Spurt admin report

This is a spurtcommerce admin security test report

Sites: https://image.spurtcart.com https://cdn.plot.ly https://fonts.gstatic.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdn.ckeditor.com https://cdnjs.cloudflare.com http://43.204.203.77 https://tracking-protection.cdn.mozilla.net https://content-signature-2.cdn.mozilla.net https://shavar.services.mozilla.com https://firefox.settings.services.mozilla.com http://detectportal.firefox.com https://location.services.mozilla.com https://www2.bing.com https://edgeservices.bing.com https://edgeassetservice.azureedge.net https://edge.microsoft.com https://go.microsoft.com

Generated on Thu, 13 Apr 2023 14:24:44

Summary of Alerts

Risk Level	Number of Alerts
High	0
Medium	7
Low	11
Informational	8
False Positives:	0

Alerts

Name	Risk Level	Number of Instances
Application Error Disclosure	Medium	2
CSP: Wildcard Directive	Medium	1
CSP: style-src unsafe-inline	Medium	1
Content Security Policy (CSP) Header Not Set	Medium	3
Cross-Domain Misconfiguration	Medium	83
Missing Anti-clickjacking Header	Medium	4
Vulnerable JS Library	Medium	2
Cookie No HttpOnly Flag	Low	9
Cookie Without Secure Flag	Low	4
Cookie with SameSite Attribute None	Low	11
Cookie without SameSite Attribute	Low	4
Cross-Domain JavaScript Source File Inclusion	Low	3
Information Disclosure - Debug Error Messages	Low	2
Server Leaks Version Information via "Server" HTTP Response Header Field	Low	166
Strict-Transport-Security Disabled	Low	1
Strict-Transport-Security Header Not Set	Low	54
Timestamp Disclosure - Unix	Low	101
X-Content-Type-Options Header Missing	Low	158
Content Security Policy (CSP) Report-Only Header Found	Informational	1
Content-Type Header Missing	Informational	1
Cookie Poisoning	Informational	1
Information Disclosure - Suspicious Comments	Informational	97
Loosely Scoped Cookie	Informational	1
Modern Web Application	Informational	2
Re-examine Cache-control Directives	Informational	7
Retrieved from Cache	Informational	212

Alert Detail

Medium	Application Error Disclosure
Description	This page contains an error/warning message that may disclose sensitive information like the location of the file that produced the unhandled exception. This information can be used to launch further attacks against the web application. The alert could be a false positive if the error message is found inside a documentation page.

URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	internal error
URL	https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/lang/en-gb.js?t=I2QG
Method	GET
Parameter
Attack
Evidence	internal error
Instances	2
Solution	Review the source code of this page. Implement custom error pages. Consider implementing a mechanism to provide a unique error reference/identifier to the client (browser) while logging the details on the server side and not exposing them to the user.
Reference
CWE Id	200
WASC Id	13
Plugin Id	90022

Medium	CSP: Wildcard Directive
Description	Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.

URL	https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method	GET
Parameter	Content-Security-Policy
Attack
Evidence	frame-src https://www.bing.com/search https://edgeservices.bing.com/ https://www.bing.com/shop/productpage https://www.bing.com/images/create https://login.live.com/login.srf; base-uri 'self'; script-src 'strict-dynamic' 'nonce-Vc4IqNUYtCHThP1UIcSdfUfpqlHmC/ZNsdBptmGy950='; connect-src 'self' https://r.bing.com/; require-trusted-types-for 'script'; trusted-types default; report-to csp-endpoint
Instances	1
Solution	Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.
Reference	http://www.w3.org/TR/CSP2/ http://www.w3.org/TR/CSP/ http://caniuse.com/#search=content+security+policy http://content-security-policy.com/ https://github.com/shapesecurity/salvation https://developers.google.com/web/fundamentals/security/csp#policy_applies_to_a_wide_variety_of_resources
CWE Id	693
WASC Id	15
Plugin Id	10055

Medium	CSP: style-src unsafe-inline
Description	Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.

URL	https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method	GET
Parameter	Content-Security-Policy
Attack
Evidence	frame-src https://www.bing.com/search https://edgeservices.bing.com/ https://www.bing.com/shop/productpage https://www.bing.com/images/create https://login.live.com/login.srf; base-uri 'self'; script-src 'strict-dynamic' 'nonce-Vc4IqNUYtCHThP1UIcSdfUfpqlHmC/ZNsdBptmGy950='; connect-src 'self' https://r.bing.com/; require-trusted-types-for 'script'; trusted-types default; report-to csp-endpoint
Instances	1
Solution	Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.
Reference	http://www.w3.org/TR/CSP2/ http://www.w3.org/TR/CSP/ http://caniuse.com/#search=content+security+policy http://content-security-policy.com/ https://github.com/shapesecurity/salvation https://developers.google.com/web/fundamentals/security/csp#policy_applies_to_a_wide_variety_of_resources
CWE Id	693
WASC Id	15
Plugin Id	10055

Medium	Content Security Policy (CSP) Header Not Set
Description	Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.

URL	http://43.204.203.77/admin/
Method	GET
Parameter
Attack
Evidence
URL	http://detectportal.firefox.com/canonical.html
Method	GET
Parameter
Attack
Evidence
URL	https://www2.bing.com/ipv6test/test
Method	GET
Parameter
Attack
Evidence
Instances	3
Solution	Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.
Reference	https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html http://www.w3.org/TR/CSP/ http://w3c.github.io/webappsec/specs/content-security-policy/csp-specification.dev.html http://www.html5rocks.com/en/tutorials/security/content-security-policy/ http://caniuse.com/#feat=contentsecuritypolicy http://content-security-policy.com/
CWE Id	693
WASC Id	15
Plugin Id	10038

Medium	Cross-Domain Misconfiguration
Description	Web browser data loading may be possible, due to a Cross Origin Resource Sharing (CORS) misconfiguration on the web server

URL	http://43.204.203.77/backend/api/admin-customer/customer-visit-list?month=4&year=2023
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	http://43.204.203.77/backend/api/admin-customer/vendor-graph-list?vendorId=211&duration=2023
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	http://43.204.203.77/backend/api/admin-vendor?limit=0&offset=0&name=&email=&status=1&count=0&customerId=&keyword=
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	http://43.204.203.77/backend/api/auth/get-profile
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	http://43.204.203.77/backend/api/category?limit=0&offset=0&keyword=&sortOrder=0&status=1
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	http://43.204.203.77/backend/api/order-status/order-status-list?limit=0&offset=0&keyword=&count=false&status=
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	http://43.204.203.77/backend/api/order-status/order-status-list?limit=0&offset=0&keyword=&status=1
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	http://43.204.203.77/backend/api/order-status/order-status-list?limit=20&offset=0&keyword=&count=false&status=
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	http://43.204.203.77/backend/api/order/order-count
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	http://43.204.203.77/backend/api/order/order-count-for-list?limit=20&offset=0&orderId=&totalAmount=&dateAdded=&keyword=&customerName=&count=true&orderStatusId=
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	http://43.204.203.77/backend/api/order/order-detail?orderId=2356&orderStatusId=
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	http://43.204.203.77/backend/api/order/order-product-log-list?orderProductId=3148
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	http://43.204.203.77/backend/api/order/orderlist?limit=20&offset=0&orderId=&totalAmount=&dateAdded=&keyword=&customerName=&count=0&orderStatusId=
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	http://43.204.203.77/backend/api/order/sales-graph-list?year=2023&month=4
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	http://43.204.203.77/backend/api/order/transaction-list?year=2023
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	http://43.204.203.77/backend/api/permission-module/permission-me
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	http://43.204.203.77/backend/api/product/dashboard-admin-totalvendor-totalproduct-count
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	http://43.204.203.77/backend/api/product/dashboard-admin/orders-count?duration=4
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	http://43.204.203.77/backend/api/product/dashboard-average-conversion-ratio?duration=4
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	http://43.204.203.77/backend/api/product/dashboard-average-order-value?limit=10&offset=0&count=0&duration=4
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	http://43.204.203.77/backend/api/product/dashboard-total-revenue?duration=4
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	http://43.204.203.77/backend/api/product/dashboard/admin-customers-count?duration=4
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	http://43.204.203.77/backend/api/product/dashboard/graph-weekly-saleslist?productId=1931,1911,1934
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	http://43.204.203.77/backend/api/product/dashboard/graph-weekly-saleslist?productId=1931,1934,1911
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	http://43.204.203.77/backend/api/product/product-count
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	http://43.204.203.77/backend/api/product/recent-selling-product
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	http://43.204.203.77/backend/api/product/top-five-repeatedly-purchased-customers
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	http://43.204.203.77/backend/api/product/top-performing-products?limit=10&offset=0&count=0&duration=2
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	http://43.204.203.77/backend/api/product/top-performing-products?limit=10&offset=0&count=0&duration=4
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	http://43.204.203.77/backend/api/product/top-performing-products?limit=10&offset=0&count=true&duration=4
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	http://43.204.203.77/backend/api/product?limit=0&offset=0&keyword=&sku=&status=&price=0&count=false&productType=
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	http://43.204.203.77/backend/api/product?limit=20&offset=0&keyword=&sku=&status=&price=0&count=false&productType=
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	http://43.204.203.77/backend/api/product?limit=20&offset=0&keyword=&sku=&status=&price=0&count=true&productType=
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	http://43.204.203.77/backend/api/settings/get-settings
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	http://43.204.203.77/backend/api/tax/tax-list?limit=0&offset=0&keyword=&count=0&status=1
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://cdn.ckeditor.com/4.5.11/full-all/ckeditor.js
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/ckeditor.js
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/config.js?t=I2QG
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/contents.css?t=I2QG
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/lang/en-gb.js?t=I2QG
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/plugins/scayt/dialogs/dialog.css
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/plugins/scayt/skins/moono-lisa/scayt.css
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/plugins/tableselection/styles/tableselection.css
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/plugins/wsc/skins/moono-lisa/wsc.css
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/skins/moono-lisa/editor_gecko.css?t=I2QG
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/styles.js?t=I2QG
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://cdn.plot.ly/plotly-basic-1.55.2.min.js
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://cdnjs.cloudflare.com/ajax/libs/lodash.js/4.17.5/lodash.min.js
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://edgeservices.bing.com/fd/ls/l?IG=7756067461E74BEBB11BB8F8405B6A8F&CID=1426146E026A6F2535D7069C03B86E83&Type=Event.CPT&DATA=%7B%22pp%22:%7B%22S%22:%22L%22,%22FC%22:1430,%22BC%22:1431,%22SE%22:-1,%22TC%22:-1,%22H%22:1814,%22BP%22:1815,%22CT%22:1816,%22IL%22:0%7D,%22ad%22:%5B-1,-1,0,0,0,0,0%5D,%22net%22:%22undefined%22%7D&P=UNSP&DA=DUBE01
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://edgeservices.bing.com/rp/6gwyvgUhMc_64xL4rIZIJiyI9Ik.js
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://edgeservices.bing.com/rp/BAWWNeRGZhdEM4X57-nYh3UUFWc.js
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://edgeservices.bing.com/rp/ehzbwa_MRvvT9Ntrf63tSdC2v6Y.css
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://edgeservices.bing.com/rp/Fl8hvdN-LRA_glbu6-DmucPb4hM.js
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://edgeservices.bing.com/rp/GBZ850ngNs7Vmx3K8jd6CJOXRog.js
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://edgeservices.bing.com/rp/IBCVtVNB4rIhrEoojHm4hLXgrio.js
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://edgeservices.bing.com/rp/JDsGCskJXJerqDlueE-JSck9YmY.js
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://edgeservices.bing.com/rp/jmjzP7bqHB1J2F3r3-zjXIy-E3o.js
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://edgeservices.bing.com/rp/jTX_lM98lKg9-czTzwiLUsV1Qbk.js
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://edgeservices.bing.com/rp/jyS-PUG9r2tazj4oG7YRLfgYf7Y.js
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://edgeservices.bing.com/rp/L3yoqw4shqYEILXl6pvlKqIoidw.js
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://edgeservices.bing.com/rp/Ltkqat-zSiRMPQNVPxjDdcFwJN4.js
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://edgeservices.bing.com/rp/qmFSVX8C0H6ihoMV-nT2OqfHW8E.js
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://edgeservices.bing.com/rp/rO-9PeVNCXkmW0qTG4ecU5hJ2Rc.js
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://edgeservices.bing.com/rp/T9UqkhCuv2zPJwI6ajUfDJtHw10.js
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://edgeservices.bing.com/rp/tVjySZU7uHF3djX0d9UfyyYoJZg.js
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://edgeservices.bing.com/rp/uvA8zPxfq5UVAj_3sgYCDgEEyx0.css
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://edgeservices.bing.com/rp/Wqzke5Dmb4xly7TpIjaICZD4pLI.js
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://edgeservices.bing.com/rp/XyQNqvQakaG0v1trKEJdUG1Lw0w.js
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1678736907773
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?collection=query-stripping&bucket=main&_expected=0
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://fonts.googleapis.com/css2?family=Open+Sans:wght@300;400;500;600;700;800&display=swap
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://fonts.googleapis.com/css?family=Montserrat:300,400,500,600
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://fonts.googleapis.com/css?family=Roboto:300,400,500,700
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Method	GET
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	http://43.204.203.77/backend/api/auth/login
Method	POST
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://edgeservices.bing.com/fd/ls/lsp.aspx
Method	POST
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	https://edgeservices.bing.com/web/xls.aspx
Method	POST
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
URL	http://43.204.203.77/backend/api/order/update-order-product-status/3148
Method	PUT
Parameter
Attack
Evidence	Access-Control-Allow-Origin: *
Instances	83
Solution	Ensure that sensitive data is not available in an unauthenticated manner (using IP address white-listing, for instance). Configure the "Access-Control-Allow-Origin" HTTP header to a more restrictive set of domains, or remove all CORS headers entirely, to allow the web browser to enforce the Same Origin Policy (SOP) in a more restrictive manner.
Reference	https://vulncat.fortify.com/en/detail?id=desc.config.dotnet.html5_overly_permissive_cors_policy
CWE Id	264
WASC Id	14
Plugin Id	10098

Medium	Missing Anti-clickjacking Header
Description	The response does not include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options to protect against 'ClickJacking' attacks.

