: q6oRgMFp3dULCT1JcSiOuuFRCDk4R_QIg0J06DT5HDpHNXIJlBUYHA==

GET
H2 200 project.js Show response
blog.sonatype.com/hs/hsstatic/cos-i18n/static-1.16/bundles/ 1 KB
813 B 27ms
0ms Script
application/javascript 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.sonatype.com/hs/hsstatic/cos-i18n/static-1.16/bundles/project.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 557ad452a06d522c1a395625dad86562395f613b0e5be6d4d064227cba3177fc

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:22 GMT
via: 1.1 f37f104903bda438e8b0547be6e0c193.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 2403207
x-amz-server-side-encryption: AES256
cf-ray: 5bf27c1d6d68635f-FRA
x-cache: Hit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
content-encoding: br
cf-request-id: 046b6be6620000635f1822c200000001
last-modified: Fri, 06 Mar 2020 22:11:41 GMT
server: cloudflare
etag: W/"521bbded6fd98183186fa53a6ec3a214"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: _BZT4UvGuuv15ZMP47_RmvTsjqOaqFD9
cache-control: s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C3
content-type: application/javascript; charset=utf-8
x-amz-cf-id: l4aStCUD14IByIxB7eyJuROARjFA9LguBTvQyrOUSpVSC45juyFGAA==

GET
H2 200 comment_listing_asset.js Show response
blog.sonatype.com/hs/hsstatic/AsyncSupport/static-1.81/js/ 8 KB
3 KB 81ms
0ms Script
application/javascript 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.sonatype.com/hs/hsstatic/AsyncSupport/static-1.81/js/comment_listing_asset.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ddf85c0a55c7d03f4e3a1cce43da67eb89317d6ccf537a05135001d855c79d1c

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:22 GMT
via: 1.1 9c90b41a9e5ac2856624d29ed4da4235.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 787525
x-amz-server-side-encryption: AES256
cf-ray: 5bf27c1d6d69635f-FRA
x-cache: Hit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
content-encoding: br
cf-request-id: 046b6be6620000635f1822d200000001
last-modified: Mon, 27 Jul 2020 21:53:38 GMT
server: cloudflare
etag: W/"567bab48661da0a415927a96f9c7f681"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: Eu2fKShLk.u0kGoANv_gTElq1sLOwO7N
cache-control: s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C3
content-type: application/javascript; charset=utf-8
x-amz-cf-id: 8I_OOsCQt70NqL2u8DgMfYR8Oa6np2rRPsKIaUTttB61LGldEjqpEg==

GET
H2 200 v2.js Show response
blog.sonatype.com/_hcms/forms/ 459 KB
115 KB 42ms
0ms Script
application/javascript 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.sonatype.com/_hcms/forms/v2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9c74966498bd2a74ba2cf4fbcf0229ed6b161caf55f63c8fba4093286d7b8b54

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:22 GMT
via: 1.1 157ebd6865840045fc8b5ed1cce7e466.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 29953
x-amz-server-side-encryption: AES256
cf-ray: 5bf27c1d6d6a635f-FRA
x-cache: Hit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
content-encoding: br
cf-request-id: 046b6be6620000635f1822e200000001
last-modified: Tue, 21 Jul 2020 10:44:54 UTC
server: cloudflare
etag: W/"3cd160df982426cc1c86494397b0c6fe"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: wXZKWTnYMV_Y36cO.xKGc7KhNSEePysX
cache-control: s-maxage=86400, max-age=0
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C3
content-type: application/javascript; charset=utf-8
x-amz-cf-id: 2gzErr5dB9FuIF-dcO40YLHaqj9Ghx23aEP2alAwT_wq-1EPBe9osA==

GET
H2 200 jquery-1.7.1.js Show response
blog.sonatype.com/hs/hsstatic/jquery-libs/static-1.1/jquery/ 92 KB
32 KB 49ms
44ms Script
application/javascript 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.sonatype.com/hs/hsstatic/jquery-libs/static-1.1/jquery/jquery-1.7.1.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:22 GMT
via: 1.1 22e9d361a9c4153886c1c8aa0eb4ffa8.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 2402599
cf-ray: 5bf27c1d8d7e635f-FRA
x-cache: Hit from cloudfront
status: 200
content-encoding: br
cf-request-id: 046b6be6770000635f18236200000001
last-modified: Tue, 25 Nov 2014 17:03:30 GMT
server: cloudflare
etag: W/"ddb84c1587287b2df08966081ef063bf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: null
cache-control: s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C3
content-type: application/javascript; charset=utf-8
x-amz-cf-id: cX4JdNetB8EnTDgp1B0QsLkGGbPMVaNWF5kzReIYtzDQKUzPo8BHEQ==

GET
H2 200 module_32122305720_NUC_Sticky_Info_box.min.css
blog.sonatype.com/hs-fs/hub/1958393/hub_generated/module_assets/32122305720/1595434277407/ 981 B
949 B 949ms
944ms Stylesheet
text/css 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/module_assets/32122305720/1595434277407/module_32122305720_NUC_Sticky_Info_box.min.css
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 115231f0d0e93a1c7efbc820a64d2101040d8a134a515417d801c20be8c31fdb

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:23 GMT
via: 1.1 9d6e8d4f97c41f6ce231875fe6d15e59.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-cf-pop: EWR52-C3
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 7
content-encoding: br
x-amz-request-id: EF1C0CB2CC3BD611
x-amz-id-2: Xv9uHQ2Fza3z6M3r7BIiCouZnuWHNQ+FkcguWsIY9QdOAUIOUc2JYRDlCA7zAqudBlEeTA4EZEk=
last-modified: Wed, 22 Jul 2020 16:11:18 GMT
server: cloudflare
etag: W/"a55dd1c97d06d105b3f7a7ec54fbb970"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-meta-created-unix-time-millis: 1595434277407
content-type: text/css
cache-control: s-maxage=7200, max-age=7200, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: eCWwirv9toarvJLngQnOJxT7tZfa7hFo
cf-request-id: 046b6be6750000635f1822f200000001
cf-ray: 5bf27c1d8d74635f-FRA
x-amz-cf-id: phWbXS8vjf1P4MDNpvgaL06CEPDFW3Px9qUP4cqhWkByrSp02YAcCQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 7

GET
H2 200 module_28681865486_Mega_Menu_Module.min.css
blog.sonatype.com/hs-fs/hub/1958393/hub_generated/module_assets/28681865486/1595434277174/ 1 KB
1 KB 278ms
274ms Stylesheet
text/css 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/module_assets/28681865486/1595434277174/module_28681865486_Mega_Menu_Module.min.css
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 150e82b12b009933ef92a8eda78723cadbd1e7d325946825aa3dc9a35098e408

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:22 GMT
via: 1.1 8d41af75f0c67663aa0315daec98e02c.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-cf-pop: EWR52-C3
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
status: 200
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 7
content-encoding: br
x-amz-request-id: B434DA638A7C773D
x-amz-id-2: wYtZufdB4tvWrsCeHefPA1wD6yItPC276+rE1DpDRNiuVW/f+WBoYT9FrPbUH0OywPVsXq0xciQ=
last-modified: Wed, 22 Jul 2020 16:11:18 GMT
server: cloudflare
etag: W/"3530aba7af7396e19128e740dbcfd6fe"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-meta-created-unix-time-millis: 1595434277174
content-type: text/css
cache-control: s-maxage=7200, max-age=7200, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: hBV5kji.O265WHch6MbRPyXBe0p63iRe
cf-request-id: 046b6be6750000635f18230200000001
cf-ray: 5bf27c1d8d75635f-FRA
x-amz-cf-id: MwwBa-0PnLmVbSsLhhXAa7m-RuN932AkXYlv2_GkKxsAhxpiVYbjog==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 7

GET
H2 200 module_28632893861_MEGA_Menu_Code.min.css
blog.sonatype.com/hs-fs/hub/1958393/hub_generated/module_assets/28632893861/1595434276995/ 6 KB
1 KB 280ms
276ms Stylesheet
text/css 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/module_assets/28632893861/1595434276995/module_28632893861_MEGA_Menu_Code.min.css
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 992657a4331a761df7c537cc556ca0b3e0cf22a7240b490cc5e4e20726b0f8c9

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:22 GMT
via: 1.1 3c6fb804e042beb7f78515bd450ae3a2.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-cf-pop: EWR52-C3
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
status: 200
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 7
content-encoding: br
x-amz-request-id: ABFD37F8087AD507
x-amz-id-2: OU2TXQFTmGiQAW7BS3IWCKOrkHqvVblyNHjo7p+w8zTO/5LP/nWtrvcTmv4WIa69JTnJVKdQfZE=
last-modified: Wed, 22 Jul 2020 16:11:17 GMT
server: cloudflare
etag: W/"0d75e2505963c9d5d50e1b8701d0ecdf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-meta-created-unix-time-millis: 1595434276995
content-type: text/css
cache-control: s-maxage=7200, max-age=7200, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: ryJw3HTU7p1_y5Rg5muz358K.DnHEXGZ
cf-request-id: 046b6be6770000635f18231200000001
cf-ray: 5bf27c1d8d76635f-FRA
x-amz-cf-id: Cu_85AjYLweczufh-slL6Ax9g_6VJYPoVnTcpStQivWaBsDOgqZbAg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 7

GET
H2 200 comments_listing_asset.css
blog.sonatype.com/hs/hsstatic/AsyncSupport/static-1.81/sass/ 1 KB
752 B 74ms
69ms Stylesheet
text/css 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.sonatype.com/hs/hsstatic/AsyncSupport/static-1.81/sass/comments_listing_asset.css
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c92b3367b5fe4043730b6978e65a2cfbe6c0fa7a2eeadf0e904435aa9354877f

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:22 GMT
via: 1.1 20579d8c7e6a7d159f211e9ee1d4003c.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 787376
x-amz-server-side-encryption: AES256
cf-ray: 5bf27c1d8d78635f-FRA
x-cache: Hit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
content-encoding: br
cf-request-id: 046b6be6770000635f18232200000001
last-modified: Mon, 27 Jul 2020 21:53:38 GMT
server: cloudflare
etag: W/"bff3608e1efab0c0b3f7a0eb6c143971"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: D8BAokZMBAd.raFVBkdcFzmbYBC50Q06
cache-control: s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C3
content-type: text/css
x-amz-cf-id: _0mCoiSbDbHdYbQia3JVzov6D_JhOWLOZgST9EVWhtBvWY8HUioweA==

GET
H2 200 Form-quality-check.min.js Show response
blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/3937994511/1591984849376/In_Use/In_Use_JS/ 5 KB
1 KB 821ms
817ms Script
application/javascript 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/3937994511/1591984849376/In_Use/In_Use_JS/Form-quality-check.min.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 649608e574d0bd7ea291196bc900c2001903ad5e188a3211d627c9940476c9fe

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:23 GMT
via: 1.1 ed8e6c4476f2632eef2c7ce856161af0.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-cf-pop: IAD89-C1
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
status: 200
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 5
content-encoding: br
x-amz-request-id: BE870E67B8A7131A
x-amz-id-2: 4VTXZTsuvDHIFcTlaI9fNqocDUiQC7RpHvpe21tHaY/TpIsHRMeN/ny6KWGIK9GM7ZLd0cljuLM=
last-modified: Fri, 12 Jun 2020 18:00:50 GMT
server: cloudflare
etag: W/"9419bd1cbfef42c242cc20a5ef55f14b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=7200, max-age=7200, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: ixP9zRm6k_iyP_Gd8Rjtyznd6k3Hrisb
cf-request-id: 046b6be6770000635f18237200000001
cf-ray: 5bf27c1d8d7f635f-FRA
x-amz-cf-id: ntcegqez92BxGIxv50pAXvgOgWRpVLItfmdUkbuk63XdAG0QIUfCog==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 5

GET
H2 200 jquery.mousewheel-3.0.6.pack.js Show response
blog.sonatype.com/hubfs/Plugins/fancybox/lib/ 1 KB
1 KB 304ms
300ms Script
application/javascript 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.sonatype.com/hubfs/Plugins/fancybox/lib/jquery.mousewheel-3.0.6.pack.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 687be205607d7985c36d90cacc8d60ef919a61bfc72c630cda50e90467b75879

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:22 GMT
via: 1.1 c05282a87474a55ae2a8dd2aa77d1233.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-meta-cache-tag: F-3954371994,P-1958393,FLS-ALL
x-amz-cf-pop: FRA6-C1
edge-cache-tag: F-3954371994,P-1958393,FLS-ALL
status: 200
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 7
content-encoding: br
x-amz-request-id: 7605A812E08D8EB9
cf-request-id: 046b6be6770000635f18238200000001
last-modified: Sun, 08 Oct 2017 10:31:43 GMT
server: cloudflare
etag: W/"fde6509fae2cafdb6d97e4a9a60cce66"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-amz-id-2: i/hSeL+j9CUUw3HUtWXeCYQcrSBkvrUOBsGkTrmSCXu/DJiLjtlw2pBGY0DQssc83QTcxhagFpc=
cache-control: s-maxage=7200, max-age=7200
x-amz-version-id: N239Basx9RkFh4_62Uj5Cg29YYiW1qQm
cf-ray: 5bf27c1d8d80635f-FRA
x-amz-cf-id: v5JbU-ELDBEVLtnHWtEFwCEZkPMXNLGIuAkPC687Fdsh-glmcFdRAg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 7

GET
H2 200 jquery.fancybox.css
blog.sonatype.com/hubfs/Plugins/fancybox/source/ 5 KB
2 KB 1029ms
1025ms Stylesheet
text/css 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.sonatype.com/hubfs/Plugins/fancybox/source/jquery.fancybox.css?v=2.1.5
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 968a8e56e4adaf8c135199ebd7f6cc065424ca45974d4dfbeb5607e69fe72fcd

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:23 GMT
via: 1.1 b0fcc152e139d4a9564e7672922f3588.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-meta-cache-tag: F-4027706718,P-1958393,FLS-ALL
x-amz-cf-pop: ATL52-C1
edge-cache-tag: F-4027706718,P-1958393,FLS-ALL
status: 200
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 7
content-encoding: br
x-amz-request-id: 3D625F75982BE626
cf-request-id: 046b6be6770000635f18233200000001
last-modified: Sun, 08 Oct 2017 10:36:24 GMT
server: cloudflare
etag: W/"6c55951ce1e3115711f63f99b7501f3a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
x-amz-id-2: GUFMn+AsVEdt4AJQ+ByPLMMl/JLi3dycRlPNKvqwOnd6K/IdlC+KANFs0lKPjSF4VQvS2Olzw1Y=
cache-control: s-maxage=7200, max-age=7200
x-amz-version-id: 9yxq9z2gwYzktl5V7kdSL2c3_MI6Xjxy
cf-ray: 5bf27c1d8d7a635f-FRA
x-amz-cf-id: GSjcwvNyMY1jK2QilojnOtplWgIbc7sDQB9Cs98hNgFrwWlWXKlBvw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 7

GET
H2 200 jquery.fancybox.pack.js Show response
blog.sonatype.com/hubfs/Plugins/fancybox/source/ 23 KB
9 KB 377ms
373ms Script
application/javascript 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.sonatype.com/hubfs/Plugins/fancybox/source/jquery.fancybox.pack.js?v=2.1.5
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bc50bf49cbe79ee49b4ee8b56f26ff4877bc4945c16f260b1481ba2355c96347

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:23 GMT
via: 1.1 7ff386cc5735ee5d428e6d9e2fdc8b2c.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-meta-cache-tag: F-4136544545,P-1958393,FLS-ALL
x-amz-cf-pop: FRA6-C1
edge-cache-tag: F-4136544545,P-1958393,FLS-ALL
status: 200
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 7
content-encoding: br
x-amz-request-id: A411A1DA8966C48D
cf-request-id: 046b6be6770000635f18239200000001
last-modified: Sun, 08 Oct 2017 10:41:13 GMT
server: cloudflare
etag: W/"cc9e759f24ba773aeef8a131889d3728"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-amz-id-2: gxPUjQ6X+8q8K5QWQ6fD2pvh1bjetIaFh1ew7E0JK73GZ7wecJBxT1hC0YsSXZsFPY7UA8DaceM=
cache-control: s-maxage=7200, max-age=7200
x-amz-version-id: gK_R8lKQW19_z5wOz.PPr9fie3q4S3DG
cf-ray: 5bf27c1d8d81635f-FRA
x-amz-cf-id: YDRxG3pNdl_0KPxlPGm5KzsNwya8SWyNqQb-JAqo2FLHimBy0O9V-w==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 7

GET
H2 200 jquery.fancybox-buttons.css
blog.sonatype.com/hubfs/Plugins/fancybox/source/helpers/ 2 KB
1 KB 868ms
864ms Stylesheet
text/css 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.sonatype.com/hubfs/Plugins/fancybox/source/helpers/jquery.fancybox-buttons.css?v=1.0.5
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ae270bcb50f2d50d85d66e5fa909ad765d6a899b387bb6508d3d3e94bad43ec1

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:23 GMT
via: 1.1 855fc99290943f60d45d25c47cc9e209.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-meta-cache-tag: F-4027706753,P-1958393,FLS-ALL
x-amz-cf-pop: ATL52-C1
edge-cache-tag: F-4027706753,P-1958393,FLS-ALL
status: 200
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 7
content-encoding: br
x-amz-request-id: 6H8KFSAY0YDP5Q6R
cf-request-id: 046b6be6770000635f18234200000001
last-modified: Sun, 08 Oct 2017 10:36:25 GMT
server: cloudflare
etag: W/"cac75538c2e3ddfadef839feaca8e356"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
x-amz-id-2: v+MR8amMooWKIiZ+773O6GVMg2I20imTJ1AbLLJXM2diujd92ZSNIYkUiyJXrEo5DJgjEn1X3Ws=
cache-control: s-maxage=7200, max-age=7200
x-amz-version-id: kbrCPSDCUsY8GVlkKM29UBD.BEcZBDz2
cf-ray: 5bf27c1d8d7b635f-FRA
x-amz-cf-id: nVh9xzFLmTiG1lljwnGsX-mEori0-Wlx9rEMKPb7om5eSMZQt49OMQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 7

GET
H2 200 jquery.fancybox-buttons.js Show response
blog.sonatype.com/hubfs/Plugins/fancybox/source/helpers/ 3 KB
2 KB 32ms
28ms Script
application/javascript 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.sonatype.com/hubfs/Plugins/fancybox/source/helpers/jquery.fancybox-buttons.js?v=1.0.5
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d63b8ad7966c80ce51051da38da14f52b99cfb019aec650b2437fc74fac1560

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:22 GMT
via: 1.1 dc88537beb5e26d4e490ca74560553cd.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-4136544565,P-1958393,FLS-ALL
age: 7121
edge-cache-tag: F-4136544565,P-1958393,FLS-ALL
status: 200
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 7
content-encoding: br
x-amz-request-id: 904687A616AABBCF
cf-request-id: 046b6be6770000635f1823a200000001
last-modified: Sun, 08 Oct 2017 10:41:13 GMT
server: cloudflare
etag: W/"f53c246661fb995a3f12e67fa38e0fa0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-amz-id-2: XfsZE6ihnivpZ3Tgjlx8is52OohOG8tV/uyLPlzU+9pETkD83XtY0mV7PCoNK0Cu1colO33W6PU=
cache-control: s-maxage=7200, max-age=7200
x-amz-version-id: ZE12P4Vy5anoj21v8aesIIqe9Ci1UkLB
x-amz-cf-pop: ATL52-C1
cf-ray: 5bf27c1d8d82635f-FRA
x-amz-cf-id: jjTa29eZXQ9vYU2XE6oWvugMtR2cZoav8vBXfwvrphupU02akxzq4Q==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 7

GET
H2 200 jquery.fancybox-media.js Show response
blog.sonatype.com/hubfs/Plugins/fancybox/source/helpers/ 5 KB
2 KB 653ms
650ms Script
application/javascript 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.sonatype.com/hubfs/Plugins/fancybox/source/helpers/jquery.fancybox-media.js?v=1.0.6
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e53e650a83dbce1ab8d93c365299f2e8f5070c414c9ea302f2422ca65f5fdab4

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:23 GMT
via: 1.1 8528880e4af6df680be8e63d35ed90ee.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-meta-cache-tag: F-4006500847,P-1958393,FLS-ALL
x-amz-cf-pop: ATL52-C1
edge-cache-tag: F-4006500847,P-1958393,FLS-ALL
status: 200
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 7
content-encoding: br
x-amz-request-id: EDBE5567AA9E3699
cf-request-id: 046b6be6770000635f1823b200000001
last-modified: Sun, 08 Oct 2017 10:34:56 GMT
server: cloudflare
etag: W/"c017067f48d97ec4a077ccdf056e6a2e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-amz-id-2: Q5Stk4RZz/nJUTM9EbWNXjeA5OOHy4ING5INmLZPYk2cHhZY/Ji4R0of+6aCdlbkfKAj+NfNRH4=
cache-control: s-maxage=7200, max-age=7200
x-amz-version-id: mHmECpOxlpTVvF.m76YYZ2gUPPyel1xG
cf-ray: 5bf27c1d8d84635f-FRA
x-amz-cf-id: h_oPH2xYDVEtJRbEJvpgazJxcNc1ZHf0yLtlRD8nOqUzCUW2I6ERCA==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 7

GET
H2 200 jquery.fancybox-thumbs.css
blog.sonatype.com/hubfs/Plugins/fancybox/source/helpers/ 735 B
648 B 36ms
33ms Stylesheet
text/css 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.sonatype.com/hubfs/Plugins/fancybox/source/helpers/jquery.fancybox-thumbs.css?v=1.0.7
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d836d81acb5d5e712c55c4f7911d93513fe1d7d0336353085aa5bd0f36b6998c

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:22 GMT
via: 1.1 8b047a56cedc9f5e8593136caff4a83e.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-4027706748,P-1958393,FLS-ALL
age: 3737
edge-cache-tag: F-4027706748,P-1958393,FLS-ALL
status: 200
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 7
content-encoding: br
x-amz-request-id: E9683C5C912718DC
cf-request-id: 046b6be6770000635f18235200000001
last-modified: Sun, 08 Oct 2017 10:36:25 GMT
server: cloudflare
etag: W/"52ddd84a9f42c1d4cd86d518a7f7e8bc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
x-amz-id-2: 4tPArKTMAXJfaqkEw6C5KDIIiA+Zl9TaY0+f8aPrMBpVmuyDkxo6g0kfCbM6TaNWcXexqe7OxXg=
cache-control: s-maxage=7200, max-age=7200
x-amz-version-id: uEwu_H_pGSmwXIYOLYGG4BSsHEGUDz4P
x-amz-cf-pop: ATL52-C1
cf-ray: 5bf27c1d8d7c635f-FRA
x-amz-cf-id: Hemn8R4dHMB22T_UpF8dliD3VIG06-MXlK6sBGIiPXtblha7hBw0qQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 7

