urlscan.io logo urlscan.io
SecurityTrails logo

www.fortinet.com Open in urlscan Pro
2406:da18:ad1:1102:e3ad:8cb3:e698:cb06  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://401.tw/Mr6E
Effective URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401
Submission: On September 20 via api from IN — Scanned from JP
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 62 HTTP transactions. The main IP is 2406:da18:ad1:1102:e3ad:8cb3:e698:cb06, located in Singapore, Singapore and belongs to AMAZON-02, US. The main domain is www.fortinet.com. The Cisco Umbrella rank of the primary domain is 115924.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on July 16th 2024. Valid for: a year.
This is the only time www.fortinet.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 172.105.230.106 63949 (AKAMAI-LI...)
17 2406:da18:ad1... 16509 (AMAZON-02)
3 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700:440... 13335 (CLOUDFLAR...)
62 4
Apex Domain
Subdomains		 Transfer
17 fortinet.com
www.fortinet.com — Cisco Umbrella Rank: 115924
347 KB
3 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 326
10 KB
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 491
305 B
1 401.tw
401.tw
297 B
62 4
Domain Requested by
17 www.fortinet.com www.fortinet.com
3 cdn.cookielaw.org www.fortinet.com
cdn.cookielaw.org
1 geolocation.onetrust.com cdn.cookielaw.org
1 401.tw 1 redirects
62 4
Subject Issuer Validity Valid
*.fortinet.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-07-16 -
2025-07-15		 a year crt.sh
cookielaw.org
WE1		 2024-08-13 -
2024-11-11		 3 months crt.sh
geolocation.onetrust.com
WE1		 2024-08-13 -
2024-11-11		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401
Frame ID: 8C2B98204CFBFFE8E65FDA9F9D04376E
Requests: 64 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Threat Actors Exploit GeoServer Vulnerability CVE-2024-36401 | FortiGuard Labs

Page URL History Show full URLs

  1. https://401.tw/Mr6E HTTP 307
    https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <div class="[^"]*aem-Grid
  • /etc/designs/
  • /etc\.clientlibs/
Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js

Page Statistics

62
Requests

34 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

357 kB
Transfer

1553 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://401.tw/Mr6E HTTP 307
    https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

62 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request threat-actors-exploit-geoserver-vulnerability-cve-2024-36401
www.fortinet.com/blog/threat-research/
Redirect Chain
  • https://401.tw/Mr6E
  • https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401
103 KB
29 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2406:da18:ad1:1102:e3ad:8cb3:e698:cb06 Singapore, Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
3d6bc3dbcf9e2cf02f556ae8bd0936e8b62540189823df29c4f524c060bb8328
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Accept-Ranges
bytes
Age
86692
Cache-Control
max-age=600, public, s-maxage=10800
Connection
keep-alive
Content-Encoding
gzip
Content-Length
27960
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Content-Type
text/html;charset=utf-8
Date
Fri, 20 Sep 2024 13:14:57 GMT
ETag
"19b93-62278a4ad0fc7-gzip"
Last-Modified
Thu, 19 Sep 2024 13:10:14 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
Via
1.1 1e6c252eb75ca2cd762cd042a9e5c038.cloudfront.net (CloudFront)
X-Amz-Cf-Id
ORXJ_WZ1T3DaamqZ4SMUo9aMD2-6cYiZHEkAkOraHXExkT8e9IdeGg==
X-Amz-Cf-Pop
SIN2-P4
X-Cache
Hit from cloudfront
X-Content-Type-Options
nosniff
X-Dispatcher
dispatcher1uswest1-28559594
X-Frame-Options
SAMEORIGIN
X-Vhost
publish
X-XSS-Protection
1; mode=block

Redirect headers

Connection
keep-alive
Content-Length
142
Content-Type
text/html; charset=utf-8
Date
Fri, 20 Sep 2024 13:15:07 GMT
Location
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401
Server
nginx/1.26.1
visitorapi.min.js
www.fortinet.com/etc/designs/fortinet/adb-target/ 		64 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.fortinet.com/etc/designs/fortinet/adb-target/visitorapi.min.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2406:da18:ad1:1102:e3ad:8cb3:e698:cb06 Singapore, Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
0f03d4ff929986a3cde83681fd2560eae544f7138f59945ec6ec32c17800ca91
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401

