Spurtcommerce Dev Team is Live on Discord for instant support

dimg1 dimg2 dimg3 dimg4 dimg5 dimg0
white-mask Connect Now cls
×

Implemented the best Security measures for ensuring 100 % Security.

eCommerce Platforms are prone to vulnerabilities? Absolutely No. Our Testing Team has completely tested the application against all potential attacks.

Technology Security Performance Unit Test Report E2E Test Report Vulnerability Test Report Functional Test Report

Spurt store report

This is a spurtcommerce store security test report

Sites: https://image.spurtcart.com https://cdn.plot.ly https://fonts.gstatic.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdn.ckeditor.com https://cdnjs.cloudflare.com http://43.204.203.77 https://tracking-protection.cdn.mozilla.net https://content-signature-2.cdn.mozilla.net https://shavar.services.mozilla.com https://firefox.settings.services.mozilla.com http://detectportal.firefox.com https://location.services.mozilla.com https://www2.bing.com https://edgeservices.bing.com https://edgeassetservice.azureedge.net https://edge.microsoft.com https://go.microsoft.com

Generated on Thu, 13 Apr 2023 14:41:16

Summary of Alerts

Risk Level Number of Alerts
High
0
Medium
7
Low
12
Informational
8
False Positives:
0

Alerts

Name Risk Level Number of Instances
Application Error Disclosure Medium 2
CSP: Wildcard Directive Medium 2
CSP: style-src unsafe-inline Medium 2
Content Security Policy (CSP) Header Not Set Medium 4
Cross-Domain Misconfiguration Medium 153
Missing Anti-clickjacking Header Medium 5
Vulnerable JS Library Medium 2
Cookie No HttpOnly Flag Low 9
Cookie Without Secure Flag Low 4
Cookie with SameSite Attribute None Low 11
Cookie without SameSite Attribute Low 4
Cross-Domain JavaScript Source File Inclusion Low 3
Information Disclosure - Debug Error Messages Low 3
Private IP Disclosure Low 1
Server Leaks Version Information via "Server" HTTP Response Header Field Low 239
Strict-Transport-Security Disabled Low 1
Strict-Transport-Security Header Not Set Low 70
Timestamp Disclosure - Unix Low 108
X-Content-Type-Options Header Missing Low 177
Content Security Policy (CSP) Report-Only Header Found Informational 1
Content-Type Header Missing Informational 1
Cookie Poisoning Informational 2
Information Disclosure - Suspicious Comments Informational 105
Loosely Scoped Cookie Informational 2
Modern Web Application Informational 3
Re-examine Cache-control Directives Informational 10
Retrieved from Cache Informational 295

Alert Detail

Medium
 Application Error Disclosure
Description
This page contains an error/warning message that may disclose sensitive information like the location of the file that produced the unhandled exception. This information can be used to launch further attacks against the web application. The alert could be a false positive if the error message is found inside a documentation page.
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence internal error
URL https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/lang/en-gb.js?t=I2QG
Method GET
Parameter
Attack
Evidence internal error
Instances 2
Solution
Review the source code of this page. Implement custom error pages. Consider implementing a mechanism to provide a unique error reference/identifier to the client (browser) while logging the details on the server side and not exposing them to the user.
Reference
CWE Id 200
WASC Id 13
Plugin Id 90022
Medium
 CSP: Wildcard Directive
Description
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
URL https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-src https://www.bing.com/search https://edgeservices.bing.com/ https://www.bing.com/shop/productpage https://www.bing.com/images/create https://login.live.com/login.srf; base-uri 'self'; script-src 'strict-dynamic' 'nonce-3KZDG+AG7vOg2gcDmt0+yYzjR1VErhwy2+o5/9Hn8cI='; connect-src 'self' https://r.bing.com/; require-trusted-types-for 'script'; trusted-types default; report-to csp-endpoint
URL https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-src https://www.bing.com/search https://edgeservices.bing.com/ https://www.bing.com/shop/productpage https://www.bing.com/images/create https://login.live.com/login.srf; base-uri 'self'; script-src 'strict-dynamic' 'nonce-Vc4IqNUYtCHThP1UIcSdfUfpqlHmC/ZNsdBptmGy950='; connect-src 'self' https://r.bing.com/; require-trusted-types-for 'script'; trusted-types default; report-to csp-endpoint
Instances 2
Solution
Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.
Reference http://www.w3.org/TR/CSP2/
http://www.w3.org/TR/CSP/
http://caniuse.com/#search=content+security+policy
http://content-security-policy.com/
https://github.com/shapesecurity/salvation
https://developers.google.com/web/fundamentals/security/csp#policy_applies_to_a_wide_variety_of_resources
CWE Id 693
WASC Id 15
Plugin Id 10055
Medium
 CSP: style-src unsafe-inline
Description
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
URL https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-src https://www.bing.com/search https://edgeservices.bing.com/ https://www.bing.com/shop/productpage https://www.bing.com/images/create https://login.live.com/login.srf; base-uri 'self'; script-src 'strict-dynamic' 'nonce-3KZDG+AG7vOg2gcDmt0+yYzjR1VErhwy2+o5/9Hn8cI='; connect-src 'self' https://r.bing.com/; require-trusted-types-for 'script'; trusted-types default; report-to csp-endpoint
URL https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method GET
Parameter Content-Security-Policy
Attack
Evidence frame-src https://www.bing.com/search https://edgeservices.bing.com/ https://www.bing.com/shop/productpage https://www.bing.com/images/create https://login.live.com/login.srf; base-uri 'self'; script-src 'strict-dynamic' 'nonce-Vc4IqNUYtCHThP1UIcSdfUfpqlHmC/ZNsdBptmGy950='; connect-src 'self' https://r.bing.com/; require-trusted-types-for 'script'; trusted-types default; report-to csp-endpoint
Instances 2
Solution
Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.
Reference http://www.w3.org/TR/CSP2/
http://www.w3.org/TR/CSP/
http://caniuse.com/#search=content+security+policy
http://content-security-policy.com/
https://github.com/shapesecurity/salvation
https://developers.google.com/web/fundamentals/security/csp#policy_applies_to_a_wide_variety_of_resources
CWE Id 693
WASC Id 15
Plugin Id 10055
Medium
 Content Security Policy (CSP) Header Not Set
Description
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
URL http://43.204.203.77/
Method GET
Parameter
Attack
Evidence
URL http://43.204.203.77/admin/
Method GET
Parameter
Attack
Evidence
URL http://detectportal.firefox.com/canonical.html
Method GET
Parameter
Attack
Evidence
URL https://www2.bing.com/ipv6test/test
Method GET
Parameter
Attack
Evidence
Instances 4
Solution
Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.
Reference https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy
https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html
http://www.w3.org/TR/CSP/
http://w3c.github.io/webappsec/specs/content-security-policy/csp-specification.dev.html
http://www.html5rocks.com/en/tutorials/security/content-security-policy/
http://caniuse.com/#feat=contentsecuritypolicy
http://content-security-policy.com/
CWE Id 693
WASC Id 15
Plugin Id 10038
Medium
 Cross-Domain Misconfiguration
Description
Web browser data loading may be possible, due to a Cross Origin Resource Sharing (CORS) misconfiguration on the web server
URL http://43.204.203.77/backend/api//list/get-addons
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/admin-customer/customer-visit-list?month=4&year=2023
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/admin-customer/vendor-graph-list?vendorId=211&duration=2023
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/admin-vendor?limit=0&offset=0&name=&email=&status=1&count=0&customerId=&keyword=
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/auth/get-profile
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/category?limit=0&offset=0&keyword=&sortOrder=0&status=1
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/customer-cart/customer-cart-list
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/customer-cart/customer-cart-list?limit=0&offset=0&count=true
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/customer/get-profile
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/customer/wishlist-product-list?count=true
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/CustomerAddress/get-address-list?limit=0&offset=0&count=0
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/list/banner-list?limit=0&offset=0&keyword=
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/list/banner-list?limit=100&offset=0
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/list/category-list?limit=0&offset=0&kewword=0
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/list/category-list?limit=0&offset=0&keyword=&sortOrder=0
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/list/country-list?limit=0&offset=0&keyword=
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/list/custom-product-list?limit=18&offset=0&manufacturerId=&categoryslug=jeans&keyword=&price=&priceFrom=0&priceTo=
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/list/custom-product-list?limit=18&offset=0&manufacturerId=&categoryslug=jeans&keyword=&price=&priceFrom=0&priceTo=30000
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/list/custom-product-list?limit=18&offset=0&manufacturerId=&categoryslug=television&keyword=&price=&priceFrom=0&priceTo=
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/list/custom-product-list?limit=18&offset=0&manufacturerId=&categoryslug=television&keyword=&price=&priceFrom=0&priceTo=30000
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/list/get-payment-setting?keyword=payment
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/list/language-list?limit=0&offset=0&keyword=&count=0
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/list/product-count?limit=18&offset=0&manufacturerId=&categoryslug=jeans&keyword=&price=&priceFrom=0&priceTo=&count=true
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/list/product-count?limit=18&offset=0&manufacturerId=&categoryslug=jeans&keyword=&price=&priceFrom=0&priceTo=30000&count=true
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/list/product-count?limit=18&offset=0&manufacturerId=&categoryslug=television&keyword=&price=&priceFrom=0&priceTo=&count=true
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/list/product-count?limit=18&offset=0&manufacturerId=&categoryslug=television&keyword=&price=&priceFrom=0&priceTo=30000&count=true
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/list/related-product-list?productId=m-r-fashion-men-regular-fit-stretch-jeans-black
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/list/related-product-list?productId=mi-led-tv-4c-pro-80-cm-32-hd-ready-android-tv-black
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/list/specific-category-list?categorySlug=jeans
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/list/specific-category-list?categorySlug=television
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/list/widget-list?limit=1&offset=0&keyword=&sku=&refresh=true
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/list/widget-menu-name
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/list/zone-list?limit=0&offset=0&keyword=&count=0&countryId=null
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/order-status/order-status-list?limit=0&offset=0&keyword=&count=false&status=
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/order-status/order-status-list?limit=0&offset=0&keyword=&status=1
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/order-status/order-status-list?limit=20&offset=0&keyword=&count=false&status=
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/order/order-count
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/order/order-count-for-list?limit=20&offset=0&orderId=&totalAmount=&dateAdded=&keyword=&customerName=&count=true&orderStatusId=
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/order/order-detail?orderId=2356&orderStatusId=
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/order/order-product-log-list?orderProductId=3148
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/order/orderlist?limit=20&offset=0&orderId=&totalAmount=&dateAdded=&keyword=&customerName=&count=0&orderStatusId=
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/order/sales-graph-list?year=2023&month=4
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/order/transaction-list?year=2023
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/pages/pagelist?limit=0&offset=0&keyword=
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/permission-module/permission-me
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/product-store/get-product-rating-count?productId=1287
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/product-store/get-product-rating-count?productId=1288
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/product-store/get-product-rating-count?productId=1289
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/product-store/get-product-rating-count?productId=1290
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/product-store/get-product-rating-count?productId=1291
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/product-store/get-product-rating-count?productId=1292
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/product-store/get-product-rating-count?productId=1294
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/product-store/get-product-rating-count?productId=1295
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/product-store/get-product-rating-count?productId=1926
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/product-store/get-product-rating-count?productId=552
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/product-store/get-product-rating-count?productId=899
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/product-store/get-product-rating-count?productId=900
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/product-store/Get-Product-rating?productId=m-r-fashion-men-regular-fit-stretch-jeans-black
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/product-store/Get-Product-rating?productId=mi-led-tv-4c-pro-80-cm-32-hd-ready-android-tv-black
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/product-store/get-rating-statistics?productId=1288
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/product-store/get-rating-statistics?productId=552
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/product-store/productdetail/m-r-fashion-men-regular-fit-stretch-jeans-black?id=m-r-fashion-men-regular-fit-stretch-jeans-black&categorySlug=
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/product-store/productdetail/mi-led-tv-4c-pro-80-cm-32-hd-ready-android-tv-black?id=mi-led-tv-4c-pro-80-cm-32-hd-ready-android-tv-black&categorySlug=
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/product/dashboard-admin-totalvendor-totalproduct-count
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/product/dashboard-admin/orders-count?duration=4
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/product/dashboard-average-conversion-ratio?duration=4
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/product/dashboard-average-order-value?limit=10&offset=0&count=0&duration=4
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/product/dashboard-total-revenue?duration=4
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/product/dashboard/admin-customers-count?duration=4
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/product/dashboard/graph-weekly-saleslist?productId=1931,1911,1934
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/product/dashboard/graph-weekly-saleslist?productId=1931,1934,1911
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/product/product-count
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/product/recent-selling-product
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/product/top-five-repeatedly-purchased-customers
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/product/top-performing-products?limit=10&offset=0&count=0&duration=2
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/product/top-performing-products?limit=10&offset=0&count=0&duration=4
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/product/top-performing-products?limit=10&offset=0&count=true&duration=4
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/product?limit=0&offset=0&keyword=&sku=&status=&price=0&count=false&productType=
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/product?limit=20&offset=0&keyword=&sku=&status=&price=0&count=false&productType=
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/product?limit=20&offset=0&keyword=&sku=&status=&price=0&count=true&productType=
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/seo/category/jeans
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/seo/category/television
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/seo/product/m-r-fashion-men-regular-fit-stretch-jeans-black
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/seo/product/mi-led-tv-4c-pro-80-cm-32-hd-ready-android-tv-black
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/settings/get-settings
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/store-common-product/vendor-count/1288
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/store-common-product/vendor-count/552
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/store-product-attributes/product-detail/1288?id=1288
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/store-product-attributes/product-detail/552?id=552
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/store-product-variants/product-detail/1288?id=1288
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/store-product-variants/product-detail/552?id=552
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/store-question-answer/question-list?limit=0&offset=0&keyword=&count=0&productId=1288
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/store-question-answer/question-list?limit=0&offset=0&keyword=&count=0&productId=552
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/tax/tax-list?limit=0&offset=0&keyword=&count=0&status=1
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://cdn.ckeditor.com/4.5.11/full-all/ckeditor.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/ckeditor.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/config.js?t=I2QG
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/contents.css?t=I2QG
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/lang/en-gb.js?t=I2QG
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/plugins/scayt/dialogs/dialog.css
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/plugins/scayt/skins/moono-lisa/scayt.css
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/plugins/tableselection/styles/tableselection.css
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/plugins/wsc/skins/moono-lisa/wsc.css
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/skins/moono-lisa/editor_gecko.css?t=I2QG
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/styles.js?t=I2QG
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://cdn.plot.ly/plotly-basic-1.55.2.min.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://cdnjs.cloudflare.com/ajax/libs/animate.css/4.0.0/animate.min.css
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://cdnjs.cloudflare.com/ajax/libs/lodash.js/4.17.5/lodash.min.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://edgeservices.bing.com/fd/ls/l?IG=7756067461E74BEBB11BB8F8405B6A8F&CID=1426146E026A6F2535D7069C03B86E83&Type=Event.CPT&DATA=%7B%22pp%22:%7B%22S%22:%22L%22,%22FC%22:1430,%22BC%22:1431,%22SE%22:-1,%22TC%22:-1,%22H%22:1814,%22BP%22:1815,%22CT%22:1816,%22IL%22:0%7D,%22ad%22:%5B-1,-1,0,0,0,0,0%5D,%22net%22:%22undefined%22%7D&P=UNSP&DA=DUBE01
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://edgeservices.bing.com/fd/ls/l?IG=7788050429664143A824622BA537C163&CID=0D06D62BD4D064BE3316C4D9D57D6565&Type=Event.CPT&DATA=%7B%22pp%22:%7B%22S%22:%22L%22,%22FC%22:1793,%22BC%22:1793,%22SE%22:-1,%22TC%22:-1,%22H%22:2039,%22BP%22:2041,%22CT%22:2042,%22IL%22:0%7D,%22ad%22:%5B-1,-1,0,0,0,0,1%5D,%22net%22:%22undefined%22%7D&P=UNSP&DA=PUSE01
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://edgeservices.bing.com/rp/6gwyvgUhMc_64xL4rIZIJiyI9Ik.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://edgeservices.bing.com/rp/BAWWNeRGZhdEM4X57-nYh3UUFWc.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://edgeservices.bing.com/rp/ehzbwa_MRvvT9Ntrf63tSdC2v6Y.css
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://edgeservices.bing.com/rp/Fl8hvdN-LRA_glbu6-DmucPb4hM.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://edgeservices.bing.com/rp/GBZ850ngNs7Vmx3K8jd6CJOXRog.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://edgeservices.bing.com/rp/IBCVtVNB4rIhrEoojHm4hLXgrio.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://edgeservices.bing.com/rp/JDsGCskJXJerqDlueE-JSck9YmY.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://edgeservices.bing.com/rp/jmjzP7bqHB1J2F3r3-zjXIy-E3o.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://edgeservices.bing.com/rp/jTX_lM98lKg9-czTzwiLUsV1Qbk.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://edgeservices.bing.com/rp/jyS-PUG9r2tazj4oG7YRLfgYf7Y.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://edgeservices.bing.com/rp/L3yoqw4shqYEILXl6pvlKqIoidw.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://edgeservices.bing.com/rp/Ltkqat-zSiRMPQNVPxjDdcFwJN4.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://edgeservices.bing.com/rp/qmFSVX8C0H6ihoMV-nT2OqfHW8E.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://edgeservices.bing.com/rp/rO-9PeVNCXkmW0qTG4ecU5hJ2Rc.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://edgeservices.bing.com/rp/T9UqkhCuv2zPJwI6ajUfDJtHw10.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://edgeservices.bing.com/rp/tVjySZU7uHF3djX0d9UfyyYoJZg.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://edgeservices.bing.com/rp/uvA8zPxfq5UVAj_3sgYCDgEEyx0.css
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://edgeservices.bing.com/rp/Wqzke5Dmb4xly7TpIjaICZD4pLI.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://edgeservices.bing.com/rp/XyQNqvQakaG0v1trKEJdUG1Lw0w.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1678736907773
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?collection=query-stripping&bucket=main&_expected=0
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://fonts.googleapis.com/css2?family=Open+Sans:wght@300;400;500;600;700;800&display=swap
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://fonts.googleapis.com/css?family=Montserrat:300,400,500,600
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://fonts.googleapis.com/css?family=Roboto:300,400,500,700
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://fonts.gstatic.com/s/materialicons/v140/flUhRq6tzZclQEJ-Vdg-IuiaDsNcIhQ8tQ.woff2
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBBc4AMP6lQ.woff2
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/auth/login
Method POST
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/customer-cart/add-cart
Method POST
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/customer/login
Method POST
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://edgeservices.bing.com/fd/ls/lsp.aspx
Method POST
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL https://edgeservices.bing.com/web/xls.aspx
Method POST
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
URL http://43.204.203.77/backend/api/order/update-order-product-status/3148
Method PUT
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Instances 153
Solution
Ensure that sensitive data is not available in an unauthenticated manner (using IP address white-listing, for instance).

