urlscan.io logo urlscan.io
SecurityTrails logo

www.fortinet.com Open in urlscan Pro
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://t.co/SjqxQ1jStn
Effective URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=soc...
Submission: On September 20 via api from IN — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 4 countries across 9 domains to perform 80 HTTP transactions. The main IP is 2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is www.fortinet.com. The Cisco Umbrella rank of the primary domain is 115924.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on July 16th 2024. Valid for: a year.
This is the only time www.fortinet.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 172.66.0.227 13335 (CLOUDFLAR...)
1 1 107.23.241.99 14618 (AMAZON-AES)
59 2a05:d014:f3c... 16509 (AMAZON-02)
6 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700:440... 13335 (CLOUDFLAR...)
6 2a02:26f0:350... 20940 (AKAMAI-ASN1)
2 2.17.100.210 20940 (AKAMAI-ASN1)
1 34.248.79.79 16509 (AMAZON-02)
1 2a02:26f0:470... 20940 (AKAMAI-ASN1)
1 2 63.140.62.17 16509 (AMAZON-02)
2 13.248.142.121 16509 (AMAZON-02)
80 11
1    172.66.0.227 (United States)

ASN13335 (CLOUDFLARENET, US)
t.co
1    107.23.241.99 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-23-241-99.compute-1.amazonaws.com
ftnt.net
59    2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
www.fortinet.com
6    2606:4700::6812:562a (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.cookielaw.org
1    2606:4700:4400::ac40:9b77 (United States)

ASN13335 (CLOUDFLARENET, US)
geolocation.onetrust.com
6    2a02:26f0:3500:591::1e80 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
assets.adobedtm.com
2    2.17.100.210 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-100-210.deploy.static.akamaitechnologies.com
j.6sc.co
c.6sc.co
1    34.248.79.79 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-79-79.eu-west-1.compute.amazonaws.com
dpm.demdex.net
1    2a02:26f0:4700::17d4:6eb9 (Prague, Czech Republic)

ASN20940 (AKAMAI-ASN1, NL)
ipv6.6sc.co
2    63.140.62.17 (United States)

ASN16509 (AMAZON-02, US)
PTR: ip-63-140-62-17.data.adobedc.net
metrics.fortinet.com
2    13.248.142.121 (United States)

ASN16509 (AMAZON-02, US)
PTR: ac3ff6aafb2cddae2.awsglobalaccelerator.com
epsilon.6sense.com
Apex Domain
Subdomains		 Transfer
61 fortinet.com
www.fortinet.com — Cisco Umbrella Rank: 115924
metrics.fortinet.com — Cisco Umbrella Rank: 284311
5 MB
6 adobedtm.com
assets.adobedtm.com — Cisco Umbrella Rank: 452
138 KB
6 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 326
126 KB
3 6sc.co
j.6sc.co — Cisco Umbrella Rank: 5691
c.6sc.co — Cisco Umbrella Rank: 7155
ipv6.6sc.co — Cisco Umbrella Rank: 5832
19 KB
2 6sense.com
epsilon.6sense.com — Cisco Umbrella Rank: 8883
715 B
1 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 256
542 B
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 491
304 B
1 ftnt.net
ftnt.net
882 B
1 t.co
t.co — Cisco Umbrella Rank: 834
795 B
80 9
Domain Requested by
59 www.fortinet.com t.co
www.fortinet.com
6 assets.adobedtm.com cdn.cookielaw.org
assets.adobedtm.com
6 cdn.cookielaw.org www.fortinet.com
cdn.cookielaw.org
2 epsilon.6sense.com j.6sc.co
2 metrics.fortinet.com 1 redirects www.fortinet.com
1 ipv6.6sc.co j.6sc.co
1 c.6sc.co j.6sc.co
1 dpm.demdex.net assets.adobedtm.com
1 j.6sc.co t.co
1 geolocation.onetrust.com cdn.cookielaw.org
1 ftnt.net 1 redirects
1 t.co
80 12
Subject Issuer Validity Valid
t.co
E6		 2024-07-31 -
2024-10-29		 3 months crt.sh
*.fortinet.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-07-16 -
2025-07-15		 a year crt.sh
cookielaw.org
WE1		 2024-08-13 -
2024-11-11		 3 months crt.sh
geolocation.onetrust.com
WE1		 2024-08-13 -
2024-11-11		 3 months crt.sh
assets.adobedtm.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-07-09 -
2025-08-09		 a year crt.sh
6sc.co
R11		 2024-07-03 -
2024-10-01		 3 months crt.sh
*.demdex.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-09-26 -
2024-10-26		 a year crt.sh
*.6sense.com
Amazon RSA 2048 M03		 2024-03-31 -
2025-04-29		 a year crt.sh

This page contains 1 frames:

Primary Page: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Frame ID: 2421DBABCA8D7F1D9A387CEE89DE8952
Requests: 81 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Threat Actors Exploit GeoServer Vulnerability CVE-2024-36401 | FortiGuard Labs

Page URL History Show full URLs

  1. https://t.co/SjqxQ1jStn Page URL
  2. https://ftnt.net/6015opXhB HTTP 301
    https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /etc/designs/
  • /etc\.clientlibs/
Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js

Page Statistics

80
Requests

99 %
HTTPS

45 %
IPv6

9
Domains

12
Subdomains

11
IPs

4
Countries

5756 kB
Transfer

7620 kB
Size

14
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://t.co/SjqxQ1jStn Page URL
  2. https://ftnt.net/6015opXhB HTTP 301
    https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 76
  • https://metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.27.0-LEWM/s26800746195946?AQB=1&ndh=1&pf=1&t=20%2F8%2F2024%2015%3A15%3A17%205%20-120&fid=01DC112F22BCBB7A-3E7EBF5371F1BF5E&ce=UTF-8&pageName=en%3Ablog%3Athreat-research%3Athreat-actors-exploit-geoserver-vulnerability-cve-2024-36401%3Autm_source%3Dsocial%26utm_medium%3Damplify-org%26utm_campaign%3Dsprinklr&g=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fthreat-actors-exploit-geoserver-vulnerability-cve-2024-36401%3Futm_source%3Dsocial%26utm_medium%3Damplify-org%26utm_campaign%3Dsprinklr&c.&cm.&ssf=1&.cm&.c&cc=USD&v0=social%3Aamplify-org%3Asprinklr%3Anone%3Anone&v1=www.fortinet.com%2Fblog%2Fthreat-research%2Fthreat-actors-exploit-geoserver-vulnerability-cve-2024-36401&c7=Entire%20Site&c8=New&v27=BLOG&v33=en%3Ablog%3Athreat-research%3Athreat-actors-exploit-geoserver-vulnerability-cve-2024-36401%3Autm_source%3Dsocial%26utm_medium%3Damplify-org%26utm_campaign%3Dsprinklr&v35=Enabled&v92=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fthreat-actors-exploit-geoserver-vulnerability-cve-2024-36401&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1 HTTP 302
  • https://metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.27.0-LEWM/s26800746195946?AQB=1&pccr=true&vidn=3376BAB2B3DAB5C9-60000447C28C826D&ndh=1&pf=1&t=20%2F8%2F2024%2015%3A15%3A17%205%20-120&fid=01DC112F22BCBB7A-3E7EBF5371F1BF5E&ce=UTF-8&pageName=en%3Ablog%3Athreat-research%3Athreat-actors-exploit-geoserver-vulnerability-cve-2024-36401%3Autm_source%3Dsocial%26utm_medium%3Damplify-org%26utm_campaign%3Dsprinklr&g=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fthreat-actors-exploit-geoserver-vulnerability-cve-2024-36401%3Futm_source%3Dsocial%26utm_medium%3Damplify-org%26utm_campaign%3Dsprinklr&c.&cm.&ssf=1&.cm&.c&cc=USD&v0=social%3Aamplify-org%3Asprinklr%3Anone%3Anone&v1=www.fortinet.com%2Fblog%2Fthreat-research%2Fthreat-actors-exploit-geoserver-vulnerability-cve-2024-36401&c7=Entire%20Site&c8=New&v27=BLOG&v33=en%3Ablog%3Athreat-research%3Athreat-actors-exploit-geoserver-vulnerability-cve-2024-36401%3Autm_source%3Dsocial%26utm_medium%3Damplify-org%26utm_campaign%3Dsprinklr&v35=Enabled&v92=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fthreat-actors-exploit-geoserver-vulnerability-cve-2024-36401&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1

80 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
SjqxQ1jStn
t.co/ 		233 B
795 B 		Document
General
Check archive.org
Download Go to
Full URL
https://t.co/SjqxQ1jStn
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.66.0.227 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare tsa_o /
Resource Hash
7525356100c5fdcb42d2917ec8cfac8ee52a671fff22c708b3df5a4fd82b2ea9
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control
private,max-age=300
cf-cache-status
DYNAMIC
cf-ray
8c6215428bdaca79-HAM
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Fri, 20 Sep 2024 13:15:13 GMT
expires
Fri, 20 Sep 2024 13:20:13 GMT
perf
7402827104
server
cloudflare tsa_o
strict-transport-security
max-age=0
vary
Origin
x-connection-hash
388995b75bceb0bbf6cb9c7940c9f11f32cb8d97699da724d2d56cf2d39a37b0
x-response-time
114
x-transaction-id
153c13c2013fa414
x-xss-protection
0
Primary Request threat-actors-exploit-geoserver-vulnerability-cve-2024-36401
www.fortinet.com/blog/threat-research/
Redirect Chain
  • https://ftnt.net/6015opXhB
  • https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
103 KB
29 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Requested by
Host: t.co
URL: https://t.co/SjqxQ1jStn
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
3d6bc3dbcf9e2cf02f556ae8bd0936e8b62540189823df29c4f524c060bb8328
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://t.co/SjqxQ1jStn
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Accept-Ranges
bytes
Age
86870
Cache-Control
max-age=600, public, s-maxage=10800
Connection
keep-alive
Content-Encoding
gzip
Content-Length
27960
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Content-Type
text/html;charset=utf-8
Date
Fri, 20 Sep 2024 13:15:15 GMT
ETag
"19b93-622789a9c9e4b-gzip"
Last-Modified
Thu, 19 Sep 2024 13:07:25 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
Via
1.1 987865b81ba895db5b3f56f8ae175c84.cloudfront.net (CloudFront)
X-Amz-Cf-Id
FE8KGvQTGH1VXvc0G8MhWDfbKS_wiETnzsON9g66antFoeXtcyw6sQ==
X-Amz-Cf-Pop
FRA60-P3
X-Cache
Miss from cloudfront
X-Content-Type-Options
nosniff
X-Dispatcher
dispatcher2uswest1-28559771
X-Frame-Options
SAMEORIGIN
X-Vhost
publish
X-XSS-Protection
1; mode=block