Response headers

X-Vhost
publish
Content-Encoding
gzip
ETag
"fe2d-6117284c96900-gzip"
Age
330512
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
RRxhCetZaJMN7G2zHFiwfAocztTgSlwmo4rAY_YQ4IX9QB6uoo1wmw==
Date
Mon, 16 Sep 2024 17:27:27 GMT
Content-Type
application/javascript
Vary
Accept-Encoding
Last-Modified
Thu, 15 Feb 2024 21:43:32 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 2f37710b411dfd57a465b8ca27d41bee.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
29532
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
SIN2-P4
Server
Apache
at.js
www.fortinet.com/etc/designs/fortinet/adb-target/ 		104 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.fortinet.com/etc/designs/fortinet/adb-target/at.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2406:da18:ad1:1102:e3ad:8cb3:e698:cb06 Singapore, Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
db058d72d7ba8ff6ed7209af23a4458c373cc78f72c81ec1df88bb5de72a0b0b
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401

Response headers

X-Vhost
publish
Content-Encoding
gzip
ETag
"19e83-61431fc4b24c0-gzip"
Age
330473
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
m8N9xK6oXtDztGe_25OFPfBVGhdEX1AiIs8sYRM-K653VEBb1Un83A==
Date
Mon, 16 Sep 2024 17:27:28 GMT
Content-Type
application/javascript
Vary
Accept-Encoding
Last-Modified
Thu, 21 Mar 2024 20:59:39 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 f626414885b2faf7a229c7fb2778d5c8.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
47782
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
SIN2-P4
Server
Apache
clientlib-base.min.900b148ab7b87024003111a1245cca9c.css
www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/ 		540 KB
28 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.900b148ab7b87024003111a1245cca9c.css
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2406:da18:ad1:1102:e3ad:8cb3:e698:cb06 Singapore, Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
94633716497a85d800b6e573953942c4cfe483c0dbd68fa97fd01dd97ced5d66
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401

Response headers

X-Vhost
publish
Content-Encoding
gzip
ETag
"86e1b-61b58998583c0-gzip"
Age
5163985
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
Kqtp5Nb2A770MOokawUB7g1RpnXVdr74i0Ccia8VMeKABtaKv9o-vw==
Date
Fri, 20 Sep 2024 13:14:58 GMT
Content-Type
text/css;charset=utf-8
Last-Modified
Thu, 20 Jun 2024 21:00:07 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 bd549265b50500a9fe6f638d6f06192a.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
27478
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
SIN2-P4
Server
Apache
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
91b0809d8b9dc57eaa09cb0e13c210b24edfaeadb94a8cff0fee02751c1b0b5f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

content-md5
jwlUUXc1HMPClYXMpY+NPQ==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCD8180F629235
x-ms-lease-status
unlocked
age
62209
cf-cache-status
HIT
x-content-type-options
nosniff
expires
Fri, 20 Sep 2024 19:58:18 GMT
date
Fri, 20 Sep 2024 13:15:07 GMT
content-type
application/javascript
last-modified
Wed, 18 Sep 2024 19:28:22 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
x-ms-request-id
6758b5e5-201e-0098-0fc4-0a1db5000000
cf-ray
8c62151e3825f61d-NRT
accept-ranges
bytes
access-control-allow-origin
*
content-length
6881
x-ms-blob-type
BlockBlob
server
cloudflare
fortinet-logo-white.svg
www.fortinet.com/content/dam/fortinet-blog/ 		32 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/fortinet-logo-white.svg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2406:da18:ad1:1102:e3ad:8cb3:e698:cb06 Singapore, Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
d2afd46ac58cd7e89b3fdfd790300d69034e94151ed45acf83d7b6d5dccfdb17
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401