Configure the "Access-Control-Allow-Origin" HTTP header to a more restrictive set of domains, or remove all CORS headers entirely, to allow the web browser to enforce the Same Origin Policy (SOP) in a more restrictive manner.
Reference https://vulncat.fortify.com/en/detail?id=desc.config.dotnet.html5_overly_permissive_cors_policy
CWE Id 264
WASC Id 14
Plugin Id 10098
Medium
 Missing Anti-clickjacking Header
Description
The response does not include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options to protect against 'ClickJacking' attacks.
URL http://43.204.203.77/
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://43.204.203.77/admin/
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://detectportal.firefox.com/canonical.html
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL https://www2.bing.com/ipv6test/test
Method GET
Parameter X-Frame-Options
Attack
Evidence
Instances 5
Solution
Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.

If you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.
Reference https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
CWE Id 1021
WASC Id 15
Plugin Id 10020
Medium
 Vulnerable JS Library
Description
The identified library ckeditor, version 4.5.11 is vulnerable.
URL https://cdn.ckeditor.com/4.5.11/full-all/ckeditor.js
Method GET
Parameter
Attack
Evidence ckeditor\.js(?:\?.*|;.*)?$/i,e={timestamp:"G87E",version:"4.5.11
URL https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/ckeditor.js
Method GET
Parameter
Attack
Evidence ckeditor\.js(?:\?.*|;.*)?$/i,e={timestamp:"I2QG",version:"4.9.1
Instances 2
Solution
Please upgrade to the latest version of ckeditor.
Reference https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-6226-h7ff-ch6c
https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-414
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-f6rf-9m92-x2hh
https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-4151
https://ckeditor.com/cke4/release/CKEditor-4.16.0
https://ckeditor.com/blog/CKEditor-4.9.2-with-a-security-patch-released/
https://ckeditor.com/cke4/release-notes
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-pvmx-g8h5-cprj
https://snyk.io/vuln/SNYK-JS-CKEDITOR-72618
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7889-rm5j-hpgg
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-m94c-37g6-cjhc
https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2
CWE Id 829
WASC Id
Plugin Id 10003
Low
 Cookie No HttpOnly Flag
Description
A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.
URL https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method GET
Parameter _SS
Attack
Evidence Set-Cookie: _SS
URL https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method GET
Parameter EDGSRVC
Attack
Evidence Set-Cookie: EDGSRVC
URL https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method GET
Parameter EDGSRVCPERSIST
Attack
Evidence Set-Cookie: EDGSRVCPERSIST
URL https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method GET
Parameter EDGSRVCSCEN
Attack
Evidence Set-Cookie: EDGSRVCSCEN
URL https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method GET
Parameter MUID
Attack
Evidence Set-Cookie: MUID
URL https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method GET
Parameter SRCHD
Attack
Evidence Set-Cookie: SRCHD
URL https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method GET
Parameter SRCHHPGUSR
Attack
Evidence Set-Cookie: SRCHHPGUSR
URL https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method GET
Parameter SRCHUID
Attack
Evidence Set-Cookie: SRCHUID
URL https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method GET
Parameter SRCHUSR
Attack
Evidence Set-Cookie: SRCHUSR
Instances 9
Solution
Ensure that the HttpOnly flag is set for all cookies.
Reference https://owasp.org/www-community/HttpOnly
CWE Id 1004
WASC Id 13
Plugin Id 10010
Low
 Cookie Without Secure Flag
Description
A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.
URL https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method GET
Parameter _EDGE_S
Attack
Evidence Set-Cookie: _EDGE_S
URL https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method GET
Parameter _EDGE_V
Attack
Evidence Set-Cookie: _EDGE_V
URL https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method GET
Parameter MUIDB
Attack
Evidence Set-Cookie: MUIDB
URL https://www2.bing.com/ipv6test/test
Method GET
Parameter MUIDB
Attack
Evidence Set-Cookie: MUIDB
Instances 4
Solution
Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.
Reference https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html
CWE Id 614
WASC Id 13
Plugin Id 10011
Low
 Cookie with SameSite Attribute None
Description
A cookie has been set with its SameSite attribute set to "none", which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.
URL https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method GET
Parameter _SS
Attack
Evidence Set-Cookie: _SS
URL https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method GET
Parameter EDGSRVC
Attack
Evidence Set-Cookie: EDGSRVC
URL https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method GET
Parameter EDGSRVCPERSIST
Attack
Evidence Set-Cookie: EDGSRVCPERSIST
URL https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method GET
Parameter EDGSRVCSCEN
Attack
Evidence Set-Cookie: EDGSRVCSCEN
URL https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method GET
Parameter MUID
Attack
Evidence Set-Cookie: MUID
URL https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method GET
Parameter SRCHD
Attack
Evidence Set-Cookie: SRCHD
URL https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method GET
Parameter SRCHHPGUSR
Attack
Evidence Set-Cookie: SRCHHPGUSR
URL https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method GET
Parameter SRCHUID
Attack
Evidence Set-Cookie: SRCHUID
URL https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method GET
Parameter SRCHUSR
Attack
Evidence Set-Cookie: SRCHUSR
URL https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method GET
Parameter SUID
Attack
Evidence Set-Cookie: SUID
URL https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method GET
Parameter USRLOC
Attack
Evidence Set-Cookie: USRLOC
Instances 11
Solution
Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.
Reference https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site
CWE Id 1275
WASC Id 13
Plugin Id 10054
Low
 Cookie without SameSite Attribute
Description
A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.
URL https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method GET
Parameter _EDGE_S
Attack
Evidence Set-Cookie: _EDGE_S
URL https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method GET
Parameter _EDGE_V
Attack
Evidence Set-Cookie: _EDGE_V
URL https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method GET
Parameter MUIDB
Attack
Evidence Set-Cookie: MUIDB
URL https://www2.bing.com/ipv6test/test
Method GET
Parameter MUIDB
Attack
Evidence Set-Cookie: MUIDB
Instances 4
Solution
Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.
Reference https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site
CWE Id 1275
WASC Id 13
Plugin Id 10054
Low
 Cross-Domain JavaScript Source File Inclusion
Description
The page includes one or more script files from a third-party domain.
URL http://43.204.203.77/admin/
Method GET
Parameter https://cdn.ckeditor.com/4.5.11/full-all/ckeditor.js
Attack
Evidence <script src="https://cdn.ckeditor.com/4.5.11/full-all/ckeditor.js"></script>
URL http://43.204.203.77/admin/
Method GET
Parameter https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/ckeditor.js
Attack
Evidence <script src="https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/ckeditor.js"></script>
URL http://43.204.203.77/admin/
Method GET
Parameter https://cdnjs.cloudflare.com/ajax/libs/lodash.js/4.17.5/lodash.min.js
Attack
Evidence <script src="https://cdnjs.cloudflare.com/ajax/libs/lodash.js/4.17.5/lodash.min.js"></script>
Instances 3
Solution
Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.
Reference
CWE Id 829
WASC Id 15
Plugin Id 10017
Low
 Information Disclosure - Debug Error Messages
Description
The response appeared to contain common error messages returned by platforms such as ASP.NET, and Web-servers such as IIS and Apache. You can configure the list of common debug messages.
URL https://image.spurtcart.com/?path=&name=&width=60&height=60
Method GET
Parameter
Attack
Evidence Internal server error
URL https://image.spurtcart.com/?path=null&name=null&width=20&height=20
Method GET
Parameter
Attack
Evidence Internal server error
URL https://image.spurtcart.com/?path=null&name=null&width=50&height=50
Method GET
Parameter
Attack
Evidence Internal server error
Instances 3
Solution
Disable debugging messages before pushing to production.
Reference
CWE Id 200
WASC Id 13
Plugin Id 10023
Low
 Private IP Disclosure
Description
A private IP (such as 10.x.x.x, 172.x.x.x, 192.168.x.x) or an Amazon EC2 private hostname (for example, ip-10-0-56-78) has been found in the HTTP response body. This information might be helpful for further attacks targeting internal systems.
URL https://edge.microsoft.com/componentupdater/api/v1/update?cup2key=6:90XscWpxDqPQ821oxfpTUFf39JxQsvtH1nU8xs4BNSI&cup2hreq=2efb1d32aeb61330802585edacf5a7656d2236a19317049a9e559989762cf3e3
Method POST
Parameter
Attack
Evidence 10.34.0.45
Instances 1
Solution
Remove the private IP address from the HTTP response body. For comments, use JSP/ASP/PHP comment instead of HTML/JavaScript comment which can be seen by client browsers.
Reference https://tools.ietf.org/html/rfc1918
CWE Id 200
WASC Id 13
Plugin Id 2
Low
 Server Leaks Version Information via "Server" HTTP Response Header Field
Description
The web/application server is leaking version information via the "Server" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.
URL http://43.204.203.77/
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/376.4973fffae8e19a2c.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/780.676841fa8b7762bb.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/873.4f1eac246b5998ae.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/879.03dfcec5a5ee3763.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/970.c9eccbf4eba1f2f0.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/996.9f267c9195077b5c.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/1213.bca9fde12e008d13.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/1232.b3a0b996ea7ced18.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/1236.ac00b447876f35b9.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/1382.9e89c899dafb16e2.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/1410.e3a454c0710677c9.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/1508.34db89c6110c7eb1.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/1531.bfac6ac261a7a729.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/1553.79ef9fb84a1533d6.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/1629.bf1bb77dbb335690.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/1631.91fac68058f2ba62.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/1671.6b5b3f2af01bb1d9.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/1855.a1c23c0399f16559.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/2039.76a232eb5be6d9c6.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/2061.0aaabbf01ef4124f.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/2164.eabe34d2d9541461.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/2174.8fbc351c90652f70.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/2258.3a7ca7b07681a1a7.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/2266.5257588dbe04091e.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/2323.c3670583ff5371a7.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/2352.38f6dd1009aa06fc.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/2455.77c97a23349bf3b9.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/2498.34fc6082abcd2f25.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/256.69b82f589c560e62.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/263.720e9c3bc3ed172f.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/3054.9c8fc0ccd99ba312.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/3085.835786bbfd845184.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/3176.0179da3689dfe749.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/3540.570918aaed1f303b.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/3548.88f0c804e8d28bbe.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/38.45a73bab14b7abbf.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/3851.7ff0770c5ea7829d.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/3911.9ad0191bda4456b8.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/4064.6c1e4adbcdcac046.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/4134.189a96638e0b2a09.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/4182.eed8618ac35157d9.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/4202.dd93c6202b312542.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/4214.d99700b30528c4af.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/4248.aea604632219d8c3.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/4338.a85572402a984d01.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/4443.5a77094282f9cbe1.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/4455.0cdbc03106a15a9c.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/4515.6b24bd1f0a5b6df9.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/4611.b376c6d86b62039f.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/4682.8cfef23f793f094e.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/4954.97afa1213c59eedd.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/5013.bb0565972037a79e.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/5042.f969505118c2fd89.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/5063.2f17dc964eae5e98.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/5145.801736656b54c672.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/5308.d4cd4ffce10a71c7.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/5336.64676d9206ffa68f.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/5377.b0e45c2addd39450.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/5566.916466eea17e3544.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/5595.0612fe5ebe4f3c57.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/5608.2a1109079b10bf56.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/5641.87f5d32535958130.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/574.f68660774b9c7073.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/5864.e6cf23d4b8bde2ed.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/5939.e071093f9de25a2e.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/6083.6f52944e71c49843.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/6093.c4d026c0e6cfb2d8.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/636.4a87c2dcbbae797c.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/6727.65485f2be6cf644e.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/6874.b37fc5c4a6dc4918.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/6879.41e5a9c4f62a4f88.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/6905.3c4d514bdd7b26ca.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/7.472206f9bbd253df.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/7154.2187bd5843fba8a6.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/7185.873f3f9c8855ff16.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/7294.eeb6937739f265b5.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/7324.8258d7ea7c7489b9.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/7339.78847452049e2559.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/7498.39e2df10da020fde.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/7633.de6dd6b9bf8bd228.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/7648.a5db27b3c0c1ecc6.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/7651.79a779703123ba4a.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/7654.77a32404c600674d.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/7739.b38d03efacc81c19.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/7773.d25ce3f58b5e23a2.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/7790.fbb1998e6164a47b.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/7932.d9080416c797853a.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/7970.1ee5d960a1ca3532.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/808.1da73573c54d95e8.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/8110.a01cf4c1217d7be7.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/8410.20e060e1ec2ef01e.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/8461.4a04ccab7beaceee.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/8538.c93f9f4d8e30041f.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/8622.cf18b2bf0bacf8dd.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/8654.c58c2f574061819f.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/877.1d2d037edb7ebd92.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/8804.fad5e05126357e70.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/8891.0729d83d00f9d5a2.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/9041.de49dc19422a1558.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/9154.c62ca6951082ec08.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/9169.cc55dab143f39277.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/9279.999b16799a71fb09.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/9416.33eecdd80361ba8a.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/9442.6eba38d870f411d4.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/9473.7f26a820cc350a1a.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/9584.b6efee3482211830.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/9675.41014bbf75aaa443.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/993.8497a298a793d670.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/9990.467b034322daa8d5.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/assets/i18n/en.json