Redirect headers

Cache-Control
no-cache,no-store,must-revalidate public, must-revalidate, proxy-revalidate
Connection
keep-alive
Content-Length
25
Content-Security-Policy
default-src 'self' *.sprinklr.com; script-src 'self' *.sprinklr.com *.googleapis.com *.amazonaws.com *.blob.core.windows.net; script-src-elem 'self' *.sprinklr.com *.googleapis.com *.amazonaws.com *.blob.core.windows.net
Content-Type
text/html;charset=UTF-8
Date
Fri, 20 Sep 2024 13:15:14 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Location
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Pragma
no-cache
Referrer-Policy
same-origin
Server
nginx
Strict-Transport-Security
max-age=1209600
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
visitorapi.min.js
www.fortinet.com/etc/designs/fortinet/adb-target/ 		64 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.fortinet.com/etc/designs/fortinet/adb-target/visitorapi.min.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
0f03d4ff929986a3cde83681fd2560eae544f7138f59945ec6ec32c17800ca91
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
Content-Encoding
gzip
ETag
"fe2d-6117284c96900-gzip"
Age
330520
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
PRK_BCXJRk1Bv1aUkUs6Ik07Kk0nadx7MYBA3rYPtp17SPWjbJMfJQ==
Date
Mon, 16 Sep 2024 17:27:20 GMT
Content-Type
application/javascript
Vary
Accept-Encoding
Last-Modified
Thu, 15 Feb 2024 21:43:32 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
29532
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
at.js
www.fortinet.com/etc/designs/fortinet/adb-target/ 		104 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.fortinet.com/etc/designs/fortinet/adb-target/at.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
db058d72d7ba8ff6ed7209af23a4458c373cc78f72c81ec1df88bb5de72a0b0b
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
Content-Encoding
gzip
ETag
"19e83-61431fc4b24c0-gzip"
Age
330481
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
enU6DKrZxRofDQsuJzL2kDxFgqrAaXNqy4lVJ3mza0r415vQOJofJQ==
Date
Mon, 16 Sep 2024 17:27:20 GMT
Content-Type
application/javascript
Vary
Accept-Encoding
Last-Modified
Thu, 21 Mar 2024 20:59:39 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 231be1c97cc722fa08b64d21072ebfac.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
47782
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
clientlib-base.min.900b148ab7b87024003111a1245cca9c.css
www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/ 		540 KB
28 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.900b148ab7b87024003111a1245cca9c.css
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
94633716497a85d800b6e573953942c4cfe483c0dbd68fa97fd01dd97ced5d66
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
Content-Encoding
gzip
ETag
"86e1b-61b58883c7740-gzip"
Age
5163994
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
ZvdxDHKrzukdU8iVBhvNFrWSvA06skuBK4Y3Q5GZnHISSOMj5D8SIA==
Date
Fri, 20 Sep 2024 13:10:30 GMT
Content-Type
text/css;charset=utf-8
Last-Modified
Thu, 20 Jun 2024 20:55:17 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 987865b81ba895db5b3f56f8ae175c84.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
27478
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
91b0809d8b9dc57eaa09cb0e13c210b24edfaeadb94a8cff0fee02751c1b0b5f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

content-md5
jwlUUXc1HMPClYXMpY+NPQ==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCD8180F629235
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
19908
x-content-type-options
nosniff
date
Fri, 20 Sep 2024 13:15:15 GMT
content-type
application/javascript
last-modified
Wed, 18 Sep 2024 19:28:22 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
x-ms-request-id
6758b5e5-201e-0098-0fc4-0a1db5000000
cf-ray
8c62154ef962914c-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
6881
x-ms-blob-type
BlockBlob
server
cloudflare
fortinet-logo-white.svg
www.fortinet.com/content/dam/fortinet-blog/ 		32 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/fortinet-logo-white.svg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
d2afd46ac58cd7e89b3fdfd790300d69034e94151ed45acf83d7b6d5dccfdb17
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
Content-Encoding
gzip
ETag
"7ebb-565d53a1d6e40-gzip"
Age
34042434
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
63NOZjYSgqeu3XJkc6hOdFuZoAY3BoXg-wNPmLpg4rEiQeFmjlNCKw==
Date
Fri, 20 Sep 2024 13:06:23 GMT
Content-Type
image/svg+xml
Content-Disposition
attachment; filename="fortinet-logo-white.svg"
Vary
Accept-Encoding
Last-Modified
Thu, 22 Feb 2018 23:16:01 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 a54cda8ccda3480314f451558e4dd062.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
1998
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
toc-icon.jpg
www.fortinet.com/content/dam/fortinet/images/ 		1 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/content/dam/fortinet/images/toc-icon.jpg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
370df1cc8999c1e03fc1c5f7ced35334513d19233d1fc79d2c1c7f711361565d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"4fd-60a2031eb4f40"
Age
26854850
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
HDm0UPCXlH6nSzWZbcPVDfTQmU79YzW76_R9pTKyO3aUYVb7tCaNug==
Date
Fri, 20 Sep 2024 13:15:00 GMT
Content-Type
image/jpeg
Last-Modified
Tue, 14 Nov 2023 17:34:13 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 8b889e35789d2b97f2ba8771acc9a008.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
1277
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
clientlib-base.min.ba4f082a77dabb2c6baf715d9eb61c22.js
www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/ 		160 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.ba4f082a77dabb2c6baf715d9eb61c22.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
7b1e74dd6970b56853dfd79e59ba73315051b0c59a69c6a9fd87e515650fdc80
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
Content-Encoding
gzip
ETag
"28100-61cff033f9240-gzip"
Age
5163995
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
c3RHp50hJboQ0KJ-ENaBMJMX37Hd04_SNPjjsQOE8CMJolQKasumQA==
Date
Fri, 20 Sep 2024 13:10:30 GMT
Content-Type
application/javascript;charset=utf-8
Vary
Accept-Encoding
Last-Modified
Thu, 11 Jul 2024 20:57:37 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 a54cda8ccda3480314f451558e4dd062.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
74768
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
f85f39fc-d7aa-467a-b762-fbb722748016.json
cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/ 		5 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/f85f39fc-d7aa-467a-b762-fbb722748016.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8998282f5a80fff5eaafdbd457dd7a81af0cd7c8696bfe032a6aeef8fe67f99f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

content-md5
Uj3iBUKm1Vl2g2NHq67V+w==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
cf-cache-status
HIT
etag
0x8DC07DF23DF5130
age
24913
x-ms-lease-status
unlocked
x-content-type-options
nosniff
x-ms-version
2009-09-19
expires
Sat, 21 Sep 2024 13:15:15 GMT
date
Fri, 20 Sep 2024 13:15:15 GMT
content-type
application/x-javascript
last-modified
Thu, 28 Dec 2023 19:56:54 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
x-ms-request-id
c21183be-301e-00a5-5054-cda893000000
cf-ray
8c62154fd9672c6f-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
1792
x-ms-blob-type
BlockBlob
server
cloudflare
truncated
/ 		71 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5b4c9abcf01dcf74e0adf075ff4d47464c62c84307ae5ebd115d45da70e6443d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
geoserver-hero.png
www.fortinet.com/content/dam/fortinet-blog/article-heros/ 		370 KB
372 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/article-heros/geoserver-hero.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
83201017e411b72434080a221b102049e9074e205d97f65219d2286abd683012
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"5c8ee-621505f67c380"
Age
1296305
X-Content-Type-Options
nosniff
X-Cache
Miss from cloudfront
X-Amz-Cf-Id
ypwgKOiSHtrJ6ph7UbzRaojm4AcEGWGSuZAss6rgS7LW0RjlWMoo-A==
Date
Fri, 20 Sep 2024 13:15:16 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 19:42:22 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 8b889e35789d2b97f2ba8771acc9a008.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
379118
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
chavecloak-thumbnail.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-heros/ 		37 KB
39 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/article-heros/chavecloak-thumbnail.png.thumb.319.319.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
fd9f918bd5a22813d48748b8c79e2acaeeb590d217575e0d79d734cba9de7736
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"9490-611dcced7f240"
Age
14248945
X-Content-Type-Options
nosniff
X-Cache
Miss from cloudfront
X-Amz-Cf-Id
BecOx7IgQ7ToZOxKpkcColBtaVg0Jn_8eJmya_7sxT92EnpLRSPFQg==
Date
Fri, 20 Sep 2024 13:15:16 GMT
Content-Type
image/png
Last-Modified
Wed, 21 Feb 2024 04:32:01 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 987865b81ba895db5b3f56f8ae175c84.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
38032
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
scrubcrypt-24-thumbnail.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-heros/ 		43 KB
44 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/article-heros/scrubcrypt-24-thumbnail.png.thumb.319.319.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
2eceae481c2cda87ecdc8e65c8bbd62ddc9538144c42ff6c1cd720cd5781623c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"ab05-6155cc8f5f240"
Age
14245017
X-Content-Type-Options
nosniff
X-Cache
Miss from cloudfront
X-Amz-Cf-Id
ZAU7CF3MqpQArMR-SdeAylRUcQZGc0Q1ErobKKwGlS-NsjvZdGN4KA==
Date
Fri, 20 Sep 2024 13:15:15 GMT
Content-Type
image/png
Last-Modified
Fri, 05 Apr 2024 17:28:33 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
43781
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
lumma-variant-thumbnail.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-heros/ 		46 KB
48 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/article-heros/lumma-variant-thumbnail.png.thumb.319.319.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
11c69167edad4aa2ac0c3def81f10e2caf7375ca37d9170e9277ac2cef39eb32
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"b8c6-60dff3ae26100"
Age
22103911
X-Content-Type-Options
nosniff
X-Cache
Miss from cloudfront
X-Amz-Cf-Id
_3P4Bk-Zmd-LL-KePu1L_kWh7UIYRT83MjW0Bs4wIJDnw0efsEdorQ==
Date
Fri, 20 Sep 2024 13:15:16 GMT
Content-Type
image/png
Last-Modified
Tue, 02 Jan 2024 23:55:16 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 4612dc3b414cf2057f542e94733d59bc.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
47302
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
www.fortinet.com/etc/designs/fortinet/gfonts/ 		37 KB
38 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.fortinet.com/etc/designs/fortinet/gfonts/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.900b148ab7b87024003111a1245cca9c.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
b97c99a69a6275c8f90703cd4c0864089a74fd08383a1cc75a8a4d0c2cb60cce
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.fortinet.com
Referer
https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.900b148ab7b87024003111a1245cca9c.css