Response headers

X-Vhost
publish
Content-Encoding
gzip
ETag
"7ebb-565d53a1d6e40-gzip"
Age
34042426
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
yoq7fENzwE70MIuqx48R9TIuv1j2xMlo6Ro5KKA-pUzDnZ-nXkvo7g==
Date
Fri, 20 Sep 2024 13:14:58 GMT
Content-Type
image/svg+xml
Content-Disposition
attachment; filename="fortinet-logo-white.svg"
Vary
Accept-Encoding
Last-Modified
Thu, 22 Feb 2018 23:16:01 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 2f37710b411dfd57a465b8ca27d41bee.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
1998
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
SIN2-P4
Server
Apache
toc-icon.jpg
www.fortinet.com/content/dam/fortinet/images/ 		1 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/content/dam/fortinet/images/toc-icon.jpg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2406:da18:ad1:1102:e3ad:8cb3:e698:cb06 Singapore, Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
370df1cc8999c1e03fc1c5f7ced35334513d19233d1fc79d2c1c7f711361565d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401

Response headers

X-Vhost
publish
ETag
"4fd-60a2031eb4f40"
Age
26854843
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
BlM3s8mS8p5iLHt5_avjFRV2UdxWTpS090N4SuqyMz1gHLXDL4grVA==
Date
Fri, 20 Sep 2024 13:14:58 GMT
Content-Type
image/jpeg
Last-Modified
Tue, 14 Nov 2023 17:34:13 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 71cf035a55e299e5d12b1bf6482e945e.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
1277
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
SIN2-P4
Server
Apache
clientlib-base.min.ba4f082a77dabb2c6baf715d9eb61c22.js
www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/ 		160 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.ba4f082a77dabb2c6baf715d9eb61c22.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2406:da18:ad1:1102:e3ad:8cb3:e698:cb06 Singapore, Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
7b1e74dd6970b56853dfd79e59ba73315051b0c59a69c6a9fd87e515650fdc80
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401

Response headers

X-Vhost
publish
Content-Encoding
gzip
ETag
"28100-61cff12ce1d80-gzip"
Age
5163984
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
9ZAAdk_xmKAiGNWI1IimmF1zhtz32xHpNfsNue-MixEdE-7RzvmZYA==
Date
Fri, 20 Sep 2024 13:14:58 GMT
Content-Type
application/javascript;charset=utf-8
Vary
Accept-Encoding
Last-Modified
Thu, 11 Jul 2024 21:01:58 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 71cf035a55e299e5d12b1bf6482e945e.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
74768
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
SIN2-P4
Server
Apache
f85f39fc-d7aa-467a-b762-fbb722748016.json
cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/ 		5 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/f85f39fc-d7aa-467a-b762-fbb722748016.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8998282f5a80fff5eaafdbd457dd7a81af0cd7c8696bfe032a6aeef8fe67f99f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

content-md5
Uj3iBUKm1Vl2g2NHq67V+w==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
cf-cache-status
HIT
etag
0x8DC07DF23DF5130
age
74512
x-ms-lease-status
unlocked
x-content-type-options
nosniff
x-ms-version
2009-09-19
expires
Sat, 21 Sep 2024 13:15:08 GMT
date
Fri, 20 Sep 2024 13:15:08 GMT
content-type
application/x-javascript
last-modified
Thu, 28 Dec 2023 19:56:54 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
x-ms-request-id
c21183be-301e-00a5-5054-cda893000000
cf-ray
8c621523ad3f263b-NRT
accept-ranges
bytes
access-control-allow-origin
*
content-length
1792
x-ms-blob-type
BlockBlob
server
cloudflare
fortinet-logo-white.svg
www.fortinet.com/content/dam/fortinet-blog/ 		32 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/fortinet-logo-white.svg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2406:da18:ad1:1102:e3ad:8cb3:e698:cb06 Singapore, Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
d2afd46ac58cd7e89b3fdfd790300d69034e94151ed45acf83d7b6d5dccfdb17
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401