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/common.ef4a1c86199084fd.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/fa-solid-900.a7ba84a018f500ca.woff2
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/main.0f1cfd2e4f5d7956.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/polyfills.dd6de2846bef6fea.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/runtime.71e0e9c6b76c5be6.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/admin/styles.099d46fcafc5fcf1.css
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/assets/i18n/en.json
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api//list/get-addons
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/admin-customer/customer-visit-list?month=4&year=2023
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/admin-customer/vendor-graph-list?vendorId=211&duration=2023
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/admin-vendor?limit=0&offset=0&name=&email=&status=1&count=0&customerId=&keyword=
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/auth/get-profile
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/category?limit=0&offset=0&keyword=&sortOrder=0&status=1
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/customer-cart/customer-cart-list
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/customer-cart/customer-cart-list?limit=0&offset=0&count=true
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/customer/get-profile
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/customer/wishlist-product-list?count=true
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/CustomerAddress/get-address-list?limit=0&offset=0&count=0
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/list/banner-list?limit=0&offset=0&keyword=
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/list/banner-list?limit=100&offset=0
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/list/category-list?limit=0&offset=0&kewword=0
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/list/category-list?limit=0&offset=0&keyword=&sortOrder=0
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/list/country-list?limit=0&offset=0&keyword=
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/list/custom-product-list?limit=18&offset=0&manufacturerId=&categoryslug=jeans&keyword=&price=&priceFrom=0&priceTo=
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/list/custom-product-list?limit=18&offset=0&manufacturerId=&categoryslug=jeans&keyword=&price=&priceFrom=0&priceTo=30000
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/list/custom-product-list?limit=18&offset=0&manufacturerId=&categoryslug=television&keyword=&price=&priceFrom=0&priceTo=
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/list/custom-product-list?limit=18&offset=0&manufacturerId=&categoryslug=television&keyword=&price=&priceFrom=0&priceTo=30000
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/list/get-payment-setting?keyword=payment
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/list/language-list?limit=0&offset=0&keyword=&count=0
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/list/product-count?limit=18&offset=0&manufacturerId=&categoryslug=jeans&keyword=&price=&priceFrom=0&priceTo=&count=true
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/list/product-count?limit=18&offset=0&manufacturerId=&categoryslug=jeans&keyword=&price=&priceFrom=0&priceTo=30000&count=true
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/list/product-count?limit=18&offset=0&manufacturerId=&categoryslug=television&keyword=&price=&priceFrom=0&priceTo=&count=true
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/list/product-count?limit=18&offset=0&manufacturerId=&categoryslug=television&keyword=&price=&priceFrom=0&priceTo=30000&count=true
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/list/related-product-list?productId=m-r-fashion-men-regular-fit-stretch-jeans-black
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/list/related-product-list?productId=mi-led-tv-4c-pro-80-cm-32-hd-ready-android-tv-black
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/list/specific-category-list?categorySlug=jeans
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/list/specific-category-list?categorySlug=television
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/list/widget-list?limit=1&offset=0&keyword=&sku=&refresh=true
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/list/widget-menu-name
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/list/zone-list?limit=0&offset=0&keyword=&count=0&countryId=null
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/order-status/order-status-list?limit=0&offset=0&keyword=&count=false&status=
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/order-status/order-status-list?limit=0&offset=0&keyword=&status=1
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/order-status/order-status-list?limit=20&offset=0&keyword=&count=false&status=
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/order/order-count
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/order/order-count-for-list?limit=20&offset=0&orderId=&totalAmount=&dateAdded=&keyword=&customerName=&count=true&orderStatusId=
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/order/order-detail?orderId=2356&orderStatusId=
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/order/order-product-log-list?orderProductId=3148
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/order/orderlist?limit=20&offset=0&orderId=&totalAmount=&dateAdded=&keyword=&customerName=&count=0&orderStatusId=
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/order/sales-graph-list?year=2023&month=4
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/order/transaction-list?year=2023
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/pages/pagelist?limit=0&offset=0&keyword=
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/permission-module/permission-me
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/product-store/get-product-rating-count?productId=1287
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/product-store/get-product-rating-count?productId=1288
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/product-store/get-product-rating-count?productId=1289
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/product-store/get-product-rating-count?productId=1290
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/product-store/get-product-rating-count?productId=1291
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/product-store/get-product-rating-count?productId=1292
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/product-store/get-product-rating-count?productId=1294
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/product-store/get-product-rating-count?productId=1295
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/product-store/get-product-rating-count?productId=1926
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/product-store/get-product-rating-count?productId=552
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/product-store/get-product-rating-count?productId=899
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/product-store/get-product-rating-count?productId=900
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/product-store/Get-Product-rating?productId=m-r-fashion-men-regular-fit-stretch-jeans-black
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/product-store/Get-Product-rating?productId=mi-led-tv-4c-pro-80-cm-32-hd-ready-android-tv-black
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/product-store/get-rating-statistics?productId=1288
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/product-store/get-rating-statistics?productId=552
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/product-store/productdetail/m-r-fashion-men-regular-fit-stretch-jeans-black?id=m-r-fashion-men-regular-fit-stretch-jeans-black&categorySlug=
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/product-store/productdetail/mi-led-tv-4c-pro-80-cm-32-hd-ready-android-tv-black?id=mi-led-tv-4c-pro-80-cm-32-hd-ready-android-tv-black&categorySlug=
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/product/dashboard-admin-totalvendor-totalproduct-count
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/product/dashboard-admin/orders-count?duration=4
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/product/dashboard-average-conversion-ratio?duration=4
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/product/dashboard-average-order-value?limit=10&offset=0&count=0&duration=4
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/product/dashboard-total-revenue?duration=4
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/product/dashboard/admin-customers-count?duration=4
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/product/dashboard/graph-weekly-saleslist?productId=1931,1911,1934
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/product/dashboard/graph-weekly-saleslist?productId=1931,1934,1911
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/product/product-count
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/product/recent-selling-product
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/product/top-five-repeatedly-purchased-customers
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/product/top-performing-products?limit=10&offset=0&count=0&duration=2
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/product/top-performing-products?limit=10&offset=0&count=0&duration=4
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/product/top-performing-products?limit=10&offset=0&count=true&duration=4
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/product?limit=0&offset=0&keyword=&sku=&status=&price=0&count=false&productType=
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/product?limit=20&offset=0&keyword=&sku=&status=&price=0&count=false&productType=
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/product?limit=20&offset=0&keyword=&sku=&status=&price=0&count=true&productType=
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/seo/category/jeans
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/seo/category/television
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/seo/product/m-r-fashion-men-regular-fit-stretch-jeans-black
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/seo/product/mi-led-tv-4c-pro-80-cm-32-hd-ready-android-tv-black
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/settings/get-settings
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/store-common-product/vendor-count/1288
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/store-common-product/vendor-count/552
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/store-product-attributes/product-detail/1288?id=1288
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/store-product-attributes/product-detail/552?id=552
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/store-product-variants/product-detail/1288?id=1288
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/store-product-variants/product-detail/552?id=552
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/store-question-answer/question-list?limit=0&offset=0&keyword=&count=0&productId=1288
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/store-question-answer/question-list?limit=0&offset=0&keyword=&count=0&productId=552
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/tax/tax-list?limit=0&offset=0&keyword=&count=0&status=1
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/main.f0cb21e1506adcd9.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/polyfills.6a751aded78d1f31.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/runtime.3c44765139ab3a2f.js
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/styles.b7753336f8a6d7ba.css
Method GET
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL https://cdn.ckeditor.com/4.5.11/full-all/ckeditor.js
Method GET
Parameter
Attack
Evidence CFS 0215
URL https://cdn.plot.ly/plotly-basic-1.55.2.min.js
Method GET
Parameter
Attack
Evidence AmazonS3
URL https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
Method GET
Parameter
Attack
Evidence AmazonS3
URL https://tracking-protection.cdn.mozilla.net/ads-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence AmazonS3
URL https://tracking-protection.cdn.mozilla.net/analytics-track-digest256/1663274228
Method GET
Parameter
Attack
Evidence AmazonS3
URL https://tracking-protection.cdn.mozilla.net/base-cryptomining-track-digest256/1604686195
Method GET
Parameter
Attack
Evidence AmazonS3
URL https://tracking-protection.cdn.mozilla.net/base-email-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence AmazonS3
URL https://tracking-protection.cdn.mozilla.net/base-fingerprinting-track-digest256/1663274228
Method GET
Parameter
Attack
Evidence AmazonS3
URL https://tracking-protection.cdn.mozilla.net/content-email-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence AmazonS3
URL https://tracking-protection.cdn.mozilla.net/content-track-digest256/1670952926
Method GET
Parameter
Attack
Evidence AmazonS3
URL https://tracking-protection.cdn.mozilla.net/google-trackwhite-digest256/1604686195
Method GET
Parameter
Attack
Evidence AmazonS3
URL https://tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/1670952926
Method GET
Parameter
Attack
Evidence AmazonS3
URL https://tracking-protection.cdn.mozilla.net/social-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence AmazonS3
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-facebook-digest256/1604686195
Method GET
Parameter
Attack
Evidence AmazonS3
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-linkedin-digest256/1564526481
Method GET
Parameter
Attack
Evidence AmazonS3
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-twitter-digest256/1604686195
Method GET
Parameter
Attack
Evidence AmazonS3
URL http://43.204.203.77/backend/api/auth/login
Method POST
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/customer-cart/add-cart
Method POST
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/customer/login
Method POST
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
URL http://43.204.203.77/backend/api/order/update-order-product-status/3148
Method PUT
Parameter
Attack
Evidence Apache/2.4.41 (Ubuntu)
Instances 239
Solution
Ensure that your web server, application server, load balancer, etc. is configured to suppress the "Server" header or provide generic details.
Reference http://httpd.apache.org/docs/current/mod/core.html#servertokens
http://msdn.microsoft.com/en-us/library/ff648552.aspx#ht_urlscan_007
http://blogs.msdn.com/b/varunm/archive/2013/04/23/remove-unwanted-http-response-headers.aspx
http://www.troyhunt.com/2012/02/shhh-dont-let-your-response-headers.html
CWE Id 200
WASC Id 13
Plugin Id 10036
Low
 Strict-Transport-Security Disabled
Description
A HTTP Strict Transport Security (HSTS) header was found, but it contains the directive max-age=0 which disables the control and instructs browsers to reset any previous HSTS related settings. See RFC 6797 for further details.

HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).
URL https://edge.microsoft.com/abusiveadblocking/api/v1/blocklist
Method GET
Parameter
Attack
Evidence max-age=0
Instances 1
Solution
Review the configuration of this control. Ensure that your web server, application server, load balancer, etc. is configured to set Strict-Transport-Security with an appropriate max-age value.
Reference http://tools.ietf.org/html/rfc6797#section-6.2
CWE Id 319
WASC Id 15
Plugin Id 10035
Low
 Strict-Transport-Security Header Not Set
Description
HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.
URL https://cdn.ckeditor.com/4.5.11/full-all/ckeditor.js
Method GET
Parameter
Attack
Evidence
URL https://cdn.plot.ly/plotly-basic-1.55.2.min.js
Method GET
Parameter
Attack
Evidence
URL https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
Method GET
Parameter
Attack
Evidence
URL https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=addressbar_uu_files.en-gb&version=1.*.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362
Method GET
Parameter
Attack
Evidence
URL https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=arbitration_priority_list&version=2.*.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362
Method GET
Parameter
Attack
Evidence
URL https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=domains_config&version=2.*.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362
Method GET
Parameter
Attack
Evidence
URL https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=edge_hub_apps_manifest&version=4.7.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362
Method GET
Parameter
Attack
Evidence
URL https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=signal_triggers&version=1.9.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362
Method GET
Parameter
Attack
Evidence
URL https://edge.microsoft.com/extensiondiagnostic/v1/activitystatus?x=id%3Dahokoikenoafgppiblgpenaaaolecifn%26v%3D1.1.13&x=id%3Dbhmhibnbialendcafinliemndanacfaj%26v%3D1.4.12&x=id%3Dbobbggphonhgdonfdibkfipfepfcildj%26v%3D1.0.3&x=id%3Dceaifoolopnigfpidlheoagpheiplgii%26v%3D1.4.12&x=id%3Dcjneempfhkonkkbcmnfdibgobmhbagaj%26v%3D1.5.13&x=id%3Ddabfebgaghanlbehmkmaflipiohdimmc%26v%3D1.0.3&x=id%3Ddcaajljecejllikfgbhjdgeognacjkkp%26v%3D1.3.16&x=id%3Ddmbljphlfghcnbohaoffiedmodfmkmol%26v%3D1.0.3&x=id%3Dehlmnljdoejdahfjdfobmpfancoibmig%26v%3D1.3.12&x=id%3Deijpepilkjkofamihbmjcnihgpbebafj%26v%3D1.0.10&x=id%3Denkoeamdnimieoooocohgbdajhhkajko%26v%3D1.0.4&x=id%3Dfjngpfnaikknjdhkckmncgicobbkcnle%26v%3D1.1.9&x=id%3Dgbmoeijgfngecijpcnbooedokgafmmji%26v%3D1.6.14&x=id%3Dgecfnmoodchdkebjjffmdcmeghkflpib%26v%3D1.7.29&x=id%3Dgekagaaiohabmaknhkbaofhhedhelemf%26v%3D1.4.12&x=id%3Dghglcnachgghkhbafjogogiggghcpjig%26v%3D1.0.3&x=id%3Dhciemgmhplhpinoohcjpafmncmjapioh%26v%3D1.0.3&x=id%3Dhloomjjkinpbjldhobfkfdamkmikjmdo%26v%3D1.4.10&x=id%3Dhmlhageoffiiefnmojcgoagebofoifpl%26v%3D1.4.14&x=id%3Djbleckejnaboogigodiafflhkajdmpcl%26v%3D1.3.5&x=id%3Djlipacegilfgfpgkefbjcncbfcoeecgj%26v%3D1.0.5&x=id%3Djpfjdekhebcolnfkpicpciaknbgcdcbm%26v%3D1.0.3&x=id%3Dkfihiegbjaloebkmglnjnljoljgkkchm%26v%3D1.7.7&x=id%3Dkhffkadolmfbdgahbabbhipadklfmhgf%26v%3D1.5.13&x=id%3Dkjncpkplfnolibapodobnnjfgmjmiaba%26v%3D1.4.12&x=id%3Dkkobcodijbdelbnhbfkkfncbeildnpie%26v%3D1.0.3&x=id%3Dkmojgmpmopiiagdfbilgognmlegkonbk%26v%3D1.4.13&x=id%3Dnkbndigcebkoaejohleckhekfmcecfja%26v%3D1.6.8&x=id%3Dnnpnekncnhiglbokoiffmejlimgmgoam%26v%3D1.0.3&x=id%3Dofefcgjbeghpigppfmkologfjadafddi%26v%3D1.1.4&x=id%3Dolkdlefmaniacnmgofabnpmomgcpdaip%26v%3D1.0.3&x=id%3Dolmhchkiafniffcaiciiomfdplnmklak%26v%3D1.5.4&x=id%3Dpencekojiebcjhifbkfdncgmmooepclc%26v%3D1.0.4&x=id%3Dpjhpojmiobchgmchbkekckbgeigbbaje%26v%3D1.0.1&x=id%3Dppnnjfpaneghjbcepgedmlcgmfgkjhah%26v%3D1.0.3
Method GET
Parameter
Attack
Evidence
URL https://edge.microsoft.com/neededge/v1?bucket=80
Method GET
Parameter
Attack
Evidence
URL https://edge.microsoft.com/serviceexperimentation/v2/
Method GET
Parameter
Attack
Evidence
URL https://edgeassetservice.azureedge.net/assets/addressbar_uu_files.en-gb/1.0.2/asset?sv=2017-07-29&sr=c&sig=syVgbBkg8uucUCbdAhbOcJHbhbWxF6Oaa0Ff5bb1IjQ%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-06-30T00%3A00%3A00Z&sp=r&assetgroup=AddressBar
Method GET
Parameter
Attack
Evidence
URL https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/2.0.6/asset?sv=2017-07-29&sr=c&sig=syVgbBkg8uucUCbdAhbOcJHbhbWxF6Oaa0Ff5bb1IjQ%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-06-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService
Method GET
Parameter
Attack
Evidence
URL https://edgeassetservice.azureedge.net/assets/domains_config/2.8.60/asset?sv=2017-07-29&sr=c&sig=syVgbBkg8uucUCbdAhbOcJHbhbWxF6Oaa0Ff5bb1IjQ%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-06-30T00%3A00%3A00Z&sp=r&assetgroup=EntityExtractionDomainsConfig
Method GET
Parameter
Attack
Evidence
URL https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest/4.7.36/asset?sv=2017-07-29&sr=c&sig=syVgbBkg8uucUCbdAhbOcJHbhbWxF6Oaa0Ff5bb1IjQ%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-06-30T00%3A00%3A00Z&sp=r&assetgroup=Shoreline
Method GET
Parameter
Attack
Evidence
URL https://edgeassetservice.azureedge.net/assets/signal_triggers/1.9.3/asset?sv=2017-07-29&sr=c&sig=syVgbBkg8uucUCbdAhbOcJHbhbWxF6Oaa0Ff5bb1IjQ%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-06-30T00%3A00%3A00Z&sp=r&assetgroup=TriggeringSignals
Method GET
Parameter
Attack
Evidence
URL https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method GET
Parameter
Attack
Evidence
URL https://edgeservices.bing.com/fd/ls/l?IG=7756067461E74BEBB11BB8F8405B6A8F&CID=1426146E026A6F2535D7069C03B86E83&Type=Event.CPT&DATA=%7B%22pp%22:%7B%22S%22:%22L%22,%22FC%22:1430,%22BC%22:1431,%22SE%22:-1,%22TC%22:-1,%22H%22:1814,%22BP%22:1815,%22CT%22:1816,%22IL%22:0%7D,%22ad%22:%5B-1,-1,0,0,0,0,0%5D,%22net%22:%22undefined%22%7D&P=UNSP&DA=DUBE01
Method GET
Parameter
Attack
Evidence
URL https://edgeservices.bing.com/fd/ls/l?IG=7788050429664143A824622BA537C163&CID=0D06D62BD4D064BE3316C4D9D57D6565&Type=Event.CPT&DATA=%7B%22pp%22:%7B%22S%22:%22L%22,%22FC%22:1793,%22BC%22:1793,%22SE%22:-1,%22TC%22:-1,%22H%22:2039,%22BP%22:2041,%22CT%22:2042,%22IL%22:0%7D,%22ad%22:%5B-1,-1,0,0,0,0,1%5D,%22net%22:%22undefined%22%7D&P=UNSP&DA=PUSE01
Method GET
Parameter
Attack
Evidence
URL https://edgeservices.bing.com/ipv6test/test?FORM=MONITR
Method GET
Parameter
Attack
Evidence
URL https://edgeservices.bing.com/rp/6gwyvgUhMc_64xL4rIZIJiyI9Ik.js
Method GET
Parameter
Attack
Evidence
URL https://edgeservices.bing.com/rp/BAWWNeRGZhdEM4X57-nYh3UUFWc.js
Method GET
Parameter
Attack
Evidence
URL https://edgeservices.bing.com/rp/ehzbwa_MRvvT9Ntrf63tSdC2v6Y.css
Method GET
Parameter
Attack
Evidence
URL https://edgeservices.bing.com/rp/Fl8hvdN-LRA_glbu6-DmucPb4hM.js
Method GET
Parameter
Attack
Evidence
URL https://edgeservices.bing.com/rp/GBZ850ngNs7Vmx3K8jd6CJOXRog.js
Method GET
Parameter
Attack
Evidence
URL https://edgeservices.bing.com/rp/IBCVtVNB4rIhrEoojHm4hLXgrio.js
Method GET
Parameter
Attack
Evidence
URL https://edgeservices.bing.com/rp/JDsGCskJXJerqDlueE-JSck9YmY.js
Method GET
Parameter
Attack
Evidence
URL https://edgeservices.bing.com/rp/jmjzP7bqHB1J2F3r3-zjXIy-E3o.js
Method GET
Parameter
Attack
Evidence
URL https://edgeservices.bing.com/rp/jTX_lM98lKg9-czTzwiLUsV1Qbk.js
Method GET
Parameter
Attack
Evidence
URL https://edgeservices.bing.com/rp/jyS-PUG9r2tazj4oG7YRLfgYf7Y.js
Method GET
Parameter
Attack
Evidence
URL https://edgeservices.bing.com/rp/L3yoqw4shqYEILXl6pvlKqIoidw.js
Method GET
Parameter
Attack
Evidence
URL https://edgeservices.bing.com/rp/Ltkqat-zSiRMPQNVPxjDdcFwJN4.js
Method GET
Parameter
Attack
Evidence
URL https://edgeservices.bing.com/rp/qmFSVX8C0H6ihoMV-nT2OqfHW8E.js
Method GET
Parameter
Attack
Evidence
URL https://edgeservices.bing.com/rp/rO-9PeVNCXkmW0qTG4ecU5hJ2Rc.js
Method GET
Parameter
Attack
Evidence
URL https://edgeservices.bing.com/rp/T9UqkhCuv2zPJwI6ajUfDJtHw10.js
Method GET
Parameter
Attack
Evidence
URL https://edgeservices.bing.com/rp/tVjySZU7uHF3djX0d9UfyyYoJZg.js
Method GET
Parameter
Attack
Evidence
URL https://edgeservices.bing.com/rp/uvA8zPxfq5UVAj_3sgYCDgEEyx0.css
Method GET
Parameter
Attack
Evidence
URL https://edgeservices.bing.com/rp/Wqzke5Dmb4xly7TpIjaICZD4pLI.js
Method GET
Parameter
Attack
Evidence
URL https://edgeservices.bing.com/rp/XyQNqvQakaG0v1trKEJdUG1Lw0w.js
Method GET
Parameter
Attack
Evidence
URL https://fonts.gstatic.com/s/materialicons/v140/flUhRq6tzZclQEJ-Vdg-IuiaDsNcIhQ8tQ.woff2
Method GET
Parameter
Attack
Evidence
URL https://fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Method GET
Parameter
Attack
Evidence
URL https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Method GET
Parameter
Attack
Evidence
URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Method GET
Parameter
Attack
Evidence
URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
Method GET
Parameter
Attack
Evidence
URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Method GET
Parameter
Attack
Evidence
URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
Method GET
Parameter
Attack
Evidence
URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBBc4AMP6lQ.woff2
Method GET
Parameter
Attack
Evidence
URL https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Method GET
Parameter
Attack
Evidence
URL https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Method GET
Parameter
Attack
Evidence
URL https://image.spurtcart.com/?path=&name=&width=60&height=60
Method GET
Parameter
Attack
Evidence
URL https://image.spurtcart.com/?path=null&name=null&width=20&height=20
Method GET
Parameter
Attack
Evidence
URL https://image.spurtcart.com/?path=null&name=null&width=50&height=50
Method GET
Parameter
Attack
Evidence
URL https://tracking-protection.cdn.mozilla.net/ads-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence
URL https://tracking-protection.cdn.mozilla.net/analytics-track-digest256/1663274228
Method GET
Parameter
Attack
Evidence
URL https://tracking-protection.cdn.mozilla.net/base-cryptomining-track-digest256/1604686195
Method GET
Parameter
Attack
Evidence
URL https://tracking-protection.cdn.mozilla.net/base-email-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence
URL https://tracking-protection.cdn.mozilla.net/base-fingerprinting-track-digest256/1663274228
Method GET
Parameter
Attack
Evidence
URL https://tracking-protection.cdn.mozilla.net/content-email-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence
URL https://tracking-protection.cdn.mozilla.net/content-track-digest256/1670952926
Method GET
Parameter
Attack
Evidence
URL https://tracking-protection.cdn.mozilla.net/google-trackwhite-digest256/1604686195
Method GET
Parameter
Attack
Evidence
URL https://tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/1670952926
Method GET
Parameter
Attack
Evidence
URL https://tracking-protection.cdn.mozilla.net/social-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-facebook-digest256/1604686195
Method GET
Parameter
Attack
Evidence
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-linkedin-digest256/1564526481
Method GET
Parameter
Attack
Evidence
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-twitter-digest256/1604686195
Method GET
Parameter
Attack
Evidence
URL https://www2.bing.com/ipv6test/test
Method GET
Parameter
Attack
Evidence
URL https://edge.microsoft.com/componentupdater/api/v1/update
Method POST
Parameter
Attack
Evidence
URL https://edge.microsoft.com/componentupdater/api/v1/update?cup2key=6:90XscWpxDqPQ821oxfpTUFf39JxQsvtH1nU8xs4BNSI&cup2hreq=2efb1d32aeb61330802585edacf5a7656d2236a19317049a9e559989762cf3e3
Method POST
Parameter
Attack
Evidence
URL https://edgeservices.bing.com/fd/ls/lsp.aspx
Method POST
Parameter
Attack
Evidence
URL https://edgeservices.bing.com/web/xls.aspx
Method POST
Parameter
Attack
Evidence
Instances 70
Solution
Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.
Reference https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html
https://owasp.org/www-community/Security_Headers
http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
http://caniuse.com/stricttransportsecurity
http://tools.ietf.org/html/rfc6797
CWE Id 319
WASC Id 15
Plugin Id 10035
Low
 Timestamp Disclosure - Unix
Description
A timestamp was disclosed by the application/web server - Unix
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1396182291
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1398893684
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1415668834
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1426881987
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1431655765
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1432725776
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1467031594
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1476395008
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1476395009
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1495990901
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1501505948
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1508970993
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1518500249
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1522805485
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1537002063
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1541459225
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1546045734
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1548603684
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1549556828
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1555081692
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1575990012
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1595750129
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1607167915
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1610612736
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1610612737
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1654270250
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1694076839
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1695183700
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1701076831
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1731405415
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1732584193
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1744830464
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1744830465
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1747873779
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1750603025
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1779033703
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1816402316
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1836072691
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1856431235
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1859775393
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1879048192
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1879048193
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1894007588
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1899447441
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1914138554
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1925078388
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1933667412
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1955562222
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1986661051
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence 1996064986
URL http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method GET
Parameter
Attack
Evidence 1396182291
URL http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method GET
Parameter
Attack
Evidence 1424204075
URL http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method GET
Parameter
Attack
Evidence 1426881987
URL http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method GET
Parameter
Attack
Evidence 1431655765
URL http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method GET
Parameter
Attack
Evidence 1473132947
URL http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method GET
Parameter
Attack
Evidence 1474664885
URL http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method GET
Parameter
Attack
Evidence 1508970993
URL http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method GET
Parameter
Attack
Evidence 1521486534
URL http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method GET
Parameter
Attack
Evidence 1537002063
URL http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method GET
Parameter
Attack
Evidence 1538233109
URL http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method GET
Parameter
Attack
Evidence 1540483477
URL http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method GET
Parameter
Attack
Evidence 1541459225
URL http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method GET
Parameter
Attack
Evidence 1555081692
URL http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method GET
Parameter
Attack
Evidence 1564481375
URL http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method GET
Parameter
Attack
Evidence 1680079193
URL http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method GET
Parameter
Attack
Evidence 1694144372
URL http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method GET
Parameter
Attack
Evidence 1695183700
URL http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method GET
Parameter
Attack
Evidence 1740746414
URL http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method GET
Parameter
Attack
Evidence 1747873779
URL http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method GET
Parameter
Attack
Evidence 1779033703
URL http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method GET
Parameter
Attack
Evidence 1838011259
URL http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method GET
Parameter
Attack
Evidence 1841331548
URL http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method GET
Parameter
Attack
Evidence 1866530822
URL http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method GET
Parameter
Attack
Evidence 1899447441
URL http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method GET
Parameter
Attack
Evidence 1925078388
URL http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method GET
Parameter
Attack
Evidence 1933114872
URL http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method GET
Parameter
Attack
Evidence 1955562222
URL http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method GET
Parameter
Attack
Evidence 1986661051
URL http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method GET
Parameter
Attack
Evidence 1996064986
URL http://43.204.203.77/admin/main.0f1cfd2e4f5d7956.js
Method GET
Parameter
Attack
Evidence 1431655765
URL http://43.204.203.77/main.f0cb21e1506adcd9.js
Method GET
Parameter
Attack
Evidence 1431655765
URL https://cdn.ckeditor.com/4.5.11/full-all/ckeditor.js
Method GET
Parameter
Attack
Evidence 1663772073
URL https://cdn.ckeditor.com/4.5.11/full-all/ckeditor.js
Method GET
Parameter
Attack
Evidence 1681375291
URL https://edge.microsoft.com/abusiveadblocking/api/v1/blocklist
Method GET
Parameter
Attack
Evidence 1681337419
URL https://edge.microsoft.com/abusiveadblocking/api/v1/blocklist
Method GET
Parameter
Attack
Evidence 1681346286
URL https://tracking-protection.cdn.mozilla.net/ads-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence 1668785275
URL https://tracking-protection.cdn.mozilla.net/analytics-track-digest256/1663274228
Method GET
Parameter
Attack
Evidence 1663274228
URL https://tracking-protection.cdn.mozilla.net/base-cryptomining-track-digest256/1604686195
Method GET
Parameter
Attack
Evidence 1604686195
URL https://tracking-protection.cdn.mozilla.net/base-email-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence 1668785275
URL https://tracking-protection.cdn.mozilla.net/base-fingerprinting-track-digest256/1663274228
Method GET
Parameter
Attack
Evidence 1663274228
URL https://tracking-protection.cdn.mozilla.net/content-email-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence 1668785275
URL https://tracking-protection.cdn.mozilla.net/content-track-digest256/1670952926
Method GET
Parameter
Attack
Evidence 1670952926
URL https://tracking-protection.cdn.mozilla.net/google-trackwhite-digest256/1604686195
Method GET
Parameter
Attack
Evidence 1604686195
URL https://tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/1670952926
Method GET
Parameter