URL	http://43.204.203.77/admin/
Method	GET
Parameter	X-Frame-Options
Attack
Evidence
URL	http://detectportal.firefox.com/canonical.html
Method	GET
Parameter	X-Frame-Options
Attack
Evidence
URL	https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method	GET
Parameter	X-Frame-Options
Attack
Evidence
URL	https://www2.bing.com/ipv6test/test
Method	GET
Parameter	X-Frame-Options
Attack
Evidence
Instances	4
Solution	Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app. If you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.
Reference	https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
CWE Id	1021
WASC Id	15
Plugin Id	10020

Medium	Vulnerable JS Library
Description	The identified library ckeditor, version 4.5.11 is vulnerable.

URL	https://cdn.ckeditor.com/4.5.11/full-all/ckeditor.js
Method	GET
Parameter
Attack
Evidence	ckeditor\.js(?:\?.\|;.)?$/i,e={timestamp:"G87E",version:"4.5.11
URL	https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/ckeditor.js
Method	GET
Parameter
Attack
Evidence	ckeditor\.js(?:\?.\|;.)?$/i,e={timestamp:"I2QG",version:"4.9.1
Instances	2
Solution	Please upgrade to the latest version of ckeditor.
Reference	https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/ https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-6226-h7ff-ch6c https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-414 https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-f6rf-9m92-x2hh https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-4151 https://ckeditor.com/cke4/release/CKEditor-4.16.0 https://ckeditor.com/blog/CKEditor-4.9.2-with-a-security-patch-released/ https://ckeditor.com/cke4/release-notes https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-pvmx-g8h5-cprj https://snyk.io/vuln/SNYK-JS-CKEDITOR-72618 https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7889-rm5j-hpgg https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-m94c-37g6-cjhc https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2
CWE Id	829
WASC Id
Plugin Id	10003

Low	Cookie No HttpOnly Flag
Description	A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.

URL	https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method	GET
Parameter	_SS
Attack
Evidence	Set-Cookie: _SS
URL	https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method	GET
Parameter	EDGSRVC
Attack
Evidence	Set-Cookie: EDGSRVC
URL	https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method	GET
Parameter	EDGSRVCPERSIST
Attack
Evidence	Set-Cookie: EDGSRVCPERSIST
URL	https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method	GET
Parameter	EDGSRVCSCEN
Attack
Evidence	Set-Cookie: EDGSRVCSCEN
URL	https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method	GET
Parameter	MUID
Attack
Evidence	Set-Cookie: MUID
URL	https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method	GET
Parameter	SRCHD
Attack
Evidence	Set-Cookie: SRCHD
URL	https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method	GET
Parameter	SRCHHPGUSR
Attack
Evidence	Set-Cookie: SRCHHPGUSR
URL	https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method	GET
Parameter	SRCHUID
Attack
Evidence	Set-Cookie: SRCHUID
URL	https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method	GET
Parameter	SRCHUSR
Attack
Evidence	Set-Cookie: SRCHUSR
Instances	9
Solution	Ensure that the HttpOnly flag is set for all cookies.
Reference	https://owasp.org/www-community/HttpOnly
CWE Id	1004
WASC Id	13
Plugin Id	10010

Low	Cookie Without Secure Flag
Description	A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.

URL	https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method	GET
Parameter	_EDGE_S
Attack
Evidence	Set-Cookie: _EDGE_S
URL	https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method	GET
Parameter	_EDGE_V
Attack
Evidence	Set-Cookie: _EDGE_V
URL	https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method	GET
Parameter	MUIDB
Attack
Evidence	Set-Cookie: MUIDB
URL	https://www2.bing.com/ipv6test/test
Method	GET
Parameter	MUIDB
Attack
Evidence	Set-Cookie: MUIDB
Instances	4
Solution	Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.
Reference	https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html
CWE Id	614
WASC Id	13
Plugin Id	10011

Low	Cookie with SameSite Attribute None
Description	A cookie has been set with its SameSite attribute set to "none", which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.

URL	https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method	GET
Parameter	_SS
Attack
Evidence	Set-Cookie: _SS
URL	https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method	GET
Parameter	EDGSRVC
Attack
Evidence	Set-Cookie: EDGSRVC
URL	https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method	GET
Parameter	EDGSRVCPERSIST
Attack
Evidence	Set-Cookie: EDGSRVCPERSIST
URL	https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method	GET
Parameter	EDGSRVCSCEN
Attack
Evidence	Set-Cookie: EDGSRVCSCEN
URL	https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method	GET
Parameter	MUID
Attack
Evidence	Set-Cookie: MUID
URL	https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method	GET
Parameter	SRCHD
Attack
Evidence	Set-Cookie: SRCHD
URL	https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method	GET
Parameter	SRCHHPGUSR
Attack
Evidence	Set-Cookie: SRCHHPGUSR
URL	https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method	GET
Parameter	SRCHUID
Attack
Evidence	Set-Cookie: SRCHUID
URL	https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method	GET
Parameter	SRCHUSR
Attack
Evidence	Set-Cookie: SRCHUSR
URL	https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method	GET
Parameter	SUID
Attack
Evidence	Set-Cookie: SUID
URL	https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method	GET
Parameter	USRLOC
Attack
Evidence	Set-Cookie: USRLOC
Instances	11
Solution	Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.
Reference	https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site
CWE Id	1275
WASC Id	13
Plugin Id	10054

Low	Cookie without SameSite Attribute
Description	A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.

URL	https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method	GET
Parameter	_EDGE_S
Attack
Evidence	Set-Cookie: _EDGE_S
URL	https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method	GET
Parameter	_EDGE_V
Attack
Evidence	Set-Cookie: _EDGE_V
URL	https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method	GET
Parameter	MUIDB
Attack
Evidence	Set-Cookie: MUIDB
URL	https://www2.bing.com/ipv6test/test
Method	GET
Parameter	MUIDB
Attack
Evidence	Set-Cookie: MUIDB
Instances	4
Solution	Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.
Reference	https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site
CWE Id	1275
WASC Id	13
Plugin Id	10054

Low	Cross-Domain JavaScript Source File Inclusion
Description	The page includes one or more script files from a third-party domain.

URL	http://43.204.203.77/admin/
Method	GET
Parameter	https://cdn.ckeditor.com/4.5.11/full-all/ckeditor.js
Attack
Evidence	<script src="https://cdn.ckeditor.com/4.5.11/full-all/ckeditor.js"></script>
URL	http://43.204.203.77/admin/
Method	GET
Parameter	https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/ckeditor.js
Attack
Evidence	<script src="https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/ckeditor.js"></script>
URL	http://43.204.203.77/admin/
Method	GET
Parameter	https://cdnjs.cloudflare.com/ajax/libs/lodash.js/4.17.5/lodash.min.js
Attack
Evidence	<script src="https://cdnjs.cloudflare.com/ajax/libs/lodash.js/4.17.5/lodash.min.js"></script>
Instances	3
Solution	Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.
Reference
CWE Id	829
WASC Id	15
Plugin Id	10017

Low	Information Disclosure - Debug Error Messages
Description	The response appeared to contain common error messages returned by platforms such as ASP.NET, and Web-servers such as IIS and Apache. You can configure the list of common debug messages.

URL	https://image.spurtcart.com/?path=&name=&width=60&height=60
Method	GET
Parameter
Attack
Evidence	Internal server error
URL	https://image.spurtcart.com/?path=null&name=null&width=50&height=50
Method	GET
Parameter
Attack
Evidence	Internal server error
Instances	2
Solution	Disable debugging messages before pushing to production.
Reference
CWE Id	200
WASC Id	13
Plugin Id	10023

Low	Server Leaks Version Information via "Server" HTTP Response Header Field
Description	The web/application server is leaking version information via the "Server" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.