Response headers

X-Vhost
publish
ETag
"9354-5df4fa74ff980"
Age
330555
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
0k46pFkdjX60I0UeyX-NyNZ6fqjNJtbMsVRucgiBzUZdWE_N6VpFcg==
Date
Mon, 16 Sep 2024 17:27:17 GMT
Content-Type
application/octet-stream
Last-Modified
Wed, 18 May 2022 21:08:06 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=2000000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 231be1c97cc722fa08b64d21072ebfac.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
37716
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 		59 B
304 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
accept
application/json
Referer
https://www.fortinet.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
access-control-allow-methods
GET, OPTIONS
cf-ray
8c621550fb934d8b-FRA
access-control-allow-origin
*
date
Fri, 20 Sep 2024 13:15:16 GMT
content-type
application/json
vary
Accept-Encoding
server
cloudflare
access-control-allow-headers
Content-Type
fig01-geoserver-attack-packet.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image.img.png/1725493359930/ 		61 KB
62 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image.img.png/1725493359930/fig01-geoserver-attack-packet.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
6bb4e76fdeac3f86fe514013ea4ec43b69cf824a9cb00b4d90ca33eb27df3712
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"f3de-62153bab9b9c0"
Age
1283682
X-Content-Type-Options
nosniff
X-Cache
Miss from cloudfront
X-Amz-Cf-Id
MMt_sYJAhkeavy6NFx1wTaknjeb-4kuhhIfT1YSXCpoC9BFqlx-6gg==
Date
Fri, 20 Sep 2024 13:15:16 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:42:39 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 a54cda8ccda3480314f451558e4dd062.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
62430
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
truncated
/ 		42 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/gif
fig02-geoserver-script-file-remote-sh.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_542065486.img.png/1725493737369/ 		449 KB
451 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_542065486.img.png/1725493737369/fig02-geoserver-script-file-remote-sh.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
9cbf9589d98422a08f788b3863a74d1a27c3d92289f8829620c4d8925b967b94
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"70532-62153d1418c40"
Age
1284633
X-Content-Type-Options
nosniff
X-Cache
Miss from cloudfront
X-Amz-Cf-Id
9ai8XCuprPZshYsjZTYt3Zf75cGPohzS5f6Ag266KawXehMpYEezFg==
Date
Fri, 20 Sep 2024 13:15:16 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:48:57 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 231be1c97cc722fa08b64d21072ebfac.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
460082
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig03-geoserver-gorevese.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_992669665.img.png/1725493760506/ 		50 KB
51 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_992669665.img.png/1725493760506/fig03-geoserver-gorevese.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
38cfaeb6a3cb2cff2b9b11f9945838fd640ac7c0483e093239a29400c7d2ee66
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"c6c1-62153d2a08000"
Age
1284633
X-Content-Type-Options
nosniff
X-Cache
Miss from cloudfront
X-Amz-Cf-Id
MeDkljLhTFlaJS-SMZZqd92SdYDNYmWkX4NWUXMyfuTBoB52mrbxMQ==
Date
Fri, 20 Sep 2024 13:15:16 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:49:20 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
50881
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig04-geoserver-goreverse-log.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_744399015.img.png/1725493351601/ 		265 KB
267 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_744399015.img.png/1725493351601/fig04-geoserver-goreverse-log.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
07405b002bac345765f6de032ed07cac28e77745e73850bf4aed8f891822c37a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"42511-62153ba3fa7c0"
Age
1284633
X-Content-Type-Options
nosniff
X-Cache
Miss from cloudfront
X-Amz-Cf-Id
HEaK6iq9_Kv7BgMcGSzY8p3zEs5QIX-evDcR2hk76iOgkVEZqquWEA==
Date
Fri, 20 Sep 2024 13:15:16 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:42:31 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
271633
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig05-geoserver-goreverse-attack-packet.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_963623453.img.png/1725493337854/ 		75 KB
76 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_963623453.img.png/1725493337854/fig05-geoserver-goreverse-attack-packet.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
4713f4e99bebe488012bb9f5ccbaa25d83f2ecec4dbfc2c71f81ad33df9d1c10
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"12a2b-62153b96a0840"
Age
1284562
X-Content-Type-Options
nosniff
X-Cache
Miss from cloudfront
X-Amz-Cf-Id
F4_9iB17l9qXQWatkacWeIR41tasF5uo0X4y0ZaRGey2hlxjaeCFAw==
Date
Fri, 20 Sep 2024 13:15:16 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:42:17 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 987865b81ba895db5b3f56f8ae175c84.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
76331
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig06-geoserver-script-file-d.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1712359983.img.png/1725493331271/ 		185 KB
187 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1712359983.img.png/1725493331271/fig06-geoserver-script-file-d.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
f188b1683849ebab2c42aa623674d573d89c3a8b8a533f4e2ec35fe7a9e8000e
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"2e589-62153b90e7ac0"
Age
1283681
X-Content-Type-Options
nosniff
X-Cache
Miss from cloudfront
X-Amz-Cf-Id
2XP1VK4tqmng9l01deAoowEe0p6n3Z2DlR_c2B6pfOzb09-I1rU-ZA==
Date
Fri, 20 Sep 2024 13:15:16 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:42:11 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 4612dc3b414cf2057f542e94733d59bc.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
189833
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig07-geoserver-creating-folders.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_219608780.img.png/1725493380912/ 		113 KB
115 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_219608780.img.png/1725493380912/fig07-geoserver-creating-folders.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
706300e054788f930de76af585fc6511091289d01c65c440964ca6abb898e7dc
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"1c505-62153bbfa2900"
Age
1283682
X-Content-Type-Options
nosniff
X-Cache
Miss from cloudfront
X-Amz-Cf-Id
VNyCpODvw3P1cIOcPqqzm00hbDrN9eRFkyJH_jUoMBxxGzEPvZlW8Q==
Date
Fri, 20 Sep 2024 13:15:17 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:43:00 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 a54cda8ccda3480314f451558e4dd062.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
115973
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig08-geoserver-xor-decoded-0x60.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_359750668.img.png/1725509365855/ 		115 KB
117 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_359750668.img.png/1725509365855/fig08-geoserver-xor-decoded-0x60.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
c6c7eafdd4ce7cbca90175e42e4d11a9ebcfaed70b6471572a0d3d0ae7dde57f
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"1cd07-6215774c1e740"
Age
1284561
X-Content-Type-Options
nosniff
X-Cache
Miss from cloudfront
X-Amz-Cf-Id
yhiPBNN1LV0fejUvHZBGo_7OgXI92QKBiVFZxXUxfTybDgjgF_FJJQ==
Date
Fri, 20 Sep 2024 13:15:16 GMT
Content-Type
image/png
Last-Modified
Thu, 05 Sep 2024 04:09:25 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 987865b81ba895db5b3f56f8ae175c84.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
118023
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig09-geoserver-saved-decoded-files.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1078076399.img.png/1725493420288/ 		33 KB
35 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1078076399.img.png/1725493420288/fig09-geoserver-saved-decoded-files.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
b133508601dd82610cda75ed20bc034dd90b459dcd74b8b44e75998e38d19477
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"85a6-62153be5c8300"
Age
1284633
X-Content-Type-Options
nosniff
X-Cache
Miss from cloudfront
X-Amz-Cf-Id
IbDOqXI6wol_qT-FmdH9Q5vKD_AU0i02_WV4vxg-BFlr7oRajKUvKw==
Date
Fri, 20 Sep 2024 13:15:17 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:43:40 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 8b889e35789d2b97f2ba8771acc9a008.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
34214
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig10-geoserver-xor-decoded-0x89.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1956682136.img.png/1725493436943/ 		131 KB
133 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1956682136.img.png/1725493436943/fig10-geoserver-xor-decoded-0x89.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
5b7b4be8ed582776a1ad52eed0fe06afe968c34e31d566c473feb92ac6a270e0
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"20cd5-62153bf50a700"
Age
82519
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
TYvt60VHLuqwSRxTTeg18OnrVFeW8hqUzWB6LJxkeW-CDTnqCzS1jw==
Date
Thu, 19 Sep 2024 14:19:57 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:43:56 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 987865b81ba895db5b3f56f8ae175c84.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
134357
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig11-geoserver-decrypted-configuration-chacha20.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1654479811.img.png/1725493462325/ 		41 KB
42 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1654479811.img.png/1725493462325/fig11-geoserver-decrypted-configuration-chacha20.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
44fc655655fedce3141e358eabb02c39e838d48e6643b1c58c395adfc23757d2
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"a2f9-62153c0dd6180"
Age
82519
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
0UL5llcLYsOL5CKSiWpgWE1CjrmvQOYpRXyRZp8uiN0xWQnQZdCQiw==
Date
Thu, 19 Sep 2024 14:19:57 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:44:22 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 231be1c97cc722fa08b64d21072ebfac.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
41721
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig12-geoserver-encrypted-binary.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_881935709.img.png/1725493495125/ 		160 KB
161 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_881935709.img.png/1725493495125/fig12-geoserver-encrypted-binary.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
d2ac7d5402f2266e77a525cf70164ad40fb86b0981530cad5af3e3610a209768
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"27ee7-62153c2d4ebc0"
Age
1284632
X-Content-Type-Options
nosniff
X-Cache
Miss from cloudfront
X-Amz-Cf-Id
MNN6h5UVRxFhkSUeffmmmGNlzKaj2mCuK44yuaI_CfUe3Hb9UUA_eA==
Date
Fri, 20 Sep 2024 13:15:17 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:44:55 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 987865b81ba895db5b3f56f8ae175c84.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
163559
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig13-geoserver-decrypted-config.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_2093410339.img.png/1725493500451/ 		121 KB
122 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_2093410339.img.png/1725493500451/fig13-geoserver-decrypted-config.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
e8f00eb416ad5af6f4524e1b7efd086a2244bf48757eee0fbdf583c20afa1dad
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"1e310-62153c3213700"
Age
1284632
X-Content-Type-Options
nosniff
X-Cache
Miss from cloudfront
X-Amz-Cf-Id
Z6-uOleMRKyKA5l9KjIxc0FUcC7Fgt0XBLTBAoB05AsCdyoAbELjIA==
Date
Fri, 20 Sep 2024 13:15:17 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:45:00 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 231be1c97cc722fa08b64d21072ebfac.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
123664
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig14-geoserver-packet-capture-c2-connection.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1728308731.img.png/1725493517259/ 		138 KB
140 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1728308731.img.png/1725493517259/fig14-geoserver-packet-capture-c2-connection.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
9ae293c59bba08f1a56f697a11015ee4b251b0f38c309f83c80d7f6e7369caa4
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"229ef-62153c4249d40"
Age
82519
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
tST1WBEpZcRd2ffcwlarhUY_a4ole8S924WgdZZXmubA__uBhgstNw==
Date
Thu, 19 Sep 2024 14:19:58 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:45:17 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 8b889e35789d2b97f2ba8771acc9a008.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
141807
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig15-geoserver-c2-communication.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1929634219.img.png/1725493533356/ 		71 KB