GET
H2 200 jquery.fancybox-thumbs.js Show response
blog.sonatype.com/hubfs/Plugins/fancybox/source/helpers/ 4 KB
2 KB 961ms
958ms Script
application/javascript 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.sonatype.com/hubfs/Plugins/fancybox/source/helpers/jquery.fancybox-thumbs.js?v=1.0.7
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0ba02b924fc5beeb370ed64d478401e94a513e970cac2c46266c708348135cf2

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:23 GMT
via: 1.1 1e357724bdb0ea3eaba680124ea9eacb.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-meta-cache-tag: F-4136544560,P-1958393,FLS-ALL
x-amz-cf-pop: ATL52-C1
edge-cache-tag: F-4136544560,P-1958393,FLS-ALL
status: 200
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 7
content-encoding: br
x-amz-request-id: 7ABABDE0DDC7EB06
cf-request-id: 046b6be67a0000635f1823c200000001
last-modified: Sun, 08 Oct 2017 10:41:13 GMT
server: cloudflare
etag: W/"cf1fc1df534eede4cb460c5cbd71aba6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-amz-id-2: ljfW5iIIWL5qU2AED2c7qL3S68hWafm+rNqPAQJwrAL34u9AzqnVh6ad02Md8aGNPfyc1zrCWvM=
cache-control: s-maxage=7200, max-age=7200
x-amz-version-id: TslnQYfkYOrp30w5R4Xsi5EhshX1lwMn
cf-ray: 5bf27c1d9d86635f-FRA
x-amz-cf-id: ECgGiJMx8mFK4ykg5ZpGa6zNwTSfUMaznS_6YRNc9LuT-vUh6O7B-w==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 7

GET
H2 200 cae69742.js Show response
use.fonticons.com/ 601 B
661 B 503ms
423ms Script
text/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fonticons.com/cae69742.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: /
Resource Hash: 92861ccd95894977f67967b2c673b19ac3079ce2ba73eb409560b08a2e756ec4

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:23 GMT
content-encoding: gzip
last-modified: Fri, 22 Apr 2016 13:22:04 GMT
status: 200
etag: "e50d1c66e0803c94f9a401405de86e90"
vary: Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
x-hw: 1596818902.cds020.pa1.hn,1596818902.cds008.pa1.sc,1596818903.cds008.pa1.pr
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=60, private, must-revalidate
accept-ranges: bytes
content-length: 384

GET
H2 200 uc.js Show response
consent.cookiebot.com/ 72 KB
17 KB 76ms
6ms Script
application/javascript 2a02:26f0:6c00::210:bb40
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiebot.com/uc.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:bb40 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 51233b06e111cf3fc385c6384f50f85a0ce5073dbca7044bc421685fdd69055c

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:23 GMT
content-encoding: gzip
last-modified: Fri, 07 Aug 2020 12:58:02 GMT
server: Microsoft-IIS/10.0
etag: "0292062ba6cd61:0"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=445
accept-ranges: bytes
content-length: 17440
expires: Fri, 07 Aug 2020 16:55:48 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 87 KB
34 KB 27ms
20ms Script
application/javascript 2a00:1450:4001:815::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-137036301-1

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

99689a358a697afb2b6bf4d3bba4626550ba00ceb973ff0ba5a401483361bfe2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:23 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34849
x-xss-protection: 0
last-modified: Fri, 07 Aug 2020 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 07 Aug 2020 16:48:23 GMT

GET
H/1.1 200
OK in.js Show response
platform.linkedin.com/ 181 KB
55 KB 34ms
5ms Script
text/javascript 2a01:4a0:1338:28::c38a:ff0b
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.linkedin.com/in.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:4a0:1338:28::c38a:ff0b , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),
Reverse DNS
Software: Play /
Resource Hash: b65146efbf215157bd8e61525d194e8ff826a46a43f9d4fae1e7c35007051866

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 07 Aug 2020 16:48:22 GMT
Content-Encoding: gzip
NEL: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
X-CDN: AKAM
Connection: keep-alive
Content-Length: 55598
X-LI-UUID: D4XAErYHKRagNKdoRisAAA==
Server: Play
X-Li-Pop: prod-ela1
X-CDN-CLIENT-IP-VERSION: IPV6
Vary: Accept-Encoding
Report-To: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
Content-Type: text/javascript; charset=UTF-8
Cache-Control: public, max-age=3600
X-LI-Proto: http/1.1
X-Li-Fabric: prod-lor1
Expires: Fri, 7 Aug 2020 17:00:21 GMT

GET
H2 200 layout.min.css
cdn2.hubspot.net/hub/-1/hub_generated/template_assets/1495141902003/hubspot_default/shared/responsive/ 5 KB
2 KB 47ms
27ms Stylesheet
text/css 2606:4700::6811:f0cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/-1/hub_generated/template_assets/1495141902003/hubspot_default/shared/responsive/layout.min.css
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f0cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 341a4d40ad1b2560db940f906716d0e9539d4c0785399d7e0348fd0d3af00170

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:22 GMT
content-encoding: br
cf-cache-status: HIT
age: 4228
status: 200
x-amz-meta-md5-hash: 0b0c633d59ab0af9553a98c0e7d97349
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 55
cf-request-id: 046b6be6870000c2810619f200000001
last-modified: Thu, 18 May 2017 21:11:43 GMT
server: cloudflare
etag: W/"0b0c633d59ab0af9553a98c0e7d97349"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-cf-pop: IAD79-C2
cf-ray: 5bf27c1da808c281-FRA

GET
H2 200 hs_default_custom_style.min.css
blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/3797839657/1596747365777/In_Use/In_Use_CSS/default/ 52 KB
9 KB 416ms
413ms Stylesheet
text/css 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/3797839657/1596747365777/In_Use/In_Use_CSS/default/hs_default_custom_style.min.css
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bfae724b71eae0c03d30e4b23ce3c6bf2d97fc5a7027b52140e6cbbfd1ee4b88

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:23 GMT
via: 1.1 f88487c9214731db4c82619c9183bf7b.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 8
content-encoding: br
x-amz-request-id: 228AABE4DED6F701
x-amz-id-2: pmIEbMz1PlY9Y8nE1k3bV72G+FQ1wuUzjbWDBqIAurTgq92u+tLqR2rDZ4hqchN5DhVGwE9GDVM=
last-modified: Thu, 06 Aug 2020 20:56:06 GMT
server: cloudflare
etag: W/"0f7f011cf41c4d8a9be6b0d5eeb5d035"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-meta-created-unix-time-millis: 1596747365777
content-type: text/css
cache-control: s-maxage=7200, max-age=7200, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: afL88hu.EkEPD.jVZrXa08Z.RbHL69Nb
cf-request-id: 046b6be67a0000635f1823d200000001
cf-ray: 5bf27c1d9d88635f-FRA
x-amz-cf-id: aEGqKzdl0uOjiBbLi4jW6ApqgMrhhZEGo0F4xjpKFGgXRWQwu9Mdkg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 8

GET
H2 200 Updates-Fall-2017.min.css
blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/5296081041/1595943638332/In_Use/In_Use_CSS/ 138 KB
23 KB 357ms
354ms Stylesheet
text/css 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/5296081041/1595943638332/In_Use/In_Use_CSS/Updates-Fall-2017.min.css
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 38ec705f9642676c192509dd2d75c32126fa2a473ec3b4b6642d34727b547680

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:22 GMT
via: 1.1 ea5efad48fd2ca3e2050f885ef5ad57d.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-cf-pop: EWR53-C2
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 7
content-encoding: br
x-amz-request-id: 3BCB66D82C0AF4C1
x-amz-id-2: 8XWcQu1l5dwj6tgT3psptdOxSU+9Ilx6yJWW6IKwUHTFynV3EjqZYDUk4GiDnqE6b9N3Xxc6ZM8=
last-modified: Tue, 28 Jul 2020 13:40:39 GMT
server: cloudflare
etag: W/"12208d0d9cbe5b60d30ce96ad2169093"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-meta-created-unix-time-millis: 1595943638332
content-type: text/css
cache-control: s-maxage=7200, max-age=7200, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: pFnhXScCeLCFzNO.HamyT3Ow81ds4QcQ
cf-request-id: 046b6be67a0000635f1823e200000001
cf-ray: 5bf27c1d9d8a635f-FRA
x-amz-cf-id: BKaqiU3RyW0fZpGKpYJhj1Nw2wFTxFl5s97j_3oNSc-onGzOBwodPQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 7

GET
H2 200 SON_logo_blog_2.svg
blog.sonatype.com/hubfs/blog%20refresh%202019/ 4 KB
2 KB 290ms
284ms Image
image/svg+xml 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hubfs/blog%20refresh%202019/SON_logo_blog_2.svg
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 93e89f408fdf0e4815d897db24b13189298d5c4717598cea5dc40eeb1ddb8800

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:23 GMT
via: 1.1 009e5e3e32afcd1d135a7234c9da5521.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-7596580702,FD-7315118305,P-1958393,FLS-ALL
age: 7072
edge-cache-tag: F-7596580702,FD-7315118305,P-1958393,FLS-ALL
status: 200
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 7
content-encoding: br
x-amz-request-id: 21DB5D803B2E25BC
cf-request-id: 046b6bea9e0000635f18265200000001
x-amz-id-2: EyEXvscI89hNbjz/Rs41kdjgAhhWjqN2SLUVPEZwur+sE/AziO6tHzP75r1mY0LDn2/5by7DY20=
last-modified: Thu, 05 Dec 2019 18:21:31 GMT
server: cloudflare
etag: W/"dbf0a60db68d67234e5163acc8cacd39"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=7200, max-age=7200
x-amz-version-id: IPbFSPSVjjLbEsPQIRGn2SaVoLpjb1km
x-amz-cf-pop: FRA50-C1
cf-ray: 5bf27c2438ea635f-FRA
x-amz-cf-id: -84-PM5NDoSzZtS2pHlKXkh_Ps5aH2Fy9yQA8Qs41DwQG1mql8NcSw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 7

GET
H2 200 Navigation_Highlight_TryNexus@2x.png
blog.sonatype.com/hs-fs/hubfs/Mega%20Menu/ 71 KB
72 KB 314ms
308ms Image
image/webp 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hs-fs/hubfs/Mega%20Menu/Navigation_Highlight_TryNexus@2x.png?width=400&name=Navigation_Highlight_TryNexus@2x.png
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eb9998887acfe0796b1c599154d85671c0c0c79361c037167ac9c0f1a628ae18

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:24 GMT
via: 1.1 507b5edb20d0e1a0b73c8687f53defa9.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-28835501552,FD-28685810051,P-1958393,FLS-ALL
age: 152900
cf-polished: origFmt=png, origSize=118408
edge-cache-tag: F-28835501552,FD-28685810051,P-1958393,FLS-ALL
status: 200
content-disposition: inline; filename="Navigation_Highlight_TryNexus@2x.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 7
x-amz-request-id: F409159CA5C7FE53
cf-request-id: 046b6bea9e0000635f18266200000001
x-amz-server-side-encryption: AES256
accept-ranges: bytes
last-modified: Mon, 27 Apr 2020 16:11:16 GMT
server: cloudflare
x-cache: Miss from cloudfront
etag: "8021d66ebf091d1da96425ae01f65b8e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
x-amz-id-2: pDPlHdXH6rMdPmRxWrNMdJrWrCoatwQv8294JJslrMasnXNaoVXmW+mPcxaA4gilMz5fV3wQ+8I=
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: ..1.Lu4FAFcfEdmd5SLL3QOQNWApVDlW
x-amz-cf-pop: FRA6-C1
content-length: 72704
cf-ray: 5bf27c2438eb635f-FRA
x-amz-cf-id: 6pncJIaKaUB-KG0fI3Y_32XzPy0pvHNjzm-VO7jQ0MsxOoAc7AsDCg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 7

GET
H2 200 Navigation_Highlight_%20NexusPlatform@2x.png
blog.sonatype.com/hs-fs/hubfs/Mega%20Menu/ 42 KB
43 KB 838ms
832ms Image
image/webp 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hs-fs/hubfs/Mega%20Menu/Navigation_Highlight_%20NexusPlatform@2x.png?width=400&name=Navigation_Highlight_%20NexusPlatform@2x.png
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 65d038a4f0c4243c9759b2eb09d74939db86f9d9f2266f31de66d99522e5e09d

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:24 GMT
via: 1.1 a0538eb5a32d7c22fe436214e4dfb72f.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-28835501551,FD-28685810051,P-1958393,FLS-ALL
age: 141644
cf-polished: origFmt=png, origSize=72799
edge-cache-tag: F-28835501551,FD-28685810051,P-1958393,FLS-ALL
status: 200
content-disposition: inline; filename="Navigation_Highlight_%20NexusPlatform@2x.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 7
x-amz-request-id: BD962BB18D444423
cf-request-id: 046b6bea9e0000635f18267200000001
x-amz-server-side-encryption: AES256
accept-ranges: bytes
last-modified: Mon, 27 Apr 2020 16:11:15 GMT
server: cloudflare
x-cache: Miss from cloudfront
etag: "3f7ba7361ed6be7c113db62ac3849744"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
x-amz-id-2: FwKTkWueQvkV7egy+cs4E4VgLMiWH7IDTohv3j/Bx7qjAf7EnOS59QlpiU3TosN2Ynb4HmfIeec=
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: 1ohDiWKnXJYRKLn41TeTmfUw.oiXT23C
x-amz-cf-pop: ATL52-C1
content-length: 43342
cf-ray: 5bf27c2438ec635f-FRA
x-amz-cf-id: 854v3nS7FviZRhbtvy3AEMMiaAGAmj0-2fL6Pzw4FH78MllEpHv29A==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 7

GET
H2 200 Navigation_Highlight_%20DSOCS@2x.png
blog.sonatype.com/hs-fs/hubfs/Mega%20Menu/ 48 KB
49 KB 396ms
390ms Image
image/webp 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hs-fs/hubfs/Mega%20Menu/Navigation_Highlight_%20DSOCS@2x.png?width=400&name=Navigation_Highlight_%20DSOCS@2x.png
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e4efbe814bdddca4d0dc50ef08086a123871779d76cfa97f8712079622d7fe23

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:24 GMT
via: 1.1 a9a82c6ad2c0185f055db828a53810d9.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-28835580670,FD-28685810051,P-1958393,FLS-ALL
age: 3240
cf-polished: origFmt=png, origSize=79849
edge-cache-tag: F-28835580670,FD-28685810051,P-1958393,FLS-ALL
status: 200
content-disposition: inline; filename="Navigation_Highlight_%20DSOCS@2x.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 7
x-amz-request-id: 87AA4A64A186E74E
cf-request-id: 046b6bea9f0000635f18268200000001
x-amz-server-side-encryption: AES256
accept-ranges: bytes
last-modified: Mon, 27 Apr 2020 16:11:15 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "76a912101caafc56558918622ab4d126"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
x-amz-id-2: Tte3yn9UcknbZFiYQaM0uZ2Gw7xDkgSUAbg77gerbzf6mKo/CKUOJXWI9s4pH3TfaTdV9+ft7gA=
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=7200, max-age=7200
x-amz-version-id: 8ob8UWxAA2n7hG2UrAd6j95K1BgTvzdz
x-amz-cf-pop: ATL52-C1
content-length: 49230
cf-ray: 5bf27c2438ed635f-FRA
x-amz-cf-id: _BIwhBmEC89V6tFbq0SeU6wgH9BJeLW_qnSGi_4CjzHK4EuIcscxdg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 7

GET
H2 200 Navigation_Highlight_Careers@2x.png
blog.sonatype.com/hs-fs/hubfs/Mega%20Menu/ 52 KB
52 KB 835ms
829ms Image
image/webp 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hs-fs/hubfs/Mega%20Menu/Navigation_Highlight_Careers@2x.png?width=400&name=Navigation_Highlight_Careers@2x.png
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cde7a1802fe1062fe828b9daf5e8549871590adba896f174b6a76a9bab3f1595

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:24 GMT
via: 1.1 0b00705d5489207e9b2ca43397d52bfc.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-28835416895,FD-28685810051,P-1958393,FLS-ALL
age: 6383
cf-polished: origFmt=png, origSize=89362
edge-cache-tag: F-28835416895,FD-28685810051,P-1958393,FLS-ALL
status: 200
content-disposition: inline; filename="Navigation_Highlight_Careers@2x.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 7
x-amz-request-id: 1A0F6BA1093F909E
cf-request-id: 046b6bea9f0000635f18269200000001
x-amz-server-side-encryption: AES256
accept-ranges: bytes
last-modified: Mon, 27 Apr 2020 16:11:16 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "522dd42f85181d39dc2ce53c7ae401a1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
x-amz-id-2: JDcj5jsE5L2TqhUPlcdthY8kJ2823AoamRmHmS1BUpWc8N+v7rOTl+6xFHD5NDAhFQOclhLwLRk=
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=7200, max-age=7200
x-amz-version-id: apErcCQPMKtq2LV.w3.vIbJ2LZfDs9Vn
x-amz-cf-pop: ATL52-C1
content-length: 53014
cf-ray: 5bf27c2438ee635f-FRA
x-amz-cf-id: P4MGZHrYxAc6x-GAY5Wb8a32on6a3Luyo5guTmrpwP4OkNZq1Mrevg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 7

GET
H2 200 facebook-circle-trim.png
blog.sonatype.com/hs-fs/hubfs/ 352 B
908 B 964ms
958ms Image
image/webp 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hs-fs/hubfs/facebook-circle-trim.png?width=24&name=facebook-circle-trim.png
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b00f293c3285a01ee643cab82de73207181f75903bd29b69cb23283bc034b821

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:24 GMT
via: 1.1 7b32163caf7e91fe96df7bbeaa58c0f9.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-cf-pop: IAD89-C1
cf-polished: origFmt=png, origSize=981
edge-cache-tag: F-6716653300,P-1958393,FLS-ALL
status: 200
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="facebook-circle-trim.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 7
content-length: 352
cf-request-id: 046b6bea9f0000635f1826a200000001
x-amz-server-side-encryption: AES256
last-modified: Tue, 28 Jul 2020 04:57:59 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "bc235e901b086104bff6617d8a8d3feb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=7200, max-age=7200
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 5bf27c2438ef635f-FRA
x-amz-cf-id: xY30uOOEf749tcZBXIF_1aDJK-pR1OHa0U2qGTjI72wmlqAE1xDjDw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 7

GET
H2 200 Linked-In-Circle-trim.png
blog.sonatype.com/hs-fs/hubfs/ 386 B
742 B 376ms
371ms Image
image/webp 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hs-fs/hubfs/Linked-In-Circle-trim.png?width=24&name=Linked-In-Circle-trim.png
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 66dfe73819ce6524eb90c7e5ee5cd24888e7bd3b10d913cd897b5851c7f3952b

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:24 GMT
via: 1.1 6b7e1e42d74fd61097787cc6c1a37c35.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-cf-pop: IAD89-C1
cf-polished: origFmt=png, origSize=1013
edge-cache-tag: F-6716653299,P-1958393,FLS-ALL
status: 200
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="Linked-In-Circle-trim.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 7
content-length: 386
cf-request-id: 046b6bea9f0000635f1826b200000001
x-amz-server-side-encryption: AES256
last-modified: Thu, 23 Jul 2020 07:14:01 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "7fdce0e538626be37250f08c29504918"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=7200, max-age=7200
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 5bf27c2438f1635f-FRA
x-amz-cf-id: OM2oZ6JwvuiOgb_B0327AjYk0KfkXUXgf_n-lsy5cOeyDpNMHtOPhQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 7

GET
H2 200 Twitter-circle-trim.png
blog.sonatype.com/hs-fs/hubfs/ 380 B
921 B 262ms
256ms Image
image/webp 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hs-fs/hubfs/Twitter-circle-trim.png?width=24&name=Twitter-circle-trim.png
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 949e1fa3257c3858c76febfdec7cc3b47ac0fee3f877b2ca9b6450230ae7772c

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:23 GMT
via: 1.1 f2c051917a765f1d1a1cd2ce1622adb9.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-cf-pop: IAD89-C1
cf-polished: origFmt=png, origSize=1004
edge-cache-tag: F-6716653301,P-1958393,FLS-ALL
status: 200
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="Twitter-circle-trim.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 7
content-length: 380
cf-request-id: 046b6bea9f0000635f1826c200000001
x-amz-server-side-encryption: AES256
last-modified: Thu, 23 Jul 2020 07:14:01 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "1fe8c1c4dad561372839a5148b1d073f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=7200, max-age=7200
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 5bf27c2438f4635f-FRA
x-amz-cf-id: o-2VjyH1qZMa_27SSXoS32_mGLjt7Eawbue0IzL01B7W2TWGV0PeWw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 7

GET
H2 200 mail-circle.png
blog.sonatype.com/hs-fs/hubfs/ 384 B
855 B 830ms
825ms Image
image/webp 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hs-fs/hubfs/mail-circle.png?width=24&name=mail-circle.png
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 05bb75a7fe65fa8c26a10b4b0ef0f404b9b079a198cf08da345fd2448533d36f

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:24 GMT
via: 1.1 547c5e28f010be7961f641c3903c0954.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-cf-pop: IAD89-C1
cf-polished: origFmt=png, origSize=1178
edge-cache-tag: F-6653767664,P-1958393,FLS-ALL
status: 200
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="mail-circle.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 7
content-length: 384
cf-request-id: 046b6bea9f0000635f1826d200000001
x-amz-server-side-encryption: AES256
last-modified: Tue, 28 Jul 2020 04:57:58 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "37ec9df56a80a70a73828b20eea15365"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=7200, max-age=7200
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 5bf27c2438f5635f-FRA
x-amz-cf-id: rBNPuXn_1tup95AUHGciYcOiIgvf42dnG3AlymiA8XnB0vjloYwarQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 7

GET
H2 200 GettyImages-1136194297.jpg
blog.sonatype.com/hubfs/ 51 KB
52 KB 39ms
34ms Image
image/webp 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hubfs/GettyImages-1136194297.jpg
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 117287a4234991e45089e34c6ce80ad952f39fa444ff8fac8db4c535db2980d9