URL	http://43.204.203.77/admin/
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/1213.bca9fde12e008d13.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/1232.b3a0b996ea7ced18.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/1236.ac00b447876f35b9.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/1382.9e89c899dafb16e2.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/1410.e3a454c0710677c9.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/1508.34db89c6110c7eb1.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/1531.bfac6ac261a7a729.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/1553.79ef9fb84a1533d6.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/1629.bf1bb77dbb335690.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/1631.91fac68058f2ba62.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/1671.6b5b3f2af01bb1d9.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/1855.a1c23c0399f16559.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/2039.76a232eb5be6d9c6.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/2061.0aaabbf01ef4124f.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/2164.eabe34d2d9541461.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/2174.8fbc351c90652f70.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/2258.3a7ca7b07681a1a7.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/2266.5257588dbe04091e.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/2323.c3670583ff5371a7.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/2352.38f6dd1009aa06fc.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/2455.77c97a23349bf3b9.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/2498.34fc6082abcd2f25.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/256.69b82f589c560e62.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/263.720e9c3bc3ed172f.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/3054.9c8fc0ccd99ba312.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/3085.835786bbfd845184.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/3176.0179da3689dfe749.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/3540.570918aaed1f303b.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/3548.88f0c804e8d28bbe.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/38.45a73bab14b7abbf.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/3851.7ff0770c5ea7829d.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/3911.9ad0191bda4456b8.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/4064.6c1e4adbcdcac046.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/4134.189a96638e0b2a09.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/4182.eed8618ac35157d9.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/4202.dd93c6202b312542.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/4214.d99700b30528c4af.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/4248.aea604632219d8c3.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/4338.a85572402a984d01.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/4443.5a77094282f9cbe1.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/4455.0cdbc03106a15a9c.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/4515.6b24bd1f0a5b6df9.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/4611.b376c6d86b62039f.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/4682.8cfef23f793f094e.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/4954.97afa1213c59eedd.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/5013.bb0565972037a79e.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/5042.f969505118c2fd89.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/5063.2f17dc964eae5e98.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/5145.801736656b54c672.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/5308.d4cd4ffce10a71c7.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/5336.64676d9206ffa68f.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/5377.b0e45c2addd39450.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/5566.916466eea17e3544.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/5595.0612fe5ebe4f3c57.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/5608.2a1109079b10bf56.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/5641.87f5d32535958130.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/574.f68660774b9c7073.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/5864.e6cf23d4b8bde2ed.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/5939.e071093f9de25a2e.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/6083.6f52944e71c49843.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/6093.c4d026c0e6cfb2d8.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/636.4a87c2dcbbae797c.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/6727.65485f2be6cf644e.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/6874.b37fc5c4a6dc4918.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/6879.41e5a9c4f62a4f88.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/6905.3c4d514bdd7b26ca.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/7.472206f9bbd253df.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/7154.2187bd5843fba8a6.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/7185.873f3f9c8855ff16.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/7294.eeb6937739f265b5.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/7324.8258d7ea7c7489b9.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/7339.78847452049e2559.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/7498.39e2df10da020fde.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/7633.de6dd6b9bf8bd228.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/7648.a5db27b3c0c1ecc6.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/7651.79a779703123ba4a.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/7654.77a32404c600674d.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/7739.b38d03efacc81c19.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/7773.d25ce3f58b5e23a2.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/7790.fbb1998e6164a47b.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/7932.d9080416c797853a.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/7970.1ee5d960a1ca3532.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/808.1da73573c54d95e8.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/8110.a01cf4c1217d7be7.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/8410.20e060e1ec2ef01e.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/8461.4a04ccab7beaceee.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/8538.c93f9f4d8e30041f.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/8622.cf18b2bf0bacf8dd.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/8654.c58c2f574061819f.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/877.1d2d037edb7ebd92.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/8804.fad5e05126357e70.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/8891.0729d83d00f9d5a2.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/9041.de49dc19422a1558.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/9154.c62ca6951082ec08.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/9169.cc55dab143f39277.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/9279.999b16799a71fb09.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/9416.33eecdd80361ba8a.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/9442.6eba38d870f411d4.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/9473.7f26a820cc350a1a.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/9584.b6efee3482211830.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/9675.41014bbf75aaa443.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/993.8497a298a793d670.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/9990.467b034322daa8d5.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/assets/i18n/en.json
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/common.ef4a1c86199084fd.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/fa-solid-900.a7ba84a018f500ca.woff2
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/main.0f1cfd2e4f5d7956.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/polyfills.dd6de2846bef6fea.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/runtime.71e0e9c6b76c5be6.js
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/admin/styles.099d46fcafc5fcf1.css
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/backend/api/admin-customer/customer-visit-list?month=4&year=2023
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/backend/api/admin-customer/vendor-graph-list?vendorId=211&duration=2023
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/backend/api/admin-vendor?limit=0&offset=0&name=&email=&status=1&count=0&customerId=&keyword=
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/backend/api/auth/get-profile
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/backend/api/category?limit=0&offset=0&keyword=&sortOrder=0&status=1
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/backend/api/order-status/order-status-list?limit=0&offset=0&keyword=&count=false&status=
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/backend/api/order-status/order-status-list?limit=0&offset=0&keyword=&status=1
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/backend/api/order-status/order-status-list?limit=20&offset=0&keyword=&count=false&status=
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/backend/api/order/order-count
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/backend/api/order/order-count-for-list?limit=20&offset=0&orderId=&totalAmount=&dateAdded=&keyword=&customerName=&count=true&orderStatusId=
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/backend/api/order/order-detail?orderId=2356&orderStatusId=
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/backend/api/order/order-product-log-list?orderProductId=3148
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/backend/api/order/orderlist?limit=20&offset=0&orderId=&totalAmount=&dateAdded=&keyword=&customerName=&count=0&orderStatusId=
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/backend/api/order/sales-graph-list?year=2023&month=4
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/backend/api/order/transaction-list?year=2023
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/backend/api/permission-module/permission-me
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/backend/api/product/dashboard-admin-totalvendor-totalproduct-count
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/backend/api/product/dashboard-admin/orders-count?duration=4
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/backend/api/product/dashboard-average-conversion-ratio?duration=4
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/backend/api/product/dashboard-average-order-value?limit=10&offset=0&count=0&duration=4
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/backend/api/product/dashboard-total-revenue?duration=4
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/backend/api/product/dashboard/admin-customers-count?duration=4
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/backend/api/product/dashboard/graph-weekly-saleslist?productId=1931,1911,1934
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/backend/api/product/dashboard/graph-weekly-saleslist?productId=1931,1934,1911
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/backend/api/product/product-count
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/backend/api/product/recent-selling-product
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/backend/api/product/top-five-repeatedly-purchased-customers
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/backend/api/product/top-performing-products?limit=10&offset=0&count=0&duration=2
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/backend/api/product/top-performing-products?limit=10&offset=0&count=0&duration=4
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/backend/api/product/top-performing-products?limit=10&offset=0&count=true&duration=4
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/backend/api/product?limit=0&offset=0&keyword=&sku=&status=&price=0&count=false&productType=
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/backend/api/product?limit=20&offset=0&keyword=&sku=&status=&price=0&count=false&productType=
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/backend/api/product?limit=20&offset=0&keyword=&sku=&status=&price=0&count=true&productType=
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/backend/api/settings/get-settings
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/backend/api/tax/tax-list?limit=0&offset=0&keyword=&count=0&status=1
Method	GET
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	https://cdn.ckeditor.com/4.5.11/full-all/ckeditor.js
Method	GET
Parameter
Attack
Evidence	CFS 0215
URL	https://cdn.plot.ly/plotly-basic-1.55.2.min.js
Method	GET
Parameter
Attack
Evidence	AmazonS3
URL	https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
Method	GET
Parameter
Attack
Evidence	AmazonS3
URL	https://tracking-protection.cdn.mozilla.net/ads-track-digest256/1668785275
Method	GET
Parameter
Attack
Evidence	AmazonS3
URL	https://tracking-protection.cdn.mozilla.net/analytics-track-digest256/1663274228
Method	GET
Parameter
Attack
Evidence	AmazonS3
URL	https://tracking-protection.cdn.mozilla.net/base-cryptomining-track-digest256/1604686195
Method	GET
Parameter
Attack
Evidence	AmazonS3
URL	https://tracking-protection.cdn.mozilla.net/base-email-track-digest256/1668785275
Method	GET
Parameter
Attack
Evidence	AmazonS3
URL	https://tracking-protection.cdn.mozilla.net/base-fingerprinting-track-digest256/1663274228
Method	GET
Parameter
Attack
Evidence	AmazonS3
URL	https://tracking-protection.cdn.mozilla.net/content-email-track-digest256/1668785275
Method	GET
Parameter
Attack
Evidence	AmazonS3
URL	https://tracking-protection.cdn.mozilla.net/content-track-digest256/1670952926
Method	GET
Parameter
Attack
Evidence	AmazonS3
URL	https://tracking-protection.cdn.mozilla.net/google-trackwhite-digest256/1604686195
Method	GET
Parameter
Attack
Evidence	AmazonS3
URL	https://tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/1670952926
Method	GET
Parameter
Attack
Evidence	AmazonS3
URL	https://tracking-protection.cdn.mozilla.net/social-track-digest256/1668785275
Method	GET
Parameter
Attack
Evidence	AmazonS3
URL	https://tracking-protection.cdn.mozilla.net/social-tracking-protection-facebook-digest256/1604686195
Method	GET
Parameter
Attack
Evidence	AmazonS3
URL	https://tracking-protection.cdn.mozilla.net/social-tracking-protection-linkedin-digest256/1564526481
Method	GET
Parameter
Attack
Evidence	AmazonS3
URL	https://tracking-protection.cdn.mozilla.net/social-tracking-protection-twitter-digest256/1604686195
Method	GET
Parameter
Attack
Evidence	AmazonS3
URL	http://43.204.203.77/backend/api/auth/login
Method	POST
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
URL	http://43.204.203.77/backend/api/order/update-order-product-status/3148
Method	PUT
Parameter
Attack
Evidence	Apache/2.4.41 (Ubuntu)
Instances	166
Solution	Ensure that your web server, application server, load balancer, etc. is configured to suppress the "Server" header or provide generic details.
Reference	http://httpd.apache.org/docs/current/mod/core.html#servertokens http://msdn.microsoft.com/en-us/library/ff648552.aspx#ht_urlscan_007 http://blogs.msdn.com/b/varunm/archive/2013/04/23/remove-unwanted-http-response-headers.aspx http://www.troyhunt.com/2012/02/shhh-dont-let-your-response-headers.html
CWE Id	200
WASC Id	13
Plugin Id	10036

Low	Strict-Transport-Security Disabled
Description	A HTTP Strict Transport Security (HSTS) header was found, but it contains the directive max-age=0 which disables the control and instructs browsers to reset any previous HSTS related settings. See RFC 6797 for further details. HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL).

URL	https://edge.microsoft.com/abusiveadblocking/api/v1/blocklist
Method	GET
Parameter
Attack
Evidence	max-age=0
Instances	1
Solution	Review the configuration of this control. Ensure that your web server, application server, load balancer, etc. is configured to set Strict-Transport-Security with an appropriate max-age value.
Reference	http://tools.ietf.org/html/rfc6797#section-6.2
CWE Id	319
WASC Id	15
Plugin Id	10035

Low	Strict-Transport-Security Header Not Set
Description	HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL). HSTS is an IETF standards track protocol and is specified in RFC 6797.

URL	https://cdn.ckeditor.com/4.5.11/full-all/ckeditor.js
Method	GET
Parameter
Attack
Evidence
URL	https://cdn.plot.ly/plotly-basic-1.55.2.min.js
Method	GET
Parameter
Attack
Evidence
URL	https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
Method	GET
Parameter
Attack
Evidence
URL	https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=arbitration_priority_list&version=2..&channel=stable&key=d414dd4f9db345fa8003e32adc81b362
Method	GET
Parameter
Attack
Evidence
URL	https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=edge_hub_apps_manifest&version=4.7.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362
Method	GET
Parameter
Attack
Evidence
URL	https://edge.microsoft.com/neededge/v1?bucket=80
Method	GET
Parameter
Attack
Evidence
URL	https://edge.microsoft.com/serviceexperimentation/v2/
Method	GET
Parameter
Attack
Evidence
URL	https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/2.0.6/asset?sv=2017-07-29&sr=c&sig=syVgbBkg8uucUCbdAhbOcJHbhbWxF6Oaa0Ff5bb1IjQ%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-06-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService
Method	GET
Parameter
Attack
Evidence
URL	https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest/4.7.36/asset?sv=2017-07-29&sr=c&sig=syVgbBkg8uucUCbdAhbOcJHbhbWxF6Oaa0Ff5bb1IjQ%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-06-30T00%3A00%3A00Z&sp=r&assetgroup=Shoreline
Method	GET
Parameter
Attack
Evidence
URL	https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method	GET
Parameter
Attack
Evidence
URL	https://edgeservices.bing.com/fd/ls/l?IG=7756067461E74BEBB11BB8F8405B6A8F&CID=1426146E026A6F2535D7069C03B86E83&Type=Event.CPT&DATA=%7B%22pp%22:%7B%22S%22:%22L%22,%22FC%22:1430,%22BC%22:1431,%22SE%22:-1,%22TC%22:-1,%22H%22:1814,%22BP%22:1815,%22CT%22:1816,%22IL%22:0%7D,%22ad%22:%5B-1,-1,0,0,0,0,0%5D,%22net%22:%22undefined%22%7D&P=UNSP&DA=DUBE01
Method	GET
Parameter
Attack
Evidence
URL	https://edgeservices.bing.com/ipv6test/test?FORM=MONITR
Method	GET
Parameter
Attack
Evidence
URL	https://edgeservices.bing.com/rp/6gwyvgUhMc_64xL4rIZIJiyI9Ik.js
Method	GET
Parameter
Attack
Evidence
URL	https://edgeservices.bing.com/rp/BAWWNeRGZhdEM4X57-nYh3UUFWc.js
Method	GET
Parameter
Attack
Evidence
URL	https://edgeservices.bing.com/rp/ehzbwa_MRvvT9Ntrf63tSdC2v6Y.css
Method	GET
Parameter
Attack
Evidence
URL	https://edgeservices.bing.com/rp/Fl8hvdN-LRA_glbu6-DmucPb4hM.js
Method	GET
Parameter
Attack
Evidence
URL	https://edgeservices.bing.com/rp/GBZ850ngNs7Vmx3K8jd6CJOXRog.js
Method	GET
Parameter
Attack
Evidence
URL	https://edgeservices.bing.com/rp/IBCVtVNB4rIhrEoojHm4hLXgrio.js
Method	GET
Parameter
Attack
Evidence
URL	https://edgeservices.bing.com/rp/JDsGCskJXJerqDlueE-JSck9YmY.js
Method	GET
Parameter
Attack
Evidence
URL	https://edgeservices.bing.com/rp/jmjzP7bqHB1J2F3r3-zjXIy-E3o.js
Method	GET
Parameter
Attack
Evidence
URL	https://edgeservices.bing.com/rp/jTX_lM98lKg9-czTzwiLUsV1Qbk.js
Method	GET
Parameter
Attack
Evidence
URL	https://edgeservices.bing.com/rp/jyS-PUG9r2tazj4oG7YRLfgYf7Y.js
Method	GET
Parameter
Attack
Evidence
URL	https://edgeservices.bing.com/rp/L3yoqw4shqYEILXl6pvlKqIoidw.js
Method	GET
Parameter
Attack
Evidence
URL	https://edgeservices.bing.com/rp/Ltkqat-zSiRMPQNVPxjDdcFwJN4.js
Method	GET
Parameter
Attack
Evidence
URL	https://edgeservices.bing.com/rp/qmFSVX8C0H6ihoMV-nT2OqfHW8E.js
Method	GET
Parameter
Attack
Evidence
URL	https://edgeservices.bing.com/rp/rO-9PeVNCXkmW0qTG4ecU5hJ2Rc.js
Method	GET
Parameter
Attack
Evidence
URL	https://edgeservices.bing.com/rp/T9UqkhCuv2zPJwI6ajUfDJtHw10.js
Method	GET
Parameter
Attack
Evidence
URL	https://edgeservices.bing.com/rp/tVjySZU7uHF3djX0d9UfyyYoJZg.js
Method	GET
Parameter
Attack
Evidence
URL	https://edgeservices.bing.com/rp/uvA8zPxfq5UVAj_3sgYCDgEEyx0.css
Method	GET
Parameter
Attack
Evidence
URL	https://edgeservices.bing.com/rp/Wqzke5Dmb4xly7TpIjaICZD4pLI.js
Method	GET
Parameter
Attack
Evidence
URL	https://edgeservices.bing.com/rp/XyQNqvQakaG0v1trKEJdUG1Lw0w.js
Method	GET
Parameter
Attack
Evidence
URL	https://fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Method	GET
Parameter
Attack
Evidence
URL	https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Method	GET
Parameter
Attack
Evidence
URL	https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Method	GET
Parameter
Attack
Evidence
URL	https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Method	GET
Parameter
Attack
Evidence
URL	https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Method	GET
Parameter
Attack
Evidence
URL	https://image.spurtcart.com/?path=&name=&width=60&height=60
Method	GET
Parameter
Attack
Evidence
URL	https://image.spurtcart.com/?path=null&name=null&width=50&height=50
Method	GET
Parameter
Attack
Evidence
URL	https://tracking-protection.cdn.mozilla.net/ads-track-digest256/1668785275
Method	GET
Parameter
Attack
Evidence
URL	https://tracking-protection.cdn.mozilla.net/analytics-track-digest256/1663274228
Method	GET
Parameter
Attack
Evidence
URL	https://tracking-protection.cdn.mozilla.net/base-cryptomining-track-digest256/1604686195
Method	GET
Parameter
Attack
Evidence
URL	https://tracking-protection.cdn.mozilla.net/base-email-track-digest256/1668785275
Method	GET
Parameter
Attack
Evidence
URL	https://tracking-protection.cdn.mozilla.net/base-fingerprinting-track-digest256/1663274228
Method	GET
Parameter
Attack
Evidence
URL	https://tracking-protection.cdn.mozilla.net/content-email-track-digest256/1668785275
Method	GET
Parameter
Attack
Evidence
URL	https://tracking-protection.cdn.mozilla.net/content-track-digest256/1670952926
Method	GET
Parameter
Attack
Evidence
URL	https://tracking-protection.cdn.mozilla.net/google-trackwhite-digest256/1604686195
Method	GET
Parameter
Attack
Evidence
URL	https://tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/1670952926
Method	GET
Parameter
Attack
Evidence
URL	https://tracking-protection.cdn.mozilla.net/social-track-digest256/1668785275
Method	GET
Parameter
Attack
Evidence
URL	https://tracking-protection.cdn.mozilla.net/social-tracking-protection-facebook-digest256/1604686195
Method	GET
Parameter
Attack
Evidence
URL	https://tracking-protection.cdn.mozilla.net/social-tracking-protection-linkedin-digest256/1564526481
Method	GET
Parameter
Attack
Evidence
URL	https://tracking-protection.cdn.mozilla.net/social-tracking-protection-twitter-digest256/1604686195
Method	GET
Parameter
Attack
Evidence
URL	https://www2.bing.com/ipv6test/test
Method	GET
Parameter
Attack
Evidence
URL	https://edgeservices.bing.com/fd/ls/lsp.aspx
Method	POST
Parameter
Attack
Evidence
URL	https://edgeservices.bing.com/web/xls.aspx
Method	POST
Parameter
Attack
Evidence
Instances	54
Solution	Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.
Reference	https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html https://owasp.org/www-community/Security_Headers http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security http://caniuse.com/stricttransportsecurity http://tools.ietf.org/html/rfc6797
CWE Id	319
WASC Id	15
Plugin Id	10035