73 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1929634219.img.png/1725493533356/fig15-geoserver-c2-communication.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
89905a0e0efe1119d95b1e69de27157b35b8043115708fa06eb74dc706568a7b
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"11cc6-62153c518c140"
Age
82519
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
9yWdWchKsxfr1rydYNcNjoMY6DVLLMIjPsfKLp5f-H2GnA2qHbujAg==
Date
Thu, 19 Sep 2024 14:19:58 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:45:33 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 8b889e35789d2b97f2ba8771acc9a008.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
72902
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig16-geoserver-fpr-config.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1939040249.img.png/1725509412346/ 		129 KB
130 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1939040249.img.png/1725509412346/fig16-geoserver-fpr-config.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
fd688f7a638dad7a8d7c394f5443ed8ccb3158d4555937c1e0f51546b2fc9612
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"20403-62157778f1100"
Age
82519
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
o_NEDm7SAMQB6RbqRpZqGn9YxPXaj4t2awavUJkUVV1jSYHH16uJKg==
Date
Thu, 19 Sep 2024 14:19:58 GMT
Content-Type
image/png
Last-Modified
Thu, 05 Sep 2024 04:10:12 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
132099
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig17-geoserver-packet-capture-fpr.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_763250428.img.png/1725509429420/ 		106 KB
108 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_763250428.img.png/1725509429420/fig17-geoserver-packet-capture-fpr.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
609ca44aa6a92944559e4d17e84e29651b391c6c3438184474fd67e602250e7d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"1a98f-6215778927740"
Age
1284632
X-Content-Type-Options
nosniff
X-Cache
Miss from cloudfront
X-Amz-Cf-Id
ZBFXym6aGzvtki4Mxwp0Hy2QxAb2UikZukGPohPb7nqHIJqQrOoMtg==
Date
Fri, 20 Sep 2024 13:15:17 GMT
Content-Type
image/png
Last-Modified
Thu, 05 Sep 2024 04:10:29 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 8b889e35789d2b97f2ba8771acc9a008.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
108943
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig18-geoserver-telemetry.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_44410991.img.png/1725493592407/ 		93 KB
94 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_44410991.img.png/1725493592407/fig18-geoserver-telemetry.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
8d121b33124fce841c6927c1214d2aa4fe7e5c52629de45f68f325f749a5857d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"1725d-62153c89d0600"
Age
82518
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
NAtZ40dSqk5MHdv6WzKtcEL0hdX38fzQolkBJsDnzTuOxpXXjqsROg==
Date
Thu, 19 Sep 2024 14:19:59 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:46:32 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
94813
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig19-geoserver-attack-packet.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1852080368.img.png/1725493624336/ 		117 KB
119 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1852080368.img.png/1725493624336/fig19-geoserver-attack-packet.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
ae7d18a41edd5f27e717f872a1113addddbf1553e00b3db1baefa99b68fda302
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"1d5d5-62153ca854e00"
Age
82518
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
aLYS78kxTetwl9CWL6oHyNEzt95UV3yisai_4FNFiQ_kXouysDy-KQ==
Date
Thu, 19 Sep 2024 14:19:59 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:47:04 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
120277
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig20-geoserver-xor-decoded-function.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_898199783.img.png/1725493640566/ 		30 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_898199783.img.png/1725493640566/fig20-geoserver-xor-decoded-function.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
a4b0a228372854369707f452fb9124e5bc34319c8c3323b5379111ac9ba4bac6
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"794f-62153cb797200"
Age
82518
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
nH4gJiyvF2mhor_yAZJQHt_VHHh_CMT1lGCW8i-l1rHct3IevBXUqg==
Date
Thu, 19 Sep 2024 14:19:59 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:47:20 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 4612dc3b414cf2057f542e94733d59bc.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
31055
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig21-geoserver-decoded-config-data.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_88540031.img.png/1725493799908/ 		18 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_88540031.img.png/1725493799908/fig21-geoserver-decoded-config-data.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
f2771985061ab617dd696611136d31d58dba565372eaf86c562d59d8bae3fd9d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"4702-62153d4f397c0"
Age
82518
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
iq-Lpouw2xH8fE0wc4HYyRq67YV4jDArVhCxhVR4GShr7TAYl-nPKA==
Date
Thu, 19 Sep 2024 14:19:59 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:49:59 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 4612dc3b414cf2057f542e94733d59bc.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
18178
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig22-geoserver-execution-msg.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_2095532140.img.png/1725493821159/ 		26 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_2095532140.img.png/1725493821159/fig22-geoserver-execution-msg.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
351ba146db40e108b8dcbf0f9cc288d6cc19615020b2aeb1c0f508b79e78b93e
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"69e7-62153d6434940"
Age
82518
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
LAexZ5znrTjXndGqBz9ppyD8J8kfS924yfDJHADkYk1iLFhz5cD-wg==
Date
Thu, 19 Sep 2024 14:19:59 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:50:21 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
27111
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig23-geoserver-hard-coded-payload.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1513040984.img.png/1725493835492/ 		117 KB
119 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1513040984.img.png/1725493835492/fig23-geoserver-hard-coded-payload.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
5f83323b31dd79cc7f9104b638a2706b0e12b6e521f48d21ba638b67279f4417
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"1d57e-62153d718e8c0"
Age
82518
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
fpu5vqSdCHGPY2bE0ARCHCRR4nm2R9b5VkvQmcei-EJAZ_L9iQqzYQ==
Date
Thu, 19 Sep 2024 14:19:59 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:50:35 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 4612dc3b414cf2057f542e94733d59bc.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
120190
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig24-geoserver-attack-packet.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_982915008.img.png/1725493868694/ 		154 KB
155 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_982915008.img.png/1725493868694/fig24-geoserver-attack-packet.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
8b195a98b1a9fa227dd6712c4af7ccbd807baa4a4b21491d97dbc09c1e13798a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"26815-62153d9107300"
Age
82518
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
DZVX6qy0Y3PWUtHrgvRfhHxaaPMtz-cIR0LABJu_VCp-kjYJl6XG9Q==
Date
Thu, 19 Sep 2024 14:19:59 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:51:08 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 8b889e35789d2b97f2ba8771acc9a008.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
157717
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig25-geoserver-significant-string.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_903278817.img.png/1725493885710/ 		27 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_903278817.img.png/1725493885710/fig25-geoserver-significant-string.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
2cc20824e35c6be438211ca8dcf0baa6b8e6df5473454d953a0c96d10eedae7e
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"6a84-62153da13d940"
Age
82518
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
6uumXZaEWfZBXuwVm9oJLdKluBF8--hiSRjf6S6ATrXehre5NaKoeQ==
Date
Thu, 19 Sep 2024 14:19:59 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:51:25 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
27268
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig26-geoserver-continually-connecting-c2-server.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_15414132.img.png/1725493922547/ 		155 KB
156 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_15414132.img.png/1725493922547/fig26-geoserver-continually-connecting-c2-server.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
6305f99e66b3ae3c375efe4b1128ab3dcdc2d66c63b97ba6b891096de9b20b9d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"26a3d-62153dc486c80"
Age
1284630
X-Content-Type-Options
nosniff
X-Cache
Miss from cloudfront
X-Amz-Cf-Id
sAICEEHN7JxVIe7Jy9wUDMAiGgjyy5fPg5ps0ROEzMSKvkLTt-M8VQ==
Date
Fri, 20 Sep 2024 13:15:18 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:52:02 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 a54cda8ccda3480314f451558e4dd062.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
158269
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig27-geoserver-ddos-attack-methods.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_275647643.img.png/1725493939962/ 		64 KB
65 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_275647643.img.png/1725493939962/fig27-geoserver-ddos-attack-methods.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
21aaea8d55693ea73c2e3d8afbf8358f3bfa56ae0d8a0abb07221a83373da2d5
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"fe15-62153dd4bd2c0"
Age
1284629
X-Content-Type-Options
nosniff
X-Cache
Miss from cloudfront
X-Amz-Cf-Id
rbikhfZW08C054DiSCGFs4RmoTueWkZQTHE_x3hdXjkc4XeBTEMtOg==
Date
Fri, 20 Sep 2024 13:15:17 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:52:19 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
65045
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig28-geoserver-creating-service.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_876069744.img.png/1725493958694/ 		60 KB
61 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_876069744.img.png/1725493958694/fig28-geoserver-creating-service.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
8ff6ee1950e6f70a130f69e94e575f9d5f7c5de60be4be09311deedeb91e6d61
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"f051-62153de6dbd80"
Age
1284561
X-Content-Type-Options
nosniff
X-Cache
Miss from cloudfront
X-Amz-Cf-Id
9a4CEwO26j0JNOdP8bClDg3KkxfOH7S-ApZal8aBw6yu5G9xLv2k9g==
Date
Fri, 20 Sep 2024 13:15:17 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:52:38 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 8b889e35789d2b97f2ba8771acc9a008.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
61521
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig29-geoserver-command-execution.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_463601972.img.png/1725493975114/ 		122 KB
124 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_463601972.img.png/1725493975114/fig29-geoserver-command-execution.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
c3a522b15c8dd585c2cb4e503fdce8145d08a8eccb0e2cd7138864bba293c843
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"1e99b-62153df7123c0"
Age
1284561
X-Content-Type-Options
nosniff
X-Cache
Miss from cloudfront
X-Amz-Cf-Id
MNyiWxYwubO5F-2Rmhd6RBteX_XilL_vu7Nb8EJxeAT0iX2Xft9PwA==
Date
Fri, 20 Sep 2024 13:15:17 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:52:55 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 4612dc3b414cf2057f542e94733d59bc.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
125339
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig30-geoserver-attack-packet.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_131843470.img.png/1725493991014/ 		79 KB
80 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_131843470.img.png/1725493991014/fig30-geoserver-attack-packet.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
61c4417c2b9d4cba0069ef57a404bd5d9c7a7e4c768f57747b1c084cb9b373ce
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"13af8-62153e06547c0"
Age
82517
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
h_KYvlWmjm7Fz_2Soe2sCUf6UEdstcLxsn2svTVQeLxRBpQHdcdxxg==
Date
Thu, 19 Sep 2024 14:20:00 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:53:11 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 231be1c97cc722fa08b64d21072ebfac.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
80632
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig31-geoserver-script-file.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1205773152.img.png/1725494041702/ 		198 KB
