securityonline.info Open in urlscan Pro
2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Public Scan

Go To Rescan
Add Verdict Report

URL:
https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/
Submission: On December 17 via api (December 17th 2024, 1:53:17 pm UTC) from IN — Scanned from ES

Summary HTTP 58 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 13 IPs in 3 countries across 9 domains to perform 58 HTTP transactions. The main IP is 2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is securityonline.info.
TLS certificate: Issued by E5 on December 13th 2024. Valid for: 3 months.

This is the only time securityonline.info was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
9	2a05:d014:776... 2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d	16509 (AMAZON-02) (AMAZON-02)
7	172.67.199.186 172.67.199.186	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
1	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
3	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:810::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:81c::200a	15169 (GOOGLE) (GOOGLE)
10	2606:4700:303... 2606:4700:3035::6815:19f9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	172.67.74.235 172.67.74.235	13335 (CLOUDFLAR...) (CLOUDFLARENET)
19	172.67.170.144 172.67.170.144	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	142.250.186.99 142.250.186.99	15169 (GOOGLE) (GOOGLE)
1	142.250.185.234 142.250.185.234	15169 (GOOGLE) (GOOGLE)
58	13

9 2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

securityonline.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 172.67.199.186 (United States)

ASN13335 (CLOUDFLARENET, US)

privacy.gatekeeperconsent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
the.gatekeeperconsent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

go.ezodn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
g.ezodn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81c::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2606:4700:3035::6815:19f9 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn-0.securityonline.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.67.74.235 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.sur.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 172.67.170.144 (United States)

ASN13335 (CLOUDFLARENET, US)

www.ezojs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.99 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.234 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	ezojs.com www.ezojs.com — Cisco Umbrella Rank: 16114	57 KB
19	securityonline.info securityonline.info cdn-0.securityonline.info	325 KB
7	gatekeeperconsent.com privacy.gatekeeperconsent.com — Cisco Umbrella Rank: 35054 the.gatekeeperconsent.com — Cisco Umbrella Rank: 14028	137 KB
4	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 415 fonts.googleapis.com — Cisco Umbrella Rank: 29	33 KB
3	ezodn.com go.ezodn.com — Cisco Umbrella Rank: 11915 g.ezodn.com — Cisco Umbrella Rank: 16468	274 KB
2	gstatic.com fonts.gstatic.com	24 KB
2	sur.ly cdn.sur.ly — Cisco Umbrella Rank: 253748	20 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	105 KB
1	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 218	33 KB
58	9

	Domain	Requested by
19	www.ezojs.com	securityonline.info
10	cdn-0.securityonline.info	securityonline.info
9	securityonline.info	securityonline.info www.ezojs.com
6	the.gatekeeperconsent.com	securityonline.info the.gatekeeperconsent.com www.ezojs.com
3	fonts.googleapis.com	securityonline.info cdn.sur.ly
2	fonts.gstatic.com	fonts.googleapis.com
2	cdn.sur.ly	securityonline.info
2	go.ezodn.com	securityonline.info
1	g.ezodn.com	securityonline.info
1	www.googletagmanager.com	securityonline.info
1	securepubads.g.doubleclick.net	securityonline.info
1	ajax.googleapis.com	securityonline.info
1	privacy.gatekeeperconsent.com	securityonline.info
58	13

This site contains links to these domains. Also see Links.

Domain
www.rapid7.com
www.twitter.com
www.linkedin.com
www.youtube.com
www.facebook.com
github.com
meterpreter.org
securityexpress.info
paypal.me
sur.ly
g.ezoic.net

Subject Issuer	Validity	Valid
securityonline.info E5	`2024-12-13` - `2025-03-13`	3 months	crt.sh
gatekeeperconsent.com WE1	`2024-10-19` - `2025-01-17`	3 months	crt.sh
upload.video.google.com WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
ezodn.com WE1	`2024-12-15` - `2025-03-15`	3 months	crt.sh
*.google-analytics.com WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
cdn-0.securityonline.info WE1	`2024-11-27` - `2025-02-25`	3 months	crt.sh
sur.ly WE1	`2024-12-01` - `2025-03-01`	3 months	crt.sh
www.ezojs.com WE1	`2024-10-27` - `2025-01-25`	3 months	crt.sh
*.gstatic.com WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/
Frame ID: 4A5EA463BC54D0BDBA53F49E88C70E4A
Requests: 61 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Modular Java Backdoor Emerges in Cleo Exploitation Campaign (CVE-2024-50623)

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Underscore.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

underscore.*\.js(?:\?ver=([\d.]+))?