Response headers

X-Vhost
publish
Content-Encoding
gzip
ETag
"7ebb-565d53a1d6e40-gzip"
Age
34042427
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
f_cgmC9KGFmhMfGzVa31fQ765MDsSy-EbbqLY8t6hWtdbCMF7BVspw==
Date
Fri, 20 Sep 2024 13:15:08 GMT
Content-Type
image/svg+xml
Content-Disposition
attachment; filename="fortinet-logo-white.svg"
Vary
Accept-Encoding
Last-Modified
Thu, 22 Feb 2018 23:16:01 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Via
1.1 2f37710b411dfd57a465b8ca27d41bee.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
1998
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
SIN2-P4
Server
Apache
truncated
/ 		71 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5b4c9abcf01dcf74e0adf075ff4d47464c62c84307ae5ebd115d45da70e6443d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
geoserver-hero.png
www.fortinet.com/content/dam/fortinet-blog/article-heros/ 		312 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/article-heros/geoserver-hero.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2406:da18:ad1:1102:e3ad:8cb3:e698:cb06 Singapore, Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401

Response headers

X-Vhost
publish
ETag
"5c8ee-621505f67c380"
Age
1296297
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
ZB3CM5WC8LH4zUlBfCtDNNgMVBGHtWRAbvVi8Z5V-x7H3FYV7FGuYA==
Date
Fri, 20 Sep 2024 13:14:58 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 19:42:22 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 bd549265b50500a9fe6f638d6f06192a.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
379118
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
SIN2-P4
Server
Apache
chavecloak-thumbnail.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-heros/ 		37 KB
39 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/article-heros/chavecloak-thumbnail.png.thumb.319.319.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2406:da18:ad1:1102:e3ad:8cb3:e698:cb06 Singapore, Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
fd9f918bd5a22813d48748b8c79e2acaeeb590d217575e0d79d734cba9de7736
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401

Response headers

X-Vhost
publish
ETag
"9490-611dcced7f240"
Age
14248936
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
r8VjOgFMLBx9Q4OsFpHoiBm-I2KtEeJCQD-tNZhpiYbPxiLEmFK6Dw==
Date
Fri, 20 Sep 2024 13:14:58 GMT
Content-Type
image/png
Last-Modified
Wed, 21 Feb 2024 04:32:01 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 2f37710b411dfd57a465b8ca27d41bee.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
38032
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
SIN2-P4
Server
Apache
scrubcrypt-24-thumbnail.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-heros/ 		43 KB
44 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/article-heros/scrubcrypt-24-thumbnail.png.thumb.319.319.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2406:da18:ad1:1102:e3ad:8cb3:e698:cb06 Singapore, Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
2eceae481c2cda87ecdc8e65c8bbd62ddc9538144c42ff6c1cd720cd5781623c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401

Response headers

X-Vhost
publish
ETag
"ab05-6155cc8f5f240"
Age
14245010
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
CWP2U6dEuGoiZeOY_D4Rb1a2AhGEoMn6xzE3vlB6VkEaSfIlKyXt-Q==
Date
Fri, 20 Sep 2024 13:14:59 GMT
Content-Type
image/png
Last-Modified
Fri, 05 Apr 2024 17:28:33 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 1e6c252eb75ca2cd762cd042a9e5c038.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
43781
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
SIN2-P4
Server
Apache
lumma-variant-thumbnail.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-heros/ 		46 KB
48 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/article-heros/lumma-variant-thumbnail.png.thumb.319.319.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2406:da18:ad1:1102:e3ad:8cb3:e698:cb06 Singapore, Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
11c69167edad4aa2ac0c3def81f10e2caf7375ca37d9170e9277ac2cef39eb32
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401

Response headers

X-Vhost
publish
ETag
"b8c6-60dff3ae26100"
Age
22103903
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
0GIOjhEsDcTX97OvP0oxck3mAb4Fh6TWSYcQGs8t4uoQSNBVwz6uOA==
Date
Fri, 20 Sep 2024 13:14:59 GMT
Content-Type
image/png
Last-Modified
Tue, 02 Jan 2024 23:55:16 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 2f37710b411dfd57a465b8ca27d41bee.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
47302
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
SIN2-P4
Server
Apache
UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
www.fortinet.com/etc/designs/fortinet/gfonts/ 		35 KB
0 		Font
General
Check archive.org
Download Go to
Full URL
https://www.fortinet.com/etc/designs/fortinet/gfonts/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.900b148ab7b87024003111a1245cca9c.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2406:da18:ad1:1102:e3ad:8cb3:e698:cb06 Singapore, Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.fortinet.com
Referer
https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.900b148ab7b87024003111a1245cca9c.css