Attack
Evidence 1670952926
URL https://tracking-protection.cdn.mozilla.net/social-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence 1668785275
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-facebook-digest256/1604686195
Method GET
Parameter
Attack
Evidence 1604686195
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-linkedin-digest256/1564526481
Method GET
Parameter
Attack
Evidence 1564526481
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-twitter-digest256/1604686195
Method GET
Parameter
Attack
Evidence 1604686195
URL https://edge.microsoft.com/componentupdater/api/v1/update?cup2key=6:90XscWpxDqPQ821oxfpTUFf39JxQsvtH1nU8xs4BNSI&cup2hreq=2efb1d32aeb61330802585edacf5a7656d2236a19317049a9e559989762cf3e3
Method POST
Parameter
Attack
Evidence 1681946506
URL https://edge.microsoft.com/componentupdater/api/v1/update?cup2key=6:90XscWpxDqPQ821oxfpTUFf39JxQsvtH1nU8xs4BNSI&cup2hreq=2efb1d32aeb61330802585edacf5a7656d2236a19317049a9e559989762cf3e3
Method POST
Parameter
Attack
Evidence 1681946507
URL https://edge.microsoft.com/componentupdater/api/v1/update?cup2key=6:90XscWpxDqPQ821oxfpTUFf39JxQsvtH1nU8xs4BNSI&cup2hreq=2efb1d32aeb61330802585edacf5a7656d2236a19317049a9e559989762cf3e3
Method POST
Parameter
Attack
Evidence 1681946508
URL https://edge.microsoft.com/componentupdater/api/v1/update?cup2key=6:90XscWpxDqPQ821oxfpTUFf39JxQsvtH1nU8xs4BNSI&cup2hreq=2efb1d32aeb61330802585edacf5a7656d2236a19317049a9e559989762cf3e3
Method POST
Parameter
Attack
Evidence 1681946509
URL https://edge.microsoft.com/componentupdater/api/v1/update?cup2key=6:90XscWpxDqPQ821oxfpTUFf39JxQsvtH1nU8xs4BNSI&cup2hreq=2efb1d32aeb61330802585edacf5a7656d2236a19317049a9e559989762cf3e3
Method POST
Parameter
Attack
Evidence 1681946510
URL https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=111.0&pver=2.2
Method POST
Parameter
Attack
Evidence 1564526481
URL https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=111.0&pver=2.2
Method POST
Parameter
Attack
Evidence 1604686195
URL https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=111.0&pver=2.2
Method POST
Parameter
Attack
Evidence 1663274228
URL https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=111.0&pver=2.2
Method POST
Parameter
Attack
Evidence 1668785275
URL https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=111.0&pver=2.2
Method POST
Parameter
Attack
Evidence 1670952926
Instances 108
Solution
Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.
Reference http://projects.webappsec.org/w/page/13246936/Information%20Leakage
CWE Id 200
WASC Id 13
Plugin Id 10096
Low
 X-Content-Type-Options Header Missing
Description
The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.
URL http://43.204.203.77/
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/376.4973fffae8e19a2c.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/780.676841fa8b7762bb.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/873.4f1eac246b5998ae.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/879.03dfcec5a5ee3763.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/970.c9eccbf4eba1f2f0.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/996.9f267c9195077b5c.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/1213.bca9fde12e008d13.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/1232.b3a0b996ea7ced18.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/1236.ac00b447876f35b9.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/1382.9e89c899dafb16e2.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/1410.e3a454c0710677c9.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/1508.34db89c6110c7eb1.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/1531.bfac6ac261a7a729.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/1553.79ef9fb84a1533d6.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/1629.bf1bb77dbb335690.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/1631.91fac68058f2ba62.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/1671.6b5b3f2af01bb1d9.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/1855.a1c23c0399f16559.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/2039.76a232eb5be6d9c6.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/2061.0aaabbf01ef4124f.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/2164.eabe34d2d9541461.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/2174.8fbc351c90652f70.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/2258.3a7ca7b07681a1a7.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/2266.5257588dbe04091e.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/2323.c3670583ff5371a7.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/2352.38f6dd1009aa06fc.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/2455.77c97a23349bf3b9.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/2498.34fc6082abcd2f25.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/256.69b82f589c560e62.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/263.720e9c3bc3ed172f.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/3054.9c8fc0ccd99ba312.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/3085.835786bbfd845184.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/3176.0179da3689dfe749.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/3540.570918aaed1f303b.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/3548.88f0c804e8d28bbe.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/38.45a73bab14b7abbf.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/3851.7ff0770c5ea7829d.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/3911.9ad0191bda4456b8.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/4064.6c1e4adbcdcac046.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/4134.189a96638e0b2a09.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/4182.eed8618ac35157d9.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/4202.dd93c6202b312542.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/4214.d99700b30528c4af.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/4248.aea604632219d8c3.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/4338.a85572402a984d01.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/4443.5a77094282f9cbe1.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/4455.0cdbc03106a15a9c.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/4515.6b24bd1f0a5b6df9.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/4611.b376c6d86b62039f.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/4682.8cfef23f793f094e.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/4954.97afa1213c59eedd.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/5013.bb0565972037a79e.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/5042.f969505118c2fd89.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/5063.2f17dc964eae5e98.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/5145.801736656b54c672.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/5308.d4cd4ffce10a71c7.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/5336.64676d9206ffa68f.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/5377.b0e45c2addd39450.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/5566.916466eea17e3544.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/5595.0612fe5ebe4f3c57.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/5608.2a1109079b10bf56.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/5641.87f5d32535958130.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/574.f68660774b9c7073.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/5864.e6cf23d4b8bde2ed.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/5939.e071093f9de25a2e.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/6083.6f52944e71c49843.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/6093.c4d026c0e6cfb2d8.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/636.4a87c2dcbbae797c.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/6727.65485f2be6cf644e.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/6874.b37fc5c4a6dc4918.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/6879.41e5a9c4f62a4f88.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/6905.3c4d514bdd7b26ca.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/7.472206f9bbd253df.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/7154.2187bd5843fba8a6.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/7185.873f3f9c8855ff16.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/7294.eeb6937739f265b5.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/7324.8258d7ea7c7489b9.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/7339.78847452049e2559.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/7498.39e2df10da020fde.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/7633.de6dd6b9bf8bd228.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/7648.a5db27b3c0c1ecc6.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/7651.79a779703123ba4a.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/7654.77a32404c600674d.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/7739.b38d03efacc81c19.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/7773.d25ce3f58b5e23a2.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/7790.fbb1998e6164a47b.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/7932.d9080416c797853a.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/7970.1ee5d960a1ca3532.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/808.1da73573c54d95e8.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/8110.a01cf4c1217d7be7.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/8410.20e060e1ec2ef01e.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/8461.4a04ccab7beaceee.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/8538.c93f9f4d8e30041f.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/8622.cf18b2bf0bacf8dd.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/8654.c58c2f574061819f.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/877.1d2d037edb7ebd92.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/8804.fad5e05126357e70.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/8891.0729d83d00f9d5a2.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/9041.de49dc19422a1558.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/9154.c62ca6951082ec08.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/9169.cc55dab143f39277.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/9279.999b16799a71fb09.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/9416.33eecdd80361ba8a.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/9442.6eba38d870f411d4.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/9473.7f26a820cc350a1a.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/9584.b6efee3482211830.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/9675.41014bbf75aaa443.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/993.8497a298a793d670.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/9990.467b034322daa8d5.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/assets/i18n/en.json
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/common.ef4a1c86199084fd.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/fa-solid-900.a7ba84a018f500ca.woff2
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/main.0f1cfd2e4f5d7956.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/polyfills.dd6de2846bef6fea.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/runtime.71e0e9c6b76c5be6.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/admin/styles.099d46fcafc5fcf1.css
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/assets/i18n/en.json
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/main.f0cb21e1506adcd9.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/polyfills.6a751aded78d1f31.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/runtime.3c44765139ab3a2f.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://43.204.203.77/styles.b7753336f8a6d7ba.css
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://detectportal.firefox.com/canonical.html
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://detectportal.firefox.com/success.txt?ipv4
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://cdn.plot.ly/plotly-basic-1.55.2.min.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://edge.microsoft.com/abusiveadblocking/api/v1/blocklist
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=addressbar_uu_files.en-gb&version=1.*.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=arbitration_priority_list&version=2.*.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=domains_config&version=2.*.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=edge_hub_apps_manifest&version=4.7.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=signal_triggers&version=1.9.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://edge.microsoft.com/extensiondiagnostic/v1/activitystatus?x=id%3Dahokoikenoafgppiblgpenaaaolecifn%26v%3D1.1.13&x=id%3Dbhmhibnbialendcafinliemndanacfaj%26v%3D1.4.12&x=id%3Dbobbggphonhgdonfdibkfipfepfcildj%26v%3D1.0.3&x=id%3Dceaifoolopnigfpidlheoagpheiplgii%26v%3D1.4.12&x=id%3Dcjneempfhkonkkbcmnfdibgobmhbagaj%26v%3D1.5.13&x=id%3Ddabfebgaghanlbehmkmaflipiohdimmc%26v%3D1.0.3&x=id%3Ddcaajljecejllikfgbhjdgeognacjkkp%26v%3D1.3.16&x=id%3Ddmbljphlfghcnbohaoffiedmodfmkmol%26v%3D1.0.3&x=id%3Dehlmnljdoejdahfjdfobmpfancoibmig%26v%3D1.3.12&x=id%3Deijpepilkjkofamihbmjcnihgpbebafj%26v%3D1.0.10&x=id%3Denkoeamdnimieoooocohgbdajhhkajko%26v%3D1.0.4&x=id%3Dfjngpfnaikknjdhkckmncgicobbkcnle%26v%3D1.1.9&x=id%3Dgbmoeijgfngecijpcnbooedokgafmmji%26v%3D1.6.14&x=id%3Dgecfnmoodchdkebjjffmdcmeghkflpib%26v%3D1.7.29&x=id%3Dgekagaaiohabmaknhkbaofhhedhelemf%26v%3D1.4.12&x=id%3Dghglcnachgghkhbafjogogiggghcpjig%26v%3D1.0.3&x=id%3Dhciemgmhplhpinoohcjpafmncmjapioh%26v%3D1.0.3&x=id%3Dhloomjjkinpbjldhobfkfdamkmikjmdo%26v%3D1.4.10&x=id%3Dhmlhageoffiiefnmojcgoagebofoifpl%26v%3D1.4.14&x=id%3Djbleckejnaboogigodiafflhkajdmpcl%26v%3D1.3.5&x=id%3Djlipacegilfgfpgkefbjcncbfcoeecgj%26v%3D1.0.5&x=id%3Djpfjdekhebcolnfkpicpciaknbgcdcbm%26v%3D1.0.3&x=id%3Dkfihiegbjaloebkmglnjnljoljgkkchm%26v%3D1.7.7&x=id%3Dkhffkadolmfbdgahbabbhipadklfmhgf%26v%3D1.5.13&x=id%3Dkjncpkplfnolibapodobnnjfgmjmiaba%26v%3D1.4.12&x=id%3Dkkobcodijbdelbnhbfkkfncbeildnpie%26v%3D1.0.3&x=id%3Dkmojgmpmopiiagdfbilgognmlegkonbk%26v%3D1.4.13&x=id%3Dnkbndigcebkoaejohleckhekfmcecfja%26v%3D1.6.8&x=id%3Dnnpnekncnhiglbokoiffmejlimgmgoam%26v%3D1.0.3&x=id%3Dofefcgjbeghpigppfmkologfjadafddi%26v%3D1.1.4&x=id%3Dolkdlefmaniacnmgofabnpmomgcpdaip%26v%3D1.0.3&x=id%3Dolmhchkiafniffcaiciiomfdplnmklak%26v%3D1.5.4&x=id%3Dpencekojiebcjhifbkfdncgmmooepclc%26v%3D1.0.4&x=id%3Dpjhpojmiobchgmchbkekckbgeigbbaje%26v%3D1.0.1&x=id%3Dppnnjfpaneghjbcepgedmlcgmfgkjhah%26v%3D1.0.3
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://edge.microsoft.com/serviceexperimentation/v2/
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://edgeassetservice.azureedge.net/assets/addressbar_uu_files.en-gb/1.0.2/asset?sv=2017-07-29&sr=c&sig=syVgbBkg8uucUCbdAhbOcJHbhbWxF6Oaa0Ff5bb1IjQ%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-06-30T00%3A00%3A00Z&sp=r&assetgroup=AddressBar
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/2.0.6/asset?sv=2017-07-29&sr=c&sig=syVgbBkg8uucUCbdAhbOcJHbhbWxF6Oaa0Ff5bb1IjQ%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-06-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://edgeassetservice.azureedge.net/assets/domains_config/2.8.60/asset?sv=2017-07-29&sr=c&sig=syVgbBkg8uucUCbdAhbOcJHbhbWxF6Oaa0Ff5bb1IjQ%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-06-30T00%3A00%3A00Z&sp=r&assetgroup=EntityExtractionDomainsConfig
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest/4.7.36/asset?sv=2017-07-29&sr=c&sig=syVgbBkg8uucUCbdAhbOcJHbhbWxF6Oaa0Ff5bb1IjQ%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-06-30T00%3A00%3A00Z&sp=r&assetgroup=Shoreline
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://edgeassetservice.azureedge.net/assets/signal_triggers/1.9.3/asset?sv=2017-07-29&sr=c&sig=syVgbBkg8uucUCbdAhbOcJHbhbWxF6Oaa0Ff5bb1IjQ%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-06-30T00%3A00%3A00Z&sp=r&assetgroup=TriggeringSignals
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://edgeservices.bing.com/rp/6gwyvgUhMc_64xL4rIZIJiyI9Ik.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://edgeservices.bing.com/rp/BAWWNeRGZhdEM4X57-nYh3UUFWc.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://edgeservices.bing.com/rp/ehzbwa_MRvvT9Ntrf63tSdC2v6Y.css
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://edgeservices.bing.com/rp/Fl8hvdN-LRA_glbu6-DmucPb4hM.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://edgeservices.bing.com/rp/GBZ850ngNs7Vmx3K8jd6CJOXRog.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://edgeservices.bing.com/rp/IBCVtVNB4rIhrEoojHm4hLXgrio.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://edgeservices.bing.com/rp/JDsGCskJXJerqDlueE-JSck9YmY.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://edgeservices.bing.com/rp/jmjzP7bqHB1J2F3r3-zjXIy-E3o.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://edgeservices.bing.com/rp/jTX_lM98lKg9-czTzwiLUsV1Qbk.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://edgeservices.bing.com/rp/jyS-PUG9r2tazj4oG7YRLfgYf7Y.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://edgeservices.bing.com/rp/L3yoqw4shqYEILXl6pvlKqIoidw.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://edgeservices.bing.com/rp/Ltkqat-zSiRMPQNVPxjDdcFwJN4.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://edgeservices.bing.com/rp/qmFSVX8C0H6ihoMV-nT2OqfHW8E.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://edgeservices.bing.com/rp/rO-9PeVNCXkmW0qTG4ecU5hJ2Rc.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://edgeservices.bing.com/rp/T9UqkhCuv2zPJwI6ajUfDJtHw10.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://edgeservices.bing.com/rp/tVjySZU7uHF3djX0d9UfyyYoJZg.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://edgeservices.bing.com/rp/uvA8zPxfq5UVAj_3sgYCDgEEyx0.css
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://edgeservices.bing.com/rp/Wqzke5Dmb4xly7TpIjaICZD4pLI.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://edgeservices.bing.com/rp/XyQNqvQakaG0v1trKEJdUG1Lw0w.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://tracking-protection.cdn.mozilla.net/ads-track-digest256/1668785275
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://tracking-protection.cdn.mozilla.net/analytics-track-digest256/1663274228
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://tracking-protection.cdn.mozilla.net/base-cryptomining-track-digest256/1604686195
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://tracking-protection.cdn.mozilla.net/base-email-track-digest256/1668785275
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://tracking-protection.cdn.mozilla.net/base-fingerprinting-track-digest256/1663274228
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://tracking-protection.cdn.mozilla.net/content-email-track-digest256/1668785275
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://tracking-protection.cdn.mozilla.net/content-track-digest256/1670952926
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://tracking-protection.cdn.mozilla.net/google-trackwhite-digest256/1604686195
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/1670952926
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://tracking-protection.cdn.mozilla.net/social-track-digest256/1668785275
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-facebook-digest256/1604686195
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-linkedin-digest256/1564526481
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-twitter-digest256/1604686195
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://www2.bing.com/ipv6test/test
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=111.0&pver=2.2
Method POST
Parameter X-Content-Type-Options
Attack
Evidence
Instances 177
Solution
Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.
Reference http://msdn.microsoft.com/en-us/library/ie/gg622941%28v=vs.85%29.aspx
https://owasp.org/www-community/Security_Headers
CWE Id 693
WASC Id 15
Plugin Id 10021
Informational
 Content Security Policy (CSP) Report-Only Header Found
Description
The response contained a Content-Security-Policy-Report-Only header, this may indicate a work-in-progress implementation, or an oversight in promoting pre-Prod to Prod, etc.

Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
URL https://www2.bing.com/ipv6test/test
Method GET
Parameter
Attack
Evidence
Instances 1
Solution
Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.
Reference https://www.w3.org/TR/CSP2/
https://w3c.github.io/webappsec-csp/
http://caniuse.com/#feat=contentsecuritypolicy
http://content-security-policy.com/
CWE Id 693
WASC Id 15
Plugin Id 10038
Informational
 Content-Type Header Missing
Description
The Content-Type header was either missing or empty.
URL https://edgeservices.bing.com/ipv6test/test?FORM=MONITR
Method GET
Parameter
Attack
Evidence
Instances 1
Solution
Ensure each page is setting the specific and appropriate content-type value for the content being delivered.
Reference http://msdn.microsoft.com/en-us/library/ie/gg622941%28v=vs.85%29.aspx
CWE Id 345
WASC Id 12
Plugin Id 10019
Informational
 Cookie Poisoning
Description
This check looks at user-supplied input in query string parameters and POST data to identify where cookie parameters might be controlled. This is called a cookie poisoning attack, and becomes exploitable when an attacker can manipulate the cookie in various ways. In some cases this will not be exploitable, however, allowing URL parameters to set cookie values is generally considered a bug.
URL https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method GET
Parameter FORM
Attack
Evidence
URL https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method GET
Parameter FORM
Attack
Evidence
Instances 2
Solution
Do not allow user input to control cookie names and values. If some query string parameters must be set in cookie values, be sure to filter out semicolon's that can serve as name/value pair delimiters.
Reference http://websecuritytool.codeplex.com/wikipage?title=Checks#user-controlled-cookie
CWE Id 20
WASC Id 20
Plugin Id 10029
Informational
 Information Disclosure - Suspicious Comments
Description
The response appears to contain suspicious comments which may help an attacker. Note: Matches made within script blocks or files are against the entire content not only comments.
URL http://43.204.203.77/376.4973fffae8e19a2c.js
Method GET
Parameter
Attack
Evidence user
URL http://43.204.203.77/780.676841fa8b7762bb.js
Method GET
Parameter
Attack
Evidence todo
URL http://43.204.203.77/879.03dfcec5a5ee3763.js
Method GET
Parameter
Attack
Evidence select
URL http://43.204.203.77/970.c9eccbf4eba1f2f0.js
Method GET
Parameter
Attack
Evidence select
URL http://43.204.203.77/996.9f267c9195077b5c.js
Method GET
Parameter
Attack
Evidence select
URL http://43.204.203.77/admin/1213.bca9fde12e008d13.js
Method GET
Parameter
Attack
Evidence user
URL http://43.204.203.77/admin/1236.ac00b447876f35b9.js
Method GET
Parameter
Attack
Evidence admin
URL http://43.204.203.77/admin/1382.9e89c899dafb16e2.js
Method GET
Parameter
Attack
Evidence admin
URL http://43.204.203.77/admin/1410.e3a454c0710677c9.js
Method GET
Parameter
Attack
Evidence admin
URL http://43.204.203.77/admin/1508.34db89c6110c7eb1.js
Method GET
Parameter
Attack
Evidence admin
URL http://43.204.203.77/admin/1629.bf1bb77dbb335690.js
Method GET
Parameter
Attack
Evidence admin
URL http://43.204.203.77/admin/1631.91fac68058f2ba62.js
Method GET
Parameter
Attack
Evidence admin
URL http://43.204.203.77/admin/1671.6b5b3f2af01bb1d9.js
Method GET
Parameter
Attack
Evidence user
URL http://43.204.203.77/admin/1855.a1c23c0399f16559.js
Method GET
Parameter
Attack
Evidence admin
URL http://43.204.203.77/admin/2061.0aaabbf01ef4124f.js
Method GET
Parameter
Attack
Evidence select
URL http://43.204.203.77/admin/2164.eabe34d2d9541461.js
Method GET
Parameter
Attack
Evidence user
URL http://43.204.203.77/admin/2174.8fbc351c90652f70.js
Method GET
Parameter
Attack
Evidence user
URL http://43.204.203.77/admin/2258.3a7ca7b07681a1a7.js
Method GET
Parameter
Attack
Evidence admin
URL http://43.204.203.77/admin/2266.5257588dbe04091e.js
Method GET
Parameter
Attack
Evidence user
URL http://43.204.203.77/admin/2323.c3670583ff5371a7.js
Method GET
Parameter
Attack
Evidence admin
URL http://43.204.203.77/admin/2455.77c97a23349bf3b9.js
Method GET
Parameter
Attack
Evidence Admin
URL http://43.204.203.77/admin/2498.34fc6082abcd2f25.js
Method GET
Parameter
Attack
Evidence admin
URL http://43.204.203.77/admin/256.69b82f589c560e62.js
Method GET
Parameter
Attack
Evidence Admin
URL http://43.204.203.77/admin/263.720e9c3bc3ed172f.js
Method GET
Parameter
Attack
Evidence DB
URL http://43.204.203.77/admin/3085.835786bbfd845184.js
Method GET
Parameter
Attack
Evidence admin
URL http://43.204.203.77/admin/3176.0179da3689dfe749.js
Method GET
Parameter
Attack
Evidence admin
URL http://43.204.203.77/admin/3540.570918aaed1f303b.js
Method GET
Parameter
Attack
Evidence select
URL http://43.204.203.77/admin/3548.88f0c804e8d28bbe.js
Method GET
Parameter
Attack
Evidence select
URL http://43.204.203.77/admin/38.45a73bab14b7abbf.js
Method GET
Parameter
Attack
Evidence user
URL http://43.204.203.77/admin/3911.9ad0191bda4456b8.js
Method GET
Parameter
Attack
Evidence select
URL http://43.204.203.77/admin/4064.6c1e4adbcdcac046.js
Method GET
Parameter
Attack
Evidence select
URL http://43.204.203.77/admin/4134.189a96638e0b2a09.js
Method GET
Parameter
Attack
Evidence admin
URL http://43.204.203.77/admin/4182.eed8618ac35157d9.js
Method GET
Parameter
Attack
Evidence admin
URL http://43.204.203.77/admin/4202.dd93c6202b312542.js
Method GET
Parameter
Attack
Evidence select
URL http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method GET
Parameter
Attack
Evidence TODO
URL http://43.204.203.77/admin/4611.b376c6d86b62039f.js
Method GET
Parameter
Attack
Evidence user
URL http://43.204.203.77/admin/4682.8cfef23f793f094e.js
Method GET
Parameter
Attack
Evidence admin
URL http://43.204.203.77/admin/4954.97afa1213c59eedd.js
Method GET
Parameter
Attack
Evidence admin
URL http://43.204.203.77/admin/5042.f969505118c2fd89.js
Method GET
Parameter
Attack
Evidence admin
URL http://43.204.203.77/admin/5063.2f17dc964eae5e98.js
Method GET
Parameter
Attack
Evidence admin
URL http://43.204.203.77/admin/5145.801736656b54c672.js
Method GET
Parameter
Attack
Evidence Admin
URL http://43.204.203.77/admin/5308.d4cd4ffce10a71c7.js
Method GET
Parameter
Attack
Evidence admin
URL http://43.204.203.77/admin/5377.b0e45c2addd39450.js
Method GET
Parameter
Attack
Evidence Admin
URL http://43.204.203.77/admin/5566.916466eea17e3544.js
Method GET
Parameter
Attack
Evidence admin
URL http://43.204.203.77/admin/5595.0612fe5ebe4f3c57.js
Method GET
Parameter
Attack
Evidence Admin
URL http://43.204.203.77/admin/5864.e6cf23d4b8bde2ed.js
Method GET
Parameter
Attack
Evidence User
URL http://43.204.203.77/admin/5939.e071093f9de25a2e.js
Method GET
Parameter
Attack
Evidence Admin
URL http://43.204.203.77/admin/6093.c4d026c0e6cfb2d8.js
Method GET
Parameter
Attack
Evidence admin
URL http://43.204.203.77/admin/636.4a87c2dcbbae797c.js
Method GET
Parameter
Attack
Evidence select
URL http://43.204.203.77/admin/6727.65485f2be6cf644e.js
Method GET
Parameter
Attack
Evidence admin
URL http://43.204.203.77/admin/6874.b37fc5c4a6dc4918.js
Method GET
Parameter
Attack
Evidence admin
URL http://43.204.203.77/admin/6879.41e5a9c4f62a4f88.js
Method GET
Parameter
Attack
Evidence user
URL http://43.204.203.77/admin/7.472206f9bbd253df.js
Method GET
Parameter
Attack
Evidence user
URL http://43.204.203.77/admin/7185.873f3f9c8855ff16.js
Method GET
Parameter
Attack
Evidence user
URL http://43.204.203.77/admin/7294.eeb6937739f265b5.js
Method GET
Parameter
Attack
Evidence admin
URL http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method GET
Parameter
Attack
Evidence TODO
URL http://43.204.203.77/admin/7324.8258d7ea7c7489b9.js
Method GET
Parameter
Attack
Evidence dB
URL http://43.204.203.77/admin/7339.78847452049e2559.js
Method GET
Parameter
Attack
Evidence Admin
URL http://43.204.203.77/admin/7498.39e2df10da020fde.js
Method GET
Parameter
Attack
Evidence admin
URL http://43.204.203.77/admin/7648.a5db27b3c0c1ecc6.js
Method GET
Parameter
Attack
Evidence admin
URL http://43.204.203.77/admin/7651.79a779703123ba4a.js
Method GET
Parameter
Attack
Evidence user
URL http://43.204.203.77/admin/7654.77a32404c600674d.js
Method GET
Parameter
Attack
Evidence admin
URL http://43.204.203.77/admin/7739.b38d03efacc81c19.js
Method GET
Parameter
Attack
Evidence dB
URL http://43.204.203.77/admin/7773.d25ce3f58b5e23a2.js
Method GET
Parameter
Attack
Evidence admin
URL http://43.204.203.77/admin/7932.d9080416c797853a.js
Method GET
Parameter
Attack
Evidence user
URL http://43.204.203.77/admin/7970.1ee5d960a1ca3532.js
Method GET
Parameter
Attack
Evidence admin
URL http://43.204.203.77/admin/808.1da73573c54d95e8.js
Method GET
Parameter
Attack
Evidence admin
URL http://43.204.203.77/admin/8110.a01cf4c1217d7be7.js
Method GET
Parameter
Attack
Evidence admin
URL http://43.204.203.77/admin/8410.20e060e1ec2ef01e.js
Method GET
Parameter
Attack
Evidence admin
URL http://43.204.203.77/admin/8461.4a04ccab7beaceee.js
Method GET
Parameter
Attack
Evidence admin
URL http://43.204.203.77/admin/8538.c93f9f4d8e30041f.js
Method GET
Parameter
Attack
Evidence select
URL http://43.204.203.77/admin/8622.cf18b2bf0bacf8dd.js
Method GET
Parameter
Attack
Evidence user
URL http://43.204.203.77/admin/8654.c58c2f574061819f.js
Method GET
Parameter
Attack
Evidence user
URL http://43.204.203.77/admin/877.1d2d037edb7ebd92.js
Method GET
Parameter
Attack
Evidence admin
URL http://43.204.203.77/admin/9041.de49dc19422a1558.js
Method GET
Parameter
Attack
Evidence admin
URL http://43.204.203.77/admin/9169.cc55dab143f39277.js
Method GET
Parameter
Attack
Evidence query
URL http://43.204.203.77/admin/9416.33eecdd80361ba8a.js
Method GET
Parameter
Attack
Evidence admin
URL http://43.204.203.77/admin/9442.6eba38d870f411d4.js
Method GET
Parameter
Attack
Evidence user
URL http://43.204.203.77/admin/9473.7f26a820cc350a1a.js
Method GET
Parameter
Attack
Evidence admin
URL http://43.204.203.77/admin/9584.b6efee3482211830.js
Method GET
Parameter
Attack
Evidence User
URL http://43.204.203.77/admin/9675.41014bbf75aaa443.js
Method GET
Parameter
Attack
Evidence select
URL http://43.204.203.77/admin/993.8497a298a793d670.js
Method GET
Parameter
Attack
Evidence user
URL http://43.204.203.77/admin/9990.467b034322daa8d5.js
Method GET
Parameter
Attack
Evidence admin
URL http://43.204.203.77/admin/common.ef4a1c86199084fd.js
Method GET
Parameter
Attack
Evidence admin
URL http://43.204.203.77/admin/main.0f1cfd2e4f5d7956.js
Method GET
Parameter
Attack
Evidence query
URL http://43.204.203.77/admin/polyfills.dd6de2846bef6fea.js
Method GET
Parameter
Attack
Evidence select
URL http://43.204.203.77/main.f0cb21e1506adcd9.js
Method GET
Parameter
Attack
Evidence todo
URL http://43.204.203.77/polyfills.6a751aded78d1f31.js
Method GET
Parameter
Attack
Evidence select
URL https://cdn.ckeditor.com/4.5.11/full-all/ckeditor.js
Method GET
Parameter
Attack
Evidence from
URL https://cdn.ckeditor.com/4.5.11/full-all/ckeditor.js
Method GET
Parameter
Attack
Evidence select
URL https://cdn.ckeditor.com/4.5.11/full-all/ckeditor.js
Method GET
Parameter
Attack
Evidence user
URL https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/ckeditor.js
Method GET
Parameter
Attack
Evidence from
URL https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/ckeditor.js
Method GET
Parameter
Attack
Evidence select
URL https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/ckeditor.js
Method GET
Parameter
Attack
Evidence user
URL https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/lang/en-gb.js?t=I2QG
Method GET
Parameter
Attack
Evidence user
URL https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/styles.js?t=I2QG
Method GET
Parameter
Attack
Evidence from
URL https://cdn.plot.ly/plotly-basic-1.55.2.min.js
Method GET
Parameter
Attack
Evidence bug
URL https://cdn.plot.ly/plotly-basic-1.55.2.min.js
Method GET
Parameter
Attack
Evidence user
URL https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method GET
Parameter
Attack
Evidence select
URL https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method GET
Parameter
Attack
Evidence select
URL https://edgeservices.bing.com/rp/GBZ850ngNs7Vmx3K8jd6CJOXRog.js
Method GET
Parameter
Attack
Evidence from
URL https://edgeservices.bing.com/rp/JDsGCskJXJerqDlueE-JSck9YmY.js
Method GET
Parameter
Attack
Evidence from
URL https://edgeservices.bing.com/rp/rO-9PeVNCXkmW0qTG4ecU5hJ2Rc.js
Method GET
Parameter
Attack
Evidence from
URL https://edgeservices.bing.com/rp/tVjySZU7uHF3djX0d9UfyyYoJZg.js
Method GET
Parameter
Attack
Evidence from
URL https://edgeservices.bing.com/rp/XyQNqvQakaG0v1trKEJdUG1Lw0w.js
Method GET
Parameter
Attack
Evidence from
Instances 105
Solution
Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.
Reference
CWE Id 200
WASC Id 13
Plugin Id 10027
Informational
 Loosely Scoped Cookie
Description
Cookies can be scoped by domain or path. This check is only concerned with domain scope.The domain scope applied to a cookie determines which domains can access it. For example, a cookie can be scoped strictly to a subdomain e.g. www.nottrusted.com, or loosely scoped to a parent domain e.g. nottrusted.com. In the latter case, any subdomain of nottrusted.com can access the cookie. Loosely scoped cookies are common in mega-applications like google.com and live.com. Cookies set from a subdomain like app.foo.bar are transmitted only to that domain by the browser. However, cookies scoped to a parent-level domain may be transmitted to the parent, or any subdomain of the parent.
URL https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method GET
Parameter
Attack
Evidence
URL https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method GET
Parameter
Attack
Evidence
Instances 2
Solution
Always scope cookies to a FQDN (Fully Qualified Domain Name).
Reference https://tools.ietf.org/html/rfc6265#section-4.1
https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html
http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_cookies
CWE Id 565
WASC Id 15
Plugin Id 90033
Informational
 Modern Web Application
Description
The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.
URL http://43.204.203.77/
Method GET
Parameter
Attack
Evidence <script src="runtime.3c44765139ab3a2f.js" type="module"></script>
URL http://43.204.203.77/admin/
Method GET
Parameter
Attack
Evidence <script src="https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/ckeditor.js"></script>
URL https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method GET
Parameter
Attack
Evidence <a id="sb_feedback" role="button" target="_blank" _ctf="rdr_T" class="linkBtn" h="ID=SERP,5029.1"><span class="sb_fbdText">Feedback</span></a>
Instances 3
Solution
This is an informational alert and so no changes are required.
Reference
CWE Id
WASC Id
Plugin Id 10109
Informational
 Re-examine Cache-control Directives
Description
The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.
URL https://edge.microsoft.com/abusiveadblocking/api/v1/blocklist
Method GET
Parameter Cache-Control
Attack
Evidence public, max-age=43200
URL https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=addressbar_uu_files.en-gb&version=1.*.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362
Method GET
Parameter Cache-Control
Attack
Evidence public, max-age=3600
URL https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=arbitration_priority_list&version=2.*.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362
Method GET
Parameter Cache-Control
Attack
Evidence public, max-age=3600
URL https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=domains_config&version=2.*.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362
Method GET
Parameter Cache-Control
Attack
Evidence public, max-age=3600
URL https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=edge_hub_apps_manifest&version=4.7.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362
Method GET
Parameter Cache-Control
Attack
Evidence public, max-age=3600
URL https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=signal_triggers&version=1.9.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362
Method GET
Parameter Cache-Control
Attack
Evidence public, max-age=3600
URL https://edge.microsoft.com/neededge/v1?bucket=80
Method GET
Parameter Cache-Control
Attack
Evidence public, max-age=86400
URL https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method GET
Parameter Cache-Control
Attack
Evidence private
URL https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1678736907773
Method GET
Parameter Cache-Control
Attack
Evidence max-age=3600,public
URL https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?collection=query-stripping&bucket=main&_expected=0
Method GET
Parameter Cache-Control
Attack
Evidence max-age=3600,public
Instances 10
Solution
For secure content, ensure the cache-control HTTP header is set with "no-cache, no-store, must-revalidate". If an asset should be cached consider setting the directives "public, max-age, immutable".
Reference https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
https://grayduck.mn/2021/09/13/cache-control-recommendations/
CWE Id 525
WASC Id 13
Plugin Id 10015
Informational
 Retrieved from Cache
Description
The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where caching servers such as "proxy" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.
URL http://detectportal.firefox.com/canonical.html
Method GET
Parameter
Attack
Evidence Age: 76407
URL http://detectportal.firefox.com/canonical.html
Method GET
Parameter
Attack
Evidence Age: 76467
URL http://detectportal.firefox.com/canonical.html
Method GET
Parameter
Attack
Evidence Age: 76546
URL http://detectportal.firefox.com/canonical.html
Method GET
Parameter
Attack
Evidence Age: 82503
URL http://detectportal.firefox.com/canonical.html
Method GET
Parameter
Attack
Evidence Age: 82563
URL http://detectportal.firefox.com/canonical.html
Method GET
Parameter
Attack
Evidence Age: 82579
URL http://detectportal.firefox.com/canonical.html
Method GET
Parameter
Attack
Evidence Age: 82659
URL http://detectportal.firefox.com/canonical.html
Method GET
Parameter
Attack
Evidence Age: 82778