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

58
Requests

100 %
HTTPS

42 %
IPv6

9
Domains

13
Subdomains

13
IPs

3
Countries

1008 kB
Transfer

2899 kB
Size

1
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://www.rapid7.com/blog/post/2024/12/11/etr-modular-java-backdoor-dropped-in-cleo-exploitation-campaign/
Title: explained

Search URL Search Domain Scan URL

URL: https://www.twitter.com/the_yellow_fall

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/do-van-son-892a06265/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/penetrationtestingwithddos

Search URL Search Domain Scan URL

URL: https://www.facebook.com/DdoS-109131310571187/

Search URL Search Domain Scan URL

URL: https://github.com/FreelancePentester

Search URL Search Domain Scan URL

URL: https://meterpreter.org/
Title: Penetration Testing Tools

Search URL Search Domain Scan URL

URL: https://securityexpress.info/
Title: The Information Technology Daily

Search URL Search Domain Scan URL

URL: https://paypal.me/donatesecurityonline

Search URL Search Domain Scan URL

URL: https://sur.ly/i/securityonline.info/
Title: securityonline.info

Search URL Search Domain Scan URL

URL: https://sur.ly/
Title: Sur.ly

Search URL Search Domain Scan URL

URL: https://g.ezoic.net/privacy/securityonline.info
Title: Enlace de políticas de privacidad

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

58 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/ 100 KB
24 KB 466ms
288ms Document
text/html 2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

8aee7c3fb895dd12e91f88722bda0da1bcabd7d0a7e7d27a252b88c814c67c36

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control: private, max-age=0, must-revalidate, no-cache, no-store
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 17 Dec 2024 13:53:12 UTC
display: pub_site_sol
expires: Mon, 16 Dec 2024 13:53:12 GMT
link: <https://securityonline.info/wp-json/>; rel="https://api.w.org/", <https://securityonline.info/wp-json/wp/v2/posts/97577>; rel="alternate"; title="JSON"; type="application/json", <https://securityonline.info/?p=97577>; rel=shortlink
pagespeed: off
response: 200
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding,User-Agent
x-ez-minify-html: 9.52% 91995 / 101671
x-ezoic-cdn: Hit d2;ms;ace7c8c532ed326ac587aed66f7983b8;2-124533-157;RiyJx1de9bv8tYTrNIL-I
x-middleton-display: pub_site_sol
x-middleton-response: 200
x-origin-cache-control
x-pingback: https://securityonline.info/xmlrpc.php
x-sol: pub_site

GET
H3 200 tcf2_stub.js Show response
privacy.gatekeeperconsent.com/ 1 KB
1 KB 119ms
64ms Script
application/javascript 172.67.199.186
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://privacy.gatekeeperconsent.com/tcf2_stub.js
Requested by: Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.199.186 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 925beb768cc9209c0f4de784f15d6c1dde72232c5b457cb186fdea749d07eae8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/

Response headers

cache-control: max-age=15780000, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AIU6dAedt0GiPZo1LFlGdi5SfsGDfMgYqWtFjE74FvfHgXGFpTsBS4G8HIeG3L95cxxlJeH04s8jb4VBQc%2FrhSIy52JseUEndZ2qkilA438R4YAeY2RRZ4Yx%2BytDfOdnJXwrVGeIh6NFWC%2B7L0T64w%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8f3765e569c1cc38-MAD
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=41678&min_rtt=41676&rtt_var=15632&sent=10&recv=7&lost=0&retrans=0&sent_bytes=4122&recv_bytes=4271&delivery_rate=77162&cwnd=12000&unsent_bytes=0&cid=9103629836685162&ts=67&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 17 Dec 2024 13:53:12 GMT
content-type: application/javascript
vary: Accept-Encoding
server: cloudflare
priority: u=1,i=?0