Response headers

X-Vhost
publish
ETag
"9354-5df4fa74ff980"
Age
330549
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
RU228-xv8KhbJPuiteYsHSy9gN2VMZG6UHhjlKoGbziX3sciCoO6OA==
Date
Mon, 16 Sep 2024 17:27:32 GMT
Content-Type
application/octet-stream
Last-Modified
Wed, 18 May 2022 21:08:06 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=2000000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 2f37710b411dfd57a465b8ca27d41bee.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
37716
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
SIN2-P4
Server
Apache
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 		66 B
305 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
291ac3898f3f28bd32810a5ef0f380363afee480e535632f0254da751f775c63
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
accept
application/json
Referer
https://www.fortinet.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
access-control-allow-methods
GET, OPTIONS
cf-ray
8c62152c5998809c-NRT
access-control-allow-origin
*
date
Fri, 20 Sep 2024 13:15:10 GMT
content-type
application/json
vary
Accept-Encoding
server
cloudflare
access-control-allow-headers
Content-Type
fig01-geoserver-attack-packet.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image.img.png/1725493359930/ 		16 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image.img.png/1725493359930/fig01-geoserver-attack-packet.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2406:da18:ad1:1102:e3ad:8cb3:e698:cb06 Singapore, Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401

Response headers

X-Vhost
publish
ETag
"f3de-62153bab9b9c0"
Age
1283676
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
-TzHroP_k7POkb-Txv6xOYaKAb7wKUWWdtyWP3OZ17gCX2lQPAwp7w==
Date
Fri, 20 Sep 2024 13:15:00 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:42:39 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 1e6c252eb75ca2cd762cd042a9e5c038.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
62430
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
SIN2-P4
Server
Apache
truncated
/ 		42 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/gif
fig02-geoserver-script-file-remote-sh.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_542065486.img.png/1725493737369/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_542065486.img.png/1725493737369/fig02-geoserver-script-file-remote-sh.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2406:da18:ad1:1102:e3ad:8cb3:e698:cb06 Singapore, Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401

Response headers

X-Vhost
publish
ETag
"70532-62153d1418c40"
Age
1284555
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
59fJjSlt0RLgVBaPih9Y7-xpnqA_FI9MpvvfHS7MgdbAl-wR5HVNaw==
Date
Fri, 20 Sep 2024 13:15:00 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:48:57 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 71cf035a55e299e5d12b1bf6482e945e.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
460082
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
SIN2-P4
Server
Apache
fig03-geoserver-gorevese.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_992669665.img.png/1725493760506/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_992669665.img.png/1725493760506/fig03-geoserver-gorevese.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2406:da18:ad1:1102:e3ad:8cb3:e698:cb06 Singapore, Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401

Response headers

X-Vhost
publish
ETag
"c6c1-62153d2a08000"
Age
1284627
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
-3M_m1moYST2PRKvutjZsL9W28Tni9d-9yM-jSr7P_Srmtf4tC50zQ==
Date
Fri, 20 Sep 2024 13:15:00 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:49:20 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 2f37710b411dfd57a465b8ca27d41bee.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
50881
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
SIN2-P4
Server
Apache
fig04-geoserver-goreverse-log.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_744399015.img.png/1725493351601/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_744399015.img.png/1725493351601/fig04-geoserver-goreverse-log.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2406:da18:ad1:1102:e3ad:8cb3:e698:cb06 Singapore, Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401