199 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1205773152.img.png/1725494041702/fig31-geoserver-script-file.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
e708a54b75ed6fd1fe7886153e485c91697f1ab440feed4efd10262575b7e7cb
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"31604-62153e3603840"
Age
1284629
X-Content-Type-Options
nosniff
X-Cache
Miss from cloudfront
X-Amz-Cf-Id
F4ch1LvpVitP7o0BfJSO4O7HE_43LxqwWywgyYXqkZJ1-I-7sN7vkA==
Date
Fri, 20 Sep 2024 13:15:17 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:54:01 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 987865b81ba895db5b3f56f8ae175c84.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
202244
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig32-geoserver-download-persistence.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1440737303.img.png/1725494062034/ 		85 KB
87 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1440737303.img.png/1725494062034/fig32-geoserver-download-persistence.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
d98bf7483812de53be541b21b22b1cc519065b76ed31780f33bf8254e688812f
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"155fb-62153e4a0a780"
Age
82517
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
cl06oWTJsDrUFtk_YJ29ng5LtgOI7908auZtaTd05J9Ku_K3NJaugA==
Date
Thu, 19 Sep 2024 14:20:00 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:54:22 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 231be1c97cc722fa08b64d21072ebfac.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
87547
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig33-geoserver-coin-miner-config.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1886495638.img.png/1725494085500/ 		108 KB
110 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1886495638.img.png/1725494085500/fig33-geoserver-coin-miner-config.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
6277e3210b9fb4b3b4f0d452b7f91bda534fb23f8ecbe7f9b15dcdf85626cea6
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"1b0fc-62153e5ff9b40"
Age
1284629
X-Content-Type-Options
nosniff
X-Cache
Miss from cloudfront
X-Amz-Cf-Id
LGtdmQXxvaYirkL81uL1A5HiHoZtSdx8id76NPce83wS1kjxq6Jm-Q==
Date
Fri, 20 Sep 2024 13:15:18 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:54:45 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 231be1c97cc722fa08b64d21072ebfac.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
110844
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig34-geoserver-attack-packet.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_438526620.img.png/1725494099321/ 		69 KB
70 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_438526620.img.png/1725494099321/fig34-geoserver-attack-packet.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
b124eed22afdf03abf94714c7632d5f462c0fca7725d014a4469f3b4a0f1083d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"11459-62153e6d53ac0"
Age
82517
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
ZQy4IR4m6JPutzCfk7RRxdoulWshpVQ5Xa-I4bGDcUeU-UwwRhi1xQ==
Date
Thu, 19 Sep 2024 14:20:00 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:54:59 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 8b889e35789d2b97f2ba8771acc9a008.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
70745
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig35-geoserver-script-file.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_843460720.img.png/1725509976835/ 		94 KB
96 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_843460720.img.png/1725509976835/fig35-geoserver-script-file.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
0be9fc1923bfa5bd67a699ff0f49420e460c09b27bcb63dd4d682a0fa2ef5b5a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"178b4-62157992d0600"
Age
82517
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
seHsxkIt8cbgwDvadYhPHeBr4gATdScYzo1c9sD4IO9FLe7c5ptZfw==
Date
Thu, 19 Sep 2024 14:20:00 GMT
Content-Type
image/png
Last-Modified
Thu, 05 Sep 2024 04:19:36 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 4612dc3b414cf2057f542e94733d59bc.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
96436
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig36-geoserver-config-file.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_966339368.img.png/1725494131259/ 		27 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_966339368.img.png/1725494131259/fig36-geoserver-config-file.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
5072cb8f4c6522e91c53fa0b2c4a36a3aa078b5b78ac9d48f317649a055a1e1d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"6c22-62153e8bd82c0"
Age
1284561
X-Content-Type-Options
nosniff
X-Cache
Miss from cloudfront
X-Amz-Cf-Id
10OvYM9P1Uaqp2rHQyCSVqe8wUUspp0krdjckQSFPF6hn6Ik3QtZ4A==
Date
Fri, 20 Sep 2024 13:15:18 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:55:31 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 8b889e35789d2b97f2ba8771acc9a008.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
27682
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig37-geoserver-coin-miner.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_171562763.img.png/1725494150273/ 		144 KB
145 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_171562763.img.png/1725494150273/fig37-geoserver-coin-miner.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
5b7e10ef15a4fdfd73c69fa16e91aef21861455628f5ac87e72bb5f951e9976c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"23eb3-62153e9df6d80"
Age
1284628
X-Content-Type-Options
nosniff
X-Cache
Miss from cloudfront
X-Amz-Cf-Id
dXr8P2FoYJPpXmj7jyOkF-ghDQU4hws5Ni6g3LD0Ur1W5Qk-5bxPvQ==
Date
Fri, 20 Sep 2024 13:15:18 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:55:50 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 987865b81ba895db5b3f56f8ae175c84.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
147123
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig38-geoserver-attack-packet.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1859114048.img.png/1725494168657/ 		175 KB
176 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1859114048.img.png/1725494168657/fig38-geoserver-attack-packet.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
229849a4c44505b2599f1a321b139fb5ab32d04a4e0f8d9844b1827e60b80d9f
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"2bb8d-62153eaf21600"
Age
1283683
X-Content-Type-Options
nosniff
X-Cache
Miss from cloudfront
X-Amz-Cf-Id
ZLUfJe2OpMrfSlRXcrie4ytKBCiEqmfwlmXUQXvRbtp5kD7vV42k8w==
Date
Fri, 20 Sep 2024 13:15:18 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:56:08 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 4612dc3b414cf2057f542e94733d59bc.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
179085
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig39-geoserver-script-file.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_444774974.img.png/1725494192518/ 		74 KB
75 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_444774974.img.png/1725494192518/fig39-geoserver-script-file.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
b66a76be051ae670f5c2786172af1a704f1ecdb15aea3c3402fb42b9e5470598
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"127f9-62153ec604c00"
Age
1284628
X-Content-Type-Options
nosniff
X-Cache
Miss from cloudfront
X-Amz-Cf-Id
pkdVmrbtaRGrJDVxCqJwckPnRfp8mJzgVs8dxnUjLqDhIA6tajfqWw==
Date
Fri, 20 Sep 2024 13:15:18 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:56:32 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
75769
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig40-geoserver-config-data.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1528863320.img.png/1725494220090/ 		127 KB
128 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1528863320.img.png/1725494220090/fig40-geoserver-config-data.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
ec58ceb768e02c31b87f084fbe10f719b0c42d29c98fcca298688768c6f899e2
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"1fbf5-62153ee0b8b00"
Age
1283682
X-Content-Type-Options
nosniff
X-Cache
Miss from cloudfront
X-Amz-Cf-Id
DwTJyMom2JNCMRd3kB_avXKLlmY58ZyjhaFYP9gnTW99IHldKpCbug==
Date
Fri, 20 Sep 2024 13:15:18 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:57:00 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 4612dc3b414cf2057f542e94733d59bc.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
130037
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig41-geoserver-attack-packet.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_198093276.img.png/1725494235796/ 		53 KB
55 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_198093276.img.png/1725494235796/fig41-geoserver-attack-packet.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
7fc88a2ccff93251684fc0526a1ef83f6b65bccc949e449d86f4df1bf945da94
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"d499-62153eef06cc0"
Age
1284628
X-Content-Type-Options
nosniff
X-Cache
Miss from cloudfront
X-Amz-Cf-Id
IGPtcfsygHciVusIM-sM5wcNHKrlKtZeO5jW6F8Edf7jE0ny5DNWUg==
Date
Fri, 20 Sep 2024 13:15:18 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:57:15 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 987865b81ba895db5b3f56f8ae175c84.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
54425
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig42-geoserver-fraudulent-site.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_280569393.img.png/1725494252217/ 		64 KB
66 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_280569393.img.png/1725494252217/fig42-geoserver-fraudulent-site.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
a036dd51b9d09070b4cb8eaa91c1a5abac51f7027e9741c79343a35411be739c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"100f5-62153eff3d300"
Age
1284628
X-Content-Type-Options
nosniff
X-Cache
Miss from cloudfront
X-Amz-Cf-Id
CUq3ht0VSDdvKF7V5UPGi8BxXhHacq4lJEkIXM6BDBdTrBbMEHwTvw==
Date
Fri, 20 Sep 2024 13:15:18 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:57:32 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 987865b81ba895db5b3f56f8ae175c84.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
65781
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig43-geoserver-script-file-cron.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_212093578.img.png/1725494289081/ 		35 KB
36 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_212093578.img.png/1725494289081/fig43-geoserver-script-file-cron.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
8a84bc1c645bc2d9b6e41e4e8b4582c2dbd3569b51df5ecedc989410e6be8fe7
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"8ba4-62153f2286640"
Age
1284628
X-Content-Type-Options
nosniff
X-Cache
Miss from cloudfront
X-Amz-Cf-Id
dhS5iDbNGaEved452Ri-QVDNgj0ssGEsEmAqon-reg7e9OIlA1hDZw==
Date
Fri, 20 Sep 2024 13:15:18 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:58:09 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher1uswest1-28559594
Connection
keep-alive
Via
1.1 4612dc3b414cf2057f542e94733d59bc.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
35748
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig44-geoserver-script-file.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1895558288.img.png/1725494284576/ 		26 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_1895558288.img.png/1725494284576/fig44-geoserver-script-file.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
f8f726a217af8471c5c0e2c11fca16865b7dc42485185311fcbfa0603a4f7120
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"6813-62153f1dc1b00"
Age
1284560
X-Content-Type-Options
nosniff
X-Cache
Miss from cloudfront
X-Amz-Cf-Id
NY4Q437m6jyO3j97tgoKrQqWD5sfqt3HaQpjH30C9LhR1ls-LOZmzw==
Date
Fri, 20 Sep 2024 13:15:18 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:58:04 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 a54cda8ccda3480314f451558e4dd062.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
26643
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
fig45-geoserver-script-file.png
www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_849748280.img.png/1725494304387/ 		30 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401/_jcr_content/root/responsivegrid/table_content/par/image_849748280.img.png/1725494304387/fig45-geoserver-script-file.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
da9671920127171a9289888088dc3d9f3b62f2af8c3ac142f456faa1d49eccda
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
ETag
"77a6-62153f30d4800"
Age
1284560
X-Content-Type-Options
nosniff
X-Cache
Miss from cloudfront
X-Amz-Cf-Id
Qh0ML52xWWKN-W-R2xQcRdrwlUfv0Rm78X1dt149sIf0Oy_ZmN0Y1g==
Date
Fri, 20 Sep 2024 13:15:18 GMT
Content-Type
image/png
Last-Modified
Wed, 04 Sep 2024 23:58:24 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=684000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 8b889e35789d2b97f2ba8771acc9a008.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
30630
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/6.10.0/ 		356 KB
78 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7a23e0e46e16f067271bc79c92a917c13769848457d16cdf109e4dc04c687e8f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