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:23 GMT
via: 1.1 62dc260e32d7b9197a4511447f6a264a.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-27169144581,P-1958393,FLS-ALL
age: 98439
cf-polished: qual=85, origFmt=jpeg, origSize=163254
edge-cache-tag: F-27169144581,P-1958393,FLS-ALL
status: 200
content-disposition: inline; filename="GettyImages-1136194297.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 7
x-amz-request-id: CK7S0NAVCVANFT1G
cf-request-id: 046b6bea9f0000635f1826e200000001
x-amz-server-side-encryption: AES256
accept-ranges: bytes
last-modified: Tue, 17 Mar 2020 13:57:46 GMT
server: cloudflare
x-cache: Miss from cloudfront
etag: "78984a33d09d7eb00d53debc8184c5ad"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
x-amz-id-2: eGpP26LqIYVnWvgsL6vyvPvpqrz2SviejFYYnBkHSXDtlB9QuINJ0DQ03GbuXi+Z3GGU7dNHqOM=
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: iF0cPL5RwJNasgH72m01UVRfhvacgfHs
x-amz-cf-pop: FRA6-C1
content-length: 52214
cf-ray: 5bf27c2438f7635f-FRA
x-amz-cf-id: 1Rt5j1_cjABupe5jFMshmK6Nv8qxzEMKvU1dUX5oknByFcD2uOgjWw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 7

GET
H2 200 spring%20web%20services%20attack%20mechanics.png
blog.sonatype.com/hs-fs/hubfs/Nexus%20Intelligence%20Insights/ 52 KB
53 KB 314ms
309ms Image
image/webp 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hs-fs/hubfs/Nexus%20Intelligence%20Insights/spring%20web%20services%20attack%20mechanics.png?width=713&name=spring%20web%20services%20attack%20mechanics.png
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e5abe4ca97f6099abf2cf40097a3b337e4061ce155260db4aed7c9cd082af796

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:24 GMT
via: 1.1 7a99ed3f39c18af8fe138a695e5f657d.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-cf-pop: IAD89-C1
cf-polished: origFmt=png, origSize=82162
edge-cache-tag: F-24781675988,FD-7261002921,P-1958393,FLS-ALL
status: 200
content-disposition: inline; filename="spring%20web%20services%20attack%20mechanics.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 7
content-length: 53546
cf-request-id: 046b6bea9f0000635f1826f200000001
x-cache: RefreshHit from cloudfront
last-modified: Thu, 23 Jan 2020 19:43:25 GMT
server: cloudflare
etag: "de5b287f7589eff798fa543136e9a718"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=7200, max-age=7200
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 5bf27c2438fa635f-FRA
x-amz-cf-id: kN2vCvxdU2xxi3qLu6qG5lrHE0Jgvwu_qExXymFpLx3L6F7InPOPew==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 7

GET
H2 200 akshay%20ax%20sharma.jpeg
blog.sonatype.com/hubfs/ 33 KB
34 KB 38ms
33ms Image
image/webp 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hubfs/akshay%20ax%20sharma.jpeg
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4e57bed5ad74d01e390c6c88cff69a8a573c8d08a127f4dfe8fc80f397504d51

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:23 GMT
via: 1.1 04599a8a3c6eb66f23e5ae02d1ec4cf2.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-7618951662,P-1958393,FLS-ALL
age: 30706
cf-polished: qual=85, origFmt=jpeg, origSize=58267
edge-cache-tag: F-7618951662,P-1958393,FLS-ALL
status: 200
content-disposition: inline; filename="akshay%20ax%20sharma.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 8
x-amz-request-id: 8B46937EF1DEA3A2
cf-request-id: 046b6beaa30000635f18270200000001
x-cache: Miss from cloudfront
accept-ranges: bytes
last-modified: Fri, 15 Feb 2019 17:59:33 GMT
server: cloudflare
etag: "05bf826725f866d18596285df12261d6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
x-amz-id-2: w7i9CsA8yzNBfvv03ESxsv8mzVBsXl17gj9xwMrmM9P8UxzSMhMxZLacUQ8X1KYoPy/q2FAnZ14=
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: eJ4YI7RINvXgKM3v312ykCq5Y_UAIELs
x-amz-cf-pop: FRA6-C1
content-length: 33742
cf-ray: 5bf27c2438fb635f-FRA
x-amz-cf-id: eoI0V-sj_e2uZAiw1lJwiv7b4ls-Ev6eYsgvjc7lkIGtmQbXTSDffQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 8

GET
H2 200 GettyImages-873140878.jpg
blog.sonatype.com/hubfs/ 26 KB
27 KB 50ms
45ms Image
image/webp 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hubfs/GettyImages-873140878.jpg
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a00c7f91f44ea4c1682000c7eaf09760f8058ea7be36659e8e5cedeccf471c3d

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-request-id: 046b6beaa30000635f18271200000001
x-amz-meta-cache-tag: F-33025565328,P-1958393,FLS-ALL
age: 118615
x-amz-server-side-encryption: AES256
edge-cache-tag: F-33025565328,P-1958393,FLS-ALL
status: 200
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="GettyImages-873140878.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 7
x-amz-request-id: 155F0505440DC1D6
cf-bgj: imgq:85,h2pri
etag: "15c9a2295be35fb0a3e75029b588fbd6"
vary: Accept, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1596041488066
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 7
date: Fri, 07 Aug 2020 16:48:23 GMT
via: 1.1 c7c8dcc6785a9e88d0e0c0665db06901.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: ATL52-C1
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=80580
x-cache: Miss from cloudfront
x-amz-meta-index-tag: all
content-length: 26590
x-amz-id-2: GZnk6qEovGIR5xOhyejRWLL2rlsUtJwAx3+e9Ich4D45AaySAPmZTYYkBVu1ZvdazIqiOZ3PTLs=
last-modified: Wed, 29 Jul 2020 16:51:29 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-amz-version-id: ZCMBxEDDa.f_uVlSB.SbA59umtgOkl9T
accept-ranges: bytes
cf-ray: 5bf27c2438fc635f-FRA
x-amz-cf-id: 52jb9HM8n6DmxcXixseap9w9zhDPLSkvDlBajWBF4E3EEOvsbeqacA==

GET
H2 200 GettyImages-172247136.png
blog.sonatype.com/hubfs/ 625 KB
627 KB 601ms
597ms Image
image/webp 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hubfs/GettyImages-172247136.png
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 201cbae3717eaa34fa9ab55208bc0831fbb3df26e1569a62df1f2eca6e992483

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:24 GMT
via: 1.1 3ef066dcf359ad5dbc339df978147194.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-meta-cache-tag: F-29039545785,P-1958393,FLS-ALL
x-amz-cf-pop: FRA54
cf-polished: origFmt=png, origSize=850017
edge-cache-tag: F-29039545785,P-1958393,FLS-ALL
status: 200
content-disposition: inline; filename="GettyImages-172247136.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 7
x-amz-request-id: B6DB608FC8BAC445
cf-request-id: 046b6beaa30000635f18272200000001
x-amz-server-side-encryption: AES256
accept-ranges: bytes
last-modified: Mon, 04 May 2020 17:17:32 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "be47ae60d054d58f7d137dea68fd369d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
x-amz-id-2: AKtIKeZqpawLEgZBjB8chN2zKGQOZYMticaZ6KLHTsTvl3iZu5rFyELWVzV+e7UZ5RoPbTyYBiE=
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=7200, max-age=7200
x-amz-version-id: fjnHnRH7EhD6WNVN6U5xYbDE9dTZFciW
content-length: 640490
cf-ray: 5bf27c2438fd635f-FRA
x-amz-cf-id: WdgFeZTceEHBrybUzW_GwZRPWICcl_0wZufdLVZCPawOMkCPYG1h1w==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 7

GET
H2 200 GettyImages-880534636.png
blog.sonatype.com/hubfs/ 753 KB
754 KB 607ms
602ms Image
image/webp 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hubfs/GettyImages-880534636.png
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f26d5485419f696dd0bf8a374a3635b75f47d9979055710718f9ba0638f4409c

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:24 GMT
via: 1.1 d12467f4c051603df707c4dfa0fee85d.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-meta-cache-tag: F-28633735220,P-1958393,FLS-ALL
x-amz-cf-pop: FRA54
cf-polished: origFmt=png, origSize=974549
edge-cache-tag: F-28633735220,P-1958393,FLS-ALL
status: 200
content-disposition: inline; filename="GettyImages-880534636.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 7
x-amz-request-id: 88C10BD43B7B95EF
cf-request-id: 046b6beaa30000635f18273200000001
x-amz-server-side-encryption: AES256
accept-ranges: bytes
last-modified: Wed, 22 Apr 2020 16:14:33 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "556b1376cbf93d1864df6ae08f7f199d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
x-amz-id-2: n9w4g2/SEV/b56uVhOSy3589oPv71ok9WPU9At+At8+x88fa16nmSKwLgKc1ux976wc0zq2x4FA=
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=7200, max-age=7200
x-amz-version-id: KqrHMxqTO1VNPiiHD1dQRTRMP3DmqzA7
content-length: 770852
cf-ray: 5bf27c2438fe635f-FRA
x-amz-cf-id: mGfztad1es5Lv7cGqniW7lx-_0_RO27xsZbfk8VbtjhiSn4wcRLkeQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 7

GET
H2 200 GettyImages-1128132157.png
blog.sonatype.com/hubfs/ 537 KB
538 KB 585ms
581ms Image
image/webp 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hubfs/GettyImages-1128132157.png
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5ca396b5b4e495fafd0df81ba632364598cd3e949e1439f42fa7932065090bf6

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:24 GMT
via: 1.1 24475cc722041223cf99f56b55432566.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-meta-cache-tag: F-30547058998,P-1958393,FLS-ALL
x-amz-cf-pop: FRA50-C1
cf-polished: origFmt=png, origSize=707372
cf-ray: 5bf27c2438ff635f-FRA
edge-cache-tag: F-30547058998,P-1958393,FLS-ALL
status: 200
content-disposition: inline; filename="GettyImages-1128132157.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 7
x-amz-request-id: C6273522033D6F15
cf-request-id: 046b6beaa30000635f18274200000001
x-amz-meta-index-tag: all
x-amz-server-side-encryption: AES256
accept-ranges: bytes
last-modified: Thu, 11 Jun 2020 15:31:55 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "3ec1bef582ee1d16ad3806095ccc1ae2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
x-amz-id-2: AGMkYqlLAAY4fMhKee1ZUP/fUJ9QZQAbF8eYVusy6yHa259eebD2EDZHTcFXxMpkGFcx7saGft0=
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=7200, max-age=7200
x-amz-version-id: 5WaaBgtY_Njwqo9uY3f8O.1UYODl7EpJ
content-length: 549918
x-robots-tag: all
x-amz-cf-id: MUllRaHqfPGnxLoFnOtTjrk70NvYPC0pVr5CIVlzDOnQldJuaFzwlg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 7

GET
H2 200 GettyImages-168498753.png
blog.sonatype.com/hubfs/ 594 KB
595 KB 43ms
39ms Image
image/webp 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hubfs/GettyImages-168498753.png
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3180b6c16241857feaf47eb5781e8f936d82069ae80569ced4f8cab9170d03dc

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:23 GMT
via: 1.1 1463b274b31e0310acc7c754b8b5a550.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-29035496983,P-1958393,FLS-ALL
age: 6586
cf-polished: origFmt=png, origSize=809370
edge-cache-tag: F-29035496983,P-1958393,FLS-ALL
status: 200
content-disposition: inline; filename="GettyImages-168498753.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 7
x-amz-request-id: C79ECB7C15C88510
cf-request-id: 046b6beaa30000635f18275200000001
x-amz-server-side-encryption: AES256
accept-ranges: bytes
last-modified: Mon, 04 May 2020 16:23:06 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "a777def3c39d83b2cfb0c6e3812d5c1c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
x-amz-id-2: ETdk5IFfkkOO7xUr3mKwvcfGuFf1kTMmTsP+PeXj5MWb5cGIdjS6Ds3VDMM/bATX0zPOVu/g+Sg=
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=7200, max-age=7200
x-amz-version-id: O49zBnsXUPCKzFIkt.6RdOu8JaFtD0Fn
x-amz-cf-pop: FRA54
content-length: 608474
cf-ray: 5bf27c243900635f-FRA
x-amz-cf-id: oB6X5S1tCPEi4prSC5D-8VeeoM_rZYvuawslWbTJOrsF6nSRqhYMkw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 7

GET
H2 200 SON_logo_white@2x%20copy%20trimmed.png
blog.sonatype.com/hs-fs/hubfs/ 1 KB
2 KB 359ms
355ms Image
image/webp 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hs-fs/hubfs/SON_logo_white@2x%20copy%20trimmed.png?width=130&name=SON_logo_white@2x%20copy%20trimmed.png
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bb569351e01a343124bf4a87bc8348669a5850a82d9fff7d476372e22da386af

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:24 GMT
via: 1.1 6b7e1e42d74fd61097787cc6c1a37c35.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-cf-pop: IAD89-C1
cf-polished: origFmt=png, origSize=2706
edge-cache-tag: F-7285975615,P-1958393,FLS-ALL
status: 200
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="SON_logo_white@2x%20copy%20trimmed.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 7
content-length: 1414
cf-request-id: 046b6beaa30000635f18276200000001
x-amz-server-side-encryption: AES256
last-modified: Thu, 23 Jul 2020 07:12:20 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "3a13c9a22d30695f382da4356d189ee6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=7200, max-age=7200
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 5bf27c243901635f-FRA
x-amz-cf-id: 6ag6MGkNTG55Oh3wHGqWL7jn059dfr875XfXaQKl5uPMdIKQO3YfqQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 7

GET
H2 200 SON_logo_white@2x%20copy%20trimmed.png
blog.sonatype.com/hs-fs/hubfs/ 2 KB
2 KB 307ms
304ms Image
image/webp 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.sonatype.com/hs-fs/hubfs/SON_logo_white@2x%20copy%20trimmed.png?width=145&name=SON_logo_white@2x%20copy%20trimmed.png
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1e0c082f8f5ea340d2efba890eb6d39f2c589448c58d36fdb57d9f85b41aae9f

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:24 GMT
via: 1.1 6bc1c280aeef9bbdeb102c7f4e4f773e.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-cf-pop: IAD89-C1
cf-polished: origFmt=png, origSize=3091
edge-cache-tag: F-7285975615,P-1958393,FLS-ALL
status: 200
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="SON_logo_white@2x%20copy%20trimmed.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 8
content-length: 1536
cf-request-id: 046b6beaa30000635f18277200000001
x-amz-server-side-encryption: AES256
last-modified: Thu, 23 Jul 2020 07:12:21 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "be48823459b82e2da3cdc889339ac2f9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=7200, max-age=7200
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 5bf27c243902635f-FRA
x-amz-cf-id: -NamgjDkh8kpi8ZJPv7H_xXKx3zULyUJ_MZzOj135iJZwHa9Llp5_Q==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 8

GET
H2 200 module_32122305720_NUC_Sticky_Info_box.min.js Show response
blog.sonatype.com/hs-fs/hub/1958393/hub_generated/module_assets/32122305720/1595434277340/ 720 B
881 B 780ms
780ms Script
application/javascript 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/module_assets/32122305720/1595434277340/module_32122305720_NUC_Sticky_Info_box.min.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ee5b5ee7a762f2962fb36c6a9596f7d2cb1d63390a0ec0b896a0b67c66ac21dd

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:24 GMT
via: 1.1 f88487c9214731db4c82619c9183bf7b.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 7
content-encoding: br
x-amz-request-id: 4885982C4609109B
x-amz-id-2: 33l/gJh/8Fp9xDMeIS26XahaU/naibCSsNxZTGz994KEMou8Nhtjj31FXGTu6NH8Ymb2WLYdEx4=
last-modified: Wed, 22 Jul 2020 16:11:18 GMT
server: cloudflare
etag: W/"4fb7f83e6bd418f1ec3c6ef74d9c67b4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-meta-created-unix-time-millis: 1595434277340
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=7200, max-age=7200, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: klah.ONalYGo.8K_PEeirDez4HC69bqb
cf-request-id: 046b6bea350000635f1825e200000001
cf-ray: 5bf27c23889e635f-FRA
x-amz-cf-id: NKoExEZEhMZGjt7KjcUzlFjvvUwT7RgFHpkmatHQR6i83srOZ2nj0w==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 7

GET
H2 200 module_28632893861_MEGA_Menu_Code.min.js Show response
blog.sonatype.com/hs-fs/hub/1958393/hub_generated/module_assets/28632893861/1595434276806/ 930 B
720 B 815ms
814ms Script
application/javascript 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/module_assets/28632893861/1595434276806/module_28632893861_MEGA_Menu_Code.min.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 691aac6e802ac9fd9a5e263b9d98db647773a7a8a2e9b26f64446fc328f25c56

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:24 GMT
via: 1.1 f8d8b16a7820702de048e041a1ec7840.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-cf-pop: EWR52-C3
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 7
content-encoding: br
x-amz-request-id: 6BA56EC43E3F9A7A
x-amz-id-2: 6MaRtJuvWWmmcnDGdd1pEn4OlZLfJFDJRpW4RbTxJ0Oiyuxj+qy1fnBsfge7SA8zTl2U89Ru1G4=
last-modified: Wed, 22 Jul 2020 16:11:17 GMT
server: cloudflare
etag: W/"93abfb13d40753e71789e9a9e44879ad"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-meta-created-unix-time-millis: 1595434276806
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=7200, max-age=7200, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: a6UXioPceZDaOCDI8FMnfOd.Mcus6wx3
cf-request-id: 046b6bea780000635f18261200000001
cf-ray: 5bf27c23f8d1635f-FRA
x-amz-cf-id: uWMMLWeh8HkixZdhVCa8HMWYzbKeS_3L4Zddnd6UlcvMFUb4jzRefg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 7

GET
H2 200 1958393.js Show response
blog.sonatype.com/hs/scriptloader/ 1 KB
648 B 189ms
186ms Script
application/javascript 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.sonatype.com/hs/scriptloader/1958393.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3216a0741ab2371f6d6f5c53639bcd5326971922e9501167e290f13dc4fa3133

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:23 GMT
content-encoding: br
cf-cache-status: EXPIRED
server: cloudflare
x-trace: 2B86B149E8544FDADFB98CDA933C9829FA20C8D0FB000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
status: 200
cache-control: public, max-age=60
access-control-allow-credentials: false
cf-ray: 5bf27c243903635f-FRA
cf-request-id: 046b6beaa30000635f18278200000001
expires: Fri, 07 Aug 2020 16:49:23 GMT

GET
H2 200 Sonatype-Main.min.js Show response
blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/5296077409/1591124939867/Not_in_Use/ 1 KB
761 B 364ms
357ms Script
application/javascript 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/5296077409/1591124939867/Not_in_Use/Sonatype-Main.min.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7c746ec617a393d32926056ad52d0069fa5ef72877ded40903ce0f5ebde49d97

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:24 GMT
via: 1.1 7b32163caf7e91fe96df7bbeaa58c0f9.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-cf-pop: IAD89-C1
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
status: 200
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 5
content-encoding: br
x-amz-request-id: 37CE61F7860DC9CE
x-amz-id-2: IfZuzPeqH+USa8znPEiRxOdhb59EeGHQgjrGnSj5fd/sZVNDLsHEUmPj9QCrr/pBHu+SfNvJvLo=
last-modified: Tue, 02 Jun 2020 19:09:00 GMT
server: cloudflare
etag: W/"305b87334a6634b554a9967df3d70402"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=7200, max-age=7200, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: FK0Wa_jlSA2D9H4B08wvMA0eavgnomHP
cf-request-id: 046b6bea9e0000635f18264200000001
cf-ray: 5bf27c2438e9635f-FRA
x-amz-cf-id: zzGKNQviR8Df-Jc84qkN8OIVq8BpTjt369UTFWf_cj74Q36Fqrljwg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 5

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 146 KB
39 KB 28ms
25ms Script
application/javascript 2a00:1450:4001:815::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TT8R4P

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

824ceac9db21564e212d611747805c4da1c06e4092ca746b5846e3bb83e14fd4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:23 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40043
x-xss-protection: 0
last-modified: Fri, 07 Aug 2020 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 07 Aug 2020 16:48:23 GMT

GET
H2 200 cae69742.css
fonticons-free-fonticons.netdna-ssl.com/kits/cae69742/ 9 KB
6 KB 124ms
25ms Stylesheet
text/css 108.161.188.228
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://fonticons-free-fonticons.netdna-ssl.com/kits/cae69742/cae69742.css
Requested by: Host: use.fonticons.com
URL: https://use.fonticons.com/cae69742.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.161.188.228 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: NetDNA-cache/2.2 /
Resource Hash: a9d2e153861f6e5ba4b46024c013ae7765411ac3df1976d625c8a5e5dbd032b5

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:23 GMT
content-encoding: gzip
last-modified: Fri, 22 Apr 2016 13:22:03 GMT
server: NetDNA-cache/2.2
etag: W/"c1f1042b6b09a16128262df725078926"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
x-cache: HIT
content-type: text/css
status: 200
cache-control: max-age=60, private, must-revalidate

GET
H2 200 99hz8ezzd9gu.js Show response
js.driftt.com/include/1596819000000/ 137 KB
45 KB 198ms
138ms Script
application/javascript 143.204.201.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1596819000000/99hz8ezzd9gu.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

143.204.201.80 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-201-80.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

aa371b695a477025f6fd48693baea5a6ed0ff4eb71c5a660d854e543b2370013

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:23 GMT
content-encoding: gzip
x-amz-cf-pop: FRA53-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
status: 200
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 28 Jul 2020 17:19:26 GMT
server: nginx
etag: W/"c0ffecccae38fb92e490ef3de88a7ffe"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=UTF-8
via: 1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront)
cache-control: max-age=10
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: I05Zj1p5lS9jxXzV9IF02JYBGVfakjnggNNCTm5ZYr0-pzzLYKYr7A==

GET
H2 200 ressponsive.min.css
cdn2.hubspot.net/hub/1958393/hub_generated/template_assets/1470395970193/custom/page/web_page_basic/ 77 B
369 B 24ms
23ms Stylesheet
text/css 2606:4700::6811:f0cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/1958393/hub_generated/template_assets/1470395970193/custom/page/web_page_basic/ressponsive.min.css
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f0cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7fc32dbd9d7ba36243de341ee5f34a64a9ae095afee6ada8ce1f3d14c22c1dfd

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:23 GMT
content-encoding: br
cf-cache-status: HIT
age: 5759
status: 200
x-amz-meta-md5-hash: e1be8528cd2b50bd34b2434539994980
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 55
cf-request-id: 046b6bea950000c281061e1200000001
last-modified: Fri, 05 Aug 2016 11:19:31 GMT
server: cloudflare
etag: W/"e1be8528cd2b50bd34b2434539994980"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-cf-pop: IAD79-C3
cf-ray: 5bf27c242d9dc281-FRA

GET
H2 200 Proxima-Nova-Extras.css
www.sonatype.com/hubfs/Fonts/ 6 KB
1 KB 26ms
25ms Stylesheet
text/css 2606:4700::6811:73b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sonatype.com/hubfs/Fonts/Proxima-Nova-Extras.css
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:73b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d4308de018a95634260c56b7806ed795a797b9352e36dc10ed3cfd8262fc39f3