Response headers

X-Vhost
publish
ETag
"42511-62153ba3fa7c0"
Age
1284627
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
a56SMg4ihj-RrPpH6CA4sXkRncaj18RozUbfbfH4On5UT4S8X_pCkw==
Date
Fri, 20 Sep 2024 13:15:00 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:42:31 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 f626414885b2faf7a229c7fb2778d5c8.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
271633
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
SIN2-P4
Server
Apache
fig05-geoserver-goreverse-attack-packet.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_963623453.img.png/1725493337854/ 		0
0
fig06-geoserver-script-file-d.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1712359983.img.png/1725493331271/ 		0
0
fig07-geoserver-creating-folders.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_219608780.img.png/1725493380912/ 		0
0
fig08-geoserver-xor-decoded-0x60.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_359750668.img.png/1725509365855/ 		0
0
fig09-geoserver-saved-decoded-files.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1078076399.img.png/1725493420288/ 		0
0
fig10-geoserver-xor-decoded-0x89.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1956682136.img.png/1725493436943/ 		0
0
fig11-geoserver-decrypted-configuration-chacha20.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1654479811.img.png/1725493462325/ 		0
0
fig12-geoserver-encrypted-binary.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_881935709.img.png/1725493495125/ 		0
0
fig13-geoserver-decrypted-config.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_2093410339.img.png/1725493500451/ 		0
0
fig14-geoserver-packet-capture-c2-connection.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1728308731.img.png/1725493517259/ 		0
0
fig15-geoserver-c2-communication.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1929634219.img.png/1725493533356/ 		0
0
fig16-geoserver-fpr-config.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1939040249.img.png/1725509412346/ 		0
0
fig17-geoserver-packet-capture-fpr.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_763250428.img.png/1725509429420/ 		0
0
fig18-geoserver-telemetry.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_44410991.img.png/1725493592407/ 		0
0
fig19-geoserver-attack-packet.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1852080368.img.png/1725493624336/ 		0
0
fig20-geoserver-xor-decoded-function.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_898199783.img.png/1725493640566/ 		0
0
fig21-geoserver-decoded-config-data.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_88540031.img.png/1725493799908/ 		0
0
fig22-geoserver-execution-msg.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_2095532140.img.png/1725493821159/ 		0
0
fig23-geoserver-hard-coded-payload.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1513040984.img.png/1725493835492/ 		0
0
fig24-geoserver-attack-packet.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_982915008.img.png/1725493868694/ 		0
0
fig25-geoserver-significant-string.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_903278817.img.png/1725493885710/ 		0
0
fig26-geoserver-continually-connecting-c2-server.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_15414132.img.png/1725493922547/ 		0
0
fig27-geoserver-ddos-attack-methods.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_275647643.img.png/1725493939962/ 		0
0
fig28-geoserver-creating-service.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_876069744.img.png/1725493958694/ 		0
0
fig29-geoserver-command-execution.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_463601972.img.png/1725493975114/ 		0
0
fig30-geoserver-attack-packet.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_131843470.img.png/1725493991014/ 		0
0
fig31-geoserver-script-file.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1205773152.img.png/1725494041702/ 		0
0
fig32-geoserver-download-persistence.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1440737303.img.png/1725494062034/ 		0
0
fig33-geoserver-coin-miner-config.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1886495638.img.png/1725494085500/ 		0
0
fig34-geoserver-attack-packet.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_438526620.img.png/1725494099321/ 		0
0
fig35-geoserver-script-file.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_843460720.img.png/1725509976835/ 		0
0
fig36-geoserver-config-file.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_966339368.img.png/1725494131259/ 		0
0
fig37-geoserver-coin-miner.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_171562763.img.png/1725494150273/ 		0
0
fig38-geoserver-attack-packet.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1859114048.img.png/1725494168657/ 		0
0
fig39-geoserver-script-file.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_444774974.img.png/1725494192518/ 		0
0
fig40-geoserver-config-data.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1528863320.img.png/1725494220090/ 		0
0
fig41-geoserver-attack-packet.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_198093276.img.png/1725494235796/ 		0
0
fig42-geoserver-fraudulent-site.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_280569393.img.png/1725494252217/ 		0
0
fig43-geoserver-script-file-cron.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_212093578.img.png/1725494289081/ 		0
0
fig44-geoserver-script-file.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1895558288.img.png/1725494284576/ 		0
0
fig45-geoserver-script-file.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_849748280.img.png/1725494304387/ 		0
0
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/6.10.0/ 		3 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