Low	Timestamp Disclosure - Unix
Description	A timestamp was disclosed by the application/web server - Unix

URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1396182291
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1398893684
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1415668834
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1426881987
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1431655765
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1432725776
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1467031594
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1476395008
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1476395009
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1495990901
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1501505948
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1508970993
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1518500249
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1522805485
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1537002063
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1541459225
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1546045734
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1548603684
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1549556828
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1555081692
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1575990012
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1595750129
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1607167915
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1610612736
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1610612737
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1654270250
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1694076839
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1695183700
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1701076831
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1731405415
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1732584193
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1744830464
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1744830465
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1747873779
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1750603025
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1779033703
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1816402316
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1836072691
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1856431235
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1859775393
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1879048192
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1879048193
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1894007588
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1899447441
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1914138554
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1925078388
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1933667412
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1955562222
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1986661051
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	1996064986
URL	http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method	GET
Parameter
Attack
Evidence	1396182291
URL	http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method	GET
Parameter
Attack
Evidence	1424204075
URL	http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method	GET
Parameter
Attack
Evidence	1426881987
URL	http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method	GET
Parameter
Attack
Evidence	1431655765
URL	http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method	GET
Parameter
Attack
Evidence	1473132947
URL	http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method	GET
Parameter
Attack
Evidence	1474664885
URL	http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method	GET
Parameter
Attack
Evidence	1508970993
URL	http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method	GET
Parameter
Attack
Evidence	1521486534
URL	http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method	GET
Parameter
Attack
Evidence	1537002063
URL	http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method	GET
Parameter
Attack
Evidence	1538233109
URL	http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method	GET
Parameter
Attack
Evidence	1540483477
URL	http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method	GET
Parameter
Attack
Evidence	1541459225
URL	http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method	GET
Parameter
Attack
Evidence	1555081692
URL	http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method	GET
Parameter
Attack
Evidence	1564481375
URL	http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method	GET
Parameter
Attack
Evidence	1680079193
URL	http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method	GET
Parameter
Attack
Evidence	1694144372
URL	http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method	GET
Parameter
Attack
Evidence	1695183700
URL	http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method	GET
Parameter
Attack
Evidence	1740746414
URL	http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method	GET
Parameter
Attack
Evidence	1747873779
URL	http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method	GET
Parameter
Attack
Evidence	1779033703
URL	http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method	GET
Parameter
Attack
Evidence	1838011259
URL	http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method	GET
Parameter
Attack
Evidence	1841331548
URL	http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method	GET
Parameter
Attack
Evidence	1866530822
URL	http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method	GET
Parameter
Attack
Evidence	1899447441
URL	http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method	GET
Parameter
Attack
Evidence	1925078388
URL	http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method	GET
Parameter
Attack
Evidence	1933114872
URL	http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method	GET
Parameter
Attack
Evidence	1955562222
URL	http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method	GET
Parameter
Attack
Evidence	1986661051
URL	http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method	GET
Parameter
Attack
Evidence	1996064986
URL	http://43.204.203.77/admin/main.0f1cfd2e4f5d7956.js
Method	GET
Parameter
Attack
Evidence	1431655765
URL	https://cdn.ckeditor.com/4.5.11/full-all/ckeditor.js
Method	GET
Parameter
Attack
Evidence	1663772073
URL	https://cdn.ckeditor.com/4.5.11/full-all/ckeditor.js
Method	GET
Parameter
Attack
Evidence	1681375291
URL	https://edge.microsoft.com/abusiveadblocking/api/v1/blocklist
Method	GET
Parameter
Attack
Evidence	1681346286
URL	https://tracking-protection.cdn.mozilla.net/ads-track-digest256/1668785275
Method	GET
Parameter
Attack
Evidence	1668785275
URL	https://tracking-protection.cdn.mozilla.net/analytics-track-digest256/1663274228
Method	GET
Parameter
Attack
Evidence	1663274228
URL	https://tracking-protection.cdn.mozilla.net/base-cryptomining-track-digest256/1604686195
Method	GET
Parameter
Attack
Evidence	1604686195
URL	https://tracking-protection.cdn.mozilla.net/base-email-track-digest256/1668785275
Method	GET
Parameter
Attack
Evidence	1668785275
URL	https://tracking-protection.cdn.mozilla.net/base-fingerprinting-track-digest256/1663274228
Method	GET
Parameter
Attack
Evidence	1663274228
URL	https://tracking-protection.cdn.mozilla.net/content-email-track-digest256/1668785275
Method	GET
Parameter
Attack
Evidence	1668785275
URL	https://tracking-protection.cdn.mozilla.net/content-track-digest256/1670952926
Method	GET
Parameter
Attack
Evidence	1670952926
URL	https://tracking-protection.cdn.mozilla.net/google-trackwhite-digest256/1604686195
Method	GET
Parameter
Attack
Evidence	1604686195
URL	https://tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/1670952926
Method	GET
Parameter
Attack
Evidence	1670952926
URL	https://tracking-protection.cdn.mozilla.net/social-track-digest256/1668785275
Method	GET
Parameter
Attack
Evidence	1668785275
URL	https://tracking-protection.cdn.mozilla.net/social-tracking-protection-facebook-digest256/1604686195
Method	GET
Parameter
Attack
Evidence	1604686195
URL	https://tracking-protection.cdn.mozilla.net/social-tracking-protection-linkedin-digest256/1564526481
Method	GET
Parameter
Attack
Evidence	1564526481
URL	https://tracking-protection.cdn.mozilla.net/social-tracking-protection-twitter-digest256/1604686195
Method	GET
Parameter
Attack
Evidence	1604686195
URL	https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=111.0&pver=2.2
Method	POST
Parameter
Attack
Evidence	1564526481
URL	https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=111.0&pver=2.2
Method	POST
Parameter
Attack
Evidence	1604686195
URL	https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=111.0&pver=2.2
Method	POST
Parameter
Attack
Evidence	1663274228
URL	https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=111.0&pver=2.2
Method	POST
Parameter
Attack
Evidence	1668785275
URL	https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=111.0&pver=2.2
Method	POST
Parameter
Attack
Evidence	1670952926
Instances	101
Solution	Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.
Reference	http://projects.webappsec.org/w/page/13246936/Information%20Leakage
CWE Id	200
WASC Id	13
Plugin Id	10096

Low	X-Content-Type-Options Header Missing
Description	The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