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:23 GMT
via: 1.1 8fd23adcee29b78303863f20d62cabd8.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-28057205616,FD-3797246449,P-1958393,FLS-ALL
age: 7103
x-amz-server-side-encryption: AES256
edge-cache-tag: F-28057205616,FD-3797246449,P-1958393,FLS-ALL
status: 200
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 7
content-encoding: br
x-amz-request-id: 8D25577E12DCE513
cf-request-id: 046b6bea9400009ab69c388200000001
last-modified: Mon, 06 Apr 2020 20:03:28 GMT
server: cloudflare
etag: W/"081ee9523e1034ef58341ede01254dfb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
x-amz-id-2: ahcvKdDDGt+XLJx7hn1x9IwHIiSIrVsN7JSiqUJL31DIR6J/PoX9CJIrdiysHY0lukGX3hDeXfU=
cache-control: s-maxage=7200, max-age=7200
x-amz-version-id: YgXnGlF4WQ1AstClwlTILsPDXJB27Jsh
x-amz-cf-pop: ATL52-C1
cf-ray: 5bf27c242af59ab6-FRA
x-amz-cf-id: w55El1e5OQPAL-EpvUkVz3BTKkEMS26IjtS4WtjjJm-WgehqE5BHaw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 7

GET
H2 200 proximanova.css
cdn2.hubspot.net/hubfs/1958393/Fonts/ 4 KB
1 KB 30ms
29ms Stylesheet
text/css 2606:4700::6811:f0cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hubfs/1958393/Fonts/proximanova.css
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f0cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 549bf3e4406e886adc00448706a432b1c5633532df4098acc5235be3459da32d

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:23 GMT
via: 1.1 4d1cbe225c5d30aa78ec9a6fa1ba4211.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-3944818967,P-1958393,FLS-ALL
age: 5759
edge-cache-tag: F-3944818967,P-1958393,FLS-ALL
status: 200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 55
content-encoding: br
x-amz-request-id: C00BB8382BB3B5BE
cf-request-id: 046b6bea950000c281061e2200000001
last-modified: Sun, 08 Oct 2017 10:31:18 GMT
server: cloudflare
etag: W/"82d3f802db703aec190e50c8ae99deab"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: Nx1ip_m09IOUG29Oo2hvpQOOKZSH0Vcn
x-amz-cf-pop: FRA53
cf-ray: 5bf27c242da0c281-FRA
x-amz-cf-id: HpdbQcc1HdxGRrLvR-FAusGWY9kgHiyPTlxKjn5ENKLkx0SG7N8tZg==
x-amz-id-2: wf5vXk1Ce5tQFn9XseNDlLZANxHOhniDwHwwJc5uBVKnU4kx55jn+qmeW3sbIA2CkFWQ+ELi7Ro=

GET
H2 200 font-awesome.css
cdn2.hubspot.net/hubfs/1958393/Fonts/font-awesome/css/ 32 KB
7 KB 29ms
29ms Stylesheet
text/css 2606:4700::6811:f0cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hubfs/1958393/Fonts/font-awesome/css/font-awesome.css
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f0cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 082b0736a3408950e50fd65a090921003fe83d89ec6e3084549a01d5dfa9e854

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:23 GMT
via: 1.1 59c171b9abb6b3c58e72495c539dfa68.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-3948811917,P-1958393,FLS-ALL
age: 5759
edge-cache-tag: F-3948811917,P-1958393,FLS-ALL
status: 200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 55
content-encoding: br
x-amz-request-id: F5EF999C2D8A4CB2
cf-request-id: 046b6bea950000c281061e3200000001
last-modified: Sun, 08 Oct 2017 10:31:29 GMT
server: cloudflare
etag: W/"5343ee1a287a65ff20961476fd8a6188"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: m9Z5f4v3tZv6bWFPUKxjPuJ3lp5IXZnA
x-amz-cf-pop: FRA53
cf-ray: 5bf27c242da2c281-FRA
x-amz-cf-id: ecfvMgP3fJI1dLSeXm75RpLO5wFsb-JEh7WdxXVzV3bCOhWYZgw10w==
x-amz-id-2: RchWSIQxmMoytwFck2M2kwd+gQcQI/3vIfxkNcs2f9jm63towdKloOulJw2owJagDWW+i4ORbGo=

GET
H2 200 p.css
p.typekit.net/ 5 B
158 B 22ms
6ms Stylesheet
text/css 2a02:26f0:6c00:196::19fd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=ymj3prt&ht=tk&f=137.138.139.140.169.170.171.172.173.174.175.176.5474.5475.25136.25137&a=28114372&app=typekit&e=css
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:196::19fd , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:23 GMT
last-modified: Wed, 24 Jun 2020 23:33:10 GMT
server: nginx
etag: "5ef3e2b6-5"
status: 200
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=0, s-maxage=604800
accept-ranges: bytes
content-length: 5

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:814::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-137036301-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 04 Jun 2020 23:38:14 GMT
server: Golfe2
age: 882
date: Fri, 07 Aug 2020 16:33:41 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18469
expires: Fri, 07 Aug 2020 18:33:41 GMT

GET
H2 200 SON_Artboard%2016%20copy%203.png
www.sonatype.com/hubfs/ 229 KB
230 KB 29ms
28ms Image
image/png 2606:4700::6811:73b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.sonatype.com/hubfs/SON_Artboard%2016%20copy%203.png
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:73b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9e66504dd819da89c8d4668a7c7433ddda8a957f79daf35393620ec0bf1e22ac

Request headers

Referer: https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/5296081041/1595943638332/In_Use/In_Use_CSS/Updates-Fall-2017.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:23 GMT
via: 1.1 d55780b776b171387055eca956ae29a9.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-6207092980,P-1958393,FLS-ALL
age: 3946
cf-polished: status=input_too_large
edge-cache-tag: F-6207092980,P-1958393,FLS-ALL
status: 200
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 7
x-amz-request-id: 17C450EDAA5DC433
cf-request-id: 046b6bead900009ab69c38b200000001
accept-ranges: bytes
last-modified: Fri, 21 Sep 2018 12:55:48 GMT
server: cloudflare
etag: "16b325e3d407b6f9486b113189b805b5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-amz-id-2: 2Bv8+ZVw3srBBTFgEZluJeFWwku/piYd7QuMZ9X7+aJOVcdMEuTIxdA4j76ZEJqEYYofT3JN7vI=
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=7200, max-age=7200
x-amz-version-id: 8.zZm1ZWWV0fAb6reQjzbdsViz0J5E9d
x-amz-cf-pop: FRA50-C1
content-length: 234314
cf-ray: 5bf27c248b4a9ab6-FRA
x-amz-cf-id: SDWYkhpljQOJ6TIUOU8WJ-WOMF43CyD32JeQhP3HsKaAmIXx3bAx1w==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 7

GET
H2 200 fontawesome-webfont.woff2
cdn2.hubspot.net/hubfs/1958393/Fonts/font-awesome/fonts/ 65 KB
66 KB 233ms
218ms Font
application/font-woff2 2606:4700::6811:f0cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hubfs/1958393/Fonts/font-awesome/fonts/fontawesome-webfont.woff2?v=4.5.0
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f0cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://cdn2.hubspot.net/hubfs/1958393/Fonts/font-awesome/css/font-awesome.css
Origin: https://blog.sonatype.com

Response headers

date: Fri, 07 Aug 2020 16:48:23 GMT
via: 1.1 4ba0e9deb9465045a3261b8712935964.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-meta-cache-tag: F-4079175725,P-1958393,FLS-ALL
x-amz-cf-pop: FRA53
edge-cache-tag: F-4079175725,P-1958393,FLS-ALL
status: 200
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.setCacheTagHeaders 55
x-amz-request-id: E0A03C499BF974E0
cf-request-id: 046b6beaea0000d6d9b29e9200000001
accept-ranges: bytes
last-modified: Sun, 08 Oct 2017 10:38:42 GMT
server: cloudflare
etag: "db812d8a70a4e88e888744c1c9a27e89"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: 3UroynpaV5eWzCWsV891qGxKLQ155y_G
content-length: 66624
cf-ray: 5bf27c24aac4d6d9-FRA
x-amz-cf-id: FjMkCZiK24ZQ5mv1h78-Tx7i9gJZwnHqq7BHjSUTe1I4Kr4Rw9fdaQ==
x-amz-id-2: pwmRGYTFG7aTa8LYS++mPIl+NMlO8fXEV4V1oKp/Lk8mK34ByxP/I6h9O6CD2zjyw0fl2PZjsB8=

GET
H2 200 ProximaNova-Light-webfont.woff2
cdn2.hubspot.net/hubfs/1958393/Fonts/ 20 KB
20 KB 606ms
591ms Font
application/font-woff2 2606:4700::6811:f0cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hubfs/1958393/Fonts/ProximaNova-Light-webfont.woff2
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f0cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c3a24ee554eac3f45e56c23dbd2c6a00823b4f98fff5cd252715d1f818142dad

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://cdn2.hubspot.net/hubfs/1958393/Fonts/proximanova.css
Origin: https://blog.sonatype.com

Response headers

date: Fri, 07 Aug 2020 16:48:24 GMT
via: 1.1 2db316290386960b489a2a16c0a63643.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-meta-cache-tag: F-3944811672,P-1958393,FLS-ALL
x-amz-cf-pop: FRA54
edge-cache-tag: F-3944811672,P-1958393,FLS-ALL
status: 200
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 5
x-amz-request-id: CB82AA337852A8DB
cf-request-id: 046b6beaea0000d6d9b29ea200000001
x-amz-id-2: vXOI/vylGU+mPxqcSJQEYLj4trVW4bxxExQX4ByW8b6zvqrEUS8LyyVBor8ClL9co40JwkUTaNc=
accept-ranges: bytes
last-modified: Sun, 08 Oct 2017 10:31:17 GMT
server: cloudflare
etag: "8b7a2ea3ead03ba763da54c65bc6975c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: s-maxage=7200, max-age=7200
x-amz-version-id: _8yz9ZjF7LQYfTsY7yUCaRvghdOgqaN0
content-length: 20128
cf-ray: 5bf27c24aac6d6d9-FRA
x-amz-cf-id: c03a8weR0FRnoaXFH8b9oBDkmK8EwtyZY3ZbWE1n1JX8GYd6Ykj_zg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 5

GET
H2 200 ProximaNova-Sbold-webfont.woff2
cdn2.hubspot.net/hubfs/1958393/Fonts/ 20 KB
20 KB 858ms
843ms Font
application/font-woff2 2606:4700::6811:f0cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hubfs/1958393/Fonts/ProximaNova-Sbold-webfont.woff2
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f0cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 21c9c7889404394d4e4c780022b56b5fa39e83b19c34eb0508561a115a1dcc6a

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://cdn2.hubspot.net/hubfs/1958393/Fonts/proximanova.css
Origin: https://blog.sonatype.com

Response headers

date: Fri, 07 Aug 2020 16:48:24 GMT
via: 1.1 45de888accabe1a1cb5a389e8c9c1e07.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-meta-cache-tag: F-3943825497,P-1958393,FLS-ALL
x-amz-cf-pop: FRA50-C1
edge-cache-tag: F-3943825497,P-1958393,FLS-ALL
status: 200
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 4
x-amz-request-id: 1F07BCA0EB0A2FA7
cf-request-id: 046b6beaeb0000d6d9b29eb200000001
x-amz-id-2: 25dl55P9ERgwp+dDDu84Nd1FH44Kp9EJUHnCUlYzTsb5bhnbeIVkAV/TwsV1Ww0+N6z/yguMdAg=
accept-ranges: bytes
last-modified: Sun, 08 Oct 2017 10:31:15 GMT
server: cloudflare
etag: "a96ff4477074c6395b7305d2d98fde8e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: s-maxage=7200, max-age=7200
x-amz-version-id: 9IshFJybfsXsTU7IggT7Rm3P84yGu_.L
content-length: 20344
cf-ray: 5bf27c24aac8d6d9-FRA
x-amz-cf-id: MY3FYtDCXOuTVE3J_UrqKACRMT9Xaial2IbiO81n6gFlMwad8X2dsg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 4

GET
H2 200 l
use.typekit.net/af/6e816b/00000000000000003b9b3064/27/ 19 KB
19 KB 46ms
17ms Font
application/font-woff2 2a01:4a0:1338:28::c38a:ff08
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/6e816b/00000000000000003b9b3064/27/l?primer=7fa3915bdafdf03041871920a205bef951d72bf64dd4c4460fb992e3ecc3a862&fvd=n5&v=3
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:4a0:1338:28::c38a:ff08 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),
Reverse DNS
Software: nginx /
Resource Hash: 0c459beae849053d9104612c83a2746c3953c9d6f703eb927e5903842c6db4c5

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.sonatype.com/hubfs/Fonts/Proxima-Nova-Extras.css
Origin: https://blog.sonatype.com

Response headers

date: Fri, 07 Aug 2020 16:48:23 GMT
server: nginx
etag: "189a667f664e55d860e015add84222b22aeab918"
status: 200
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 19520

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 29 KB
12 KB 92ms
34ms Script
text/javascript 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TT8R4P

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

7498e61a908ee51577d66d851bfb252765b7991614a0495618056f13823075ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 11337
x-xss-protection: 0
server: cafe
etag: 13917139276958465196
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 07 Aug 2020 16:48:23 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 134 KB
34 KB 19ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

893df2b9ceb653f94333139d561d363bf4c365e651a0a3ade839d96200942e37

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 34269
x-xss-protection: 0
pragma: public
x-fb-debug: Q/Q/2/qMDTmmc8vsaQ5e+rKiuLHKvnz2ffSVKasZbdt/U06RsIomPspee/ZtrFpLlVD4dR59x7mhA4JTSjeO+g==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Fri, 07 Aug 2020 16:48:23 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 71ms
22ms Script
application/javascript 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.sonatype.com
URL: https://www.sonatype.com/e2t/tc/VWq2zw3xkrl3W1XHxQG7fM-ttW3QbRmh4dsJgMN4dVQ9Z5nxG7V3Zsc37CgZj_W3Bm5vx8kJrw0W725HLB8ZqcybVqKf288-0zHvW2Cyk5m4pVxRvW16YS5r3xPfjlW41gZXs1_3gnSW8Zp-lw28wPFhN1LSGyXNDNqrW7X3XP81dMThmVScJ637qwBHlV70Mwl7D-T2ZN6ptmqHR4dBPW88sFny3GFHfVW5sNdzj8N1ksPW6PQrtG19z67tW6_tKss3dRxD5W1cb2lC5KYgDbW4D5v5F1wM1vLW7KpNJv5TKDz6W8ZlSSG56c_R4W1VGxy52RlrykW7hSg0Z3t0FY_W5WFkzN6KCl7XW5KZJsT6SMGC9W7z8R_08MXxPmW8wmdMh78fdxSW973Hpt86fj1TW8938h84F0HNPMyfx-qmMqVMW7gnnkD7N1JQwN3vFDYldYPZDW6CQFzR653zxS36621
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 1a2684adb4b431902ef03f7959757f5163ed2ddc548e216654fa7858b1f4fd9b

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:23 GMT
content-encoding: gzip
age: 69381
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 1942
x-served-by: cache-hhn4034-HHN
last-modified: Wed, 05 Aug 2020 19:10:28 GMT
x-timer: S1596818904.892182,VS0,VE0
etag: "1d9536984a3ff7a629eda3f70ceadd20+gzip"
vary: Accept-Encoding,Host
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: no-cache
accept-ranges: bytes

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 3 KB
2 KB 24ms
9ms Script
application/x-javascript 2a02:26f0:f1:29c::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.sonatype.com
URL: https://www.sonatype.com/e2t/tc/VWq2zw3xkrl3W1XHxQG7fM-ttW3QbRmh4dsJgMN4dVQ9Z5nxG7V3Zsc37CgZj_W3Bm5vx8kJrw0W725HLB8ZqcybVqKf288-0zHvW2Cyk5m4pVxRvW16YS5r3xPfjlW41gZXs1_3gnSW8Zp-lw28wPFhN1LSGyXNDNqrW7X3XP81dMThmVScJ637qwBHlV70Mwl7D-T2ZN6ptmqHR4dBPW88sFny3GFHfVW5sNdzj8N1ksPW6PQrtG19z67tW6_tKss3dRxD5W1cb2lC5KYgDbW4D5v5F1wM1vLW7KpNJv5TKDz6W8ZlSSG56c_R4W1VGxy52RlrykW7hSg0Z3t0FY_W5WFkzN6KCl7XW5KZJsT6SMGC9W7z8R_08MXxPmW8wmdMh78fdxSW973Hpt86fj1TW8938h84F0HNPMyfx-qmMqVMW7gnnkD7N1JQwN3vFDYldYPZDW6CQFzR653zxS36621
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f1:29c::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: /
Resource Hash: 41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 07 Aug 2020 16:48:23 GMT
Content-Encoding: gzip
Last-Modified: Mon, 07 Oct 2019 16:41:31 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=69370
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1576

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 17 KB
6 KB 142ms
46ms Script
application/javascript 199.232.53.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.sonatype.com
URL: https://www.sonatype.com/e2t/tc/VWq2zw3xkrl3W1XHxQG7fM-ttW3QbRmh4dsJgMN4dVQ9Z5nxG7V3Zsc37CgZj_W3Bm5vx8kJrw0W725HLB8ZqcybVqKf288-0zHvW2Cyk5m4pVxRvW16YS5r3xPfjlW41gZXs1_3gnSW8Zp-lw28wPFhN1LSGyXNDNqrW7X3XP81dMThmVScJ637qwBHlV70Mwl7D-T2ZN6ptmqHR4dBPW88sFny3GFHfVW5sNdzj8N1ksPW6PQrtG19z67tW6_tKss3dRxD5W1cb2lC5KYgDbW4D5v5F1wM1vLW7KpNJv5TKDz6W8ZlSSG56c_R4W1VGxy52RlrykW7hSg0Z3t0FY_W5WFkzN6KCl7XW5KZJsT6SMGC9W7z8R_08MXxPmW8wmdMh78fdxSW973Hpt86fj1TW8938h84F0HNPMyfx-qmMqVMW7gnnkD7N1JQwN3vFDYldYPZDW6CQFzR653zxS36621
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.53.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: e88e0ed354170d8b73435fadf714ab8fff7c00b985295495d146b5eb92dc3e50

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:23 GMT
content-encoding: gzip
last-modified: Tue, 30 Jun 2020 17:04:46 GMT
server: snooserv
etag: "85ee817cda81317b49d1d3056f6bdf95"
vary: Accept-Encoding,Origin
content-type: application/javascript
status: 200
cache-control: public, max-age=60
accept-ranges: bytes
content-length: 5809
via: 1.1 varnish, 1.1 varnish

GET
H/1.1 200
OK tracking.js Show response
trk.techtarget.com/ 4 KB
2 KB 127ms
25ms Script
text/javascript 163.171.132.119
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://trk.techtarget.com/tracking.js
Requested by: Host: www.sonatype.com
URL: https://www.sonatype.com/e2t/tc/VWq2zw3xkrl3W1XHxQG7fM-ttW3QbRmh4dsJgMN4dVQ9Z5nxG7V3Zsc37CgZj_W3Bm5vx8kJrw0W725HLB8ZqcybVqKf288-0zHvW2Cyk5m4pVxRvW16YS5r3xPfjlW41gZXs1_3gnSW8Zp-lw28wPFhN1LSGyXNDNqrW7X3XP81dMThmVScJ637qwBHlV70Mwl7D-T2ZN6ptmqHR4dBPW88sFny3GFHfVW5sNdzj8N1ksPW6PQrtG19z67tW6_tKss3dRxD5W1cb2lC5KYgDbW4D5v5F1wM1vLW7KpNJv5TKDz6W8ZlSSG56c_R4W1VGxy52RlrykW7hSg0Z3t0FY_W5WFkzN6KCl7XW5KZJsT6SMGC9W7z8R_08MXxPmW8wmdMh78fdxSW973Hpt86fj1TW8938h84F0HNPMyfx-qmMqVMW7gnnkD7N1JQwN3vFDYldYPZDW6CQFzR653zxS36621
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.132.119 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: 8b51552f523ecd57ca4f82df5ab10610349f91cacb7c0f72d0290bed3cc37e4e

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 07 Aug 2020 16:48:23 GMT
Content-Encoding: gzip
Last-Modified: Fri, 21 Jun 2019 20:11:17 GMT
Server: PWS/8.3.1.0.8
Age: 359
X-Ws-Request-Id: 5f2d85d7_PSdgflkfFRA2mu7_1966-950
Content-Type: text/javascript
Via: 1.1 VMmgnyNY3vz67:3 (W), 1.1 PSdgflkfFRA1hb199:0 (W), 1.1 PSdgflkfFRA2gb73:3 (W)
Cache-Control: max-age=600
X-Cache-Spec: Yes
X-Px: ht PSdgflkfFRA2gb73FRA
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1711
Expires: Fri, 07 Aug 2020 16:52:24 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j83&a=9249170&t=pageview&_s=1&dl=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campai...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-137036301-1&cid=1241948883.1596818904&jid=75189778&_gid=38960446.1596818904&gjid=1596779959&_v=j83&z=682060214
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-137036301-1&cid=1241948883.1596818904&jid=75189778&_v=j83&z=682060214
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-137036301-1&cid=1241948883.1596818904&jid=75189778&_v=j83&z=682060214&slf_rd=1&random=3429637821

42 B
106 B

18ms
18ms

Image
image/gif

2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-137036301-1&cid=1241948883.1596818904&jid=75189778&_v=j83&z=682060214&slf_rd=1&random=3429637821

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Aug 2020 16:48:23 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 07 Aug 2020 16:48:23 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-137036301-1&cid=1241948883.1596818904&jid=75189778&_v=j83&z=682060214&slf_rd=1&random=3429637821
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bc.min.html
consentcdn.cookiebot.com/sdk/ Frame 0A9F 0
0 109ms
27ms Document
text/html 152.199.19.77
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://consentcdn.cookiebot.com/sdk/bc.min.html
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.19.77 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (mil/6C24) /
Resource Hash

Request headers

:method: GET
:authority: consentcdn.cookiebot.com
:scheme: https
:path: /sdk/bc.min.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation

Response headers

status: 200
content-encoding: gzip
age: 21981
cache-control: max-age=86400
content-type: text/html
date: Fri, 07 Aug 2020 16:48:23 GMT
etag: 0x8D639A604906444
last-modified: Wed, 24 Oct 2018 11:44:12 GMT
server: ECAcc (mil/6C24)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 1d4e1608-a01e-00df-77a7-6cf6a9000000
x-ms-version: 2009-09-19
content-length: 385

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39209&url=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D39209%26url%3Dhttps%253A%252F%252Fblog.sonatype.com%252Fcve-2019-3773-spring-web-...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39209&url=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-...