content-md5
Bh9exWOPGIwRshWljrtlEw==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8D89735260901BC
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
50972
x-content-type-options
nosniff
date
Fri, 20 Sep 2024 13:15:10 GMT
content-type
application/javascript
last-modified
Thu, 03 Dec 2020 02:43:00 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
x-ms-request-id
196e3d49-701e-0078-0644-149a7b000000
cf-ray
8c62152d3af4f61d-NRT
accept-ranges
bytes
access-control-allow-origin
*
content-length
79698
x-ms-blob-type
BlockBlob
server
cloudflare

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.fortinet.com
URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_963623453.img.png/1725493337854/fig05-geoserver-goreverse-attack-packet.png
Domain
www.fortinet.com
URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1712359983.img.png/1725493331271/fig06-geoserver-script-file-d.png
Domain
www.fortinet.com
URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_219608780.img.png/1725493380912/fig07-geoserver-creating-folders.png
Domain
www.fortinet.com
URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_359750668.img.png/1725509365855/fig08-geoserver-xor-decoded-0x60.png
Domain
www.fortinet.com
URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1078076399.img.png/1725493420288/fig09-geoserver-saved-decoded-files.png
Domain
www.fortinet.com
URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1956682136.img.png/1725493436943/fig10-geoserver-xor-decoded-0x89.png
Domain
www.fortinet.com
URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1654479811.img.png/1725493462325/fig11-geoserver-decrypted-configuration-chacha20.png
Domain
www.fortinet.com
URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_881935709.img.png/1725493495125/fig12-geoserver-encrypted-binary.png
Domain
www.fortinet.com
URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_2093410339.img.png/1725493500451/fig13-geoserver-decrypted-config.png
Domain
www.fortinet.com
URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1728308731.img.png/1725493517259/fig14-geoserver-packet-capture-c2-connection.png
Domain
www.fortinet.com
URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1929634219.img.png/1725493533356/fig15-geoserver-c2-communication.png
Domain
www.fortinet.com
URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1939040249.img.png/1725509412346/fig16-geoserver-fpr-config.png
Domain
www.fortinet.com
URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_763250428.img.png/1725509429420/fig17-geoserver-packet-capture-fpr.png
Domain
www.fortinet.com
URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_44410991.img.png/1725493592407/fig18-geoserver-telemetry.png
Domain
www.fortinet.com
URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1852080368.img.png/1725493624336/fig19-geoserver-attack-packet.png
Domain
www.fortinet.com
URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_898199783.img.png/1725493640566/fig20-geoserver-xor-decoded-function.png
Domain
www.fortinet.com
URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_88540031.img.png/1725493799908/fig21-geoserver-decoded-config-data.png
Domain
www.fortinet.com
URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_2095532140.img.png/1725493821159/fig22-geoserver-execution-msg.png
Domain
www.fortinet.com
URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1513040984.img.png/1725493835492/fig23-geoserver-hard-coded-payload.png
Domain
www.fortinet.com
URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_982915008.img.png/1725493868694/fig24-geoserver-attack-packet.png
Domain
www.fortinet.com
URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_903278817.img.png/1725493885710/fig25-geoserver-significant-string.png
Domain
www.fortinet.com
URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_15414132.img.png/1725493922547/fig26-geoserver-continually-connecting-c2-server.png
Domain
www.fortinet.com
URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_275647643.img.png/1725493939962/fig27-geoserver-ddos-attack-methods.png
Domain
www.fortinet.com
URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_876069744.img.png/1725493958694/fig28-geoserver-creating-service.png
Domain
www.fortinet.com
URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_463601972.img.png/1725493975114/fig29-geoserver-command-execution.png
Domain
www.fortinet.com
URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_131843470.img.png/1725493991014/fig30-geoserver-attack-packet.png
Domain
www.fortinet.com
URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1205773152.img.png/1725494041702/fig31-geoserver-script-file.png
Domain
www.fortinet.com
URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1440737303.img.png/1725494062034/fig32-geoserver-download-persistence.png
Domain
www.fortinet.com
URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1886495638.img.png/1725494085500/fig33-geoserver-coin-miner-config.png
Domain
www.fortinet.com
URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_438526620.img.png/1725494099321/fig34-geoserver-attack-packet.png
Domain
www.fortinet.com
URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_843460720.img.png/1725509976835/fig35-geoserver-script-file.png
Domain
www.fortinet.com
URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_966339368.img.png/1725494131259/fig36-geoserver-config-file.png
Domain
www.fortinet.com
URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_171562763.img.png/1725494150273/fig37-geoserver-coin-miner.png
Domain
www.fortinet.com
URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1859114048.img.png/1725494168657/fig38-geoserver-attack-packet.png
Domain
www.fortinet.com
URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_444774974.img.png/1725494192518/fig39-geoserver-script-file.png
Domain
www.fortinet.com
URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1528863320.img.png/1725494220090/fig40-geoserver-config-data.png
Domain
www.fortinet.com
URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_198093276.img.png/1725494235796/fig41-geoserver-attack-packet.png
Domain
www.fortinet.com
URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_280569393.img.png/1725494252217/fig42-geoserver-fraudulent-site.png
Domain
www.fortinet.com
URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_212093578.img.png/1725494289081/fig43-geoserver-script-file-cron.png
Domain
www.fortinet.com
URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1895558288.img.png/1725494284576/fig44-geoserver-script-file.png
Domain
www.fortinet.com
URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_849748280.img.png/1725494304387/fig45-geoserver-script-file.png