URL	http://43.204.203.77/admin/
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/1213.bca9fde12e008d13.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/1232.b3a0b996ea7ced18.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/1236.ac00b447876f35b9.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/1382.9e89c899dafb16e2.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/1410.e3a454c0710677c9.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/1508.34db89c6110c7eb1.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/1531.bfac6ac261a7a729.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/1553.79ef9fb84a1533d6.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/1629.bf1bb77dbb335690.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/1631.91fac68058f2ba62.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/1671.6b5b3f2af01bb1d9.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/1855.a1c23c0399f16559.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/2039.76a232eb5be6d9c6.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/2061.0aaabbf01ef4124f.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/2164.eabe34d2d9541461.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/2174.8fbc351c90652f70.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/2258.3a7ca7b07681a1a7.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/2266.5257588dbe04091e.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/2323.c3670583ff5371a7.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/2352.38f6dd1009aa06fc.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/2455.77c97a23349bf3b9.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/2498.34fc6082abcd2f25.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/256.69b82f589c560e62.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/263.720e9c3bc3ed172f.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/3054.9c8fc0ccd99ba312.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/3085.835786bbfd845184.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/3176.0179da3689dfe749.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/3540.570918aaed1f303b.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/3548.88f0c804e8d28bbe.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/38.45a73bab14b7abbf.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/3851.7ff0770c5ea7829d.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/3911.9ad0191bda4456b8.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/4064.6c1e4adbcdcac046.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/4134.189a96638e0b2a09.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/4182.eed8618ac35157d9.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/4202.dd93c6202b312542.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/4214.d99700b30528c4af.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/4248.aea604632219d8c3.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/4338.a85572402a984d01.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/4443.5a77094282f9cbe1.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/4455.0cdbc03106a15a9c.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/4515.6b24bd1f0a5b6df9.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/4611.b376c6d86b62039f.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/4682.8cfef23f793f094e.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/4954.97afa1213c59eedd.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/5013.bb0565972037a79e.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/5042.f969505118c2fd89.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/5063.2f17dc964eae5e98.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/5145.801736656b54c672.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/5308.d4cd4ffce10a71c7.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/5336.64676d9206ffa68f.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/5377.b0e45c2addd39450.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/5566.916466eea17e3544.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/5595.0612fe5ebe4f3c57.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/5608.2a1109079b10bf56.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/5641.87f5d32535958130.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/574.f68660774b9c7073.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/5864.e6cf23d4b8bde2ed.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/5939.e071093f9de25a2e.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/6083.6f52944e71c49843.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/6093.c4d026c0e6cfb2d8.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/636.4a87c2dcbbae797c.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/6727.65485f2be6cf644e.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/6874.b37fc5c4a6dc4918.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/6879.41e5a9c4f62a4f88.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/6905.3c4d514bdd7b26ca.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/7.472206f9bbd253df.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/7154.2187bd5843fba8a6.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/7185.873f3f9c8855ff16.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/7294.eeb6937739f265b5.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/7324.8258d7ea7c7489b9.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/7339.78847452049e2559.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/7498.39e2df10da020fde.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/7633.de6dd6b9bf8bd228.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/7648.a5db27b3c0c1ecc6.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/7651.79a779703123ba4a.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/7654.77a32404c600674d.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/7739.b38d03efacc81c19.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/7773.d25ce3f58b5e23a2.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/7790.fbb1998e6164a47b.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/7932.d9080416c797853a.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/7970.1ee5d960a1ca3532.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/808.1da73573c54d95e8.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/8110.a01cf4c1217d7be7.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/8410.20e060e1ec2ef01e.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/8461.4a04ccab7beaceee.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/8538.c93f9f4d8e30041f.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/8622.cf18b2bf0bacf8dd.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/8654.c58c2f574061819f.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/877.1d2d037edb7ebd92.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/8804.fad5e05126357e70.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/8891.0729d83d00f9d5a2.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/9041.de49dc19422a1558.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/9154.c62ca6951082ec08.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/9169.cc55dab143f39277.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/9279.999b16799a71fb09.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/9416.33eecdd80361ba8a.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/9442.6eba38d870f411d4.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/9473.7f26a820cc350a1a.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/9584.b6efee3482211830.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/9675.41014bbf75aaa443.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/993.8497a298a793d670.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/9990.467b034322daa8d5.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/assets/i18n/en.json
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/common.ef4a1c86199084fd.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/fa-solid-900.a7ba84a018f500ca.woff2
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/main.0f1cfd2e4f5d7956.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/polyfills.dd6de2846bef6fea.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/runtime.71e0e9c6b76c5be6.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://43.204.203.77/admin/styles.099d46fcafc5fcf1.css
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://detectportal.firefox.com/canonical.html
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	http://detectportal.firefox.com/success.txt?ipv4
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	https://cdn.plot.ly/plotly-basic-1.55.2.min.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	https://edge.microsoft.com/abusiveadblocking/api/v1/blocklist
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=arbitration_priority_list&version=2..&channel=stable&key=d414dd4f9db345fa8003e32adc81b362
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=edge_hub_apps_manifest&version=4.7.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	https://edge.microsoft.com/serviceexperimentation/v2/
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/2.0.6/asset?sv=2017-07-29&sr=c&sig=syVgbBkg8uucUCbdAhbOcJHbhbWxF6Oaa0Ff5bb1IjQ%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-06-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest/4.7.36/asset?sv=2017-07-29&sr=c&sig=syVgbBkg8uucUCbdAhbOcJHbhbWxF6Oaa0Ff5bb1IjQ%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-06-30T00%3A00%3A00Z&sp=r&assetgroup=Shoreline
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	https://edgeservices.bing.com/rp/6gwyvgUhMc_64xL4rIZIJiyI9Ik.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	https://edgeservices.bing.com/rp/BAWWNeRGZhdEM4X57-nYh3UUFWc.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	https://edgeservices.bing.com/rp/ehzbwa_MRvvT9Ntrf63tSdC2v6Y.css
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	https://edgeservices.bing.com/rp/Fl8hvdN-LRA_glbu6-DmucPb4hM.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	https://edgeservices.bing.com/rp/GBZ850ngNs7Vmx3K8jd6CJOXRog.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	https://edgeservices.bing.com/rp/IBCVtVNB4rIhrEoojHm4hLXgrio.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	https://edgeservices.bing.com/rp/JDsGCskJXJerqDlueE-JSck9YmY.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	https://edgeservices.bing.com/rp/jmjzP7bqHB1J2F3r3-zjXIy-E3o.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	https://edgeservices.bing.com/rp/jTX_lM98lKg9-czTzwiLUsV1Qbk.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	https://edgeservices.bing.com/rp/jyS-PUG9r2tazj4oG7YRLfgYf7Y.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	https://edgeservices.bing.com/rp/L3yoqw4shqYEILXl6pvlKqIoidw.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	https://edgeservices.bing.com/rp/Ltkqat-zSiRMPQNVPxjDdcFwJN4.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	https://edgeservices.bing.com/rp/qmFSVX8C0H6ihoMV-nT2OqfHW8E.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	https://edgeservices.bing.com/rp/rO-9PeVNCXkmW0qTG4ecU5hJ2Rc.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	https://edgeservices.bing.com/rp/T9UqkhCuv2zPJwI6ajUfDJtHw10.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	https://edgeservices.bing.com/rp/tVjySZU7uHF3djX0d9UfyyYoJZg.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	https://edgeservices.bing.com/rp/uvA8zPxfq5UVAj_3sgYCDgEEyx0.css
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	https://edgeservices.bing.com/rp/Wqzke5Dmb4xly7TpIjaICZD4pLI.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	https://edgeservices.bing.com/rp/XyQNqvQakaG0v1trKEJdUG1Lw0w.js
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	https://tracking-protection.cdn.mozilla.net/ads-track-digest256/1668785275
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	https://tracking-protection.cdn.mozilla.net/analytics-track-digest256/1663274228
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	https://tracking-protection.cdn.mozilla.net/base-cryptomining-track-digest256/1604686195
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	https://tracking-protection.cdn.mozilla.net/base-email-track-digest256/1668785275
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	https://tracking-protection.cdn.mozilla.net/base-fingerprinting-track-digest256/1663274228
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	https://tracking-protection.cdn.mozilla.net/content-email-track-digest256/1668785275
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	https://tracking-protection.cdn.mozilla.net/content-track-digest256/1670952926
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	https://tracking-protection.cdn.mozilla.net/google-trackwhite-digest256/1604686195
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	https://tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/1670952926
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	https://tracking-protection.cdn.mozilla.net/social-track-digest256/1668785275
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	https://tracking-protection.cdn.mozilla.net/social-tracking-protection-facebook-digest256/1604686195
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	https://tracking-protection.cdn.mozilla.net/social-tracking-protection-linkedin-digest256/1564526481
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	https://tracking-protection.cdn.mozilla.net/social-tracking-protection-twitter-digest256/1604686195
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	https://www2.bing.com/ipv6test/test
Method	GET
Parameter	X-Content-Type-Options
Attack
Evidence
URL	https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=111.0&pver=2.2
Method	POST
Parameter	X-Content-Type-Options
Attack
Evidence
Instances	158
Solution	Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages. If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.
Reference	http://msdn.microsoft.com/en-us/library/ie/gg622941%28v=vs.85%29.aspx https://owasp.org/www-community/Security_Headers
CWE Id	693
WASC Id	15
Plugin Id	10021

Informational	Content Security Policy (CSP) Report-Only Header Found
Description	The response contained a Content-Security-Policy-Report-Only header, this may indicate a work-in-progress implementation, or an oversight in promoting pre-Prod to Prod, etc. Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.

URL	https://www2.bing.com/ipv6test/test
Method	GET
Parameter
Attack
Evidence
Instances	1
Solution	Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.
Reference	https://www.w3.org/TR/CSP2/ https://w3c.github.io/webappsec-csp/ http://caniuse.com/#feat=contentsecuritypolicy http://content-security-policy.com/
CWE Id	693
WASC Id	15
Plugin Id	10038

Informational	Content-Type Header Missing
Description	The Content-Type header was either missing or empty.

URL	https://edgeservices.bing.com/ipv6test/test?FORM=MONITR
Method	GET
Parameter
Attack
Evidence
Instances	1
Solution	Ensure each page is setting the specific and appropriate content-type value for the content being delivered.
Reference	http://msdn.microsoft.com/en-us/library/ie/gg622941%28v=vs.85%29.aspx
CWE Id	345
WASC Id	12
Plugin Id	10019

Informational	Cookie Poisoning
Description	This check looks at user-supplied input in query string parameters and POST data to identify where cookie parameters might be controlled. This is called a cookie poisoning attack, and becomes exploitable when an attacker can manipulate the cookie in various ways. In some cases this will not be exploitable, however, allowing URL parameters to set cookie values is generally considered a bug.

URL	https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method	GET
Parameter	FORM
Attack
Evidence
Instances	1
Solution	Do not allow user input to control cookie names and values. If some query string parameters must be set in cookie values, be sure to filter out semicolon's that can serve as name/value pair delimiters.
Reference	http://websecuritytool.codeplex.com/wikipage?title=Checks#user-controlled-cookie
CWE Id	20
WASC Id	20
Plugin Id	10029

Informational	Information Disclosure - Suspicious Comments
Description	The response appears to contain suspicious comments which may help an attacker. Note: Matches made within script blocks or files are against the entire content not only comments.