0
58 B

169ms
168ms

Image
application/javascript

2a05:f500:11:101::b93f:9005
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39209&url=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-%2520Vertical%2520-%2520Tech%26utm_medium%3Demail%26_hsmi%3D91363000%26_hsenc%3Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%26utm_content%3D91363000%26utm_source%3Dhs_automation&time=1596818903890&liSync=true
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:24 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lor1
status: 200
x-li-proto: http/2
x-li-pop: prod-tln1
content-type: application/javascript
content-length: 0
x-li-uuid: 5BcQSlUKKRZg1IxnqyoAAA==

Redirect headers

content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-content-type-options: nosniff
linkedin-action: 1
status: 302
content-length: 0
x-li-uuid: Ed3oQlUKKRawaYJljisAAA==
pragma: no-cache
x-li-pop: afd-prod-esv5
x-msedge-ref: Ref A: F927B25F031E45C5954F8562D090A40F Ref B: FRAEDGE1114 Ref C: 2020-08-07T16:48:24Z
x-frame-options: sameorigin
date: Fri, 07 Aug 2020 16:48:23 GMT
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security: max-age=2592000
x-li-fabric: prod-lor1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=39209&url=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-%2520Vertical%2520-%2520Tech%26utm_medium%3Demail%26_hsmi%3D91363000%26_hsenc%3Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%26utm_content%3D91363000%26utm_source%3Dhs_automation&time=1596818903890&liSync=true
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 186951338452760 Show response
connect.facebook.net/signals/config/ 525 KB
132 KB 259ms
258ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/186951338452760?v=2.9.23&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3352bb7979e07e742c20a17832dbfc879c2bab9a30aaa9258856825a44e871c3

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: j981/sPinxVSuoVA4fBQ+FR2fQitZSy64Hdbt9f04F5tdxOWkqjU5zzHrCYcIo88ItwEQtgtU0ccYF1yFPg9nw==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Fri, 07 Aug 2020 16:48:24 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
449 B 214ms
152ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nv7ri&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-%2520Vertical%2520-%2520Tech%26utm_medium%3Demail%26_hsmi%3D91363000%26_hsenc%3Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%26utm_content%3D91363000%26utm_source%3Dhs_automation

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 123
pragma: no-cache
last-modified: Fri, 07 Aug 2020 16:48:24 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 81c51a72985ab8395e944f313a40fdfa
x-transaction: 007159f700b46722
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/981320274/ 3 KB
1 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/981320274/?random=1596818903924&cv=9&fst=1596818903924&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg7v1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-%2520Vertical%2520-%2520Tech%26utm_medium%3Demail%26_hsmi%3D91363000%26_hsenc%3Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%26utm_content%3D91363000%26utm_source%3Dhs_automation&tiba=Nexus%20Intelligence%20Insights%3A%20CVE-2019-3773%20Spring%20Web%20Services%20XML%20External%20Entity%20Injection%20(XXE)&hn=www.googleadservices.com&us_privacy=1YNY&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

64839d62b73385831c6b04bae1c15bcc18efa87c7c10fda27290a1da053f9dad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Aug 2020 16:48:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 1299
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/981320274/ 42 B
148 B 24ms
23ms Image
image/gif 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/981320274/?random=1596818903924&cv=9&fst=1596816000000&num=1&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg7v1&sendb=1&frm=0&url=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-%2520Vertical%2520-%2520Tech%26utm_medium%3Demail%26_hsmi%3D91363000%26_hsenc%3Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%26utm_content%3D91363000%26utm_source%3Dhs_automation&tiba=Nexus%20Intelligence%20Insights%3A%20CVE-2019-3773%20Spring%20Web%20Services%20XML%20External%20Entity%20Injection%20(XXE)&async=1&fmt=3&is_vtc=1&random=988094663&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Aug 2020 16:48:23 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/981320274/ 42 B
153 B 21ms
21ms Image
image/gif 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/981320274/?random=1596818903924&cv=9&fst=1596816000000&num=1&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg7v1&sendb=1&frm=0&url=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-%2520Vertical%2520-%2520Tech%26utm_medium%3Demail%26_hsmi%3D91363000%26_hsenc%3Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%26utm_content%3D91363000%26utm_source%3Dhs_automation&tiba=Nexus%20Intelligence%20Insights%3A%20CVE-2019-3773%20Spring%20Web%20Services%20XML%20External%20Entity%20Injection%20(XXE)&async=1&fmt=3&is_vtc=1&random=988094663&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Aug 2020 16:48:23 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK activity.gif
apt.techtarget.com/activity/ 43 B
450 B 486ms
122ms Image
image/gif 206.19.49.24
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://apt.techtarget.com/activity/activity.gif?activityTypeId=31&cid=1534989&version=2.0&ref=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-%2520Vertical%2520-%2520Tech%26utm_medium%3Demail%26_hsmi%3D91363000%26_hsenc%3Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%26utm_content%3D91363000%26utm_source%3Dhs_automation&r=1596818903966
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 206.19.49.24 , United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 07 Aug 2020 16:48:24 GMT
Last-Modified: Tue, 26 Mar 2019 18:30:29 GMT
ETag: "2b-5850384029cff"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=61
Content-Length: 43

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
213 B 234ms
144ms Image
image/gif 199.232.53.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1596818903977&id=t2_2fnbqoqz&event=PageVisit&uuid=79a6d7c3-f6fc-4ecd-bbfe-8a95b951fa41&s=uVwOQV9xeopAx2mBov7dOAHJ6A77szB4PEiE69qKCQo%3D
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.53.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:24 GMT
via: 1.1 varnish
server: Varnish
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 42
retry-after: 0

GET
H2 200 cc.js Show response
consent.cookiebot.com/9958dd21-8504-4dbf-8e2f-e736792a6843/ 268 B
696 B 225ms
225ms Script
application/x-javascript 2a02:26f0:6c00::210:bb40
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiebot.com/9958dd21-8504-4dbf-8e2f-e736792a6843/cc.js?renew=false&referer=blog.sonatype.com&dnt=false&forceshow=false&cbid=9958dd21-8504-4dbf-8e2f-e736792a6843&whitelabel=false&brandid=Cookiebot&framework=
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:bb40 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 392a5d5951384a53c04191fe9d06ad5b5f802e9070428ffd1504dc8c4ddb1bbf

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Aug 2020 16:48:24 GMT
content-encoding: gzip
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
status: 200
vary: Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
access-control-allow-headers: cache-control, expires, Access-Control-Allow-Headers, Origin, Pragma, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers
content-length: 293
expires: Fri, 07 Aug 2020 16:48:24 GMT

GET
H2 200 1127487224079104 Show response
connect.facebook.net/signals/config/ 524 KB
133 KB 244ms
244ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1127487224079104?v=2.9.23&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a9b2592827171b3ee8de574630542f1d9d60cbb7350b45478f1ea89171c250a7

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: l/ZjKaXDp9gXU4BGD2sJjCivwEO5VJTB2SraBsysvOe5WgHbZLB0Zkhv4cOuWLP8cDl8jEFEfOhzXVWU8t4xRw==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Fri, 07 Aug 2020 16:48:24 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
379 B 20ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=186951338452760&ev=PageView&dl=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-%2520Vertical%2520-%2520Tech%26utm_medium%3Demail%26_hsmi%3D91363000%26_hsenc%3Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%26utm_content%3D91363000%26utm_source%3Dhs_automation&rl=&if=false&ts=1596818904199&sw=1600&sh=1200&v=2.9.23&r=stable&ec=0&o=30&fbp=fb.1.1596818904198.1492440695&it=1596818903898&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:24 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 07 Aug 2020 16:48:24 GMT

GET
H2 200 645539512625749 Show response
connect.facebook.net/signals/config/ 525 KB
133 KB 220ms
220ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/645539512625749?v=2.9.23&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

feace6c3437c1fd3fb2c1d9617417be4a14e06016b0675e09709ee6065e5bb2b

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: GE5lmKp8OptBwKJiOlMvEzh3eaPXW0MknmvkHXNX2t04+pCSSdOV+ccmXQif7QOcQoFUroeI/mH0lOYx7JD+MQ==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Fri, 07 Aug 2020 16:48:24 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
100 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1127487224079104&ev=PageView&dl=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-%2520Vertical%2520-%2520Tech%26utm_medium%3Demail%26_hsmi%3D91363000%26_hsenc%3Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%26utm_content%3D91363000%26utm_source%3Dhs_automation&rl=&if=false&ts=1596818904490&sw=1600&sh=1200&v=2.9.23&r=stable&ec=0&o=30&fbp=fb.1.1596818904198.1492440695&it=1596818903898&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:24 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 07 Aug 2020 16:48:24 GMT

GET
H2 200 57d70dc2-fdae-4a95-864a-471335c8677b Show response
blog.sonatype.com/_hcms/forms/embed/v3/form/1958393/ 20 KB
4 KB 158ms
157ms Script
application/javascript 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.sonatype.com/_hcms/forms/embed/v3/form/1958393/57d70dc2-fdae-4a95-864a-471335c8677b?callback=hs_reqwest_0&hutk=

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/_hcms/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d027f0da6e5f7a5cc32b93a8e9ae9c4baf918c3ba0f2a0d7b642f7108510ea93

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:24 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
server: cloudflare
x-trace: 2B54E726AB1CC8D73323E8FC36D7209421AA7AB8CB000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
status: 200
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
content-disposition: attachment; filename=no-rfd.txt
cf-ray: 5bf27c294c75635f-FRA
cf-request-id: 046b6bedca0000635f182c9200000001

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j83&a=9249170&t=pageview&_s=1&dl=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campai...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-1693297-38&cid=1241948883.1596818904&jid=1640731522&_gid=38960446.1596818904&gjid=2113002630&_v=j83&z=999009364
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1693297-38&cid=1241948883.1596818904&jid=1640731522&_v=j83&z=999009364
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1693297-38&cid=1241948883.1596818904&jid=1640731522&_v=j83&z=999009364&slf_rd=1&random=1402750327

42 B
106 B

20ms
18ms

Image
image/gif

2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1693297-38&cid=1241948883.1596818904&jid=1640731522&_v=j83&z=999009364&slf_rd=1&random=1402750327

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Aug 2020 16:48:24 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 07 Aug 2020 16:48:24 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1693297-38&cid=1241948883.1596818904&jid=1640731522&_v=j83&z=999009364&slf_rd=1&random=1402750327
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j83&a=9249170&t=pageview&_s=1&dl=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campai...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-1693297-29&cid=1241948883.1596818904&jid=975559244&_gid=38960446.1596818904&gjid=1806729304&_v=j83&z=825774056
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1693297-29&cid=1241948883.1596818904&jid=975559244&_v=j83&z=825774056
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1693297-29&cid=1241948883.1596818904&jid=975559244&_v=j83&z=825774056&slf_rd=1&random=98358926

42 B
106 B

17ms
16ms

Image
image/gif

2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1693297-29&cid=1241948883.1596818904&jid=975559244&_v=j83&z=825774056&slf_rd=1&random=98358926

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Aug 2020 16:48:24 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 07 Aug 2020 16:48:24 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1693297-29&cid=1241948883.1596818904&jid=975559244&_v=j83&z=825774056&slf_rd=1&random=98358926
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sf14g.js Show response
t.sf14g.com/ 37 KB
37 KB 469ms
121ms Script
application/javascript 34.230.159.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://t.sf14g.com/sf14g.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.230.159.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-230-159-139.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

86ecafc33ecb5976760d6b5f13a2874525e3f4bfa8b12a0e14d6c98ae9e727cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Aug 2020 16:48:24 GMT
last-modified: Thu, 06 Aug 2020 14:28:30 GMT
server: Kestrel
etag: "1d66bfddb0de89b"
strict-transport-security: max-age=2592000
content-type: application/javascript
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 37787
expires: -1

GET
H2 200 eUSOivES.min.js Show response
tag.demandbase.com/ 70 KB
18 KB 129ms
33ms Script
application/javascript 143.204.201.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.demandbase.com/eUSOivES.min.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.201.47 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-47.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8c43537bea90c1c015a8dabf2b1f7718dac7a8734af4860b49cfdff999f303f2

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: fivKpOtf0.qB9WNUMtBZh8f2y4OKn0pW
content-encoding: gzip
last-modified: Sat, 11 Jul 2020 16:31:26 GMT
server: AmazonS3
age: 3345
date: Fri, 07 Aug 2020 15:52:40 GMT
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
status: 200
cache-control: public, max-age=3600
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: -_0dWr3VtOmm3wng5H3AMMvUf6J0Kd3a85HkVmDW4su43I7_HZqMzA==
via: 1.1 c90147ea5199ff7ce77981c8da4247c4.cloudfront.net (CloudFront)

GET
H2 200 all.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

2bca82984ed34947c37db3ca8db65f325c0258d889585da1f8ea3bf93dc86566

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-md5: pkH6hpXMpAn235x1hQCjpg==
status: 200
cross-origin-resource-policy: cross-origin
expires: Fri, 07 Aug 2020 16:51:26 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1781
x-fb-debug: A08UlUrL2tDeX4c7r9jauq/m111sy8Ys31lFUauemoGYCofj5NqRt8IRTSFtqDSwI/hzRTK4//uQ9jEdXpaZpw==
x-fb-trip-id: 664085054
x-fb-content-md5: 8810615c899dff4f8021d90770ec131b
etag: "08a54c1fe6ffede5349213199b325aed"
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 95 KB
29 KB 9ms
9ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/40E6) /
Resource Hash: 6adaf62612623c674af2f597baf83ffa56f157a9ab69346be7c11a9569fdebbc

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 07 Aug 2020 16:48:24 GMT
Content-Encoding: gzip
Last-Modified: Thu, 30 Jul 2020 22:04:50 GMT
Server: ECS (fcn/40E6)
Age: 61
Etag: "1dc37899f984d453c1d3d8179829f041+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800
X-Cache: HIT
Content-Type: application/javascript; charset=utf-8
Content-Length: 28825

GET
H2 204 has-permission Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
426 B 131ms
110ms Script
text/plain 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=1958393&callback=jsonpHandler

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/hs/hsstatic/HubspotToolsMenu/static-1.72/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:24 GMT
cf-cache-status: DYNAMIC
server: cloudflare
x-trace: 2B4F0DDB1A3E8A43B9E54E261092E39A71828BAC77000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
status: 204
cache-control: max-age=0
access-control-allow-credentials: false
cf-ray: 5bf27c298869d6e1-FRA
cf-request-id: 046b6bedf50000d6e19b862200000001

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
650 B 205ms
146ms Script
application/javascript 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nv7ri&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-%2520Vertical%2520-%2520Tech%26utm_medium%3Demail%26_hsmi%3D91363000%26_hsenc%3Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%26utm_content%3D91363000%26utm_source%3Dhs_automation

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
content-length: 57
x-xss-protection: 0
x-response-time: 116
pragma: no-cache
last-modified: Fri, 07 Aug 2020 16:48:24 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 903f1ad2f45aa352e81fdd25133c5055
x-transaction: 00ce45e800712271
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 public Show response
api.hubapi.com/comments/v3/comments/thread/ 75 B
550 B 152ms
133ms Script
application/javascript 2606:4700::6811:cacc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/comments/v3/comments/thread/public?portalId=1958393&offset=0&limit=1000&contentId=24791792114&collectionId=3737438004&callback=jsonp_1596818904544_47407

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/hs/hsstatic/AsyncSupport/static-1.81/js/comment_listing_asset.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:cacc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5ec90daa3bc33929e72db3347c4e9bf6831b8427d338edbb42efcc10b0b1060f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:24 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
x-trace: 2BBDEE503645F67B36CEB047CB779E68612889B616000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 5bf27c298a2897a2-FRA
cf-request-id: 046b6bedf3000097a23a272200000001

GET
H2 200 1958393.js Show response
js.hs-analytics.net/analytics/1596818700000/ 70 KB
19 KB 207ms
188ms Script
text/javascript 2606:4700::6811:47b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1596818700000/1958393.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/hs/scriptloader/1958393.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:47b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 97c3be20b681393948903dbc92d8765368bc27ec622af83f6c1910e38f2d9ddb

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:24 GMT
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: 1D7D33A44352F3CD
x-amz-server-side-encryption: AES256
cf-ray: 5bf27c2989c6969e-FRA
status: 200
x-amz-id-2: PvTddc8Yoih8iXFq4/h4SFJPzrc7xkkfapLNOZA2NV/Kirb+j7sM7dKba2MJZU3dlXyNX8a+laA=
last-modified: Tue, 21 Jul 2020 13:48:54 GMT
server: cloudflare
etag: W/"2d2dd469a425dd644c33d2be837dfdc7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: null
cache-control: max-age=300, public
access-control-allow-credentials: false
cf-request-id: 046b6bedf60000969e26b27200000001
content-type: text/javascript
expires: Fri, 07 Aug 2020 16:53:24 GMT

GET
H2 200 1958393.js Show response
js.hs-banner.com/ 24 KB
7 KB 51ms
34ms Script
text/javascript 2606:4700::6812:14bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/1958393.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/hs/scriptloader/1958393.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:14bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ad38644084b555f852fca4c669d9545e9c8c2d5171750e3711840eb14b7f9362

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-goog-hash: crc32c=D5AOaA==, md5=p5e+m/uoypgyqFiwiRLO/w==
date: Fri, 07 Aug 2020 16:48:24 GMT
content-encoding: br
cf-cache-status: REVALIDATED
x-guploader-uploadid: AAANsUluqOwu1zvcVON3286NKt0PY0laosIgANXyfeMGBk2WUw0MvJT9fOZV2KVci-bcxKUASiRoqgF6QsEG12qQMA
x-goog-storage-class: STANDARD
status: 200
access-control-max-age: 604800
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: text/javascript
cf-request-id: 046b6bedf5000005d873915200000001
timing-allow-origin: *
last-modified: Tue, 21 Jul 2020 13:48:52 GMT
server: cloudflare
etag: W/"a797be9bfba8ca9832a858b08912ceff"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-goog-generation: 1595339332477409
access-control-allow-origin: https://blog.sonatype.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300, public
access-control-allow-credentials: true
x-goog-stored-content-length: 24566
cf-ray: 5bf27c298b3c05d8-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires: Fri, 07 Aug 2020 16:53:24 GMT

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 401 KB
66 KB 57ms
38ms Script
application/javascript 2606:4700::6811:e9cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hsleadflows.net/leadflows.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/hs/scriptloader/1958393.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:e9cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0dd8e3c80fde83e3490dfc7c73960f19a751419aa0ac6d6f96f1d804fe0e5329

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Origin: https://blog.sonatype.com

Response headers

date: Fri, 07 Aug 2020 16:48:24 GMT
via: 1.1 23546b21bebd898e1f4c79789ae527ca.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 35863
x-amz-server-side-encryption: AES256
cf-ray: 5bf27c298e49d6e9-FRA
x-cache: RefreshHit from cloudfront
status: 200
access-control-max-age: 3000
x-amz-replication-status: COMPLETED
content-encoding: br
cf-request-id: 046b6bedf80000d6e98f088200000001
last-modified: Fri, 10 Jul 2020 12:21:49 UTC
server: cloudflare
etag: W/"f007144f3d6494a9cd817569e127a504"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
x-amz-version-id: P3rDtiJD7HKnxeSZdufzjpsEiajovPfK
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=0
x-amz-cf-pop: IAD79-C3
content-type: application/javascript; charset=utf-8
x-amz-cf-id: 2bkWLObZAc_uErQ2HbrsNIM4fR8WpOMhk0nJ5xLCaWt9nLUJOaf6Fg==

GET
H2 200 adsct
t.co/i/ 43 B
125 B 136ms
136ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 108
pragma: no-cache
last-modified: Fri, 07 Aug 2020 16:48:24 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 81c51a72985ab8395e944f313a40fdfa
x-transaction: 00ad7d870065ec6d
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 all.js Show response
connect.facebook.net/en_US/ 193 KB
58 KB 18ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js?hash=7351f4ffa3980ac5dbf20565de233453&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4a2921914887f9a0fbc60aa534291d9c2cfdda2d1340d0236cf0fa653a2886cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Origin: https://blog.sonatype.com

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: rLxyRbc4uvBqj+3GNLODGA==
status: 200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 59195
etag: "c0f7cf7dc24d055ebb06094af23cacf3"
x-fb-debug: fscf62ALgvEi7OVJRzBdb8GThHvJoMYJI98UzWXs8ydZVf+enFBBzDidBzHOry/8g6IWU6U+q+5wC36HD51tyQ==
x-fb-trip-id: 664085054
x-fb-content-md5: 729df087e8836f7eb9380d634f9c6fe1
x-frame-options: DENY
date: Fri, 07 Aug 2020 16:48:24 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin: *
expires: Sat, 07 Aug 2021 14:31:17 GMT

GET
H/1.1 200
OK widget_iframe.3c5aa8e2a38bbbee4b6d88e6846fc657.html
platform.twitter.com/widgets/ Frame E92E 0
0 7ms
7ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.3c5aa8e2a38bbbee4b6d88e6846fc657.html?origin=https%3A%2F%2Fblog.sonatype.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/419D) /
Resource Hash

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 73564
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Fri, 07 Aug 2020 16:48:24 GMT
Etag: "9fa476ae827f556d5b037fe43632370d+gzip"
Last-Modified: Thu, 30 Jul 2020 21:53:52 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (fcn/419D)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 5825

GET
H2 200 ip.json Show response
api.company-target.com/api/v2/ 429 B
938 B 111ms
61ms XHR
application/json 143.204.201.79
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-%2520Vertical%2520-%2520Tech%26utm_medium%3Demail%26_hsmi%3D91363000%26_hsenc%3Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%26utm_content%3D91363000%26utm_source%3Dhs_automation&page_title=Nexus%20Intelligence%20Insights%3A%20CVE-2019-3773%20Spring%20Web%20Services%20XML%20External%20Entity%20Injection%20(XXE)&key=48b7caced1a1844ac23da2ca1d20cc6c&src=tag
Requested by: Host: tag.demandbase.com
URL: https://tag.demandbase.com/eUSOivES.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.201.79 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-79.fra53.r.cloudfront.net
Software: nginx /
Resource Hash: c23ebf2c0ec8e37a6a0a179720c9763bf4e1f0ed993fe7d0ad41d4d9774fe957

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:24 GMT
identification-source: CENTRAL
vary: Accept-Encoding, Origin
x-amz-cf-pop: FRA53-C1
x-cache: Miss from cloudfront
status: 200
request-id: e60910c2-24fc-4923-896b-612f5cd3c3a7
content-encoding: gzip
pragma: no-cache
access-control-allow-origin: https://blog.sonatype.com
server: nginx
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json;charset=utf-8
via: 1.1 997f66fda0069dac50a85c7a4fa51b7e.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
api-version: v2
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: OE0vaP__ptsnPDMKsmq7A6jJ_E2FcdRBhTjnwVXaQsHpsHGgXWJ23g==
expires: Thu, 06 Aug 2020 16:48:24 GMT