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.6.0/ 87 KB
31 KB 249ms
79ms Script
text/javascript 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js

Requested by

Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/

Response headers

content-encoding: gzip
age: 16645
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
x-content-type-options: nosniff
expires: Wed, 17 Dec 2025 09:15:47 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 17 Dec 2024 09:15:47 GMT
last-modified: Wed, 10 Mar 2021 14:28:09 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
accept-ranges: bytes
access-control-allow-origin: *
content-length: 31017
x-xss-protection: 0
server: sffe

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 105 KB
33 KB 216ms
86ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

3e2dc943e74b338ab3af4caaff08fe4307d6f914fcee9c60a29b873b445eefcd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/

Response headers

content-encoding: br
etag: 26 / 20074 / m202412090101 / config-hash: 16775640167977932469
x-content-type-options: nosniff
expires: Tue, 17 Dec 2024 13:53:12 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Tue, 17 Dec 2024 13:53:12 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 33963
x-xss-protection: 0
server: cafe

GET
H3 200 dall.js Show response
go.ezodn.com/hb/ 708 KB
232 KB 117ms
62ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/hb/dall.js?cb=195-2-111
Requested by: Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b040f67d7ee2041edd4110bcc00c7db68d2c7d495f9b95727a4c5b8cb929b231

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/

Response headers

cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: HIT
age: 1681747
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bk%2Ba8UIJJYLrvoSueEcBBm24opBEr3eEprJedM%2BJNgic4TokYCE4Of3QAuc0mhksg%2BS%2BrPaFaaxRU%2FCS3s0JYvqJQ2BqUA5tzg44MjDbSzwI3xMh9deZn0Dyh1fbs24%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8f3765e56bd5e08f-MAD
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=42772&min_rtt=42375&rtt_var=16174&sent=9&recv=7&lost=0&retrans=0&sent_bytes=4055&recv_bytes=4265&delivery_rate=77077&cwnd=12000&unsent_bytes=0&cid=6a4cbfb0c12f4a1c&ts=65&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 17 Dec 2024 13:53:12 GMT
content-type: application/javascript
vary: Accept-Encoding
server: cloudflare
last-modified: Thu, 14 Nov 2024 19:34:11 GMT
priority: u=1,i=?0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 310 KB
105 KB 229ms
86ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-MVCLJGE8T6

Requested by

Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8b2bfebe058b0b39e6889aff0590c59a05904d2e74393bf829595a0bc367b6b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Tue, 17 Dec 2024 13:53:13 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 17 Dec 2024 13:53:13 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 107146
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 css
fonts.googleapis.com/ 417 B
766 B 251ms
114ms Stylesheet
text/css 2a00:1450:4001:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Antic+Slab:regular&display=optional

Requested by

Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

23bfcda874b9fc0054dabaafae0c0668a78af7f60a3fc362ea33034d5d318ae8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Tue, 17 Dec 2024 13:53:12 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 17 Dec 2024 13:53:12 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Tue, 17 Dec 2024 13:53:12 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 wgs2.css
cdn-0.securityonline.info/wp-content/plugins/wp-google-search/ 3 KB
1 KB 310ms
149ms Stylesheet
text/css 2606:4700:3035::6815:19f9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-0.securityonline.info/wp-content/plugins/wp-google-search/wgs2.css?ezmin=true&ff=1&ver=6.7.1&wps=false&ez_used_css_s=119
Requested by: Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:19f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fd6261240ed0f12a5cc73e1a74452182697f4b09560cdfbb3b2f17e0659a2f7f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/