Verdicts & Comments Add Verdict or Comment

33 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| OneTrustStub function| OptanonWrapper object| fortinet_blog object| EasyAutocomplete object| search_config boolean| blogFilter string| documentsQuery function| htmlEncode function| hideAutoComplete function| sitesearch_init function| sitesearch_search_callback function| sitesearch_countall_callback function| sitesearch_do_search function| sitesearch_do_force_search function| sitesearch_spellcheck_callback function| sitesearch_do_spellcheck function| sitesearch_do_suggest_search function| sitesearch_query_searchresult_callback function| sitesearch_do_query_searchresult function| sitesearch_click_page_callback function| sitesearch_click_page function| search_action function| sitesearch_search_fortiguard function| count_facets_type function| shuffle_facets function| setImmediate function| clearImmediate function| $ function| jQuery string| OnetrustActiveGroups string| OptanonActiveGroups object| dataLayer object| otStubData

3 Cookies

Domain/Path Name / Value
www.fortinet.com/ Name: cookiesession1
Value: 678A3E238004B5ED230CD23034D9D3DB
www.fortinet.com/ Name: AWSALB
Value: KLJfw41PMkEyf+ia23nK1bAONEcj22qJDEZqH4bOxbx8vRw2ne+5k89qw6Q5YJr/JIQIG1eZjADcUD8/rm+1Qic+mCesnP6KoJDgFxk8h0CDPKHNdHjLiMFaQxDoCf9Emsgp3VRve9x/2kf0fD2eMoOCyeVD/Q+iyomQZAt+D6eQHOzC8hdsmulDAa2Lo3L+faWziyN2dJRRwb/qPYhpzktkeTxR69OD
www.fortinet.com/ Name: AWSALBCORS
Value: E1BxuaQLme6m1SPvltUHD04f5sf2va9k6nPk2ROeClHkLm0zvMqGH6Axnn/pbdbkCxVfJ+JAUtfE6T/eQpFhBZO50jRsD0a8JQ8DBTbs5hnxQPuQRwf7baPy28zzDtMyimBSLFPP9bfPkqF/l4sbkj34CBqNOcODPyRQFWbQcrPOFS5EliI4RrUM10Bh/C3czn/Cuoi6p2qEyjs5VB9uVtBamIXo+P1e

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block