GET
H/1.1

200
OK

validateCookie
segments.company-target.com/
Redirect Chain

https://match.prod.bidr.io/cookie-sync/demandbase
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1
https://segments.company-target.com/log?vendor=choca&user_id=AALOeE6-WwwAAA-odKtCoA
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AALOeE6-WwwAAA-odKtCoA&verifyHash=978a74cd3ff6a84080ab8d7bd5553ca486f7511c

26 B
409 B

205ms
205ms

Image
image/gif

143.204.201.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://segments.company-target.com/validateCookie?vendor=choca&user_id=AALOeE6-WwwAAA-odKtCoA&verifyHash=978a74cd3ff6a84080ab8d7bd5553ca486f7511c
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.201.111 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-111.fra53.r.cloudfront.net
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 07 Aug 2020 16:48:25 GMT
Via: 1.1 89cb19c6f2c9ed0983294d3b12e80e43.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA53-C1
Vary: Origin
X-Cache: Miss from cloudfront
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
trace-id: 0c8856eea698fca9
X-Amz-Cf-Id: fKtAc57swQif7aTVqZcGE8Dl7gIfpCQOYIRBvDrtjc88ULCR_Xs_Vg==

Redirect headers

Date: Fri, 07 Aug 2020 16:48:25 GMT
Via: 1.1 89cb19c6f2c9ed0983294d3b12e80e43.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA53-C1
Vary: Origin
X-Cache: Miss from cloudfront
Location: /validateCookie?vendor=choca&user_id=AALOeE6-WwwAAA-odKtCoA&verifyHash=978a74cd3ff6a84080ab8d7bd5553ca486f7511c
Connection: keep-alive
trace-id: 8eceb13baf7f9daa
Content-Length: 0
X-Amz-Cf-Id: ci7hNgGfDUXIzf1oSDSERIy8x6_l-Toni4gpZbnvnw-J0TfFBvKZtQ==

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 742 B
569 B 17ms
17ms Script
text/javascript 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?onload=hsRecaptchaLoadCallback&render=explicit&isolated=true

Requested by

Host: blog.sonatype.com
URL: https://blog.sonatype.com/_hcms/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

e5ecdbc90af8bfb3668a0c3fa516f07bcc8164999ed71cae4d26c70013363487

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 475
x-xss-protection: 1; mode=block
expires: Fri, 07 Aug 2020 16:48:24 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/IU7gZ7o6RDdDE6U4Y1YJJWnN/ 332 KB
130 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/IU7gZ7o6RDdDE6U4Y1YJJWnN/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=hsRecaptchaLoadCallback&render=explicit&isolated=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b49b397871dff384aab300554a8f1745d86e020edd55dea9f1ad58209a1b7563

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 03 Aug 2020 17:22:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 03 Aug 2020 04:06:51 GMT
server: sffe
age: 343544
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133278
x-xss-protection: 0
expires: Tue, 03 Aug 2021 17:22:40 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
100 B 7ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=645539512625749&ev=PageView&dl=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-%2520Vertical%2520-%2520Tech%26utm_medium%3Demail%26_hsmi%3D91363000%26_hsenc%3Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%26utm_content%3D91363000%26utm_source%3Dhs_automation&rl=&if=false&ts=1596818904746&sw=1600&sh=1200&v=2.9.23&r=stable&ec=0&o=30&fbp=fb.1.1596818904198.1492440695&it=1596818903898&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:24 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 07 Aug 2020 16:48:24 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
100 B 7ms
7ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=186951338452760&ev=Microdata&dl=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-%2520Vertical%2520-%2520Tech%26utm_medium%3Demail%26_hsmi%3D91363000%26_hsenc%3Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%26utm_content%3D91363000%26utm_source%3Dhs_automation&rl=&if=false&ts=1596818904747&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Nexus%20Intelligence%20Insights%3A%20CVE-2019-3773%20Spring%20Web%20Services%20XML%20External%20Entity%20Injection%20(XXE)%22%2C%22meta%3Adescription%22%3A%22This%20Nexus%20Intelligence%20Insight%20covers%20CVE-2019-3773%3A%20cross%20site%20scripting%20vulnerabilities%20in%20Spring%20Web%20Services%20XML%20External%20Entity%20Injection%20(XXE).%5Cn%5Cn%22%7D&cd[OpenGraph]=%7B%22og%3Adescription%22%3A%22This%20Nexus%20Intelligence%20Insight%20covers%20CVE-2019-3773%3A%20cross%20site%20scripting%20vulnerabilities%20in%20Spring%20Web%20Services%20XML%20External%20Entity%20Injection%20(XXE).%5Cn%5Cn%22%2C%22og%3Atitle%22%3A%22Nexus%20Intelligence%20Insights%3A%20CVE-2019-3773%20Spring%20Web%20Services%20XML%20External%20Entity%20Injection%20(XXE)%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fblog.sonatype.com%2Fhubfs%2FGettyImages-1136194297.jpg%23keepProtocol%22%2C%22og%3Aimage%3Aalt%22%3A%22Spring%20Web%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%22%2C%22og%3Atype%22%3A%22article%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.23&r=stable&ec=1&o=30&fbp=fb.1.1596818904198.1492440695&it=1596818903898&coo=false&es=automatic&tm=3&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:24 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 07 Aug 2020 16:48:24 GMT

GET
H2 200 forms_09e678dd59.min.js Show response
tag.demandbase.com/shared/ 177 KB
57 KB 30ms
29ms Script
application/javascript 143.204.201.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.demandbase.com/shared/forms_09e678dd59.min.js
Requested by: Host: tag.demandbase.com
URL: https://tag.demandbase.com/eUSOivES.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.201.47 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-47.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 322fbf5d2b4cd2a962a60d5eaf13c10c6c75936efef4494d3031a74be6ba66d4

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: mWdvObNMhkv5v6eNQb4FqQgnTxhBEjCh
content-encoding: gzip
last-modified: Sat, 11 Jul 2020 13:50:18 GMT
server: AmazonS3
age: 55702
date: Fri, 07 Aug 2020 01:20:02 GMT
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
status: 200
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: ohUJ7k-dOjoP6WOTKLHqf0w_GN_Mf5-nwtgjnKwkK-in8ZzpqvNu-A==
via: 1.1 c90147ea5199ff7ce77981c8da4247c4.cloudfront.net (CloudFront)

GET
H2 200 siteOptimization_09e678dd59.min.js Show response
tag.demandbase.com/shared/ 29 KB
8 KB 30ms
29ms Script
application/javascript 143.204.201.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.demandbase.com/shared/siteOptimization_09e678dd59.min.js
Requested by: Host: tag.demandbase.com
URL: https://tag.demandbase.com/eUSOivES.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.201.47 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-47.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e92604150abdd81a97593c4f8e4daa0a0271cf875df7d13241ec78e3530cc5c5

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: 2z_Wcaail9DK97koh15aywsIltBi4r_3
content-encoding: gzip
last-modified: Sat, 11 Jul 2020 13:50:17 GMT
server: AmazonS3
age: 56385
date: Fri, 07 Aug 2020 01:08:40 GMT
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
status: 200
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: Pt5QOEF_LkTQwsyyBb-NPJM-TJazPTffS0G0UsN-ZsJFendgc_zJTg==
via: 1.1 c90147ea5199ff7ce77981c8da4247c4.cloudfront.net (CloudFront)

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j83&a=9249170&t=event&ni=1&_s=1&dl=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_camp...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-137036301-1&cid=1241948883.1596818904&jid=2050981696&_gid=38960446.1596818904&gjid=1437367557&_v=j83&z=979686873
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-137036301-1&cid=1241948883.1596818904&jid=2050981696&_v=j83&z=979686873
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-137036301-1&cid=1241948883.1596818904&jid=2050981696&_v=j83&z=979686873&slf_rd=1&random=2658090892

42 B
106 B

18ms
18ms

Image
image/gif

2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-137036301-1&cid=1241948883.1596818904&jid=2050981696&_v=j83&z=979686873&slf_rd=1&random=2658090892

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Aug 2020 16:48:24 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 07 Aug 2020 16:48:24 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-137036301-1&cid=1241948883.1596818904&jid=2050981696&_v=j83&z=979686873&slf_rd=1&random=2658090892
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j83&a=9249170&t=event&ni=1&_s=1&dl=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_camp...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-1693297-38&cid=1241948883.1596818904&jid=296431996&_gid=38960446.1596818904&gjid=588582862&_v=j83&z=1557769233
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1693297-38&cid=1241948883.1596818904&jid=296431996&_v=j83&z=1557769233
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1693297-38&cid=1241948883.1596818904&jid=296431996&_v=j83&z=1557769233&slf_rd=1&random=294667378

42 B
106 B

17ms
17ms

Image
image/gif

2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1693297-38&cid=1241948883.1596818904&jid=296431996&_v=j83&z=1557769233&slf_rd=1&random=294667378

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Aug 2020 16:48:24 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 07 Aug 2020 16:48:24 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1693297-38&cid=1241948883.1596818904&jid=296431996&_v=j83&z=1557769233&slf_rd=1&random=294667378
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j83&a=9249170&t=event&ni=1&_s=1&dl=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_camp...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-1693297-29&cid=1241948883.1596818904&jid=654219816&_gid=38960446.1596818904&gjid=1323277974&_v=j83&z=1243025238
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1693297-29&cid=1241948883.1596818904&jid=654219816&_v=j83&z=1243025238
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1693297-29&cid=1241948883.1596818904&jid=654219816&_v=j83&z=1243025238&slf_rd=1&random=315382113

42 B
106 B

17ms
16ms

Image
image/gif

2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1693297-29&cid=1241948883.1596818904&jid=654219816&_v=j83&z=1243025238&slf_rd=1&random=315382113

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Aug 2020 16:48:24 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 07 Aug 2020 16:48:24 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-1693297-29&cid=1241948883.1596818904&jid=654219816&_v=j83&z=1243025238&slf_rd=1&random=315382113
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 anchor
www.google.com/recaptcha/api2/ Frame F2B7 0
0 30ms
30ms Document
text/html 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc2_RsUAAAAAAYBSd4rxsgeQz7whuL9COCsHeET&co=aHR0cHM6Ly9ibG9nLnNvbmF0eXBlLmNvbTo0NDM.&hl=en&v=IU7gZ7o6RDdDE6U4Y1YJJWnN&size=invisible&badge=inline&cb=4vozpl5kh9r1

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/IU7gZ7o6RDdDE6U4Y1YJJWnN/recaptcha__en.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-S+ur9NtuJXc4di4zYlIdiQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6Lc2_RsUAAAAAAYBSd4rxsgeQz7whuL9COCsHeET&co=aHR0cHM6Ly9ibG9nLnNvbmF0eXBlLmNvbTo0NDM.&hl=en&v=IU7gZ7o6RDdDE6U4Y1YJJWnN&size=invisible&badge=inline&cb=4vozpl5kh9r1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 07 Aug 2020 16:48:24 GMT
content-security-policy: script-src 'report-sample' 'nonce-S+ur9NtuJXc4di4zYlIdiQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 10522
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
525 B 52ms
20ms Image
image/gif 2606:4700::6810:5605
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=forms-next-recaptcha-viewed&count=1&portalId=1958393

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5605 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:24 GMT
cf-cache-status: DYNAMIC
server: cloudflare
x-trace: 2B281E91B3D0530D8520E48CA116922C084C7458D4000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
status: 200
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 5bf27c2b6db60605-FRA
content-length: 35
cf-request-id: 046b6bef240000060527b9d200000001

GET
H2 200 siteOptimization_09e678dd59.css
tag.demandbase.com/shared/ 38 KB
5 KB 24ms
24ms Stylesheet
text/css 143.204.201.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.demandbase.com/shared/siteOptimization_09e678dd59.css
Requested by: Host: tag.demandbase.com
URL: https://tag.demandbase.com/shared/siteOptimization_09e678dd59.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.201.47 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-47.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d512f38537665079721a0c2fe5072f064c576142f8d14e72763ec86317e9d8e1

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: 5OuvBqiKCnVbawLE5V_pgQdzHldpkZF7
content-encoding: gzip
last-modified: Sat, 11 Jul 2020 13:50:17 GMT
server: AmazonS3
age: 56610
date: Fri, 07 Aug 2020 01:04:55 GMT
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css; charset=UTF-8
status: 200
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: PQHriLNyCvubw6ISXenO179P5FV_fucCFB2RJbWqREEesPMzL-Udhw==
via: 1.1 c90147ea5199ff7ce77981c8da4247c4.cloudfront.net (CloudFront)

GET
H2 200 stylesheet_09e678dd59.v2.css
scripts.demandbase.com/shared/ 27 KB
4 KB 31ms
24ms Stylesheet
text/css 143.204.201.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://scripts.demandbase.com/shared/stylesheet_09e678dd59.v2.css
Requested by: Host: tag.demandbase.com
URL: https://tag.demandbase.com/shared/forms_09e678dd59.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.201.47 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-47.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fa176af3695a7e918096d7d71a501167980482180f48dc0e4515855901b42969

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: fsnZyTQlLssth3.Bvu1lmytpBTd9Exu_
content-encoding: gzip
last-modified: Sat, 11 Jul 2020 13:50:17 GMT
server: AmazonS3
age: 55702
date: Fri, 07 Aug 2020 01:20:03 GMT
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css; charset=UTF-8
status: 200
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: VJe9ua4PpyXk8BhZffxB5AGlhu-aJEPCZHfDXWuN0boBAJwOXAMLYw==
via: 1.1 c90147ea5199ff7ce77981c8da4247c4.cloudfront.net (CloudFront)

GET
H2 200 ui-bg_flat_75_ffffff_40x100.png
scripts.demandbase.com/shared/images/ 178 B
537 B 23ms
23ms Image
image/png 143.204.201.47
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://scripts.demandbase.com/shared/images/ui-bg_flat_75_ffffff_40x100.png
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.201.47 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-47.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 39ab7ccd9f4e82579da78a9241265df288d8eb65dbbd7cf48aed2d0129887df5

Request headers

Referer: https://scripts.demandbase.com/shared/stylesheet_09e678dd59.v2.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: uDotHYVyMJn6.EAvA5uJ.eWkRJRlsiyz
via: 1.1 c90147ea5199ff7ce77981c8da4247c4.cloudfront.net (CloudFront)
last-modified: Wed, 25 Oct 2017 21:47:50 GMT
server: AmazonS3
age: 56525
etag: "8692e6efddf882acbff144c38ea7dfdf"
x-cache: Hit from cloudfront
content-type: image/png
status: 200
date: Fri, 07 Aug 2020 01:06:20 GMT
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
content-length: 178
x-amz-cf-id: JrFF4ZVHUX1zGVsHROQD5x237vgLVROpQau6A57wQRK0mCqvhrrtvg==

GET
H2 200 /
www.facebook.com/tr/ 44 B
146 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1127487224079104&ev=Microdata&dl=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-%2520Vertical%2520-%2520Tech%26utm_medium%3Demail%26_hsmi%3D91363000%26_hsenc%3Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%26utm_content%3D91363000%26utm_source%3Dhs_automation&rl=&if=false&ts=1596818905060&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Nexus%20Intelligence%20Insights%3A%20CVE-2019-3773%20Spring%20Web%20Services%20XML%20External%20Entity%20Injection%20(XXE)%22%2C%22meta%3Adescription%22%3A%22This%20Nexus%20Intelligence%20Insight%20covers%20CVE-2019-3773%3A%20cross%20site%20scripting%20vulnerabilities%20in%20Spring%20Web%20Services%20XML%20External%20Entity%20Injection%20(XXE).%5Cn%5Cn%22%7D&cd[OpenGraph]=%7B%22og%3Adescription%22%3A%22This%20Nexus%20Intelligence%20Insight%20covers%20CVE-2019-3773%3A%20cross%20site%20scripting%20vulnerabilities%20in%20Spring%20Web%20Services%20XML%20External%20Entity%20Injection%20(XXE).%5Cn%5Cn%22%2C%22og%3Atitle%22%3A%22Nexus%20Intelligence%20Insights%3A%20CVE-2019-3773%20Spring%20Web%20Services%20XML%20External%20Entity%20Injection%20(XXE)%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fblog.sonatype.com%2Fhubfs%2FGettyImages-1136194297.jpg%23keepProtocol%22%2C%22og%3Aimage%3Aalt%22%3A%22Spring%20Web%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%22%2C%22og%3Atype%22%3A%22article%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.23&r=stable&ec=1&o=30&fbp=fb.1.1596818904198.1492440695&it=1596818903898&coo=false&es=automatic&tm=3&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:25 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 07 Aug 2020 16:48:25 GMT

GET
H2 200 bframe
www.google.com/recaptcha/api2/ Frame A078 0
0 22ms
22ms Document
text/html 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=IU7gZ7o6RDdDE6U4Y1YJJWnN&k=6Lc2_RsUAAAAAAYBSd4rxsgeQz7whuL9COCsHeET&cb=xidepsx6bf03

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/IU7gZ7o6RDdDE6U4Y1YJJWnN/recaptcha__en.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-h+5OkFUtsxcQTiYQW0ieHQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/bframe?hl=en&v=IU7gZ7o6RDdDE6U4Y1YJJWnN&k=6Lc2_RsUAAAAAAYBSd4rxsgeQz7whuL9COCsHeET&cb=xidepsx6bf03
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 07 Aug 2020 16:48:25 GMT
content-security-policy: script-src 'report-sample' 'nonce-h+5OkFUtsxcQTiYQW0ieHQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1175
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 /
www.facebook.com/tr/ 44 B
100 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=645539512625749&ev=Microdata&dl=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-%2520Vertical%2520-%2520Tech%26utm_medium%3Demail%26_hsmi%3D91363000%26_hsenc%3Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%26utm_content%3D91363000%26utm_source%3Dhs_automation&rl=&if=false&ts=1596818905247&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Nexus%20Intelligence%20Insights%3A%20CVE-2019-3773%20Spring%20Web%20Services%20XML%20External%20Entity%20Injection%20(XXE)%22%2C%22meta%3Adescription%22%3A%22This%20Nexus%20Intelligence%20Insight%20covers%20CVE-2019-3773%3A%20cross%20site%20scripting%20vulnerabilities%20in%20Spring%20Web%20Services%20XML%20External%20Entity%20Injection%20(XXE).%5Cn%5Cn%22%7D&cd[OpenGraph]=%7B%22og%3Adescription%22%3A%22This%20Nexus%20Intelligence%20Insight%20covers%20CVE-2019-3773%3A%20cross%20site%20scripting%20vulnerabilities%20in%20Spring%20Web%20Services%20XML%20External%20Entity%20Injection%20(XXE).%5Cn%5Cn%22%2C%22og%3Atitle%22%3A%22Nexus%20Intelligence%20Insights%3A%20CVE-2019-3773%20Spring%20Web%20Services%20XML%20External%20Entity%20Injection%20(XXE)%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fblog.sonatype.com%2Fhubfs%2FGettyImages-1136194297.jpg%23keepProtocol%22%2C%22og%3Aimage%3Aalt%22%3A%22Spring%20Web%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%22%2C%22og%3Atype%22%3A%22article%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.23&r=stable&ec=1&o=30&fbp=fb.1.1596818904198.1492440695&it=1596818903898&coo=false&es=automatic&tm=3&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:25 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 07 Aug 2020 16:48:25 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
163 B 152ms
151ms Script
application/javascript 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
content-length: 57
x-xss-protection: 0
x-response-time: 122
pragma: no-cache
last-modified: Fri, 07 Aug 2020 16:48:25 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 903f1ad2f45aa352e81fdd25133c5055
x-transaction: 00a229da009c4129
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
351 B 27ms
24ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=57d70dc2-fdae-4a95-864a-471335c8677b&fci=f17c34ae-097a-4795-a0f2-5b329067dffb&ft=4&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2017058934&v=1.1&a=1958393&pi=24791792114&ct=blog-post&ccu=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe&cpi=24791792114&cgi=3737438004&lpi=24791792114&lvi=24791792114&lvc=en-us&pu=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-%2520Vertical%2520-%2520Tech%26utm_medium%3Demail%26_hsmi%3D91363000%26_hsenc%3Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%26utm_content%3D91363000%26utm_source%3Dhs_automation&t=Nexus+Intelligence+Insights%3A+CVE-2019-3773+Spring+Web+Services+XML+External+Entity+Injection+(XXE)&cts=1596818905563&vi=56fb664a9e8bbf2910b869edc7d409b2&nc=true&u=31049440.56fb664a9e8bbf2910b869edc7d409b2.1596818905556.1596818905556.1596818905556.1&b=31049440.1.1596818905556

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-ray: 5bf27c2fdf10d6e1-FRA
date: Fri, 07 Aug 2020 16:48:25 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI CUR ADM OUR NOR STA NID"
status: 200
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/gif
content-length: 45
cf-request-id: 046b6bf1eb0000d6e19b890200000001
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
129 B 37ms
34ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2017058934&v=1.1&a=1958393&pi=24791792114&ct=blog-post&ccu=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe&cpi=24791792114&cgi=3737438004&lpi=24791792114&lvi=24791792114&lvc=en-us&pu=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-%2520Vertical%2520-%2520Tech%26utm_medium%3Demail%26_hsmi%3D91363000%26_hsenc%3Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%26utm_content%3D91363000%26utm_source%3Dhs_automation&t=Nexus+Intelligence+Insights%3A+CVE-2019-3773+Spring+Web+Services+XML+External+Entity+Injection+(XXE)&cts=1596818905564&vi=56fb664a9e8bbf2910b869edc7d409b2&nc=true&u=31049440.56fb664a9e8bbf2910b869edc7d409b2.1596818905556.1596818905556.1596818905556.1&b=31049440.1.1596818905556

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-ray: 5bf27c2fdf0dd6e1-FRA
date: Fri, 07 Aug 2020 16:48:25 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI CUR ADM OUR NOR STA NID"
status: 200
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/gif
content-length: 45
cf-request-id: 046b6bf1eb0000d6e19b88f200000001
x-robots-tag: none

GET
H2

200

tracking.png
tracking.leadlander.com/
Redirect Chain

https://tracking.leadlander.com/api/tracking?accountId=29592&page=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%...
https://tracking.leadlander.com/tracking.png

68 B
296 B

118ms
117ms

Image
image/png

3.85.187.26
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tracking.leadlander.com/tracking.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.85.187.26 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-85-187-26.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Aug 2020 16:48:26 GMT
last-modified: Wed, 26 Sep 2018 16:48:51 GMT
server: Kestrel
etag: "1d455b8cd761bc4"
strict-transport-security: max-age=2592000
content-type: image/png
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 68
expires: -1

Redirect headers

status: 302
date: Fri, 07 Aug 2020 16:48:25 GMT
server: Kestrel
access-control-allow-origin: *
location: /tracking.png
content-length: 0
strict-transport-security: max-age=2592000