URL	http://43.204.203.77/admin/1213.bca9fde12e008d13.js
Method	GET
Parameter
Attack
Evidence	user
URL	http://43.204.203.77/admin/1236.ac00b447876f35b9.js
Method	GET
Parameter
Attack
Evidence	admin
URL	http://43.204.203.77/admin/1382.9e89c899dafb16e2.js
Method	GET
Parameter
Attack
Evidence	admin
URL	http://43.204.203.77/admin/1410.e3a454c0710677c9.js
Method	GET
Parameter
Attack
Evidence	admin
URL	http://43.204.203.77/admin/1508.34db89c6110c7eb1.js
Method	GET
Parameter
Attack
Evidence	admin
URL	http://43.204.203.77/admin/1629.bf1bb77dbb335690.js
Method	GET
Parameter
Attack
Evidence	admin
URL	http://43.204.203.77/admin/1631.91fac68058f2ba62.js
Method	GET
Parameter
Attack
Evidence	admin
URL	http://43.204.203.77/admin/1671.6b5b3f2af01bb1d9.js
Method	GET
Parameter
Attack
Evidence	user
URL	http://43.204.203.77/admin/1855.a1c23c0399f16559.js
Method	GET
Parameter
Attack
Evidence	admin
URL	http://43.204.203.77/admin/2061.0aaabbf01ef4124f.js
Method	GET
Parameter
Attack
Evidence	select
URL	http://43.204.203.77/admin/2164.eabe34d2d9541461.js
Method	GET
Parameter
Attack
Evidence	user
URL	http://43.204.203.77/admin/2174.8fbc351c90652f70.js
Method	GET
Parameter
Attack
Evidence	user
URL	http://43.204.203.77/admin/2258.3a7ca7b07681a1a7.js
Method	GET
Parameter
Attack
Evidence	admin
URL	http://43.204.203.77/admin/2266.5257588dbe04091e.js
Method	GET
Parameter
Attack
Evidence	user
URL	http://43.204.203.77/admin/2323.c3670583ff5371a7.js
Method	GET
Parameter
Attack
Evidence	admin
URL	http://43.204.203.77/admin/2455.77c97a23349bf3b9.js
Method	GET
Parameter
Attack
Evidence	Admin
URL	http://43.204.203.77/admin/2498.34fc6082abcd2f25.js
Method	GET
Parameter
Attack
Evidence	admin
URL	http://43.204.203.77/admin/256.69b82f589c560e62.js
Method	GET
Parameter
Attack
Evidence	Admin
URL	http://43.204.203.77/admin/263.720e9c3bc3ed172f.js
Method	GET
Parameter
Attack
Evidence	DB
URL	http://43.204.203.77/admin/3085.835786bbfd845184.js
Method	GET
Parameter
Attack
Evidence	admin
URL	http://43.204.203.77/admin/3176.0179da3689dfe749.js
Method	GET
Parameter
Attack
Evidence	admin
URL	http://43.204.203.77/admin/3540.570918aaed1f303b.js
Method	GET
Parameter
Attack
Evidence	select
URL	http://43.204.203.77/admin/3548.88f0c804e8d28bbe.js
Method	GET
Parameter
Attack
Evidence	select
URL	http://43.204.203.77/admin/38.45a73bab14b7abbf.js
Method	GET
Parameter
Attack
Evidence	user
URL	http://43.204.203.77/admin/3911.9ad0191bda4456b8.js
Method	GET
Parameter
Attack
Evidence	select
URL	http://43.204.203.77/admin/4064.6c1e4adbcdcac046.js
Method	GET
Parameter
Attack
Evidence	select
URL	http://43.204.203.77/admin/4134.189a96638e0b2a09.js
Method	GET
Parameter
Attack
Evidence	admin
URL	http://43.204.203.77/admin/4182.eed8618ac35157d9.js
Method	GET
Parameter
Attack
Evidence	admin
URL	http://43.204.203.77/admin/4202.dd93c6202b312542.js
Method	GET
Parameter
Attack
Evidence	select
URL	http://43.204.203.77/admin/4244.ab01d466bc47b4f4.js
Method	GET
Parameter
Attack
Evidence	TODO
URL	http://43.204.203.77/admin/4611.b376c6d86b62039f.js
Method	GET
Parameter
Attack
Evidence	user
URL	http://43.204.203.77/admin/4682.8cfef23f793f094e.js
Method	GET
Parameter
Attack
Evidence	admin
URL	http://43.204.203.77/admin/4954.97afa1213c59eedd.js
Method	GET
Parameter
Attack
Evidence	admin
URL	http://43.204.203.77/admin/5042.f969505118c2fd89.js
Method	GET
Parameter
Attack
Evidence	admin
URL	http://43.204.203.77/admin/5063.2f17dc964eae5e98.js
Method	GET
Parameter
Attack
Evidence	admin
URL	http://43.204.203.77/admin/5145.801736656b54c672.js
Method	GET
Parameter
Attack
Evidence	Admin
URL	http://43.204.203.77/admin/5308.d4cd4ffce10a71c7.js
Method	GET
Parameter
Attack
Evidence	admin
URL	http://43.204.203.77/admin/5377.b0e45c2addd39450.js
Method	GET
Parameter
Attack
Evidence	Admin
URL	http://43.204.203.77/admin/5566.916466eea17e3544.js
Method	GET
Parameter
Attack
Evidence	admin
URL	http://43.204.203.77/admin/5595.0612fe5ebe4f3c57.js
Method	GET
Parameter
Attack
Evidence	Admin
URL	http://43.204.203.77/admin/5864.e6cf23d4b8bde2ed.js
Method	GET
Parameter
Attack
Evidence	User
URL	http://43.204.203.77/admin/5939.e071093f9de25a2e.js
Method	GET
Parameter
Attack
Evidence	Admin
URL	http://43.204.203.77/admin/6093.c4d026c0e6cfb2d8.js
Method	GET
Parameter
Attack
Evidence	admin
URL	http://43.204.203.77/admin/636.4a87c2dcbbae797c.js
Method	GET
Parameter
Attack
Evidence	select
URL	http://43.204.203.77/admin/6727.65485f2be6cf644e.js
Method	GET
Parameter
Attack
Evidence	admin
URL	http://43.204.203.77/admin/6874.b37fc5c4a6dc4918.js
Method	GET
Parameter
Attack
Evidence	admin
URL	http://43.204.203.77/admin/6879.41e5a9c4f62a4f88.js
Method	GET
Parameter
Attack
Evidence	user
URL	http://43.204.203.77/admin/7.472206f9bbd253df.js
Method	GET
Parameter
Attack
Evidence	user
URL	http://43.204.203.77/admin/7185.873f3f9c8855ff16.js
Method	GET
Parameter
Attack
Evidence	user
URL	http://43.204.203.77/admin/7294.eeb6937739f265b5.js
Method	GET
Parameter
Attack
Evidence	admin
URL	http://43.204.203.77/admin/7314.735603d04c6a69dd.js
Method	GET
Parameter
Attack
Evidence	TODO
URL	http://43.204.203.77/admin/7324.8258d7ea7c7489b9.js
Method	GET
Parameter
Attack
Evidence	dB
URL	http://43.204.203.77/admin/7339.78847452049e2559.js
Method	GET
Parameter
Attack
Evidence	Admin
URL	http://43.204.203.77/admin/7498.39e2df10da020fde.js
Method	GET
Parameter
Attack
Evidence	admin
URL	http://43.204.203.77/admin/7648.a5db27b3c0c1ecc6.js
Method	GET
Parameter
Attack
Evidence	admin
URL	http://43.204.203.77/admin/7651.79a779703123ba4a.js
Method	GET
Parameter
Attack
Evidence	user
URL	http://43.204.203.77/admin/7654.77a32404c600674d.js
Method	GET
Parameter
Attack
Evidence	admin
URL	http://43.204.203.77/admin/7739.b38d03efacc81c19.js
Method	GET
Parameter
Attack
Evidence	dB
URL	http://43.204.203.77/admin/7773.d25ce3f58b5e23a2.js
Method	GET
Parameter
Attack
Evidence	admin
URL	http://43.204.203.77/admin/7932.d9080416c797853a.js
Method	GET
Parameter
Attack
Evidence	user
URL	http://43.204.203.77/admin/7970.1ee5d960a1ca3532.js
Method	GET
Parameter
Attack
Evidence	admin
URL	http://43.204.203.77/admin/808.1da73573c54d95e8.js
Method	GET
Parameter
Attack
Evidence	admin
URL	http://43.204.203.77/admin/8110.a01cf4c1217d7be7.js
Method	GET
Parameter
Attack
Evidence	admin
URL	http://43.204.203.77/admin/8410.20e060e1ec2ef01e.js
Method	GET
Parameter
Attack
Evidence	admin
URL	http://43.204.203.77/admin/8461.4a04ccab7beaceee.js
Method	GET
Parameter
Attack
Evidence	admin
URL	http://43.204.203.77/admin/8538.c93f9f4d8e30041f.js
Method	GET
Parameter
Attack
Evidence	select
URL	http://43.204.203.77/admin/8622.cf18b2bf0bacf8dd.js
Method	GET
Parameter
Attack
Evidence	user
URL	http://43.204.203.77/admin/8654.c58c2f574061819f.js
Method	GET
Parameter
Attack
Evidence	user
URL	http://43.204.203.77/admin/877.1d2d037edb7ebd92.js
Method	GET
Parameter
Attack
Evidence	admin
URL	http://43.204.203.77/admin/9041.de49dc19422a1558.js
Method	GET
Parameter
Attack
Evidence	admin
URL	http://43.204.203.77/admin/9169.cc55dab143f39277.js
Method	GET
Parameter
Attack
Evidence	query
URL	http://43.204.203.77/admin/9416.33eecdd80361ba8a.js
Method	GET
Parameter
Attack
Evidence	admin
URL	http://43.204.203.77/admin/9442.6eba38d870f411d4.js
Method	GET
Parameter
Attack
Evidence	user
URL	http://43.204.203.77/admin/9473.7f26a820cc350a1a.js
Method	GET
Parameter
Attack
Evidence	admin
URL	http://43.204.203.77/admin/9584.b6efee3482211830.js
Method	GET
Parameter
Attack
Evidence	User
URL	http://43.204.203.77/admin/9675.41014bbf75aaa443.js
Method	GET
Parameter
Attack
Evidence	select
URL	http://43.204.203.77/admin/993.8497a298a793d670.js
Method	GET
Parameter
Attack
Evidence	user
URL	http://43.204.203.77/admin/9990.467b034322daa8d5.js
Method	GET
Parameter
Attack
Evidence	admin
URL	http://43.204.203.77/admin/common.ef4a1c86199084fd.js
Method	GET
Parameter
Attack
Evidence	admin
URL	http://43.204.203.77/admin/main.0f1cfd2e4f5d7956.js
Method	GET
Parameter
Attack
Evidence	query
URL	http://43.204.203.77/admin/polyfills.dd6de2846bef6fea.js
Method	GET
Parameter
Attack
Evidence	select
URL	https://cdn.ckeditor.com/4.5.11/full-all/ckeditor.js
Method	GET
Parameter
Attack
Evidence	from
URL	https://cdn.ckeditor.com/4.5.11/full-all/ckeditor.js
Method	GET
Parameter
Attack
Evidence	select
URL	https://cdn.ckeditor.com/4.5.11/full-all/ckeditor.js
Method	GET
Parameter
Attack
Evidence	user
URL	https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/ckeditor.js
Method	GET
Parameter
Attack
Evidence	from
URL	https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/ckeditor.js
Method	GET
Parameter
Attack
Evidence	select
URL	https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/ckeditor.js
Method	GET
Parameter
Attack
Evidence	user
URL	https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/lang/en-gb.js?t=I2QG
Method	GET
Parameter
Attack
Evidence	user
URL	https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/styles.js?t=I2QG
Method	GET
Parameter
Attack
Evidence	from
URL	https://cdn.plot.ly/plotly-basic-1.55.2.min.js
Method	GET
Parameter
Attack
Evidence	bug
URL	https://cdn.plot.ly/plotly-basic-1.55.2.min.js
Method	GET
Parameter
Attack
Evidence	user
URL	https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method	GET
Parameter
Attack
Evidence	select
URL	https://edgeservices.bing.com/rp/GBZ850ngNs7Vmx3K8jd6CJOXRog.js
Method	GET
Parameter
Attack
Evidence	from
URL	https://edgeservices.bing.com/rp/JDsGCskJXJerqDlueE-JSck9YmY.js
Method	GET
Parameter
Attack
Evidence	from
URL	https://edgeservices.bing.com/rp/rO-9PeVNCXkmW0qTG4ecU5hJ2Rc.js
Method	GET
Parameter
Attack
Evidence	from
URL	https://edgeservices.bing.com/rp/tVjySZU7uHF3djX0d9UfyyYoJZg.js
Method	GET
Parameter
Attack
Evidence	from
URL	https://edgeservices.bing.com/rp/XyQNqvQakaG0v1trKEJdUG1Lw0w.js
Method	GET
Parameter
Attack
Evidence	from
Instances	97
Solution	Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.
Reference
CWE Id	200
WASC Id	13
Plugin Id	10027

Informational	Loosely Scoped Cookie
Description	Cookies can be scoped by domain or path. This check is only concerned with domain scope.The domain scope applied to a cookie determines which domains can access it. For example, a cookie can be scoped strictly to a subdomain e.g. www.nottrusted.com, or loosely scoped to a parent domain e.g. nottrusted.com. In the latter case, any subdomain of nottrusted.com can access the cookie. Loosely scoped cookies are common in mega-applications like google.com and live.com. Cookies set from a subdomain like app.foo.bar are transmitted only to that domain by the browser. However, cookies scoped to a parent-level domain may be transmitted to the parent, or any subdomain of the parent.

URL	https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method	GET
Parameter
Attack
Evidence
Instances	1
Solution	Always scope cookies to a FQDN (Fully Qualified Domain Name).
Reference	https://tools.ietf.org/html/rfc6265#section-4.1 https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_cookies
CWE Id	565
WASC Id	15
Plugin Id	90033

Informational	Modern Web Application
Description	The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.

URL	http://43.204.203.77/admin/
Method	GET
Parameter
Attack
Evidence	<script src="https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/ckeditor.js"></script>
URL	https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method	GET
Parameter
Attack
Evidence	<a id="sb_feedback" role="button" target="_blank" _ctf="rdr_T" class="linkBtn" h="ID=SERP,5029.1"><span class="sb_fbdText">Feedback</span></a>
Instances	2
Solution	This is an informational alert and so no changes are required.
Reference
CWE Id
WASC Id
Plugin Id	10109

Informational	Re-examine Cache-control Directives
Description	The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.

URL	https://edge.microsoft.com/abusiveadblocking/api/v1/blocklist
Method	GET
Parameter	Cache-Control
Attack
Evidence	public, max-age=43200
URL	https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=arbitration_priority_list&version=2..&channel=stable&key=d414dd4f9db345fa8003e32adc81b362
Method	GET
Parameter	Cache-Control
Attack
Evidence	public, max-age=3600
URL	https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=edge_hub_apps_manifest&version=4.7.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362
Method	GET
Parameter	Cache-Control
Attack
Evidence	public, max-age=3600
URL	https://edge.microsoft.com/neededge/v1?bucket=80
Method	GET
Parameter	Cache-Control
Attack
Evidence	public, max-age=86400
URL	https://edgeservices.bing.com/edgesvc/shell?&lightschemeovr=1&FORM=SHORUN&udscs=1&udsnav=1&setlang=en-GB&clientscopes=noheader,coauthor,chat,docvisibility,visibilitypm,&udsframed=1
Method	GET
Parameter	Cache-Control
Attack
Evidence	private
URL	https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1678736907773
Method	GET
Parameter	Cache-Control
Attack
Evidence	max-age=3600,public
URL	https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?collection=query-stripping&bucket=main&_expected=0
Method	GET
Parameter	Cache-Control
Attack
Evidence	max-age=3600,public
Instances	7
Solution	For secure content, ensure the cache-control HTTP header is set with "no-cache, no-store, must-revalidate". If an asset should be cached consider setting the directives "public, max-age, immutable".
Reference	https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control https://grayduck.mn/2021/09/13/cache-control-recommendations/
CWE Id	525
WASC Id	13
Plugin Id	10015

Informational	Retrieved from Cache
Description	The content was retrieved from a shared cache. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where caching servers such as "proxy" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.