Response headers

content-encoding: gzip
cf-cache-status: MISS
etag: W/"62eaa675-a60-gzip"
x-middleton-response: 200
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ex76PW6iRUzAZ9pLKaRHL3FHnxX612xj9FkN1SdnvCMdU7tCk9vivZcO2qI2eIxB9w30F2DZjVVRpHfVxQlHyoHLCUE0MvU2AugvSC%2Fch6XOikGhxHbgamyivbazvrTSi7b%2B36Wa%2F1aP4vh%2FuKibHWMmvrVK1STt"}],"group":"cf-nel","max_age":604800}
response: 200
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=46634&min_rtt=41000&rtt_var=11629&sent=34&recv=21&lost=0&retrans=0&sent_bytes=23904&recv_bytes=2847&delivery_rate=287414&cwnd=257&unsent_bytes=0&cid=06ab916a8ffcc156&ts=151&x=0"
date: Tue, 17 Dec 2024 13:53:12 GMT
x-middleton-display: staticcontent_sol, orig_site_sol
content-type: text/css
last-modified: Wed, 03 Aug 2022 16:46:45 GMT
x-ezoic-cdn: Hit d2;mm;9df51fa0c39f1fd3877c029121c4b3e6;2-124533-157;gi8iBVLsdztxH7_sU4cqx
display: staticcontent_sol, orig_site_sol
vary: Accept-Encoding,User-Agent,Origin
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: public
x-sol: orig
cf-ray: 8f3765e67c64ec89-MAD
x-origin-cache-control: max-age=2592000
server: cloudflare

GET
H2 200 style.min.css
cdn-0.securityonline.info/wp-includes/css/dist/block-library/ 3 KB
2 KB 336ms
175ms Stylesheet
text/css 2606:4700:3035::6815:19f9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-0.securityonline.info/wp-includes/css/dist/block-library/style.min.css?ezmin=true&ff=1&ver=6.7.1&wps=false&ez_used_css_s=119
Requested by: Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:19f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 509c249a522387df5fbf91bcdadd6a720fe75669654be1318af004bc7ea581f8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/

Response headers

content-encoding: gzip
cf-cache-status: MISS
etag: W/"673bdd27-1c012-gzip"
x-middleton-response: 200
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f%2BB7M0hJsowo1QNa7yrcQ5UecdnPBxgMcZpbMQFp8o7oHK01IfVlCdRNIheEvP2fPlcK66VBciwDGZ6yxjlHtCNZxf5RcnqfsZ61OBwEpnzK3s%2B5r5vEsujHdDwrTWpOAfNHefS%2Ba3zG3CZJaKLtd18WziQVuIhm"}],"group":"cf-nel","max_age":604800}
response: 200
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=45064&min_rtt=41000&rtt_var=1195&sent=37&recv=32&lost=0&retrans=0&sent_bytes=25358&recv_bytes=2847&delivery_rate=287414&cwnd=257&unsent_bytes=0&cid=06ab916a8ffcc156&ts=178&x=0"
date: Tue, 17 Dec 2024 13:53:12 GMT
x-middleton-display: staticcontent_sol, orig_site_sol
content-type: text/css
last-modified: Tue, 19 Nov 2024 00:34:47 GMT
x-ezoic-cdn: Hit d2;mm;1d5e4e575b1fd1c27787a718da22d39d;2-124533-157;Jwlu6Pkw7yk_yIoytIPvR
display: staticcontent_sol, orig_site_sol
vary: Accept-Encoding,User-Agent,Origin
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: public
x-sol: orig
cf-ray: 8f3765e67c65ec89-MAD
x-origin-cache-control: max-age=2592000
server: cloudflare

GET
H2 200 hph-front.min.css
cdn-0.securityonline.info/wp-content/themes/hueman-pro/addons/assets/front/css/ 3 KB
1 KB 277ms
116ms Stylesheet
text/css 2606:4700:3035::6815:19f9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-0.securityonline.info/wp-content/themes/hueman-pro/addons/assets/front/css/hph-front.min.css?ezmin=true&ff=1&ver=1.4.29&wps=false&ez_used_css_s=119
Requested by: Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:19f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1994d6de24d0effc59c81c0a86f223027144e10ca0f416e0ab3ecb7e5a10be0b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/