GET
H2 200 index.html
js.driftt.com/deploy/assets/ Frame 431E 0
0 30ms
30ms Document
text/html 143.204.201.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/deploy/assets/index.html

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1596819000000/99hz8ezzd9gu.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

143.204.201.80 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-201-80.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: GET
:authority: js.driftt.com
:scheme: https
:path: /deploy/assets/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation

Response headers

status: 200
content-type: text/html; charset=utf-8
content-length: 894
server: nginx
last-modified: Tue, 28 Jul 2020 17:19:26 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 07 Aug 2020 16:48:25 GMT
etag: "b65e76115df2fda7a369b678f5a802f1"
cache-control: max-age=10
x-cache: Hit from cloudfront
via: 1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: JvcAqPVOYeZi5-9Rg9uKDFdUqwFmGIhLmdtSNf8usk7Eoeo1GQkpYw==

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 37 KB
12 KB 93ms
31ms Script
text/javascript 23.210.248.216
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-216.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 002c48ea2d8240fdaa8aff6669d375b9669154eb4de24941b6d5b7bf5a0ef97c

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: Zb6C4fSMrvxnY3zYZSxoxcYrLo4HNwNz
Content-Encoding: gzip
ETag: "1230cec869423cb838d86fce7119e0d5"
x-amz-request-id: CA99B680DCADAAAB
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 11756
x-amz-id-2: KVORhYNlg0ar+zshGf93T7yt6AH33cyhhJvHakW0RKIixWK7ExtVijtNpJDxxa6DP+zw5wLlyJw=
Last-Modified: Thu, 06 Aug 2020 19:42:37 GMT
Server: AmazonS3
Date: Fri, 07 Aug 2020 16:48:25 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 2 KB
1 KB 151ms
122ms XHR
application/json 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=1958393&utk=56fb664a9e8bbf2910b869edc7d409b2&__hstc=31049440.56fb664a9e8bbf2910b869edc7d409b2.1596818905556.1596818905556.1596818905556.1&__hssc=31049440.1.1596818905556&contentId=24791792114&currentUrl=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-%2520Vertical%2520-%2520Tech%26utm_medium%3Demail%26_hsmi%3D91363000%26_hsenc%3Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%26utm_content%3D91363000%26utm_source%3Dhs_automation

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

89f90b65baa6eafcad02f67b60fd1bb2c5d5476d123babb757dcfee229933e08

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:25 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: DYNAMIC
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-request-id: 046b6bf238000063d73390d200000001
x-robots-tag: none
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 180
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://blog.sonatype.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
cf-ray: 5bf27c305d6463d7-FRA
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/exp/
Redirect Chain

https://s.adroll.com/j/exp/LVE6K7UX6ZF3TJCF5YYLLW/index.js
https://s.adroll.com/j/exp/index.js

28 B
747 B

30ms
30ms

Script
application/javascript

23.210.248.216
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/exp/index.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-216.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: 2U8XMvdFINXJNFsilaXONuSvqmREKV3.
Content-Encoding: gzip
ETag: "5816cced8568d223aa09d889f300692b"
x-amz-request-id: 0A9DFB41B15EF3A2
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 48
x-amz-id-2: 9wtYzl8isf76a+KTcCc0hWCh/ZKrxXSL0KsmsoDDvS1VGgWl/GxdSe7DtPnOmbh4BH+84jF1nEY=
Last-Modified: Fri, 31 Jul 2020 16:11:15 GMT
Server: AmazonS3
Date: Fri, 07 Aug 2020 16:48:25 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

Date: Fri, 07 Aug 2020 16:48:25 GMT
Server: AkamaiGHost
Location: https://s.adroll.com/j/exp/index.js
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 0

GET
H/1.1 200
OK index.js Show response
s.adroll.com/j/pre/LVE6K7UX6ZF3TJCF5YYLLW/QDMEQXRCGJGFVFHP7PP7BL/ 0
773 B 97ms
36ms Script
text/javascript 23.210.248.216
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/LVE6K7UX6ZF3TJCF5YYLLW/QDMEQXRCGJGFVFHP7PP7BL/index.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-216.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: N9EfwgZogmtZJl_raArljicEVT2EAoaY
Content-Encoding: gzip
ETag: "d41d8cd98f00b204e9800998ecf8427e"
x-amz-request-id: 989593C555B4201F
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
x-amz-id-2: ot4ZuXU1BvRhzfliHAt27/QTAWJmcj8huxRgLajiNd+kR4nZsVfptQsqpq1hY5yqTvf3UpqNYm8=
Last-Modified: Thu, 06 Aug 2020 21:55:44 GMT
Server: AmazonS3
Date: Fri, 07 Aug 2020 16:48:25 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2

200

/ Show response
d.adroll.com/consent/check/LVE6K7UX6ZF3TJCF5YYLLW/
Redirect Chain

https://d.adroll.mgr.consensu.org/consent/iabcheck/LVE6K7UX6ZF3TJCF5YYLLW?_s=5454b670295ff9a612fb20165339f577&_b=2
https://d.adroll.com/consent/check/LVE6K7UX6ZF3TJCF5YYLLW/?_s=5454b670295ff9a612fb20165339f577&_b=2

395 B
863 B

49ms
48ms

Script
application/javascript

54.171.23.184
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/LVE6K7UX6ZF3TJCF5YYLLW/?_s=5454b670295ff9a612fb20165339f577&_b=2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.171.23.184 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-171-23-184.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 2c80023d1ef36c465c5d92601b88d86c65c53a1ce98c75a1935874145c67ec7f

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Aug 2020 16:48:25 GMT
server: nginx/1.16.1
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status: 200
cache-control: no-store, no-cache, must-revalidate
content-type: application/javascript
content-length: 395

Redirect headers

status: 302
date: Fri, 07 Aug 2020 16:48:25 GMT
server: nginx/1.16.1
content-length: 105
location: https://d.adroll.com/consent/check/LVE6K7UX6ZF3TJCF5YYLLW/?_s=5454b670295ff9a612fb20165339f577&_b=2

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
129 B 27ms
26ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=16&fi=e64017fd-ac75-45d8-b395-0e8b4333e9b8&lfi=616586&ft=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2017058934&v=1.1&a=1958393&pi=24791792114&ct=blog-post&ccu=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe&cpi=24791792114&cgi=3737438004&lpi=24791792114&lvi=24791792114&lvc=en-us&pu=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-%2520Vertical%2520-%2520Tech%26utm_medium%3Demail%26_hsmi%3D91363000%26_hsenc%3Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%26utm_content%3D91363000%26utm_source%3Dhs_automation&t=Nexus+Intelligence+Insights%3A+CVE-2019-3773+Spring+Web+Services+XML+External+Entity+Injection+(XXE)&cts=1596818905782&vi=56fb664a9e8bbf2910b869edc7d409b2&nc=true&u=31049440.56fb664a9e8bbf2910b869edc7d409b2.1596818905556.1596818905556.1596818905556.1&b=31049440.1.1596818905556

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-ray: 5bf27c3129f0d6e1-FRA
date: Fri, 07 Aug 2020 16:48:25 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI CUR ADM OUR NOR STA NID"
status: 200
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/gif
content-length: 45
cf-request-id: 046b6bf2b80000d6e19b89f200000001
x-robots-tag: none

GET
H/1.1

200
OK

PTFIWYGLSFCADG2J2CU4GM.js Show response
s.adroll.com/pixel/LVE6K7UX6ZF3TJCF5YYLLW/QDMEQXRCGJGFVFHP7PP7BL/
Redirect Chain

https://d.adroll.com/pixel/LVE6K7UX6ZF3TJCF5YYLLW/QDMEQXRCGJGFVFHP7PP7BL?adroll_fpc=3b3c8845b2a55f0b9d35690d0f9bbba5-1596818905910&arrfrr=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-...
https://s.adroll.com/pixel/LVE6K7UX6ZF3TJCF5YYLLW/QDMEQXRCGJGFVFHP7PP7BL/PTFIWYGLSFCADG2J2CU4GM.js

4 KB
2 KB

230ms
230ms

Script
text/javascript

23.210.248.216
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/pixel/LVE6K7UX6ZF3TJCF5YYLLW/QDMEQXRCGJGFVFHP7PP7BL/PTFIWYGLSFCADG2J2CU4GM.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-216.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: ece2d3180e02e1d91f51a9c97a44bc2871520563e3b8614da76aec249309678f

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: aiJNCJSR1XmQU8E3D0d7Q.K0L_5cvwh3
Content-Encoding: gzip
ETag: "fd38ac7e407e286614cefe041b71cfb8"
x-amz-request-id: 76F7953F50F37B87
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 1568
x-amz-id-2: wYHx3cdcHxKRYuZNknwoJEgsyDJ/yezHwAzT3zNIFduz7JqL8nwFowua8mr5/2aNCr7o3M7bwJA=
Last-Modified: Wed, 29 Jul 2020 15:16:12 GMT
Server: AmazonS3
Date: Fri, 07 Aug 2020 16:48:26 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

date: Fri, 07 Aug 2020 16:48:25 GMT
x-segment-display-name: Visitors to Unsegmented Pages
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status: 302
content-length: 0
pragma: no-cache
x-conversion-value: 0.00
server: nginx/1.16.1
x-rule: *
x-segment-eid: PTFIWYGLSFCADG2J2CU4GM
location: https://s.adroll.com/pixel/LVE6K7UX6ZF3TJCF5YYLLW/QDMEQXRCGJGFVFHP7PP7BL/PTFIWYGLSFCADG2J2CU4GM.js
cache-control: no-store, no-cache, must-revalidate
x-pixel-eid: QDMEQXRCGJGFVFHP7PP7BL
x-segment-name: *
x-advertisable-eid: LVE6K7UX6ZF3TJCF5YYLLW
x-conversion-currency

GET
H2 200 1479750265647525 Show response
connect.facebook.net/signals/config/ 524 KB
133 KB 219ms
218ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1479750265647525?v=2.9.23&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f67c0fcf2a2fd48858963ebb03196b6377fc453445ad424d4ab54453a4e5b5f7

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: tPeLfJMhBFARvkObNhT6tZTzXrAPvYTTuzOKl362JAepfHxeYQjZPjNQjoxgSWnKwnAni0xq1luF4yST5Xs2Mw==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Fri, 07 Aug 2020 16:48:26 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1

204
No Content

sync
ups.analytics.yahoo.com/ups/55980/
Redirect Chain

https://d.adroll.com/cm/aol/out?adroll_fpc=3b3c8845b2a55f0b9d35690d0f9bbba5-1596818905910&arrfrr=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xx...
https://pixel.advertising.com/ups/55980/sync?uid=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM&_origin=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
https://pixel.advertising.com/ups/55980/sync?uid=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM&_origin=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&verify=true
https://ups.analytics.yahoo.com/ups/55980/sync?uid=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM&_origin=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UPd05618b8-d8cd-11ea-911c-02...

0
977 B

76ms
26ms

Image
text/plain

3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55980/sync?uid=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM&_origin=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UPd05618b8-d8cd-11ea-911c-0224bce09244

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

ATS/7.1.2.113 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 07 Aug 2020 16:48:26 GMT
Server: ATS/7.1.2.113
Connection: keep-alive
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

status: 302
date: Fri, 07 Aug 2020 16:48:26 GMT
location: https://ups.analytics.yahoo.com/ups/55980/sync?uid=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM&_origin=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UPd05618b8-d8cd-11ea-911c-0224bce09244
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/
Redirect Chain

https://d.adroll.com/cm/index/out?adroll_fpc=3b3c8845b2a55f0b9d35690d0f9bbba5-1596818905910&arrfrr=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-...
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM&expiration=1628354906
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM&expiration=1628354906&C=1

43 B
1003 B

38ms
37ms

Image
image/gif

23.210.249.164
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM&expiration=1628354906&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.164 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-249-164.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 07 Aug 2020 16:48:26 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 07 Aug 2020 16:48:26 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 07 Aug 2020 16:48:26 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM&expiration=1628354906&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 333
Expires: Fri, 07 Aug 2020 16:48:26 GMT

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/
Redirect Chain

https://d.adroll.com/cm/n/out?adroll_fpc=3b3c8845b2a55f0b9d35690d0f9bbba5-1596818905910&arrfrr=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%...
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM&expires=365

42 B
796 B

102ms
26ms

Image
image/gif

69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM&expires=365
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 42
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 07 Aug 2020 16:48:26 GMT
server: nginx/1.16.1
status: 302
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM&expires=365
cache-control: no-store, no-cache, must-revalidate
content-length: 124

GET
H/1.1

200
OK

cookie-sync
sync.outbrain.com/
Redirect Chain

https://d.adroll.com/cm/outbrain/out?adroll_fpc=3b3c8845b2a55f0b9d35690d0f9bbba5-1596818905910&arrfrr=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injecti...
https://sync.outbrain.com/cookie-sync?p=adroll&uid=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM
https://sync.outbrain.com/cookie-sync?p=adroll&uid=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM&rdrctExp=true

0
475 B

114ms
114ms

Image
text/plain

64.202.112.95
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.outbrain.com/cookie-sync?p=adroll&uid=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM&rdrctExp=true
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.95 , United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 07 Aug 2020 16:48:26 GMT
Cache-Control: no-cache
X-TraceId: 35ff7b7f43248c84c64ea2fa96c4e35c
Content-Length: 0

Redirect headers

Location: https://sync.outbrain.com/cookie-sync?p=adroll&uid=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM&rdrctExp=true
Date: Fri, 07 Aug 2020 16:48:26 GMT
X-TraceId: e01e82f5d67ea0899f91851bc2b4a317
Content-Length: 0

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/
Redirect Chain

https://d.adroll.com/cm/pubmatic/out?adroll_fpc=3b3c8845b2a55f0b9d35690d0f9bbba5-1596818905910&arrfrr=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injecti...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM&gdpr=0&gdpr_consent=BOOoKswOOoKswA2ABBENA...

1 B
886 B

120ms
30ms

Image
text/html

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM&gdpr=0&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Fri, 07 Aug 2020 16:48:26 GMT
X-lat: Pug22059:0:339
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: text/html; charset=utf-8
Content-Length: 1

Redirect headers

pragma: no-cache
date: Fri, 07 Aug 2020 16:48:26 GMT
server: nginx/1.16.1
status: 302
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM&gdpr=0&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
cache-control: no-store, no-cache, must-revalidate
content-length: 220

GET
H2

200

in
d.adroll.com/cm/r/
Redirect Chain

https://d.adroll.com/cm/r/out?adroll_fpc=3b3c8845b2a55f0b9d35690d0f9bbba5-1596818905910&arrfrr=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%...
https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
https://d.adroll.com/cm/r/in?xid=E0&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

42 B
500 B

47ms
47ms

Image
image/gif

54.171.23.184
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/r/in?xid=E0&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.171.23.184 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-171-23-184.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Aug 2020 16:48:26 GMT
server: nginx/1.16.1
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status: 200
cache-control: no-store, no-cache, must-revalidate
content-type: image/gif
content-length: 42

Redirect headers

date: Fri, 07 Aug 2020 16:48:26 GMT
referrer-policy: no-referrer-when-downgrade
server: ATS
age: 0
status: 302
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
p3p: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
location: https://d.adroll.com/cm/r/in?xid=E0&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff

GET
H2

204

rtb-h
sync.taboola.com/sg/adroll-network/1/
Redirect Chain

https://d.adroll.com/cm/taboola/out?adroll_fpc=3b3c8845b2a55f0b9d35690d0f9bbba5-1596818905910&arrfrr=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injectio...
https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM

0
219 B

133ms
35ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
tbl-x-upstream: 10.40.0.111:10213
date: Fri, 07 Aug 2020 16:48:26 GMT
server: nginx
x-fastly-to-nlb-rtt: 18537

Redirect headers

pragma: no-cache
date: Fri, 07 Aug 2020 16:48:26 GMT
server: nginx/1.16.1
status: 302
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM
cache-control: no-store, no-cache, must-revalidate
content-length: 111

GET
H2

200

xuid
eb2.3lift.com/
Redirect Chain

https://d.adroll.com/cm/triplelift/out?adroll_fpc=3b3c8845b2a55f0b9d35690d0f9bbba5-1596818905910&arrfrr=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injec...
https://eb2.3lift.com/xuid?mid=4714&xuid=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM&dongle=c85e
https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=

37 B
352 B

24ms
24ms

Image
image/gif

52.59.125.145
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.59.125.145 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-59-125-145.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Fri, 07 Aug 2020 16:48:26 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

status: 302
date: Fri, 07 Aug 2020 16:48:26 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
location: /xuid?ld=1&mid=4714&xuid=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

200

sync
x.bidswitch.net/ul_cb/
Redirect Chain

https://d.adroll.com/cm/b/out?adroll_fpc=3b3c8845b2a55f0b9d35690d0f9bbba5-1596818905910&arrfrr=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%...
https://x.bidswitch.net/sync?dsp_id=44&user_id=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM

43 B
412 B

26ms
26ms

Image
image/gif

52.59.50.21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.59.50.21 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Fri, 07 Aug 2020 16:48:26 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 43
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Redirect headers

status: 302
date: Fri, 07 Aug 2020 16:48:26 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
location: https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1

200
OK

bounce
ib.adnxs.com/
Redirect Chain

https://d.adroll.com/cm/x/out?adroll_fpc=3b3c8845b2a55f0b9d35690d0f9bbba5-1596818905910&arrfrr=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%...
https://ib.adnxs.com/setuid?entity=172&code=ZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM

43 B
1 KB

26ms
26ms

Image
image/gif

37.252.172.36
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.36 , Ascension Island, ASN29990 (ASN-APPNEX, US),

Reverse DNS

692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 07 Aug 2020 16:48:26 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 692.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.239:80
AN-X-Request-Uuid: 25afaf88-2dc2-4ef1-9964-4ef3c87f4a39
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 07 Aug 2020 16:48:26 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 692.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.51:80
AN-X-Request-Uuid: e9338914-3420-47dc-90d6-1e2da5619b3c
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DZjQyZmZiYzZjOGNiZmE4NzVlMGZmOGEzY2YzOTFmMzM
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

451

377928.gif
idsync.rlcdn.com/
Redirect Chain

https://d.adroll.com/cm/l/out?adroll_fpc=3b3c8845b2a55f0b9d35690d0f9bbba5-1596818905910&arrfrr=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%...
https://idsync.rlcdn.com/377928.gif?partner_uid=f42ffbc6c8cbfa875e0ff8a3cf391f33

0
66 B

166ms
129ms

Image
text/plain

35.244.245.222
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/377928.gif?partner_uid=f42ffbc6c8cbfa875e0ff8a3cf391f33
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.245.222 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 222.245.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 451
date: Fri, 07 Aug 2020 16:48:26 GMT
via: 1.1 google
alt-svc: clear
content-length: 0

Redirect headers

pragma: no-cache
date: Fri, 07 Aug 2020 16:48:26 GMT
server: nginx/1.16.1
status: 302
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://idsync.rlcdn.com/377928.gif?partner_uid=f42ffbc6c8cbfa875e0ff8a3cf391f33
cache-control: no-store, no-cache, must-revalidate
content-length: 86

GET
H2

200

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://d.adroll.com/cm/o/out?adroll_fpc=3b3c8845b2a55f0b9d35690d0f9bbba5-1596818905910&arrfrr=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%...
https://us-u.openx.net/w/1.0/sd?id=537103138&val=f42ffbc6c8cbfa875e0ff8a3cf391f33
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=f42ffbc6c8cbfa875e0ff8a3cf391f33

43 B
180 B

34ms
34ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=f42ffbc6c8cbfa875e0ff8a3cf391f33
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.191.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Aug 2020 16:48:26 GMT
via: 1.1 google
server: OXGW/16.191.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
status: 200
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date: Fri, 07 Aug 2020 16:48:26 GMT
via: 1.1 google
server: OXGW/16.191.0
status: 302
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=f42ffbc6c8cbfa875e0ff8a3cf391f33
alt-svc: clear
content-length: 0

GET
H2

200

in
d.adroll.com/cm/g/
Redirect Chain

https://d.adroll.com/cm/g/out?adroll_fpc=3b3c8845b2a55f0b9d35690d0f9bbba5-1596818905910&arrfrr=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%...
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=9C_7xsjL-odeD_ijzzkfMw
https://d.adroll.com/cm/g/in

42 B
537 B

47ms
47ms

Image
image/gif

54.171.23.184
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/g/in
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.171.23.184 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-171-23-184.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Aug 2020 16:48:26 GMT
server: nginx/1.16.1
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status: 200
cache-control: no-store, no-cache, must-revalidate
content-type: image/gif
content-length: 42
x-result: g.-1.-1.-1

Redirect headers

pragma: no-cache
date: Fri, 07 Aug 2020 16:48:26 GMT
server: HTTP server (unknown)
status: 302
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://d.adroll.com/cm/g/in
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 225
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
146 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1479750265647525&ev=PageView&dl=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-%2520Vertical%2520-%2520Tech%26utm_medium%3Demail%26_hsmi%3D91363000%26_hsenc%3Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%26utm_content%3D91363000%26utm_source%3Dhs_automation&rl=&if=false&ts=1596818906479&cd[segment_eid]=4PERHCP2IZA7LNFCNCZXO7%2C6PRNNFHD45DBNGXFGKQNJK%2C6SIOFOXTWFFCXAG775ZG5Y%2CPTFIWYGLSFCADG2J2CU4GM&sw=1600&sh=1200&v=2.9.23&r=stable&ec=0&o=29&fbp=fb.1.1596818904198.1492440695&it=1596818903898&coo=false&dpo=LDU&dpoco=0&dpost=0&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:26 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 07 Aug 2020 16:48:26 GMT

GET
H2 200 SON_logo_main_vertical@2x.png
www.sonatype.com/hubfs/ 15 KB
16 KB 40ms
39ms Image
image/webp 2606:4700::6811:73b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.sonatype.com/hubfs/SON_logo_main_vertical@2x.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:73b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9f4f65338171f98928573d861d0112815164712ce5852f350815a5be38777721

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:26 GMT
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-8394970578,P-1958393,FLS-ALL
age: 152820
cf-polished: origFmt=png, origSize=36710
edge-cache-tag: F-8394970578,P-1958393,FLS-ALL
status: 200
content-disposition: inline; filename="SON_logo_main_vertical@2x.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 7
x-amz-request-id: 8V5Y4X1KFK9SCQAW
cf-request-id: 046b6bf69e00009ab69c01d200000001
x-cache: Miss from cloudfront
accept-ranges: bytes
last-modified: Mon, 25 Mar 2019 18:33:44 GMT
server: cloudflare
etag: "ffe124164081e47b0202badee0bbaa0d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
x-amz-id-2: sC1fDsDu1ZZZlPoYf1j87v0IUkR6gaTrTzIC+u5v6wjRPbiiIrSEDVlTCqoa08V0LI9ADN9/eL4=
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: MnUHUcTCjQTgMJ0Keljxf8w4xRW1J_86
x-amz-cf-pop: FRA50-C1
content-length: 15624
cf-ray: 5bf27c376cce9ab6-FRA
x-amz-cf-id: cTn8ezBaOgGGC9SzXbbM7_jHSlvSTCEtgl9DbPfXRTU_wmLgfm3pBA==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 7