URL	http://detectportal.firefox.com/canonical.html
Method	GET
Parameter
Attack
Evidence	Age: 82503
URL	http://detectportal.firefox.com/canonical.html
Method	GET
Parameter
Attack
Evidence	Age: 82563
URL	http://detectportal.firefox.com/canonical.html
Method	GET
Parameter
Attack
Evidence	Age: 82579
URL	http://detectportal.firefox.com/canonical.html
Method	GET
Parameter
Attack
Evidence	Age: 82659
URL	http://detectportal.firefox.com/canonical.html
Method	GET
Parameter
Attack
Evidence	Age: 82778
URL	http://detectportal.firefox.com/canonical.html
Method	GET
Parameter
Attack
Evidence	Age: 82887
URL	http://detectportal.firefox.com/canonical.html
Method	GET
Parameter
Attack
Evidence	Age: 83009
URL	http://detectportal.firefox.com/canonical.html
Method	GET
Parameter
Attack
Evidence	Age: 83070
URL	http://detectportal.firefox.com/canonical.html
Method	GET
Parameter
Attack
Evidence	Age: 83119
URL	http://detectportal.firefox.com/canonical.html
Method	GET
Parameter
Attack
Evidence	Age: 83243
URL	http://detectportal.firefox.com/success.txt?ipv4
Method	GET
Parameter
Attack
Evidence	Age: 40571
URL	http://detectportal.firefox.com/success.txt?ipv4
Method	GET
Parameter
Attack
Evidence	Age: 40631
URL	http://detectportal.firefox.com/success.txt?ipv4
Method	GET
Parameter
Attack
Evidence	Age: 40647
URL	http://detectportal.firefox.com/success.txt?ipv4
Method	GET
Parameter
Attack
Evidence	Age: 40727
URL	http://detectportal.firefox.com/success.txt?ipv4
Method	GET
Parameter
Attack
Evidence	Age: 40846
URL	http://detectportal.firefox.com/success.txt?ipv4
Method	GET
Parameter
Attack
Evidence	Age: 40955
URL	http://detectportal.firefox.com/success.txt?ipv4
Method	GET
Parameter
Attack
Evidence	Age: 41077
URL	http://detectportal.firefox.com/success.txt?ipv4
Method	GET
Parameter
Attack
Evidence	Age: 41138
URL	http://detectportal.firefox.com/success.txt?ipv4
Method	GET
Parameter
Attack
Evidence	Age: 41187
URL	http://detectportal.firefox.com/success.txt?ipv4
Method	GET
Parameter
Attack
Evidence	Age: 41311
URL	https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/ckeditor.js
Method	GET
Parameter
Attack
Evidence	HIT
URL	https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/config.js?t=I2QG
Method	GET
Parameter
Attack
Evidence	HIT
URL	https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/config.js?t=I2QG
Method	GET
Parameter
Attack
Evidence	Age: 0
URL	https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/contents.css?t=I2QG
Method	GET
Parameter
Attack
Evidence	HIT
URL	https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/lang/en-gb.js?t=I2QG
Method	GET
Parameter
Attack
Evidence	HIT
URL	https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/lang/en-gb.js?t=I2QG
Method	GET
Parameter
Attack
Evidence	Age: 0
URL	https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/plugins/scayt/dialogs/dialog.css
Method	GET
Parameter
Attack
Evidence	HIT
URL	https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/plugins/scayt/skins/moono-lisa/scayt.css
Method	GET
Parameter
Attack
Evidence	HIT
URL	https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/plugins/scayt/skins/moono-lisa/scayt.css
Method	GET
Parameter
Attack
Evidence	Age: 0
URL	https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/plugins/tableselection/styles/tableselection.css
Method	GET
Parameter
Attack
Evidence	HIT
URL	https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/plugins/tableselection/styles/tableselection.css
Method	GET
Parameter
Attack
Evidence	Age: 0
URL	https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/plugins/wsc/skins/moono-lisa/wsc.css
Method	GET
Parameter
Attack
Evidence	HIT
URL	https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/plugins/wsc/skins/moono-lisa/wsc.css
Method	GET
Parameter
Attack
Evidence	Age: 0
URL	https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/skins/moono-lisa/editor_gecko.css?t=I2QG
Method	GET
Parameter
Attack
Evidence	HIT
URL	https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/skins/moono-lisa/editor_gecko.css?t=I2QG
Method	GET
Parameter
Attack
Evidence	Age: 0
URL	https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/styles.js?t=I2QG
Method	GET
Parameter
Attack
Evidence	HIT
URL	https://cdn.jsdelivr.net/npm/ckeditor@4.9.1/styles.js?t=I2QG
Method	GET
Parameter
Attack
Evidence	Age: 0
URL	https://cdn.plot.ly/plotly-basic-1.55.2.min.js
Method	GET
Parameter
Attack
Evidence	HIT
URL	https://cdn.plot.ly/plotly-basic-1.55.2.min.js
Method	GET
Parameter
Attack
Evidence	Age: 2
URL	https://cdnjs.cloudflare.com/ajax/libs/lodash.js/4.17.5/lodash.min.js
Method	GET
Parameter
Attack
Evidence	Age: 155
URL	https://cdnjs.cloudflare.com/ajax/libs/lodash.js/4.17.5/lodash.min.js
Method	GET
Parameter
Attack
Evidence	Age: 274
URL	https://cdnjs.cloudflare.com/ajax/libs/lodash.js/4.17.5/lodash.min.js
Method	GET
Parameter
Attack
Evidence	Age: 383
URL	https://cdnjs.cloudflare.com/ajax/libs/lodash.js/4.17.5/lodash.min.js
Method	GET
Parameter
Attack
Evidence	Age: 505
URL	https://cdnjs.cloudflare.com/ajax/libs/lodash.js/4.17.5/lodash.min.js
Method	GET
Parameter
Attack
Evidence	Age: 615
URL	https://cdnjs.cloudflare.com/ajax/libs/lodash.js/4.17.5/lodash.min.js
Method	GET
Parameter
Attack
Evidence	Age: 740
URL	https://cdnjs.cloudflare.com/ajax/libs/lodash.js/4.17.5/lodash.min.js
Method	GET
Parameter
Attack
Evidence	Age: 75
URL	https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
Method	GET
Parameter
Attack
Evidence	Age: 2780
URL	https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
Method	GET
Parameter
Attack
Evidence	Age: 2855
URL	https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
Method	GET
Parameter
Attack
Evidence	Age: 2935
URL	https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
Method	GET
Parameter
Attack
Evidence	Age: 3054
URL	https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
Method	GET
Parameter
Attack
Evidence	Age: 3163
URL	https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
Method	GET
Parameter
Attack
Evidence	Age: 3285
URL	https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
Method	GET
Parameter
Attack
Evidence	Age: 3395
URL	https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
Method	GET
Parameter
Attack
Evidence	Age: 3519
URL	https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1678736907773
Method	GET
Parameter
Attack
Evidence	Age: 2945
URL	https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1678736907773
Method	GET
Parameter
Attack
Evidence	Age: 3021
URL	https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1678736907773
Method	GET
Parameter
Attack
Evidence	Age: 3101
URL	https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1678736907773
Method	GET
Parameter
Attack
Evidence	Age: 3220
URL	https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1678736907773
Method	GET
Parameter
Attack
Evidence	Age: 3329
URL	https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1678736907773
Method	GET
Parameter
Attack
Evidence	Age: 3451
URL	https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1678736907773
Method	GET
Parameter
Attack
Evidence	Age: 3561
URL	https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1678736907773
Method	GET
Parameter
Attack
Evidence	Age: 84
URL	https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?collection=query-stripping&bucket=main&_expected=0
Method	GET
Parameter
Attack
Evidence	Age: 214
URL	https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?collection=query-stripping&bucket=main&_expected=0
Method	GET
Parameter
Attack
Evidence	Age: 324
URL	https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?collection=query-stripping&bucket=main&_expected=0
Method	GET
Parameter
Attack
Evidence	Age: 3308
URL	https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?collection=query-stripping&bucket=main&_expected=0
Method	GET
Parameter
Attack
Evidence	Age: 3384
URL	https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?collection=query-stripping&bucket=main&_expected=0
Method	GET
Parameter
Attack
Evidence	Age: 3464
URL	https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?collection=query-stripping&bucket=main&_expected=0
Method	GET
Parameter
Attack
Evidence	Age: 3583
URL	https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?collection=query-stripping&bucket=main&_expected=0
Method	GET
Parameter
Attack
Evidence	Age: 448
URL	https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?collection=query-stripping&bucket=main&_expected=0
Method	GET
Parameter
Attack
Evidence	Age: 92
URL	https://fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Method	GET
Parameter
Attack
Evidence	Age: 166024
URL	https://fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Method	GET
Parameter
Attack
Evidence	Age: 166090
URL	https://fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Method	GET
Parameter
Attack
Evidence	Age: 166170
URL	https://fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Method	GET
Parameter
Attack
Evidence	Age: 166289
URL	https://fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Method	GET
Parameter
Attack
Evidence	Age: 166399
URL	https://fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Method	GET
Parameter
Attack
Evidence	Age: 166520
URL	https://fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Method	GET
Parameter
Attack
Evidence	Age: 166629
URL	https://fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Method	GET
Parameter
Attack
Evidence	Age: 166758
URL	https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Method	GET
Parameter
Attack
Evidence	Age: 166202
URL	https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Method	GET
Parameter
Attack
Evidence	Age: 166275
URL	https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Method	GET
Parameter
Attack
Evidence	Age: 166355
URL	https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Method	GET
Parameter
Attack
Evidence	Age: 166474
URL	https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Method	GET
Parameter
Attack
Evidence	Age: 166584
URL	https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Method	GET
Parameter
Attack
Evidence	Age: 166705
URL	https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Method	GET
Parameter
Attack
Evidence	Age: 166815
URL	https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Method	GET
Parameter
Attack
Evidence	Age: 166941
URL	https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Method	GET
Parameter
Attack
Evidence	Age: 12818
URL	https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Method	GET
Parameter
Attack
Evidence	Age: 12891
URL	https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Method	GET
Parameter
Attack
Evidence	Age: 12971
URL	https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Method	GET
Parameter
Attack
Evidence	Age: 13090
URL	https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Method	GET
Parameter
Attack
Evidence	Age: 13200
URL	https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Method	GET
Parameter
Attack
Evidence	Age: 13322
URL	https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Method	GET
Parameter
Attack
Evidence	Age: 13431
URL	https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Method	GET
Parameter
Attack
Evidence	Age: 13557
URL	https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Method	GET
Parameter
Attack
Evidence	Age: 166255
URL	https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Method	GET
Parameter
Attack
Evidence	Age: 166403
URL	https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Method	GET
Parameter
Attack
Evidence	Age: 166522
URL	https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Method	GET
Parameter
Attack
Evidence	Age: 166752
URL	https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Method	GET
Parameter
Attack
Evidence	Age: 166862
URL	https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Method	GET
Parameter
Attack
Evidence	Age: 166991
URL	https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Method	GET
Parameter
Attack
Evidence	Age: 166234
URL	https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Method	GET
Parameter
Attack
Evidence	Age: 166301
URL	https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Method	GET
Parameter
Attack
Evidence	Age: 166382
URL	https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Method	GET
Parameter
Attack
Evidence	Age: 166500
URL	https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Method	GET
Parameter
Attack
Evidence	Age: 166610
URL	https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Method	GET
Parameter
Attack
Evidence	Age: 166731
URL	https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Method	GET
Parameter
Attack
Evidence	Age: 166841
URL	https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Method	GET
Parameter
Attack
Evidence	Age: 166970
URL	https://tracking-protection.cdn.mozilla.net/ads-track-digest256/1668785275
Method	GET
Parameter
Attack
Evidence	Age: 34975
URL	https://tracking-protection.cdn.mozilla.net/ads-track-digest256/1668785275
Method	GET
Parameter
Attack
Evidence	Age: 35051
URL	https://tracking-protection.cdn.mozilla.net/ads-track-digest256/1668785275
Method	GET
Parameter
Attack
Evidence	Age: 35131
URL	https://tracking-protection.cdn.mozilla.net/ads-track-digest256/1668785275
Method	GET
Parameter
Attack
Evidence	Age: 35250
URL	https://tracking-protection.cdn.mozilla.net/ads-track-digest256/1668785275
Method	GET
Parameter
Attack
Evidence	Age: 35360
URL	https://tracking-protection.cdn.mozilla.net/ads-track-digest256/1668785275
Method	GET
Parameter
Attack
Evidence	Age: 35591
URL	https://tracking-protection.cdn.mozilla.net/ads-track-digest256/1668785275
Method	GET
Parameter
Attack
Evidence	Age: 35715
URL	https://tracking-protection.cdn.mozilla.net/ads-track-digest256/1668785275
Method	GET
Parameter
Attack
Evidence	Age: 55965
URL	https://tracking-protection.cdn.mozilla.net/analytics-track-digest256/1663274228
Method	GET
Parameter
Attack
Evidence	Age: 65358
URL	https://tracking-protection.cdn.mozilla.net/analytics-track-digest256/1663274228
Method	GET
Parameter
Attack
Evidence	Age: 65587
URL	https://tracking-protection.cdn.mozilla.net/analytics-track-digest256/1663274228
Method	GET
Parameter
Attack
Evidence	Age: 65708