content-md5
Bh9exWOPGIwRshWljrtlEw==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8D89735260901BC
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
68728
x-content-type-options
nosniff
date
Fri, 20 Sep 2024 13:15:16 GMT
content-type
application/javascript
last-modified
Thu, 03 Dec 2020 02:43:00 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
x-ms-request-id
196e3d49-701e-0078-0644-149a7b000000
cf-ray
8c621551bc47914c-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
79698
x-ms-blob-type
BlockBlob
server
cloudflare
en.json
cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/4ee482d4-0cd8-4c59-918a-90483d5b8131/ 		100 KB
24 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/4ee482d4-0cd8-4c59-918a-90483d5b8131/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
46ef912a5bf1fec350dc9d14102bcf1965471f16a57a890bdc5fc06bc4404370
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

content-md5
0twb7zWjuAt4bYR0sykmNQ==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
cf-cache-status
HIT
etag
0x8DC07DF2D729AA1
age
64095
x-ms-lease-status
unlocked
x-content-type-options
nosniff
x-ms-version
2009-09-19
expires
Sat, 21 Sep 2024 13:15:16 GMT
date
Fri, 20 Sep 2024 13:15:16 GMT
content-type
application/x-javascript
last-modified
Thu, 28 Dec 2023 19:57:10 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
x-ms-request-id
63201da5-e01e-006a-57c8-39e1ab000000
cf-ray
8c6215524bd52c6f-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
24175
x-ms-blob-type
BlockBlob
server
cloudflare
otCenterRounded.json
cdn.cookielaw.org/scripttemplates/6.10.0/assets/ 		9 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/6.10.0/assets/otCenterRounded.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
452ee2471448cc6b716090a014cf7fc9cc515998bda9dcc334aa073a72a591e7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

content-md5
SH1nUCPouc1JVrHnvxpQbg==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8D89735210A49EB
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
53730
x-content-type-options
nosniff
date
Fri, 20 Sep 2024 13:15:16 GMT
content-type
application/json
last-modified
Thu, 03 Dec 2020 02:42:51 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
x-ms-request-id
df6352b5-e01e-0018-22d2-21e6e4000000
cf-ray
8c621552cc6d2c6f-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
2857
x-ms-blob-type
BlockBlob
server
cloudflare
otPcTab.json
cdn.cookielaw.org/scripttemplates/6.10.0/assets/v2/ 		45 KB
12 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/6.10.0/assets/v2/otPcTab.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f9b2aaabab92d9c63930432351fa3f5aa634fcb5db31b039e23465f8b4bd5a68
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

content-md5
zNsRoM1FEmsEgJoYMCNTng==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8D897352245C4EA
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
58384
x-content-type-options
nosniff
date
Fri, 20 Sep 2024 13:15:16 GMT
content-type
application/json
last-modified
Thu, 03 Dec 2020 02:42:53 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
x-ms-request-id
77f313b5-301e-0034-7eb4-210a4b000000
cf-ray
8c621552cc6f2c6f-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
11755
x-ms-blob-type
BlockBlob
server
cloudflare
launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
assets.adobedtm.com/ 		509 KB
121 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
cfbffc5a6b6598cb0bf93565da00397f881e0198bf2f24c8d963e4c7cfb45abf

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=3600
timing-allow-origin
*
content-encoding
gzip
etag
"859a562c3003b9443ad4e70b3020dad9:1726790028.604703"
expires
Fri, 20 Sep 2024 14:15:16 GMT
accept-ranges
bytes
access-control-allow-origin
https://www.fortinet.com
content-length
123481
date
Fri, 20 Sep 2024 13:15:16 GMT
content-type
application/x-javascript
last-modified
Thu, 19 Sep 2024 23:53:48 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
AppMeasurement.min.js
assets.adobedtm.com/extensions/EP8757b503532a44a68eee17773f6f10a0/ 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/extensions/EP8757b503532a44a68eee17773f6f10a0/AppMeasurement.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
b3bce010c0f5a7c24a82ae511194baf67bf8c2cee737a3a118f6b9590d322b15

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
no-cache
timing-allow-origin
*
content-encoding
gzip
etag
"d8232f86c8016a8e0acaa7ecfdf72b3e:1722493571.189276"
expires
Fri, 20 Sep 2024 14:15:16 GMT
accept-ranges
bytes
access-control-allow-origin
https://www.fortinet.com
content-length
13012
date
Fri, 20 Sep 2024 13:15:16 GMT
content-type
application/x-javascript
last-modified
Thu, 01 Aug 2024 06:26:11 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
AppMeasurement_Module_ActivityMap.min.js
assets.adobedtm.com/extensions/EP8757b503532a44a68eee17773f6f10a0/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/extensions/EP8757b503532a44a68eee17773f6f10a0/AppMeasurement_Module_ActivityMap.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
9a54e6b1253d785972ccaab75a888119d13083bfb1f80343aef9454d5cd5bb6d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
no-cache
timing-allow-origin
*
content-encoding
gzip
etag
"bb4b6453e3ab80111a2b227318d22efb:1722493571.614634"
expires
Fri, 20 Sep 2024 14:15:16 GMT
accept-ranges
bytes
access-control-allow-origin
https://www.fortinet.com
content-length
1597
date
Fri, 20 Sep 2024 13:15:16 GMT
content-type
application/x-javascript
last-modified
Thu, 01 Aug 2024 06:26:11 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
6si.min.js
j.6sc.co/ 		68 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://j.6sc.co/6si.min.js
Requested by
Host: t.co
URL: https://t.co/SjqxQ1jStn
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-210.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
2ac314870072e1aad5c1c2c1ebb9ba542bf1a9df18963c2c4f1d8fcab8711bde
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
private, proxy-revalidate, max-age=10800
content-encoding
gzip
etag
"66e78018-111cd"
x-content-type-options
nosniff
expires
Fri, 20 Sep 2024 16:15:16 GMT
accept-ranges
bytes
content-length
18822
date
Fri, 20 Sep 2024 13:15:16 GMT
content-type
application/javascript
vary
Accept-Encoding
server
nginx/1.14.0 (Ubuntu)
last-modified
Mon, 16 Sep 2024 00:47:20 GMT
RCac955f2e1e97429197e1e31aaec22e86-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/8fc5b8880351/ 		1 KB
942 B 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/8fc5b8880351/RCac955f2e1e97429197e1e31aaec22e86-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
f90b5ef7baa9dfccda582eb0ec80a2e2848cd5b3edc866629cda33cf4ff6df48

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=3600
timing-allow-origin
*
content-encoding
gzip
etag
"3c8095c9984058752de3a2aa7f49af7e:1726790030.070843"
expires
Fri, 20 Sep 2024 14:15:16 GMT
accept-ranges
bytes
access-control-allow-origin
https://www.fortinet.com
content-length
685
date
Fri, 20 Sep 2024 13:15:16 GMT
content-type
application/x-javascript
last-modified
Thu, 19 Sep 2024 23:53:50 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
RC448863e9e05a4b4880daa4a5fb7da328-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/8fc5b8880351/ 		358 B
485 B 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/8fc5b8880351/RC448863e9e05a4b4880daa4a5fb7da328-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
2589fe281a342d19f8ddcd924727496b916202c4e42edb2553f25074746db938

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=3600
timing-allow-origin
*
content-encoding
gzip
etag
"3c8095c9984058752de3a2aa7f49af7e:1726790030.070843"
expires
Fri, 20 Sep 2024 14:15:16 GMT
accept-ranges
bytes
access-control-allow-origin
https://www.fortinet.com
content-length
229
date
Fri, 20 Sep 2024 13:15:16 GMT
content-type
application/x-javascript
last-modified
Thu, 19 Sep 2024 23:53:50 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
footer-links.json
www.fortinet.com/content/dam/fortinet-blog/ 		310 KB
36 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/footer-links.json
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.ba4f082a77dabb2c6baf715d9eb61c22.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
9c2bfadf1fe546bd3872bf81e8477e95faff0104f3b9b888bc47cff4ffe88a36
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/json, text/javascript, */*; q=0.01

Response headers

X-Vhost
publish
Content-Encoding
gzip
ETag
"4d8dc-61d89b0f78340-gzip"
Age
5510865
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
RPQIDQtD2JVCZBik8I_fhq9QX_PEUzKMQDC4E3JrvO44t1TYtsh0fg==
Date
Thu, 19 Sep 2024 23:07:00 GMT
Content-Type
application/json
Vary
Accept-Encoding
Last-Modified
Thu, 18 Jul 2024 18:24:37 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 8b889e35789d2b97f2ba8771acc9a008.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
35378
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache
optOutStatus
dpm.demdex.net/ 		41 B
542 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dpm.demdex.net/optOutStatus?d_visid_ver=5.5.0&d_rtbd=json&d_ver=2&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1726838116876
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.248.79.79 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-248-79-79.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e5873dbdaa376d924cfa4b2ba4b1622d4e6e483866e2b7bc24ef3007ff5960e7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://www.fortinet.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
dcs
dcs-prod-irl1-2-v065-096efce5f.edge-irl1.demdex.com 2 ms
content-encoding
gzip
pragma
no-cache
access-control-allow-credentials
true
x-tid
JaU5s5DdTv8=
expires
Thu, 01 Jan 1970 00:00:00 UTC
access-control-allow-origin
https://www.fortinet.com
content-length
60
p3p
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
date
Fri, 20 Sep 2024 13:15:17 GMT
content-type
application/json;charset=utf-8
vary
Origin
/
c.6sc.co/ 		7 B
194 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-210.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

access-control-max-age
86400
access-control-allow-credentials
true
access-control-allow-methods
GET,POST
access-control-allow-origin
https://www.fortinet.com
content-length
7
date
Fri, 20 Sep 2024 13:15:16 GMT
content-type
text/html
access-control-allow-headers
*
/
ipv6.6sc.co/ 		19 B
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ipv6.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700::17d4:6eb9 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
f413fffc1709e2f33cd8032c400c3f306322939cfe4c787b52959dfb29313d44