POST
H2 200 perf Show response
blog.sonatype.com/_hcms/ 2 B
411 B 145ms
145ms XHR
text/plain 2606:4700::6811:74b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.sonatype.com/_hcms/perf
Requested by: Host: blog.sonatype.com
URL: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:74b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: application/json

Response headers

cf-ray: 5bf27c4268f0635f-FRA
date: Fri, 07 Aug 2020 16:48:28 GMT
cf-cache-status: DYNAMIC
server: cloudflare
x-trace: 2B2446FEBE3CFB7ADDCF91E40E440605E689D99769000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/plain; charset=utf-8
status: 200
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
content-length: 2
cf-request-id: 046b6bfd7e0000635f183ac200000001

GET
H2 200 SON_logo_main_vertical@2x.png
www.sonatype.com/hubfs/ 15 KB
16 KB 28ms
27ms Image
image/webp 2606:4700::6811:73b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.sonatype.com/hubfs/SON_logo_main_vertical@2x.png
Requested by: Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:73b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9f4f65338171f98928573d861d0112815164712ce5852f350815a5be38777721

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 07 Aug 2020 16:48:32 GMT
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-meta-cache-tag: F-8394970578,P-1958393,FLS-ALL
age: 152826
cf-polished: origFmt=png, origSize=36710
edge-cache-tag: F-8394970578,P-1958393,FLS-ALL
status: 200
content-disposition: inline; filename="SON_logo_main_vertical@2x.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 7
x-amz-request-id: 8V5Y4X1KFK9SCQAW
cf-request-id: 046b6c0e1600009ab69c118200000001
x-cache: Miss from cloudfront
accept-ranges: bytes
last-modified: Mon, 25 Mar 2019 18:33:44 GMT
server: cloudflare
etag: "ffe124164081e47b0202badee0bbaa0d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
content-type: image/webp
x-amz-id-2: sC1fDsDu1ZZZlPoYf1j87v0IUkR6gaTrTzIC+u5v6wjRPbiiIrSEDVlTCqoa08V0LI9ADN9/eL4=
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: MnUHUcTCjQTgMJ0Keljxf8w4xRW1J_86
x-amz-cf-pop: FRA50-C1
content-length: 15624
cf-ray: 5bf27c5cfb189ab6-FRA
x-amz-cf-id: cTn8ezBaOgGGC9SzXbbM7_jHSlvSTCEtgl9DbPfXRTU_wmLgfm3pBA==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 7

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
257 B 37ms
36ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=e64017fd-ac75-45d8-b395-0e8b4333e9b8&lfi=616586&ft=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2017058934&v=1.1&a=1958393&pi=24791792114&ct=blog-post&ccu=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe&cpi=24791792114&cgi=3737438004&lpi=24791792114&lvi=24791792114&lvc=en-us&pu=https%3A%2F%2Fblog.sonatype.com%2Fcve-2019-3773-spring-web-services-xml-external-entity-injection-xxe%3Futm_campaign%3DQ2%25202020%2520-%2520Vertical%2520-%2520Tech%26utm_medium%3Demail%26_hsmi%3D91363000%26_hsenc%3Dp2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw%26utm_content%3D91363000%26utm_source%3Dhs_automation&t=Nexus+Intelligence+Insights%3A+CVE-2019-3773+Spring+Web+Services+XML+External+Entity+Injection+(XXE)&cts=1596818912792&vi=56fb664a9e8bbf2910b869edc7d409b2&nc=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.sonatype.com/cve-2019-3773-spring-web-services-xml-external-entity-injection-xxe?utm_campaign=Q2%202020%20-%20Vertical%20-%20Tech&utm_medium=email&_hsmi=91363000&_hsenc=p2ANqtz-_fxMOLdbuC4hWqzSc8HH9x8dfYPBYNRSTe8Hk7AklKRVYzOcdw86GkHYvrxEr4EwjTZpVJEXgFFaS49_QXoF1qq2dMfw&utm_content=91363000&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-ray: 5bf27c5cf947d6e1-FRA
date: Fri, 07 Aug 2020 16:48:32 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI CUR ADM OUR NOR STA NID"
status: 200
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/gif
content-length: 45
cf-request-id: 046b6c0e1b0000d6e19ba60200000001
x-robots-tag: none

Verdicts & Comments Add Verdict or Comment

170 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

19 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.sonatype.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.sonatype.com/	1970-01-19 20:55:14	Name: hubspotutk Value: 56fb664a9e8bbf2910b869edc7d409b2
.sonatype.com/	1970-01-19 20:55:14	Name: __hstc Value: 31049440.56fb664a9e8bbf2910b869edc7d409b2.1596818905556.1596818905556.1596818905556.1
.sonatype.com/	1970-01-19 11:33:38	Name: _gat_UA-1693297-38 Value: 1
.sonatype.com/	1970-01-19 11:33:38	Name: _gat_UA-137036301-1 Value: 1
.google.com/	1970-01-19 15:57:10	Name: NID Value: 204=DGecC2yjYSjwRtbkRKj9JlTbKVMHCmXRDQ8z6waaGQweLNUxHpQxcuRX4cwkcSomQTOOPUStHdQJzZklWg1MTvM7nkXZvZ_BITXiUJjsiTDpQKHpjZYH1JBf-RybGqfOO5fM3evDTJZgtw6xepvkHnisXpJvxutVbe17Huc4xtA
.sonatype.com/	1970-01-20 05:04:50	Name: _ga Value: GA1.2.1241948883.1596818904
.sonatype.com/	1970-01-19 11:33:38	Name: _gat_sonatypeDemandbaseTracker02012017 Value: 1
.sonatype.com/	1970-01-19 11:33:38	Name: _gat_UA-1693297-29 Value: 1
.sonatype.com/	1970-01-19 11:35:05	Name: _gid Value: GA1.2.38960446.1596818904
blog.sonatype.com/	1970-01-20 05:04:50	Name: driftt_aid Value: 809a8534-a0ef-4e9c-b853-1d1c70b9b0d4
.sonatype.com/	1970-01-19 13:43:14	Name: _fbp Value: fb.1.1596818904198.1492440695
.twitter.com/	1970-01-20 05:04:50	Name: personalization_id Value: "v1_XPsQt3IjmbBnEab3otNnNA=="
.sonatype.com/	1970-01-19 11:33:40	Name: __hssc Value: 31049440.1.1596818905556
.blog.sonatype.com/	1970-01-19 13:43:14	Name: _rdt_uuid Value: 1596818903977.79a6d7c3-f6fc-4ecd-bbfe-8a95b951fa41
.sonatype.com/	1970-01-19 11:33:38	Name: _gat_gtag_UA_137036301_1 Value: 1
.sonatype.com/	1970-01-19 11:33:38	Name: _gat_cdt Value: 1
.blog.sonatype.com/	1969-12-31 23:59:59	Name: __cfruid Value: 6f2ef77db21117f0ec6beed90761ed0c3bad1298-1596818902
.blog.sonatype.com/	1970-01-19 12:16:50	Name: __cfduid Value: dea1f2f9bdefb891ad2531e6a73130be51596818902

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	debug	URL: https://www.sonatype.com/e2t/tc/VWq2zw3xkrl3W1XHxQG7fM-ttW3QbRmh4dsJgMN4dVQ9Z5nxG7V3Zsc37CgZj_W3Bm5vx8kJrw0W725HLB8ZqcybVqKf288-0zHvW2Cyk5m4pVxRvW16YS5r3xPfjlW41gZXs1_3gnSW8Zp-lw28wPFhN1LSGyXNDNqrW7X3XP81dMThmVScJ637qwBHlV70Mwl7D-T2ZN6ptmqHR4dBPW88sFny3GFHfVW5sNdzj8N1ksPW6PQrtG19z67tW6_tKss3dRxD5W1cb2lC5KYgDbW4D5v5F1wM1vLW7KpNJv5TKDz6W8ZlSSG56c_R4W1VGxy52RlrykW7hSg0Z3t0FY_W5WFkzN6KCl7XW5KZJsT6SMGC9W7z8R_08MXxPmW8wmdMh78fdxSW973Hpt86fj1TW8938h84F0HNPMyfx-qmMqVMW7gnnkD7N1JQwN3vFDYldYPZDW6CQFzR653zxS36621(Line 13) Message: toS
console-api	warning	URL: https://consent.cookiebot.com/uc.js(Line 1) Message: WARNING: Cookiebot script is included twice - please remove one instance to avoid unexpected results.
console-api	warning	URL: https://consent.cookiebot.com/9958dd21-8504-4dbf-8e2f-e736792a6843/cc.js?renew=false&referer=blog.sonatype.com&dnt=false&forceshow=false&cbid=9958dd21-8504-4dbf-8e2f-e736792a6843&whitelabel=false&brandid=Cookiebot&framework=(Line 1) Message: Error: BLOG.SONATYPE.COM is not a valid domain. Please add it to the cookie consent manager to authorize the domain.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.yahoo.com
alb.reddit.com
analytics.twitter.com
api.company-target.com
api.hubapi.com
app.hubspot.com
apt.techtarget.com
blog.sonatype.com
cdn2.hubspot.net
cm.g.doubleclick.net
connect.facebook.net
consent.cookiebot.com
consentcdn.cookiebot.com
d.adroll.com
d.adroll.mgr.consensu.org
dsum-sec.casalemedia.com
eb2.3lift.com
fonticons-free-fonticons.netdna-ssl.com
forms.hubspot.com
googleads.g.doubleclick.net
ib.adnxs.com
idsync.rlcdn.com
js.driftt.com
js.hs-analytics.net
js.hs-banner.com
js.hsleadflows.net
match.prod.bidr.io
p.typekit.net
perf.hsforms.com
pixel.advertising.com
pixel.rubiconproject.com
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
s.adroll.com
scripts.demandbase.com
segments.company-target.com
simage2.pubmatic.com
snap.licdn.com
static.ads-twitter.com
stats.g.doubleclick.net
sync.outbrain.com
sync.taboola.com
t.co
t.sf14g.com
tag.demandbase.com
track.hubspot.com
tracking.leadlander.com
trk.techtarget.com
ups.analytics.yahoo.com
us-u.openx.net
use.fonticons.com
use.typekit.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
www.redditstatic.com
www.sonatype.com
x.bidswitch.net
104.244.42.131
104.244.42.197
108.161.188.228
141.226.228.48
143.204.201.111
143.204.201.47
143.204.201.79
143.204.201.80
151.101.112.157
151.139.128.11
152.199.19.77
163.171.132.119
172.217.23.130
18.197.47.23
185.64.189.110
199.232.53.140
206.19.49.24
23.210.248.216
23.210.249.164
2606:2800:234:59:254c:406:2366:268c
2606:4700::6810:5605
2606:4700::6811:47b0
2606:4700::6811:73b4
2606:4700::6811:74b4
2606:4700::6811:cacc
2606:4700::6811:e9cc
2606:4700::6811:f0cc
2606:4700::6812:14bf
2606:4700::6813:9a53
2606:4700::6813:9b53
2620:1ec:21::14
2a00:1288:f03d:1fa::2000
2a00:1450:4001:800::2003
2a00:1450:4001:814::200e
2a00:1450:4001:815::2008
2a00:1450:4001:81c::2002
2a00:1450:4001:81c::2004
2a00:1450:4001:81d::2003
2a00:1450:400c:c00::9a
2a01:4a0:1338:28::c38a:ff08
2a01:4a0:1338:28::c38a:ff0b
2a02:26f0:6c00:196::19fd
2a02:26f0:6c00::210:bb40
2a02:26f0:f1:29c::25ea
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a05:f500:11:101::b93f:9005
3.126.56.137
3.85.187.26
34.230.159.139
34.98.64.218
35.244.245.222
37.252.172.36
52.215.1.63
52.59.125.145
52.59.50.21
54.171.23.184
64.202.112.95
69.173.144.165
002c48ea2d8240fdaa8aff6669d375b9669154eb4de24941b6d5b7bf5a0ef97c
05bb75a7fe65fa8c26a10b4b0ef0f404b9b079a198cf08da345fd2448533d36f
082b0736a3408950e50fd65a090921003fe83d89ec6e3084549a01d5dfa9e854
0ba02b924fc5beeb370ed64d478401e94a513e970cac2c46266c708348135cf2
0c459beae849053d9104612c83a2746c3953c9d6f703eb927e5903842c6db4c5
0dd8e3c80fde83e3490dfc7c73960f19a751419aa0ac6d6f96f1d804fe0e5329
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
115231f0d0e93a1c7efbc820a64d2101040d8a134a515417d801c20be8c31fdb
117287a4234991e45089e34c6ce80ad952f39fa444ff8fac8db4c535db2980d9
150e82b12b009933ef92a8eda78723cadbd1e7d325946825aa3dc9a35098e408
1a2684adb4b431902ef03f7959757f5163ed2ddc548e216654fa7858b1f4fd9b
1bd7c3200bda02262090f6ca46a5928d152bfdd6201ab98f4041f9d3c2447167
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1e0c082f8f5ea340d2efba890eb6d39f2c589448c58d36fdb57d9f85b41aae9f
201cbae3717eaa34fa9ab55208bc0831fbb3df26e1569a62df1f2eca6e992483
21c9c7889404394d4e4c780022b56b5fa39e83b19c34eb0508561a115a1dcc6a
2bca82984ed34947c37db3ca8db65f325c0258d889585da1f8ea3bf93dc86566
2c80023d1ef36c465c5d92601b88d86c65c53a1ce98c75a1935874145c67ec7f
2d63b8ad7966c80ce51051da38da14f52b99cfb019aec650b2437fc74fac1560
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
3180b6c16241857feaf47eb5781e8f936d82069ae80569ced4f8cab9170d03dc
3216a0741ab2371f6d6f5c53639bcd5326971922e9501167e290f13dc4fa3133
322fbf5d2b4cd2a962a60d5eaf13c10c6c75936efef4494d3031a74be6ba66d4
3352bb7979e07e742c20a17832dbfc879c2bab9a30aaa9258856825a44e871c3
341a4d40ad1b2560db940f906716d0e9539d4c0785399d7e0348fd0d3af00170
38ec705f9642676c192509dd2d75c32126fa2a473ec3b4b6642d34727b547680
392a5d5951384a53c04191fe9d06ad5b5f802e9070428ffd1504dc8c4ddb1bbf
39ab7ccd9f4e82579da78a9241265df288d8eb65dbbd7cf48aed2d0129887df5
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
4a2921914887f9a0fbc60aa534291d9c2cfdda2d1340d0236cf0fa653a2886cb
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e57bed5ad74d01e390c6c88cff69a8a573c8d08a127f4dfe8fc80f397504d51
51233b06e111cf3fc385c6384f50f85a0ce5073dbca7044bc421685fdd69055c
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
549bf3e4406e886adc00448706a432b1c5633532df4098acc5235be3459da32d
557ad452a06d522c1a395625dad86562395f613b0e5be6d4d064227cba3177fc
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
57ef6096da778ae5c0e721d2681b4dcd8214ec18d74dd24c02eaa1532c74693f
5ca396b5b4e495fafd0df81ba632364598cd3e949e1439f42fa7932065090bf6
5ec90daa3bc33929e72db3347c4e9bf6831b8427d338edbb42efcc10b0b1060f
64839d62b73385831c6b04bae1c15bcc18efa87c7c10fda27290a1da053f9dad
649608e574d0bd7ea291196bc900c2001903ad5e188a3211d627c9940476c9fe
65d038a4f0c4243c9759b2eb09d74939db86f9d9f2266f31de66d99522e5e09d
66dfe73819ce6524eb90c7e5ee5cd24888e7bd3b10d913cd897b5851c7f3952b
687be205607d7985c36d90cacc8d60ef919a61bfc72c630cda50e90467b75879
691aac6e802ac9fd9a5e263b9d98db647773a7a8a2e9b26f64446fc328f25c56
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7
6adaf62612623c674af2f597baf83ffa56f157a9ab69346be7c11a9569fdebbc
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
7498e61a908ee51577d66d851bfb252765b7991614a0495618056f13823075ae
7c746ec617a393d32926056ad52d0069fa5ef72877ded40903ce0f5ebde49d97
7fc32dbd9d7ba36243de341ee5f34a64a9ae095afee6ada8ce1f3d14c22c1dfd
824ceac9db21564e212d611747805c4da1c06e4092ca746b5846e3bb83e14fd4
86ecafc33ecb5976760d6b5f13a2874525e3f4bfa8b12a0e14d6c98ae9e727cd
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd
893df2b9ceb653f94333139d561d363bf4c365e651a0a3ade839d96200942e37
89f90b65baa6eafcad02f67b60fd1bb2c5d5476d123babb757dcfee229933e08
8b51552f523ecd57ca4f82df5ab10610349f91cacb7c0f72d0290bed3cc37e4e
8c43537bea90c1c015a8dabf2b1f7718dac7a8734af4860b49cfdff999f303f2
92861ccd95894977f67967b2c673b19ac3079ce2ba73eb409560b08a2e756ec4
93e89f408fdf0e4815d897db24b13189298d5c4717598cea5dc40eeb1ddb8800
949e1fa3257c3858c76febfdec7cc3b47ac0fee3f877b2ca9b6450230ae7772c
968a8e56e4adaf8c135199ebd7f6cc065424ca45974d4dfbeb5607e69fe72fcd
97c3be20b681393948903dbc92d8765368bc27ec622af83f6c1910e38f2d9ddb
992657a4331a761df7c537cc556ca0b3e0cf22a7240b490cc5e4e20726b0f8c9
99689a358a697afb2b6bf4d3bba4626550ba00ceb973ff0ba5a401483361bfe2
9c74966498bd2a74ba2cf4fbcf0229ed6b161caf55f63c8fba4093286d7b8b54
9e66504dd819da89c8d4668a7c7433ddda8a957f79daf35393620ec0bf1e22ac
9f4f65338171f98928573d861d0112815164712ce5852f350815a5be38777721
a00c7f91f44ea4c1682000c7eaf09760f8058ea7be36659e8e5cedeccf471c3d
a9b2592827171b3ee8de574630542f1d9d60cbb7350b45478f1ea89171c250a7
a9d2e153861f6e5ba4b46024c013ae7765411ac3df1976d625c8a5e5dbd032b5
aa371b695a477025f6fd48693baea5a6ed0ff4eb71c5a660d854e543b2370013
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad38644084b555f852fca4c669d9545e9c8c2d5171750e3711840eb14b7f9362
ae270bcb50f2d50d85d66e5fa909ad765d6a899b387bb6508d3d3e94bad43ec1
b00f293c3285a01ee643cab82de73207181f75903bd29b69cb23283bc034b821
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b49b397871dff384aab300554a8f1745d86e020edd55dea9f1ad58209a1b7563
b65146efbf215157bd8e61525d194e8ff826a46a43f9d4fae1e7c35007051866
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb569351e01a343124bf4a87bc8348669a5850a82d9fff7d476372e22da386af
bc50bf49cbe79ee49b4ee8b56f26ff4877bc4945c16f260b1481ba2355c96347
bfae724b71eae0c03d30e4b23ce3c6bf2d97fc5a7027b52140e6cbbfd1ee4b88
c23ebf2c0ec8e37a6a0a179720c9763bf4e1f0ed993fe7d0ad41d4d9774fe957
c2c02e9614363683f8e388045ca9fd63a691125c5904c17ae76bb61994a46fda
c3a24ee554eac3f45e56c23dbd2c6a00823b4f98fff5cd252715d1f818142dad
c92b3367b5fe4043730b6978e65a2cfbe6c0fa7a2eeadf0e904435aa9354877f
cde7a1802fe1062fe828b9daf5e8549871590adba896f174b6a76a9bab3f1595
d027f0da6e5f7a5cc32b93a8e9ae9c4baf918c3ba0f2a0d7b642f7108510ea93
d4308de018a95634260c56b7806ed795a797b9352e36dc10ed3cfd8262fc39f3
d512f38537665079721a0c2fe5072f064c576142f8d14e72763ec86317e9d8e1
d836d81acb5d5e712c55c4f7911d93513fe1d7d0336353085aa5bd0f36b6998c
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
ddf85c0a55c7d03f4e3a1cce43da67eb89317d6ccf537a05135001d855c79d1c
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4efbe814bdddca4d0dc50ef08086a123871779d76cfa97f8712079622d7fe23
e53e650a83dbce1ab8d93c365299f2e8f5070c414c9ea302f2422ca65f5fdab4
e5abe4ca97f6099abf2cf40097a3b337e4061ce155260db4aed7c9cd082af796
e5ecdbc90af8bfb3668a0c3fa516f07bcc8164999ed71cae4d26c70013363487
e88e0ed354170d8b73435fadf714ab8fff7c00b985295495d146b5eb92dc3e50
e92604150abdd81a97593c4f8e4daa0a0271cf875df7d13241ec78e3530cc5c5
eb9998887acfe0796b1c599154d85671c0c0c79361c037167ac9c0f1a628ae18
ece2d3180e02e1d91f51a9c97a44bc2871520563e3b8614da76aec249309678f
ee5b5ee7a762f2962fb36c6a9596f7d2cb1d63390a0ec0b896a0b67c66ac21dd
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f11012e5e3747f466ce2728454400a8290652d65b0bdb83099f0b11f2e000208
f26d5485419f696dd0bf8a374a3635b75f47d9979055710718f9ba0638f4409c
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
f67c0fcf2a2fd48858963ebb03196b6377fc453445ad424d4ab54453a4e5b5f7
fa176af3695a7e918096d7d71a501167980482180f48dc0e4515855901b42969
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955
feace6c3437c1fd3fb2c1d9617417be4a14e06016b0675e09709ee6065e5bb2b
ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995

blog.sonatype.com Open in urlscan Pro 2606:4700::6811:74b4 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

152 Requests

100 %HTTPS

47 %IPv6

49 Domains

64 Subdomains

54 IPs

7 Countries

4827 kBTransfer

8817 kBSize

19 Cookies

67 Outgoing links

Page URL History

Redirected requests

152 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

blog.sonatype.com Open in urlscan Pro
2606:4700::6811:74b4 Public Scan

Screenshot
Live screenshot

Full Image

152
Requests

100 %
HTTPS

47 %
IPv6

49
Domains

64
Subdomains

54
IPs

7
Countries

4827 kB
Transfer

8817 kB
Size

19
Cookies

152 HTTP transactions
0 data transactions