URL http://detectportal.firefox.com/canonical.html
Method GET
Parameter
Attack
Evidence Age: 82887
URL http://detectportal.firefox.com/canonical.html
Method GET
Parameter
Attack
Evidence Age: 83009
URL http://detectportal.firefox.com/canonical.html
Method GET
Parameter
Attack
Evidence Age: 83070
URL http://detectportal.firefox.com/canonical.html
Method GET
Parameter
Attack
Evidence Age: 83119
URL http://detectportal.firefox.com/canonical.html
Method GET
Parameter
Attack
Evidence Age: 83243
URL http://detectportal.firefox.com/canonical.html
Method GET
Parameter
Attack
Evidence Age: 83659
URL http://detectportal.firefox.com/canonical.html
Method GET
Parameter
Attack
Evidence Age: 83719
URL http://detectportal.firefox.com/success.txt?ipv4
Method GET
Parameter
Attack
Evidence Age: 40571
URL http://detectportal.firefox.com/success.txt?ipv4
Method GET
Parameter
Attack
Evidence Age: 40631
URL http://detectportal.firefox.com/success.txt?ipv4
Method GET
Parameter
Attack
Evidence Age: 40647
URL http://detectportal.firefox.com/success.txt?ipv4
Method GET
Parameter
Attack
Evidence Age: 40727
URL http://detectportal.firefox.com/success.txt?ipv4
Method GET
Parameter
Attack
Evidence Age: 40846
URL http://detectportal.firefox.com/success.txt?ipv4
Method GET
Parameter
Attack
Evidence Age: 40955
URL http://detectportal.firefox.com/success.txt?ipv4
Method GET
Parameter
Attack
Evidence Age: 41077
URL http://detectportal.firefox.com/success.txt?ipv4
Method GET
Parameter
Attack
Evidence Age: 41138
URL http://detectportal.firefox.com/success.txt?ipv4
Method GET
Parameter
Attack
Evidence Age: 41187
URL http://detectportal.firefox.com/success.txt?ipv4
Method GET
Parameter
Attack
Evidence Age: 41311
URL http://detectportal.firefox.com/success.txt?ipv4
Method GET
Parameter
Attack
Evidence Age: 41727
URL http://detectportal.firefox.com/success.txt?ipv4
Method GET
Parameter
Attack
Evidence Age: 41787
URL http://detectportal.firefox.com/success.txt?ipv4
Method GET
Parameter
Attack
Evidence Age: 82365
URL http://detectportal.firefox.com/success.txt?ipv4
Method GET
Parameter
Attack
Evidence Age: 82425
URL http://detectportal.firefox.com/success.txt?ipv4
Method GET
Parameter
Attack
Evidence Age: 82504
URL https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/ckeditor.js
Method GET
Parameter
Attack
Evidence HIT
URL https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/config.js?t=I2QG
Method GET
Parameter
Attack
Evidence HIT
URL https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/config.js?t=I2QG
Method GET
Parameter
Attack
Evidence Age: 0
URL https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/contents.css?t=I2QG
Method GET
Parameter
Attack
Evidence HIT
URL https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/lang/en-gb.js?t=I2QG
Method GET
Parameter
Attack
Evidence HIT
URL https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/lang/en-gb.js?t=I2QG
Method GET
Parameter
Attack
Evidence Age: 0
URL https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/plugins/scayt/dialogs/dialog.css
Method GET
Parameter
Attack
Evidence HIT
URL https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/plugins/scayt/skins/moono-lisa/scayt.css
Method GET
Parameter
Attack
Evidence HIT
URL https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/plugins/scayt/skins/moono-lisa/scayt.css
Method GET
Parameter
Attack
Evidence Age: 0
URL https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/plugins/tableselection/styles/tableselection.css
Method GET
Parameter
Attack
Evidence HIT
URL https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/plugins/tableselection/styles/tableselection.css
Method GET
Parameter
Attack
Evidence Age: 0
URL https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/plugins/wsc/skins/moono-lisa/wsc.css
Method GET
Parameter
Attack
Evidence HIT
URL https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/plugins/wsc/skins/moono-lisa/wsc.css
Method GET
Parameter
Attack
Evidence Age: 0
URL https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/skins/moono-lisa/editor_gecko.css?t=I2QG
Method GET
Parameter
Attack
Evidence HIT
URL https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/skins/moono-lisa/editor_gecko.css?t=I2QG
Method GET
Parameter
Attack
Evidence Age: 0
URL https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/styles.js?t=I2QG
Method GET
Parameter
Attack
Evidence HIT
URL https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/styles.js?t=I2QG
Method GET
Parameter
Attack
Evidence Age: 0
URL https://cdn.plot.ly/plotly-basic-1.55.2.min.js
Method GET
Parameter
Attack
Evidence HIT
URL https://cdn.plot.ly/plotly-basic-1.55.2.min.js
Method GET
Parameter
Attack
Evidence Age: 2
URL https://cdnjs.cloudflare.com/ajax/libs/animate.css/4.0.0/animate.min.css
Method GET
Parameter
Attack
Evidence Age: 2947965
URL https://cdnjs.cloudflare.com/ajax/libs/animate.css/4.0.0/animate.min.css
Method GET
Parameter
Attack
Evidence Age: 2948422
URL https://cdnjs.cloudflare.com/ajax/libs/animate.css/4.0.0/animate.min.css
Method GET
Parameter
Attack
Evidence Age: 2948559
URL https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
Method GET
Parameter
Attack
Evidence Age: 47514
URL https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
Method GET
Parameter
Attack
Evidence Age: 47971
URL https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
Method GET
Parameter
Attack
Evidence Age: 48108
URL https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
Method GET
Parameter
Attack
Evidence Age: 658162
URL https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
Method GET
Parameter
Attack
Evidence Age: 658625
URL https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
Method GET
Parameter
Attack
Evidence Age: 658757
URL https://cdnjs.cloudflare.com/ajax/libs/lodash.js/4.17.5/lodash.min.js
Method GET
Parameter
Attack
Evidence Age: 155
URL https://cdnjs.cloudflare.com/ajax/libs/lodash.js/4.17.5/lodash.min.js
Method GET
Parameter
Attack
Evidence Age: 274
URL https://cdnjs.cloudflare.com/ajax/libs/lodash.js/4.17.5/lodash.min.js
Method GET
Parameter
Attack
Evidence Age: 383
URL https://cdnjs.cloudflare.com/ajax/libs/lodash.js/4.17.5/lodash.min.js
Method GET
Parameter
Attack
Evidence Age: 505
URL https://cdnjs.cloudflare.com/ajax/libs/lodash.js/4.17.5/lodash.min.js
Method GET
Parameter
Attack
Evidence Age: 615
URL https://cdnjs.cloudflare.com/ajax/libs/lodash.js/4.17.5/lodash.min.js
Method GET
Parameter
Attack
Evidence Age: 740
URL https://cdnjs.cloudflare.com/ajax/libs/lodash.js/4.17.5/lodash.min.js
Method GET
Parameter
Attack
Evidence Age: 75
URL https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
Method GET
Parameter
Attack
Evidence Age: 198
URL https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
Method GET
Parameter
Attack
Evidence Age: 2780
URL https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
Method GET
Parameter
Attack
Evidence Age: 2855
URL https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
Method GET
Parameter
Attack
Evidence Age: 2935
URL https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
Method GET
Parameter
Attack
Evidence Age: 3054
URL https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
Method GET
Parameter
Attack
Evidence Age: 3163
URL https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
Method GET
Parameter
Attack
Evidence Age: 3285
URL https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
Method GET
Parameter
Attack
Evidence Age: 3395
URL https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
Method GET
Parameter
Attack
Evidence Age: 3519
URL https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
Method GET
Parameter
Attack
Evidence Age: 655
URL https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
Method GET
Parameter
Attack
Evidence Age: 793
URL https://edge.microsoft.com/neededge/v1?bucket=80
Method GET
Parameter
Attack
Evidence Age: 602
URL https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1678736907773
Method GET
Parameter
Attack
Evidence Age: 1096
URL https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1678736907773
Method GET
Parameter
Attack
Evidence Age: 2945
URL https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1678736907773
Method GET
Parameter
Attack
Evidence Age: 3021
URL https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1678736907773
Method GET
Parameter
Attack
Evidence Age: 3101
URL https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1678736907773
Method GET
Parameter
Attack
Evidence Age: 3220
URL https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1678736907773
Method GET
Parameter
Attack
Evidence Age: 3329
URL https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1678736907773
Method GET
Parameter
Attack
Evidence Age: 3451
URL https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1678736907773
Method GET
Parameter
Attack
Evidence Age: 3561
URL https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1678736907773
Method GET
Parameter
Attack
Evidence Age: 500
URL https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1678736907773
Method GET
Parameter
Attack
Evidence Age: 84
URL https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1678736907773
Method GET
Parameter
Attack
Evidence Age: 958
URL https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?collection=query-stripping&bucket=main&_expected=0
Method GET
Parameter
Attack
Evidence Age: 1322
URL https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?collection=query-stripping&bucket=main&_expected=0
Method GET
Parameter
Attack
Evidence Age: 1460
URL https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?collection=query-stripping&bucket=main&_expected=0
Method GET
Parameter
Attack
Evidence Age: 214
URL https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?collection=query-stripping&bucket=main&_expected=0
Method GET
Parameter
Attack
Evidence Age: 324
URL https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?collection=query-stripping&bucket=main&_expected=0
Method GET
Parameter
Attack
Evidence Age: 3308
URL https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?collection=query-stripping&bucket=main&_expected=0
Method GET
Parameter
Attack
Evidence Age: 3384
URL https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?collection=query-stripping&bucket=main&_expected=0
Method GET
Parameter
Attack
Evidence Age: 3464
URL https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?collection=query-stripping&bucket=main&_expected=0
Method GET
Parameter
Attack
Evidence Age: 3583
URL https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?collection=query-stripping&bucket=main&_expected=0
Method GET
Parameter
Attack
Evidence Age: 448
URL https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?collection=query-stripping&bucket=main&_expected=0
Method GET
Parameter
Attack
Evidence Age: 864
URL https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?collection=query-stripping&bucket=main&_expected=0
Method GET
Parameter
Attack
Evidence Age: 92
URL https://fonts.gstatic.com/s/materialicons/v140/flUhRq6tzZclQEJ-Vdg-IuiaDsNcIhQ8tQ.woff2
Method GET
Parameter
Attack
Evidence Age: 167265
URL https://fonts.gstatic.com/s/materialicons/v140/flUhRq6tzZclQEJ-Vdg-IuiaDsNcIhQ8tQ.woff2
Method GET
Parameter
Attack
Evidence Age: 167726
URL https://fonts.gstatic.com/s/materialicons/v140/flUhRq6tzZclQEJ-Vdg-IuiaDsNcIhQ8tQ.woff2
Method GET
Parameter
Attack
Evidence Age: 167859
URL https://fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Method GET
Parameter
Attack
Evidence Age: 166024
URL https://fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Method GET
Parameter
Attack
Evidence Age: 166090
URL https://fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Method GET
Parameter
Attack
Evidence Age: 166170
URL https://fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Method GET
Parameter
Attack
Evidence Age: 166289
URL https://fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Method GET
Parameter
Attack
Evidence Age: 166399
URL https://fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Method GET
Parameter
Attack
Evidence Age: 166520
URL https://fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Method GET
Parameter
Attack
Evidence Age: 166629
URL https://fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Method GET
Parameter
Attack
Evidence Age: 166758
URL https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Method GET
Parameter
Attack
Evidence Age: 166202
URL https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Method GET
Parameter
Attack
Evidence Age: 166275
URL https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Method GET
Parameter
Attack
Evidence Age: 166355
URL https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Method GET
Parameter
Attack
Evidence Age: 166474
URL https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Method GET
Parameter
Attack
Evidence Age: 166584
URL https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Method GET
Parameter
Attack
Evidence Age: 166705
URL https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Method GET
Parameter
Attack
Evidence Age: 166815
URL https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Method GET
Parameter
Attack
Evidence Age: 166941
URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Method GET
Parameter
Attack
Evidence Age: 12818
URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Method GET
Parameter
Attack
Evidence Age: 12891
URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Method GET
Parameter
Attack
Evidence Age: 12971
URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Method GET
Parameter
Attack
Evidence Age: 13090
URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Method GET
Parameter
Attack
Evidence Age: 13200
URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Method GET
Parameter
Attack
Evidence Age: 13322
URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Method GET
Parameter
Attack
Evidence Age: 13431
URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Method GET
Parameter
Attack
Evidence Age: 13557
URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
Method GET
Parameter
Attack
Evidence Age: 167408
URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
Method GET
Parameter
Attack
Evidence Age: 167869
URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
Method GET
Parameter
Attack
Evidence Age: 168002
URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Method GET
Parameter
Attack
Evidence Age: 166255
URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Method GET
Parameter
Attack
Evidence Age: 166403
URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Method GET
Parameter
Attack
Evidence Age: 166522
URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Method GET
Parameter
Attack
Evidence Age: 166752
URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Method GET
Parameter
Attack
Evidence Age: 166862
URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Method GET
Parameter
Attack
Evidence Age: 166991
URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
Method GET
Parameter
Attack
Evidence Age: 167391
URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
Method GET
Parameter
Attack
Evidence Age: 167854
URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
Method GET
Parameter
Attack
Evidence Age: 167985
URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBBc4AMP6lQ.woff2
Method GET
Parameter
Attack
Evidence Age: 167244
URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBBc4AMP6lQ.woff2
Method GET
Parameter
Attack
Evidence Age: 167707
URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBBc4AMP6lQ.woff2
Method GET
Parameter
Attack
Evidence Age: 167838
URL https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Method GET
Parameter
Attack
Evidence Age: 166234
URL https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Method GET
Parameter
Attack
Evidence Age: 166301
URL https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Method GET
Parameter
Attack
Evidence Age: 166382
URL https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Method GET
Parameter
Attack
Evidence Age: 166500
URL https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Method GET
Parameter
Attack
Evidence Age: 166610
URL https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Method GET
Parameter
Attack
Evidence Age: 166731
URL https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Method GET
Parameter
Attack
Evidence Age: 166841
URL https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Method GET
Parameter
Attack
Evidence Age: 166970
URL https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Method GET
Parameter
Attack
Evidence Age: 167381
URL https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Method GET
Parameter
Attack
Evidence Age: 167840
URL https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Method GET
Parameter
Attack
Evidence Age: 167975
URL https://tracking-protection.cdn.mozilla.net/ads-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence Age: 34975
URL https://tracking-protection.cdn.mozilla.net/ads-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence Age: 35051
URL https://tracking-protection.cdn.mozilla.net/ads-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence Age: 35131
URL https://tracking-protection.cdn.mozilla.net/ads-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence Age: 35250
URL https://tracking-protection.cdn.mozilla.net/ads-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence Age: 35360
URL https://tracking-protection.cdn.mozilla.net/ads-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence Age: 35591
URL https://tracking-protection.cdn.mozilla.net/ads-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence Age: 35715
URL https://tracking-protection.cdn.mozilla.net/ads-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence Age: 36132
URL https://tracking-protection.cdn.mozilla.net/ads-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence Age: 36588
URL https://tracking-protection.cdn.mozilla.net/ads-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence Age: 36727