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=0, no-cache, no-store
pragma
no-cache
6si-ipv6
2a01:4a0:1338:93::8
expires
Fri, 20 Sep 2024 13:15:17 GMT
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1726838117008_399797941_33856203_31_1226_46_49_219";dur=1
access-control-allow-origin
https://www.fortinet.com
content-length
19
date
Fri, 20 Sep 2024 13:15:17 GMT
content-type
text/html
vary
Origin
s26800746195946
metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.27.0-LEWM/
Redirect Chain
  • https://metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.27.0-LEWM/s26800746195946?AQB=1&ndh=1&pf=1&t=20%2F8%2F2024%2015%3A15%3A17%205%20-120&fid=01DC112F22BCBB7A-3E7EBF5371F1BF5E&ce=UTF-8&pa...
  • https://metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.27.0-LEWM/s26800746195946?AQB=1&pccr=true&vidn=3376BAB2B3DAB5C9-60000447C28C826D&ndh=1&pf=1&t=20%2F8%2F2024%2015%3A15%3A17%205%20-120&...
43 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.27.0-LEWM/s26800746195946?AQB=1&pccr=true&vidn=3376BAB2B3DAB5C9-60000447C28C826D&ndh=1&pf=1&t=20%2F8%2F2024%2015%3A15%3A17%205%20-120&fid=01DC112F22BCBB7A-3E7EBF5371F1BF5E&ce=UTF-8&pageName=en%3Ablog%3Athreat-research%3Athreat-actors-exploit-geoserver-vulnerability-cve-2024-36401%3Autm_source%3Dsocial%26utm_medium%3Damplify-org%26utm_campaign%3Dsprinklr&g=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fthreat-actors-exploit-geoserver-vulnerability-cve-2024-36401%3Futm_source%3Dsocial%26utm_medium%3Damplify-org%26utm_campaign%3Dsprinklr&c.&cm.&ssf=1&.cm&.c&cc=USD&v0=social%3Aamplify-org%3Asprinklr%3Anone%3Anone&v1=www.fortinet.com%2Fblog%2Fthreat-research%2Fthreat-actors-exploit-geoserver-vulnerability-cve-2024-36401&c7=Entire%20Site&c8=New&v27=BLOG&v33=en%3Ablog%3Athreat-research%3Athreat-actors-exploit-geoserver-vulnerability-cve-2024-36401%3Autm_source%3Dsocial%26utm_medium%3Damplify-org%26utm_campaign%3Dsprinklr&v35=Enabled&v92=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fthreat-actors-exploit-geoserver-vulnerability-cve-2024-36401&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Protocol
H2
Server
63.140.62.17 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-63-140-62-17.data.adobedc.net
Software
jag /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
no-cache, no-store, max-age=0, no-transform, private
pragma
no-cache
etag
3708356620870254592-4618687387658917637
x-content-type-options
nosniff
expires
Thu, 19 Sep 2024 13:15:17 GMT
access-control-allow-origin
*
p3p
CP="This is not a P3P policy"
content-length
43
date
Fri, 20 Sep 2024 13:15:17 GMT
x-xss-protection
1; mode=block
last-modified
Sat, 21 Sep 2024 13:15:17 GMT
vary
*
server
jag
content-type
image/gif;charset=utf-8

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
no-cache, no-store, max-age=0, no-transform, private
location
https://metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.27.0-LEWM/s26800746195946?AQB=1&pccr=true&vidn=3376BAB2B3DAB5C9-60000447C28C826D&ndh=1&pf=1&t=20%2F8%2F2024%2015%3A15%3A17%205%20-120&fid=01DC112F22BCBB7A-3E7EBF5371F1BF5E&ce=UTF-8&pageName=en%3Ablog%3Athreat-research%3Athreat-actors-exploit-geoserver-vulnerability-cve-2024-36401%3Autm_source%3Dsocial%26utm_medium%3Damplify-org%26utm_campaign%3Dsprinklr&g=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fthreat-actors-exploit-geoserver-vulnerability-cve-2024-36401%3Futm_source%3Dsocial%26utm_medium%3Damplify-org%26utm_campaign%3Dsprinklr&c.&cm.&ssf=1&.cm&.c&cc=USD&v0=social%3Aamplify-org%3Asprinklr%3Anone%3Anone&v1=www.fortinet.com%2Fblog%2Fthreat-research%2Fthreat-actors-exploit-geoserver-vulnerability-cve-2024-36401&c7=Entire%20Site&c8=New&v27=BLOG&v33=en%3Ablog%3Athreat-research%3Athreat-actors-exploit-geoserver-vulnerability-cve-2024-36401%3Autm_source%3Dsocial%26utm_medium%3Damplify-org%26utm_campaign%3Dsprinklr&v35=Enabled&v92=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fthreat-actors-exploit-geoserver-vulnerability-cve-2024-36401&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
pragma
no-cache
x-content-type-options
nosniff
expires
Thu, 19 Sep 2024 13:15:17 GMT
access-control-allow-origin
*
p3p
CP="This is not a P3P policy"
content-length
0
date
Fri, 20 Sep 2024 13:15:17 GMT
x-xss-protection
1; mode=block
content-type
text/plain;charset=utf-8
vary
Origin
server
jag
last-modified
Sat, 21 Sep 2024 13:15:17 GMT
details
epsilon.6sense.com/v3/company/ 		740 B
715 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://epsilon.6sense.com/v3/company/details
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.142.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software
nginx /
Resource Hash
b1f2ae334af070d125d40384f552c22769aef580fc8ebf658939f8bcd7f08d33

Request headers

Authorization
Token 7381d1d7c753fe2d8e217c3fdc44c0f17418dcc4
X-6s-CustomID
WebTag1.0 5eeecf22b2d12a77a14639dce97b7a36
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-expose-headers
X-6si-Region
timing-allow-origin
https://6sense.com, https://www.ssga.com
content-encoding
gzip
x-6si-region
eu-central-1a
access-control-allow-credentials
true
x-trace-id
501155013100815032
access-control-allow-origin
https://www.fortinet.com
content-length
395
date
Fri, 20 Sep 2024 13:15:17 GMT
content-type
application/json
vary
Origin, Accept-Encoding
server
nginx
details
epsilon.6sense.com/v3/company/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://epsilon.6sense.com/v3/company/details
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.142.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,x-6s-customid
Access-Control-Request-Method
GET
Origin
https://www.fortinet.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
authorization,x-6s-customid
access-control-allow-methods
OPTIONS,GET
access-control-allow-origin
https://www.fortinet.com
access-control-expose-headers
X-6si-Region
access-control-max-age
1800
date
Fri, 20 Sep 2024 13:15:17 GMT
server
nginx
timing-allow-origin
https://6sense.com, https://www.ssga.com
x-6si-region
eu-central-1a
x-trace-id
8410958987732855211
RC0ba76d5bbb984ea6a79cd6308c48dbff-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/8fc5b8880351/ 		2 KB
981 B 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/8fc5b8880351/RC0ba76d5bbb984ea6a79cd6308c48dbff-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
8109fbd42099eef3aed0564d81e4502bade4a64b6bd5174894f0f1e8019cd421

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/

Response headers

cache-control
max-age=3600
timing-allow-origin
*
content-encoding
gzip
etag
"3c8095c9984058752de3a2aa7f49af7e:1726790030.070843"
expires
Fri, 20 Sep 2024 14:15:19 GMT
accept-ranges
bytes
access-control-allow-origin
https://www.fortinet.com
content-length
724
date
Fri, 20 Sep 2024 13:15:19 GMT
content-type
application/x-javascript
last-modified
Thu, 19 Sep 2024 23:53:50 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
favicon.ico
www.fortinet.com/etc/designs/fortinet-blog/ 		318 B
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.fortinet.com/etc/designs/fortinet-blog/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
d18b3c9feb76c3c1cfdcc51c732f113327e3c33fb3f63b479951f7da6ed1216f
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr

Response headers

X-Vhost
publish
Content-Encoding
gzip
ETag
"13e-565c628eb6a00-gzip"
Age
6105655
X-Content-Type-Options
nosniff
X-Cache
Hit from cloudfront
X-Amz-Cf-Id
WhBcbaFt18J303vaxEAYrdXGjA-1fLl2WwHuZtOqekEy-K71lpUvTQ==
Date
Fri, 20 Sep 2024 13:12:14 GMT
Content-Type
image/vnd.microsoft.icon
Last-Modified
Thu, 22 Feb 2018 05:17:28 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Cache-Control
max-age=2000000, public
X-Dispatcher
dispatcher2uswest1-28559771
Connection
keep-alive
Via
1.1 a54cda8ccda3480314f451558e4dd062.cloudfront.net (CloudFront)
Accept-Ranges
bytes
Content-Length
133
X-XSS-Protection
1; mode=block
X-Amz-Cf-Pop
FRA60-P3
Server
Apache

Verdicts & Comments Add Verdict or Comment

53 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| OptanonWrapper object| fortinet_blog object| EasyAutocomplete object| search_config boolean| blogFilter string| documentsQuery function| htmlEncode function| hideAutoComplete function| sitesearch_init function| sitesearch_search_callback function| sitesearch_countall_callback function| sitesearch_do_search function| sitesearch_do_force_search function| sitesearch_spellcheck_callback function| sitesearch_do_spellcheck function| sitesearch_do_suggest_search function| sitesearch_query_searchresult_callback function| sitesearch_do_query_searchresult function| sitesearch_click_page_callback function| sitesearch_click_page function| search_action function| sitesearch_search_fortiguard function| count_facets_type function| shuffle_facets function| setImmediate function| clearImmediate function| $ function| jQuery string| OnetrustActiveGroups string| OptanonActiveGroups object| dataLayer object| otStubData object| Optanon object| OneTrust object| _satellite boolean| __satelliteLoaded object| adobe function| Visitor object| s_c_il number| s_c_in number| timer_e object| _6si function| AppMeasurement_Module_ActivityMap function| AppMeasurement function| s_gi function| s_pgicq function| liberatedGetOptOut object| s_i_fortinetincproduction boolean| _storagePopulated object| targetGlobalSettings object| Sixsct object| t

14 Cookies

Domain/Path Name / Value
.t.co/ Name: muc
Value: f54280fa-217e-4834-9e52-73fae528c466
.t.co/ Name: __cf_bm
Value: f9z9jFkmDYjQS7ClS7kv0V.WToD3wvNK15jwz4_k9pI-1726838113-1.0.1.1-5ZJnkTDTc1eLjs5KGq6S5TJsrBUBaTnzXP2Qp6mgJkys76HoMSOpIVJ6eObxHOtrN.BdTOAVzioJ7LpOJ_jp9A
www.fortinet.com/ Name: cookiesession1
Value: 678A3E22555F217AA1432C8DECDE2A77
.fortinet.com/ Name: OptanonConsent
Value: isIABGlobal=false&datestamp=Fri+Sep+20+2024+15%3A15%3A16+GMT%2B0200+(Mitteleurop%C3%A4ische+Sommerzeit)&version=6.10.0&hosts=&consentId=8dfa5ebb-ee7a-4574-a0bf-ab3e74590cf0&interactionCount=0&landingPath=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fthreat-actors-exploit-geoserver-vulnerability-cve-2024-36401%3Futm_source%3Dsocial%26utm_medium%3Damplify-org%26utm_campaign%3Dsprinklr&groups=C0001%3A1%2CC0002%3A0%2CC0003%3A0%2CC0004%3A0
.fortinet.com/ Name: s_fid
Value: 01DC112F22BCBB7A-3E7EBF5371F1BF5E
.fortinet.com/ Name: gpv_pn
Value: www.fortinet.com%2Fblog%2Fthreat-research%2Fthreat-actors-exploit-geoserver-vulnerability-cve-2024-36401
.fortinet.com/ Name: s_getNewRepeat
Value: 1726838117063-New
.fortinet.com/ Name: s_cc
Value: true
.fortinet.com/ Name: s_vi
Value: [CS]v1|3376BAB2B3DAB5C9-60000447C28C826D[CE]
www.fortinet.com/ Name: AWSALB
Value: +BGSJsSw7Ti9K77Bw++06xxHZwwUKTKL57/zWXK8apCZ0j9B2CWoAIj3yOKTuVJTeepNDrAedpbUFwKJs8mzj3L2ybQDXm55I7q9+2XDPFFkqPho6ZaEpcD5siqt/gOcESkHD56enZWddWPzwJnK39YynE44YxzAKUEzm34bp0LjGMCEwO1IPS0mMhvev/1fwPR9Em/CeU8tprKTuEcvLmyUeHo9YSZR
www.fortinet.com/ Name: AWSALBCORS
Value: m5MHFwrRIwHyNtKIPzk7+KHvd1ugFAu5eFdNDwIzFnNv4VvE5HC1V/HjeGEyEHXU7PeoUjzo/iJRZOW9sInIfuuLPk4OMsagnoNolMRLA1hTcJMFb/pCqmikpitTowE+UqAQ+fxB88oTRlxpX6wNhIvo/APpZvlq5/zuKxGWSHYO5trvsPA3ADEYjzvppahCHBPRW88rMrVySZwXf0jSosnTAwvKsgya
www.fortinet.com/ Name: aa_cc
Value: DE
www.fortinet.com/ Name: aa_cn
Value: Germany
www.fortinet.com/ Name: 6scexist
Value: true