URL	https://tracking-protection.cdn.mozilla.net/analytics-track-digest256/1663274228
Method	GET
Parameter
Attack
Evidence	Age: 65817
URL	https://tracking-protection.cdn.mozilla.net/analytics-track-digest256/1663274228
Method	GET
Parameter
Attack
Evidence	Age: 71212
URL	https://tracking-protection.cdn.mozilla.net/analytics-track-digest256/1663274228
Method	GET
Parameter
Attack
Evidence	Age: 71288
URL	https://tracking-protection.cdn.mozilla.net/analytics-track-digest256/1663274228
Method	GET
Parameter
Attack
Evidence	Age: 71487
URL	https://tracking-protection.cdn.mozilla.net/analytics-track-digest256/1663274228
Method	GET
Parameter
Attack
Evidence	Age: 71952
URL	https://tracking-protection.cdn.mozilla.net/base-cryptomining-track-digest256/1604686195
Method	GET
Parameter
Attack
Evidence	Age: 26353
URL	https://tracking-protection.cdn.mozilla.net/base-cryptomining-track-digest256/1604686195
Method	GET
Parameter
Attack
Evidence	Age: 26582
URL	https://tracking-protection.cdn.mozilla.net/base-cryptomining-track-digest256/1604686195
Method	GET
Parameter
Attack
Evidence	Age: 33500
URL	https://tracking-protection.cdn.mozilla.net/base-cryptomining-track-digest256/1604686195
Method	GET
Parameter
Attack
Evidence	Age: 33575
URL	https://tracking-protection.cdn.mozilla.net/base-cryptomining-track-digest256/1604686195
Method	GET
Parameter
Attack
Evidence	Age: 33773
URL	https://tracking-protection.cdn.mozilla.net/base-cryptomining-track-digest256/1604686195
Method	GET
Parameter
Attack
Evidence	Age: 34005
URL	https://tracking-protection.cdn.mozilla.net/base-cryptomining-track-digest256/1604686195
Method	GET
Parameter
Attack
Evidence	Age: 34115
URL	https://tracking-protection.cdn.mozilla.net/base-cryptomining-track-digest256/1604686195
Method	GET
Parameter
Attack
Evidence	Age: 34240
URL	https://tracking-protection.cdn.mozilla.net/base-email-track-digest256/1668785275
Method	GET
Parameter
Attack
Evidence	Age: 60249
URL	https://tracking-protection.cdn.mozilla.net/base-email-track-digest256/1668785275
Method	GET
Parameter
Attack
Evidence	Age: 60789
URL	https://tracking-protection.cdn.mozilla.net/base-email-track-digest256/1668785275
Method	GET
Parameter
Attack
Evidence	Age: 63676
URL	https://tracking-protection.cdn.mozilla.net/base-email-track-digest256/1668785275
Method	GET
Parameter
Attack
Evidence	Age: 63831
URL	https://tracking-protection.cdn.mozilla.net/base-email-track-digest256/1668785275
Method	GET
Parameter
Attack
Evidence	Age: 63949
URL	https://tracking-protection.cdn.mozilla.net/base-email-track-digest256/1668785275
Method	GET
Parameter
Attack
Evidence	Age: 64059
URL	https://tracking-protection.cdn.mozilla.net/base-email-track-digest256/1668785275
Method	GET
Parameter
Attack
Evidence	Age: 64180
URL	https://tracking-protection.cdn.mozilla.net/base-email-track-digest256/1668785275
Method	GET
Parameter
Attack
Evidence	Age: 64416
URL	https://tracking-protection.cdn.mozilla.net/base-fingerprinting-track-digest256/1663274228
Method	GET
Parameter
Attack
Evidence	Age: 34970
URL	https://tracking-protection.cdn.mozilla.net/base-fingerprinting-track-digest256/1663274228
Method	GET
Parameter
Attack
Evidence	Age: 35045
URL	https://tracking-protection.cdn.mozilla.net/base-fingerprinting-track-digest256/1663274228
Method	GET
Parameter
Attack
Evidence	Age: 35125
URL	https://tracking-protection.cdn.mozilla.net/base-fingerprinting-track-digest256/1663274228
Method	GET
Parameter
Attack
Evidence	Age: 35243
URL	https://tracking-protection.cdn.mozilla.net/base-fingerprinting-track-digest256/1663274228
Method	GET
Parameter
Attack
Evidence	Age: 35353
URL	https://tracking-protection.cdn.mozilla.net/base-fingerprinting-track-digest256/1663274228
Method	GET
Parameter
Attack
Evidence	Age: 35584
URL	https://tracking-protection.cdn.mozilla.net/base-fingerprinting-track-digest256/1663274228
Method	GET
Parameter
Attack
Evidence	Age: 35710
URL	https://tracking-protection.cdn.mozilla.net/base-fingerprinting-track-digest256/1663274228
Method	GET
Parameter
Attack
Evidence	Age: 80926
URL	https://tracking-protection.cdn.mozilla.net/content-email-track-digest256/1668785275
Method	GET
Parameter
Attack
Evidence	Age: 53812
URL	https://tracking-protection.cdn.mozilla.net/content-email-track-digest256/1668785275
Method	GET
Parameter
Attack
Evidence	Age: 53887
URL	https://tracking-protection.cdn.mozilla.net/content-email-track-digest256/1668785275
Method	GET
Parameter
Attack
Evidence	Age: 53967
URL	https://tracking-protection.cdn.mozilla.net/content-email-track-digest256/1668785275
Method	GET
Parameter
Attack
Evidence	Age: 54085
URL	https://tracking-protection.cdn.mozilla.net/content-email-track-digest256/1668785275
Method	GET
Parameter
Attack
Evidence	Age: 54195
URL	https://tracking-protection.cdn.mozilla.net/content-email-track-digest256/1668785275
Method	GET
Parameter
Attack
Evidence	Age: 54426
URL	https://tracking-protection.cdn.mozilla.net/content-email-track-digest256/1668785275
Method	GET
Parameter
Attack
Evidence	Age: 54552
URL	https://tracking-protection.cdn.mozilla.net/content-email-track-digest256/1668785275
Method	GET
Parameter
Attack
Evidence	Age: 76343
URL	https://tracking-protection.cdn.mozilla.net/content-track-digest256/1670952926
Method	GET
Parameter
Attack
Evidence	Age: 35011
URL	https://tracking-protection.cdn.mozilla.net/content-track-digest256/1670952926
Method	GET
Parameter
Attack
Evidence	Age: 35086
URL	https://tracking-protection.cdn.mozilla.net/content-track-digest256/1670952926
Method	GET
Parameter
Attack
Evidence	Age: 35167
URL	https://tracking-protection.cdn.mozilla.net/content-track-digest256/1670952926
Method	GET
Parameter
Attack
Evidence	Age: 35626
URL	https://tracking-protection.cdn.mozilla.net/content-track-digest256/1670952926
Method	GET
Parameter
Attack
Evidence	Age: 42133
URL	https://tracking-protection.cdn.mozilla.net/content-track-digest256/1670952926
Method	GET
Parameter
Attack
Evidence	Age: 42244
URL	https://tracking-protection.cdn.mozilla.net/content-track-digest256/1670952926
Method	GET
Parameter
Attack
Evidence	Age: 42365
URL	https://tracking-protection.cdn.mozilla.net/content-track-digest256/1670952926
Method	GET
Parameter
Attack
Evidence	Age: 42598
URL	https://tracking-protection.cdn.mozilla.net/google-trackwhite-digest256/1604686195
Method	GET
Parameter
Attack
Evidence	Age: 57575
URL	https://tracking-protection.cdn.mozilla.net/google-trackwhite-digest256/1604686195
Method	GET
Parameter
Attack
Evidence	Age: 57656
URL	https://tracking-protection.cdn.mozilla.net/google-trackwhite-digest256/1604686195
Method	GET
Parameter
Attack
Evidence	Age: 57729
URL	https://tracking-protection.cdn.mozilla.net/google-trackwhite-digest256/1604686195
Method	GET
Parameter
Attack
Evidence	Age: 58003
URL	https://tracking-protection.cdn.mozilla.net/google-trackwhite-digest256/1604686195
Method	GET
Parameter
Attack
Evidence	Age: 58005
URL	https://tracking-protection.cdn.mozilla.net/google-trackwhite-digest256/1604686195
Method	GET
Parameter
Attack
Evidence	Age: 58113
URL	https://tracking-protection.cdn.mozilla.net/google-trackwhite-digest256/1604686195
Method	GET
Parameter
Attack
Evidence	Age: 58115
URL	https://tracking-protection.cdn.mozilla.net/google-trackwhite-digest256/1604686195
Method	GET
Parameter
Attack
Evidence	Age: 58239
URL	https://tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/1670952926
Method	GET
Parameter
Attack
Evidence	Age: 109
URL	https://tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/1670952926
Method	GET
Parameter
Attack
Evidence	Age: 27115
URL	https://tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/1670952926
Method	GET
Parameter
Attack
Evidence	Age: 27343
URL	https://tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/1670952926
Method	GET
Parameter
Attack
Evidence	Age: 27573
URL	https://tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/1670952926
Method	GET
Parameter
Attack
Evidence	Age: 27698
URL	https://tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/1670952926
Method	GET
Parameter
Attack
Evidence	Age: 341
URL	https://tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/1670952926
Method	GET
Parameter
Attack
Evidence	Age: 86238
URL	https://tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/1670952926
Method	GET
Parameter
Attack
Evidence	Age: 86313
URL	https://tracking-protection.cdn.mozilla.net/social-track-digest256/1668785275
Method	GET
Parameter
Attack
Evidence	Age: 26855
URL	https://tracking-protection.cdn.mozilla.net/social-track-digest256/1668785275
Method	GET
Parameter
Attack
Evidence	Age: 26931
URL	https://tracking-protection.cdn.mozilla.net/social-track-digest256/1668785275
Method	GET
Parameter
Attack
Evidence	Age: 27362
URL	https://tracking-protection.cdn.mozilla.net/social-track-digest256/1668785275
Method	GET
Parameter
Attack
Evidence	Age: 27595
URL	https://tracking-protection.cdn.mozilla.net/social-track-digest256/1668785275
Method	GET
Parameter
Attack
Evidence	Age: 68783
URL	https://tracking-protection.cdn.mozilla.net/social-track-digest256/1668785275
Method	GET
Parameter
Attack
Evidence	Age: 68901
URL	https://tracking-protection.cdn.mozilla.net/social-track-digest256/1668785275
Method	GET
Parameter
Attack
Evidence	Age: 69011
URL	https://tracking-protection.cdn.mozilla.net/social-track-digest256/1668785275
Method	GET
Parameter
Attack
Evidence	Age: 69242
URL	https://tracking-protection.cdn.mozilla.net/social-tracking-protection-facebook-digest256/1604686195
Method	GET
Parameter
Attack
Evidence	Age: 43094
URL	https://tracking-protection.cdn.mozilla.net/social-tracking-protection-facebook-digest256/1604686195
Method	GET
Parameter
Attack
Evidence	Age: 43444
URL	https://tracking-protection.cdn.mozilla.net/social-tracking-protection-facebook-digest256/1604686195
Method	GET
Parameter
Attack
Evidence	Age: 43554
URL	https://tracking-protection.cdn.mozilla.net/social-tracking-protection-facebook-digest256/1604686195
Method	GET
Parameter
Attack
Evidence	Age: 72971
URL	https://tracking-protection.cdn.mozilla.net/social-tracking-protection-facebook-digest256/1604686195
Method	GET
Parameter
Attack
Evidence	Age: 73045
URL	https://tracking-protection.cdn.mozilla.net/social-tracking-protection-facebook-digest256/1604686195
Method	GET
Parameter
Attack
Evidence	Age: 73243
URL	https://tracking-protection.cdn.mozilla.net/social-tracking-protection-facebook-digest256/1604686195
Method	GET
Parameter
Attack
Evidence	Age: 73354
URL	https://tracking-protection.cdn.mozilla.net/social-tracking-protection-facebook-digest256/1604686195
Method	GET
Parameter
Attack
Evidence	Age: 73710
URL	https://tracking-protection.cdn.mozilla.net/social-tracking-protection-linkedin-digest256/1564526481
Method	GET
Parameter
Attack
Evidence	Age: 60007
URL	https://tracking-protection.cdn.mozilla.net/social-tracking-protection-linkedin-digest256/1564526481
Method	GET
Parameter
Attack
Evidence	Age: 60390
URL	https://tracking-protection.cdn.mozilla.net/social-tracking-protection-linkedin-digest256/1564526481
Method	GET
Parameter
Attack
Evidence	Age: 60746
URL	https://tracking-protection.cdn.mozilla.net/social-tracking-protection-linkedin-digest256/1564526481
Method	GET
Parameter
Attack
Evidence	Age: 69570
URL	https://tracking-protection.cdn.mozilla.net/social-tracking-protection-linkedin-digest256/1564526481
Method	GET
Parameter
Attack
Evidence	Age: 69651
URL	https://tracking-protection.cdn.mozilla.net/social-tracking-protection-linkedin-digest256/1564526481
Method	GET
Parameter
Attack
Evidence	Age: 69768
URL	https://tracking-protection.cdn.mozilla.net/social-tracking-protection-linkedin-digest256/1564526481
Method	GET
Parameter
Attack
Evidence	Age: 70000
URL	https://tracking-protection.cdn.mozilla.net/social-tracking-protection-linkedin-digest256/1564526481
Method	GET
Parameter
Attack
Evidence	Age: 70110
URL	https://tracking-protection.cdn.mozilla.net/social-tracking-protection-twitter-digest256/1604686195
Method	GET
Parameter
Attack
Evidence	Age: 27998
URL	https://tracking-protection.cdn.mozilla.net/social-tracking-protection-twitter-digest256/1604686195
Method	GET
Parameter
Attack
Evidence	Age: 28072
URL	https://tracking-protection.cdn.mozilla.net/social-tracking-protection-twitter-digest256/1604686195
Method	GET
Parameter
Attack
Evidence	Age: 28153
URL	https://tracking-protection.cdn.mozilla.net/social-tracking-protection-twitter-digest256/1604686195
Method	GET
Parameter
Attack
Evidence	Age: 28271
URL	https://tracking-protection.cdn.mozilla.net/social-tracking-protection-twitter-digest256/1604686195
Method	GET
Parameter
Attack
Evidence	Age: 28502
URL	https://tracking-protection.cdn.mozilla.net/social-tracking-protection-twitter-digest256/1604686195
Method	GET
Parameter
Attack
Evidence	Age: 28612
URL	https://tracking-protection.cdn.mozilla.net/social-tracking-protection-twitter-digest256/1604686195
Method	GET
Parameter
Attack
Evidence	Age: 28738
URL	https://tracking-protection.cdn.mozilla.net/social-tracking-protection-twitter-digest256/1604686195
Method	GET
Parameter
Attack
Evidence	Age: 83394
Instances	212
Solution	Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user: Cache-Control: no-cache, no-store, must-revalidate, private Pragma: no-cache Expires: 0 This configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.
Reference	https://tools.ietf.org/html/rfc7234 https://tools.ietf.org/html/rfc7231 http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html (obsoleted by rfc7234)
CWE Id
WASC Id
Plugin Id	10050

B2C , B2B Marketplace

Downloadable Products

Subscription-based Marketplace

Booking Services Marketplace

Social Commerce Marketplace

Digital Products Marketplace

Quick Commerce Marketplace

Content Marketplace

Commission-Based Model Marketplace

Subscription-Based Model Marketplace

Freemium Model

Listing Model

LeadFee Model

Next.js For Storefront

Performance & Optimization

Scalability via Microservices Architecture

Containerization with Docker

Messages & Notifications

Enhanced Search Mechanism

Monitoring Performance

Enhanced Image Optimization

OWASP

Security Testing

Implemented the best Security measures for ensuring 100 % Security.

Spurt admin report

Generated on Thu, 13 Apr 2023 14:24:44

Summary of Alerts

Alerts

Alert Detail