URL https://tracking-protection.cdn.mozilla.net/ads-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence Age: 55965
URL https://tracking-protection.cdn.mozilla.net/analytics-track-digest256/1663274228
Method GET
Parameter
Attack
Evidence Age: 65358
URL https://tracking-protection.cdn.mozilla.net/analytics-track-digest256/1663274228
Method GET
Parameter
Attack
Evidence Age: 65587
URL https://tracking-protection.cdn.mozilla.net/analytics-track-digest256/1663274228
Method GET
Parameter
Attack
Evidence Age: 65708
URL https://tracking-protection.cdn.mozilla.net/analytics-track-digest256/1663274228
Method GET
Parameter
Attack
Evidence Age: 65817
URL https://tracking-protection.cdn.mozilla.net/analytics-track-digest256/1663274228
Method GET
Parameter
Attack
Evidence Age: 71212
URL https://tracking-protection.cdn.mozilla.net/analytics-track-digest256/1663274228
Method GET
Parameter
Attack
Evidence Age: 71288
URL https://tracking-protection.cdn.mozilla.net/analytics-track-digest256/1663274228
Method GET
Parameter
Attack
Evidence Age: 71487
URL https://tracking-protection.cdn.mozilla.net/analytics-track-digest256/1663274228
Method GET
Parameter
Attack
Evidence Age: 71952
URL https://tracking-protection.cdn.mozilla.net/analytics-track-digest256/1663274228
Method GET
Parameter
Attack
Evidence Age: 72370
URL https://tracking-protection.cdn.mozilla.net/analytics-track-digest256/1663274228
Method GET
Parameter
Attack
Evidence Age: 72826
URL https://tracking-protection.cdn.mozilla.net/analytics-track-digest256/1663274228
Method GET
Parameter
Attack
Evidence Age: 72964
URL https://tracking-protection.cdn.mozilla.net/base-cryptomining-track-digest256/1604686195
Method GET
Parameter
Attack
Evidence Age: 26353
URL https://tracking-protection.cdn.mozilla.net/base-cryptomining-track-digest256/1604686195
Method GET
Parameter
Attack
Evidence Age: 26582
URL https://tracking-protection.cdn.mozilla.net/base-cryptomining-track-digest256/1604686195
Method GET
Parameter
Attack
Evidence Age: 33500
URL https://tracking-protection.cdn.mozilla.net/base-cryptomining-track-digest256/1604686195
Method GET
Parameter
Attack
Evidence Age: 33575
URL https://tracking-protection.cdn.mozilla.net/base-cryptomining-track-digest256/1604686195
Method GET
Parameter
Attack
Evidence Age: 33773
URL https://tracking-protection.cdn.mozilla.net/base-cryptomining-track-digest256/1604686195
Method GET
Parameter
Attack
Evidence Age: 34005
URL https://tracking-protection.cdn.mozilla.net/base-cryptomining-track-digest256/1604686195
Method GET
Parameter
Attack
Evidence Age: 34115
URL https://tracking-protection.cdn.mozilla.net/base-cryptomining-track-digest256/1604686195
Method GET
Parameter
Attack
Evidence Age: 34240
URL https://tracking-protection.cdn.mozilla.net/base-cryptomining-track-digest256/1604686195
Method GET
Parameter
Attack
Evidence Age: 34658
URL https://tracking-protection.cdn.mozilla.net/base-cryptomining-track-digest256/1604686195
Method GET
Parameter
Attack
Evidence Age: 35116
URL https://tracking-protection.cdn.mozilla.net/base-cryptomining-track-digest256/1604686195
Method GET
Parameter
Attack
Evidence Age: 35251
URL https://tracking-protection.cdn.mozilla.net/base-email-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence Age: 60249
URL https://tracking-protection.cdn.mozilla.net/base-email-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence Age: 60789
URL https://tracking-protection.cdn.mozilla.net/base-email-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence Age: 61790
URL https://tracking-protection.cdn.mozilla.net/base-email-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence Age: 63676
URL https://tracking-protection.cdn.mozilla.net/base-email-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence Age: 63831
URL https://tracking-protection.cdn.mozilla.net/base-email-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence Age: 63949
URL https://tracking-protection.cdn.mozilla.net/base-email-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence Age: 64059
URL https://tracking-protection.cdn.mozilla.net/base-email-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence Age: 64180
URL https://tracking-protection.cdn.mozilla.net/base-email-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence Age: 64416
URL https://tracking-protection.cdn.mozilla.net/base-email-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence Age: 64834
URL https://tracking-protection.cdn.mozilla.net/base-email-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence Age: 65426
URL https://tracking-protection.cdn.mozilla.net/base-fingerprinting-track-digest256/1663274228
Method GET
Parameter
Attack
Evidence Age: 34970
URL https://tracking-protection.cdn.mozilla.net/base-fingerprinting-track-digest256/1663274228
Method GET
Parameter
Attack
Evidence Age: 35045
URL https://tracking-protection.cdn.mozilla.net/base-fingerprinting-track-digest256/1663274228
Method GET
Parameter
Attack
Evidence Age: 35125
URL https://tracking-protection.cdn.mozilla.net/base-fingerprinting-track-digest256/1663274228
Method GET
Parameter
Attack
Evidence Age: 35243
URL https://tracking-protection.cdn.mozilla.net/base-fingerprinting-track-digest256/1663274228
Method GET
Parameter
Attack
Evidence Age: 35353
URL https://tracking-protection.cdn.mozilla.net/base-fingerprinting-track-digest256/1663274228
Method GET
Parameter
Attack
Evidence Age: 35584
URL https://tracking-protection.cdn.mozilla.net/base-fingerprinting-track-digest256/1663274228
Method GET
Parameter
Attack
Evidence Age: 35710
URL https://tracking-protection.cdn.mozilla.net/base-fingerprinting-track-digest256/1663274228
Method GET
Parameter
Attack
Evidence Age: 36585
URL https://tracking-protection.cdn.mozilla.net/base-fingerprinting-track-digest256/1663274228
Method GET
Parameter
Attack
Evidence Age: 80926
URL https://tracking-protection.cdn.mozilla.net/base-fingerprinting-track-digest256/1663274228
Method GET
Parameter
Attack
Evidence Age: 81579
URL https://tracking-protection.cdn.mozilla.net/base-fingerprinting-track-digest256/1663274228
Method GET
Parameter
Attack
Evidence Age: 82171
URL https://tracking-protection.cdn.mozilla.net/content-email-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence Age: 53812
URL https://tracking-protection.cdn.mozilla.net/content-email-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence Age: 53887
URL https://tracking-protection.cdn.mozilla.net/content-email-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence Age: 53967
URL https://tracking-protection.cdn.mozilla.net/content-email-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence Age: 54085
URL https://tracking-protection.cdn.mozilla.net/content-email-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence Age: 54195
URL https://tracking-protection.cdn.mozilla.net/content-email-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence Age: 54426
URL https://tracking-protection.cdn.mozilla.net/content-email-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence Age: 54552
URL https://tracking-protection.cdn.mozilla.net/content-email-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence Age: 54970
URL https://tracking-protection.cdn.mozilla.net/content-email-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence Age: 55430
URL https://tracking-protection.cdn.mozilla.net/content-email-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence Age: 76343
URL https://tracking-protection.cdn.mozilla.net/content-email-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence Age: 77589
URL https://tracking-protection.cdn.mozilla.net/content-track-digest256/1670952926
Method GET
Parameter
Attack
Evidence Age: 35011
URL https://tracking-protection.cdn.mozilla.net/content-track-digest256/1670952926
Method GET
Parameter
Attack
Evidence Age: 35086
URL https://tracking-protection.cdn.mozilla.net/content-track-digest256/1670952926
Method GET
Parameter
Attack
Evidence Age: 35167
URL https://tracking-protection.cdn.mozilla.net/content-track-digest256/1670952926
Method GET
Parameter
Attack
Evidence Age: 35626
URL https://tracking-protection.cdn.mozilla.net/content-track-digest256/1670952926
Method GET
Parameter
Attack
Evidence Age: 36168
URL https://tracking-protection.cdn.mozilla.net/content-track-digest256/1670952926
Method GET
Parameter
Attack
Evidence Age: 36624
URL https://tracking-protection.cdn.mozilla.net/content-track-digest256/1670952926
Method GET
Parameter
Attack
Evidence Age: 36762
URL https://tracking-protection.cdn.mozilla.net/content-track-digest256/1670952926
Method GET
Parameter
Attack
Evidence Age: 42133
URL https://tracking-protection.cdn.mozilla.net/content-track-digest256/1670952926
Method GET
Parameter
Attack
Evidence Age: 42244
URL https://tracking-protection.cdn.mozilla.net/content-track-digest256/1670952926
Method GET
Parameter
Attack
Evidence Age: 42365
URL https://tracking-protection.cdn.mozilla.net/content-track-digest256/1670952926
Method GET
Parameter
Attack
Evidence Age: 42598
URL https://tracking-protection.cdn.mozilla.net/google-trackwhite-digest256/1604686195
Method GET
Parameter
Attack
Evidence Age: 57575
URL https://tracking-protection.cdn.mozilla.net/google-trackwhite-digest256/1604686195
Method GET
Parameter
Attack
Evidence Age: 57656
URL https://tracking-protection.cdn.mozilla.net/google-trackwhite-digest256/1604686195
Method GET
Parameter
Attack
Evidence Age: 57729
URL https://tracking-protection.cdn.mozilla.net/google-trackwhite-digest256/1604686195
Method GET
Parameter
Attack
Evidence Age: 58003
URL https://tracking-protection.cdn.mozilla.net/google-trackwhite-digest256/1604686195
Method GET
Parameter
Attack
Evidence Age: 58005
URL https://tracking-protection.cdn.mozilla.net/google-trackwhite-digest256/1604686195
Method GET
Parameter
Attack
Evidence Age: 58113
URL https://tracking-protection.cdn.mozilla.net/google-trackwhite-digest256/1604686195
Method GET
Parameter
Attack
Evidence Age: 58115
URL https://tracking-protection.cdn.mozilla.net/google-trackwhite-digest256/1604686195
Method GET
Parameter
Attack
Evidence Age: 58239
URL https://tracking-protection.cdn.mozilla.net/google-trackwhite-digest256/1604686195
Method GET
Parameter
Attack
Evidence Age: 58887
URL https://tracking-protection.cdn.mozilla.net/google-trackwhite-digest256/1604686195
Method GET
Parameter
Attack
Evidence Age: 59342
URL https://tracking-protection.cdn.mozilla.net/google-trackwhite-digest256/1604686195
Method GET
Parameter
Attack
Evidence Age: 59480
URL https://tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/1670952926
Method GET
Parameter
Attack
Evidence Age: 109
URL https://tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/1670952926
Method GET
Parameter
Attack
Evidence Age: 27115
URL https://tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/1670952926
Method GET
Parameter
Attack
Evidence Age: 27343
URL https://tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/1670952926
Method GET
Parameter
Attack
Evidence Age: 27573
URL https://tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/1670952926
Method GET
Parameter
Attack
Evidence Age: 27698
URL https://tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/1670952926
Method GET
Parameter
Attack
Evidence Age: 28117
URL https://tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/1670952926
Method GET
Parameter
Attack
Evidence Age: 28571
URL https://tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/1670952926
Method GET
Parameter
Attack
Evidence Age: 28709
URL https://tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/1670952926
Method GET
Parameter
Attack
Evidence Age: 341
URL https://tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/1670952926
Method GET
Parameter
Attack
Evidence Age: 86238
URL https://tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/1670952926
Method GET
Parameter
Attack
Evidence Age: 86313
URL https://tracking-protection.cdn.mozilla.net/social-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence Age: 26855
URL https://tracking-protection.cdn.mozilla.net/social-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence Age: 26931
URL https://tracking-protection.cdn.mozilla.net/social-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence Age: 27362
URL https://tracking-protection.cdn.mozilla.net/social-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence Age: 27595
URL https://tracking-protection.cdn.mozilla.net/social-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence Age: 28469
URL https://tracking-protection.cdn.mozilla.net/social-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence Age: 68783
URL https://tracking-protection.cdn.mozilla.net/social-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence Age: 68901
URL https://tracking-protection.cdn.mozilla.net/social-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence Age: 69011
URL https://tracking-protection.cdn.mozilla.net/social-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence Age: 69242
URL https://tracking-protection.cdn.mozilla.net/social-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence Age: 69784
URL https://tracking-protection.cdn.mozilla.net/social-track-digest256/1668785275
Method GET
Parameter
Attack
Evidence Age: 70378
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-facebook-digest256/1604686195
Method GET
Parameter
Attack
Evidence Age: 43094
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-facebook-digest256/1604686195
Method GET
Parameter
Attack
Evidence Age: 43444
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-facebook-digest256/1604686195
Method GET
Parameter
Attack
Evidence Age: 43554
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-facebook-digest256/1604686195
Method GET
Parameter
Attack
Evidence Age: 44555
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-facebook-digest256/1604686195
Method GET
Parameter
Attack
Evidence Age: 44690
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-facebook-digest256/1604686195
Method GET
Parameter
Attack
Evidence Age: 72971
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-facebook-digest256/1604686195
Method GET
Parameter
Attack
Evidence Age: 73045
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-facebook-digest256/1604686195
Method GET
Parameter
Attack
Evidence Age: 73243
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-facebook-digest256/1604686195
Method GET
Parameter
Attack
Evidence Age: 73354
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-facebook-digest256/1604686195
Method GET
Parameter
Attack
Evidence Age: 73710
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-facebook-digest256/1604686195
Method GET
Parameter
Attack
Evidence Age: 74128
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-linkedin-digest256/1564526481
Method GET
Parameter
Attack
Evidence Age: 60007
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-linkedin-digest256/1564526481
Method GET
Parameter
Attack
Evidence Age: 60390
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-linkedin-digest256/1564526481
Method GET
Parameter
Attack
Evidence Age: 60746
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-linkedin-digest256/1564526481
Method GET
Parameter
Attack
Evidence Age: 61164
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-linkedin-digest256/1564526481
Method GET
Parameter
Attack
Evidence Age: 61757
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-linkedin-digest256/1564526481
Method GET
Parameter
Attack
Evidence Age: 69570
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-linkedin-digest256/1564526481
Method GET
Parameter
Attack
Evidence Age: 69651
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-linkedin-digest256/1564526481
Method GET
Parameter
Attack
Evidence Age: 69768
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-linkedin-digest256/1564526481
Method GET
Parameter
Attack
Evidence Age: 70000
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-linkedin-digest256/1564526481
Method GET
Parameter
Attack
Evidence Age: 70110
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-linkedin-digest256/1564526481
Method GET
Parameter
Attack
Evidence Age: 71111
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-twitter-digest256/1604686195
Method GET
Parameter
Attack
Evidence Age: 27998
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-twitter-digest256/1604686195
Method GET
Parameter
Attack
Evidence Age: 28072
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-twitter-digest256/1604686195
Method GET
Parameter
Attack
Evidence Age: 28153
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-twitter-digest256/1604686195
Method GET
Parameter
Attack
Evidence Age: 28271
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-twitter-digest256/1604686195
Method GET
Parameter
Attack
Evidence Age: 28502
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-twitter-digest256/1604686195
Method GET
Parameter
Attack
Evidence Age: 28612
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-twitter-digest256/1604686195
Method GET
Parameter
Attack
Evidence Age: 28738
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-twitter-digest256/1604686195
Method GET
Parameter
Attack
Evidence Age: 29613
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-twitter-digest256/1604686195
Method GET
Parameter
Attack
Evidence Age: 29748
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-twitter-digest256/1604686195
Method GET
Parameter
Attack
Evidence Age: 83394
URL https://tracking-protection.cdn.mozilla.net/social-tracking-protection-twitter-digest256/1604686195
Method GET
Parameter
Attack
Evidence Age: 84169
Instances 295
Solution
Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:

Cache-Control: no-cache, no-store, must-revalidate, private

Pragma: no-cache

Expires: 0

This configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.
Reference https://tools.ietf.org/html/rfc7234
https://tools.ietf.org/html/rfc7231
http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html (obsoleted by rfc7234)
CWE Id
WASC Id
Plugin Id 10050