2 Console Messages

Source Level URL
Text
javascript warning URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Message:
The resource https://www.fortinet.com/etc/designs/fortinet/adb-target/visitorapi.min.js was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401?utm_source=social&utm_medium=amplify-org&utm_campaign=sprinklr
Message:
The resource https://www.fortinet.com/etc/designs/fortinet/adb-target/at.js was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=0
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.adobedtm.com
c.6sc.co
cdn.cookielaw.org
dpm.demdex.net
epsilon.6sense.com
ftnt.net
geolocation.onetrust.com
ipv6.6sc.co
j.6sc.co
metrics.fortinet.com
t.co
www.fortinet.com
107.23.241.99
13.248.142.121
172.66.0.227
2.17.100.210
2606:4700:4400::ac40:9b77
2606:4700::6812:562a
2a02:26f0:3500:591::1e80
2a02:26f0:4700::17d4:6eb9
2a05:d014:f3c:6c02:209f:ae6c:3c6e:e3dd
34.248.79.79
63.140.62.17
07405b002bac345765f6de032ed07cac28e77745e73850bf4aed8f891822c37a
0be9fc1923bfa5bd67a699ff0f49420e460c09b27bcb63dd4d682a0fa2ef5b5a
0f03d4ff929986a3cde83681fd2560eae544f7138f59945ec6ec32c17800ca91
11c69167edad4aa2ac0c3def81f10e2caf7375ca37d9170e9277ac2cef39eb32
2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16
21aaea8d55693ea73c2e3d8afbf8358f3bfa56ae0d8a0abb07221a83373da2d5
229849a4c44505b2599f1a321b139fb5ab32d04a4e0f8d9844b1827e60b80d9f
2589fe281a342d19f8ddcd924727496b916202c4e42edb2553f25074746db938
2ac314870072e1aad5c1c2c1ebb9ba542bf1a9df18963c2c4f1d8fcab8711bde
2cc20824e35c6be438211ca8dcf0baa6b8e6df5473454d953a0c96d10eedae7e
2eceae481c2cda87ecdc8e65c8bbd62ddc9538144c42ff6c1cd720cd5781623c
351ba146db40e108b8dcbf0f9cc288d6cc19615020b2aeb1c0f508b79e78b93e
370df1cc8999c1e03fc1c5f7ced35334513d19233d1fc79d2c1c7f711361565d
38cfaeb6a3cb2cff2b9b11f9945838fd640ac7c0483e093239a29400c7d2ee66
3d6bc3dbcf9e2cf02f556ae8bd0936e8b62540189823df29c4f524c060bb8328
44fc655655fedce3141e358eabb02c39e838d48e6643b1c58c395adfc23757d2
452ee2471448cc6b716090a014cf7fc9cc515998bda9dcc334aa073a72a591e7
46ef912a5bf1fec350dc9d14102bcf1965471f16a57a890bdc5fc06bc4404370
4713f4e99bebe488012bb9f5ccbaa25d83f2ecec4dbfc2c71f81ad33df9d1c10
5072cb8f4c6522e91c53fa0b2c4a36a3aa078b5b78ac9d48f317649a055a1e1d
5b4c9abcf01dcf74e0adf075ff4d47464c62c84307ae5ebd115d45da70e6443d
5b7b4be8ed582776a1ad52eed0fe06afe968c34e31d566c473feb92ac6a270e0
5b7e10ef15a4fdfd73c69fa16e91aef21861455628f5ac87e72bb5f951e9976c
5f83323b31dd79cc7f9104b638a2706b0e12b6e521f48d21ba638b67279f4417
609ca44aa6a92944559e4d17e84e29651b391c6c3438184474fd67e602250e7d
61c4417c2b9d4cba0069ef57a404bd5d9c7a7e4c768f57747b1c084cb9b373ce
6277e3210b9fb4b3b4f0d452b7f91bda534fb23f8ecbe7f9b15dcdf85626cea6
6305f99e66b3ae3c375efe4b1128ab3dcdc2d66c63b97ba6b891096de9b20b9d
6bb4e76fdeac3f86fe514013ea4ec43b69cf824a9cb00b4d90ca33eb27df3712
706300e054788f930de76af585fc6511091289d01c65c440964ca6abb898e7dc
7525356100c5fdcb42d2917ec8cfac8ee52a671fff22c708b3df5a4fd82b2ea9
7a23e0e46e16f067271bc79c92a917c13769848457d16cdf109e4dc04c687e8f
7b1e74dd6970b56853dfd79e59ba73315051b0c59a69c6a9fd87e515650fdc80
7fc88a2ccff93251684fc0526a1ef83f6b65bccc949e449d86f4df1bf945da94
8109fbd42099eef3aed0564d81e4502bade4a64b6bd5174894f0f1e8019cd421
83201017e411b72434080a221b102049e9074e205d97f65219d2286abd683012
89905a0e0efe1119d95b1e69de27157b35b8043115708fa06eb74dc706568a7b
8998282f5a80fff5eaafdbd457dd7a81af0cd7c8696bfe032a6aeef8fe67f99f
8a84bc1c645bc2d9b6e41e4e8b4582c2dbd3569b51df5ecedc989410e6be8fe7
8b195a98b1a9fa227dd6712c4af7ccbd807baa4a4b21491d97dbc09c1e13798a
8d121b33124fce841c6927c1214d2aa4fe7e5c52629de45f68f325f749a5857d
8ff6ee1950e6f70a130f69e94e575f9d5f7c5de60be4be09311deedeb91e6d61
91b0809d8b9dc57eaa09cb0e13c210b24edfaeadb94a8cff0fee02751c1b0b5f
94633716497a85d800b6e573953942c4cfe483c0dbd68fa97fd01dd97ced5d66
9a54e6b1253d785972ccaab75a888119d13083bfb1f80343aef9454d5cd5bb6d
9ae293c59bba08f1a56f697a11015ee4b251b0f38c309f83c80d7f6e7369caa4
9c2bfadf1fe546bd3872bf81e8477e95faff0104f3b9b888bc47cff4ffe88a36
9cbf9589d98422a08f788b3863a74d1a27c3d92289f8829620c4d8925b967b94
a036dd51b9d09070b4cb8eaa91c1a5abac51f7027e9741c79343a35411be739c
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a4b0a228372854369707f452fb9124e5bc34319c8c3323b5379111ac9ba4bac6
ae7d18a41edd5f27e717f872a1113addddbf1553e00b3db1baefa99b68fda302
b124eed22afdf03abf94714c7632d5f462c0fca7725d014a4469f3b4a0f1083d
b133508601dd82610cda75ed20bc034dd90b459dcd74b8b44e75998e38d19477
b1f2ae334af070d125d40384f552c22769aef580fc8ebf658939f8bcd7f08d33
b3bce010c0f5a7c24a82ae511194baf67bf8c2cee737a3a118f6b9590d322b15
b66a76be051ae670f5c2786172af1a704f1ecdb15aea3c3402fb42b9e5470598
b97c99a69a6275c8f90703cd4c0864089a74fd08383a1cc75a8a4d0c2cb60cce
c3a522b15c8dd585c2cb4e503fdce8145d08a8eccb0e2cd7138864bba293c843
c6c7eafdd4ce7cbca90175e42e4d11a9ebcfaed70b6471572a0d3d0ae7dde57f
cfbffc5a6b6598cb0bf93565da00397f881e0198bf2f24c8d963e4c7cfb45abf
d18b3c9feb76c3c1cfdcc51c732f113327e3c33fb3f63b479951f7da6ed1216f
d2ac7d5402f2266e77a525cf70164ad40fb86b0981530cad5af3e3610a209768
d2afd46ac58cd7e89b3fdfd790300d69034e94151ed45acf83d7b6d5dccfdb17
d98bf7483812de53be541b21b22b1cc519065b76ed31780f33bf8254e688812f
da9671920127171a9289888088dc3d9f3b62f2af8c3ac142f456faa1d49eccda
db058d72d7ba8ff6ed7209af23a4458c373cc78f72c81ec1df88bb5de72a0b0b
e5873dbdaa376d924cfa4b2ba4b1622d4e6e483866e2b7bc24ef3007ff5960e7
e708a54b75ed6fd1fe7886153e485c91697f1ab440feed4efd10262575b7e7cb
e8f00eb416ad5af6f4524e1b7efd086a2244bf48757eee0fbdf583c20afa1dad
ec58ceb768e02c31b87f084fbe10f719b0c42d29c98fcca298688768c6f899e2
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f188b1683849ebab2c42aa623674d573d89c3a8b8a533f4e2ec35fe7a9e8000e
f2771985061ab617dd696611136d31d58dba565372eaf86c562d59d8bae3fd9d
f413fffc1709e2f33cd8032c400c3f306322939cfe4c787b52959dfb29313d44
f8f726a217af8471c5c0e2c11fca16865b7dc42485185311fcbfa0603a4f7120
f90b5ef7baa9dfccda582eb0ec80a2e2848cd5b3edc866629cda33cf4ff6df48
f9b2aaabab92d9c63930432351fa3f5aa634fcb5db31b039e23465f8b4bd5a68
fd688f7a638dad7a8d7c394f5443ed8ccb3158d4555937c1e0f51546b2fc9612
fd9f918bd5a22813d48748b8c79e2acaeeb590d217575e0d79d734cba9de7736
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a