Response headers

content-encoding: gzip
cf-cache-status: MISS
etag: W/"675a5986-38d1-gzip"
x-middleton-response: 200
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sDqZWSQZ9tWnieapIMkDeP5Y9RODH911vt%2BckRVGqyOy6C8G6Ugg2oPUKUFN0GK5g7Ht2KgglIhKH0jPcInoCPaYFsM51jNbbfFdRrBF7ZxeVzX0f3CfiYQMCuEQGAwzOx%2FtoLJB%2FQGsl1gMe8Tlmc546KXqW8FR"}],"group":"cf-nel","max_age":604800}
response: 200
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=41606&min_rtt=41000&rtt_var=2098&sent=20&recv=20&lost=0&retrans=0&sent_bytes=12485&recv_bytes=2847&delivery_rate=287414&cwnd=257&unsent_bytes=0&cid=06ab916a8ffcc156&ts=119&x=0"
date: Tue, 17 Dec 2024 13:53:12 GMT
x-middleton-display: staticcontent_sol, orig_site_sol
content-type: text/css
last-modified: Thu, 12 Dec 2024 03:33:26 GMT
x-ezoic-cdn: Hit d2;mm;0b853c32519d2969ab738e3656983605;2-124533-157;BDOgThoO7LpcWvu_2Afoc
display: staticcontent_sol, orig_site_sol
vary: Accept-Encoding,User-Agent,Origin
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: public
x-sol: orig
cf-ray: 8f3765e67c63ec89-MAD
x-origin-cache-control: max-age=2592000
server: cloudflare

GET
H2 200 main.min.css
cdn-0.securityonline.info/wp-content/themes/hueman-pro/assets/front/css/ 46 KB
9 KB 290ms
129ms Stylesheet
text/css 2606:4700:3035::6815:19f9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-0.securityonline.info/wp-content/themes/hueman-pro/assets/front/css/main.min.css?ezmin=true&ff=1&ver=1.4.29&wps=false&ez_used_css_s=119
Requested by: Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:19f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 86442bdb7632a879189f0f6423e5a9ad866fee974d4624b07bb959ff7d09ac7c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/

Response headers

content-encoding: gzip
cf-cache-status: MISS
etag: W/"675a5987-17060-gzip"
x-middleton-response: 200
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1M%2BohIllSmLDVRAWk4i7Af9uvmK9oynBu%2FcbRO5baoAsgeYYvBtBInDpETF%2Fx%2B%2F72dljTo061BNfw2wl0W2Rj4bmBeigEg1eekKpM40lkdyEn8xQuv0eJr%2BordD0kDO5B%2BpGx5sRX0f%2FpUfYxcC6ORGVNMqYi8E3"}],"group":"cf-nel","max_age":604800}
response: 200
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=41606&min_rtt=41000&rtt_var=2098&sent=23&recv=20&lost=0&retrans=0&sent_bytes=13984&recv_bytes=2847&delivery_rate=287414&cwnd=257&unsent_bytes=0&cid=06ab916a8ffcc156&ts=132&x=0"
date: Tue, 17 Dec 2024 13:53:12 GMT
x-middleton-display: staticcontent_sol, orig_site_sol
content-type: text/css
last-modified: Thu, 12 Dec 2024 03:33:27 GMT
x-ezoic-cdn: Hit d2;mm;90c2cf1e0e7aebacd3f6efec66bf38e3;2-124533-157;IXEosqPJcIoc9gj_fC9xJ
display: staticcontent_sol, orig_site_sol
vary: Accept-Encoding,User-Agent,Origin
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: public
x-sol: orig
cf-ray: 8f3765e67c5eec89-MAD
x-origin-cache-control: max-age=2592000
server: cloudflare

GET
H2 200 fa-brands-400.woff2
securityonline.info/wp-content/themes/hueman-pro/assets/front/webfonts/ 77 KB
77 KB 86ms
86ms Font
application/octet-stream 2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://securityonline.info/wp-content/themes/hueman-pro/assets/front/webfonts/fa-brands-400.woff2?v=5.15.2

Requested by

Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

529d0a7b3944929222155bca3272ba1a87acc2faa09b2ed26a713872b7ff8794

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://securityonline.info
Referer: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/

Response headers

access-control-max-age: 1728000
etag: "675a5987-13288-gzip"
x-middleton-response: 200
access-control-allow-methods: POST, GET, OPTIONS
response: 200
date: Tue, 17 Dec 2024 13:53:12 UTC
x-middleton-display: staticcontent_sol
content-type: application/octet-stream
last-modified: Thu, 12 Dec 2024 03:33:27 GMT
x-ezoic-cdn: Hit d2;mm;e2bb34d0a5c1b277a17f2a048f975603;2-124533-157;E_v3hDo6AJxFzLAtbsGrx
display: staticcontent_sol
vary: Accept-Encoding,User-Agent,Origin
strict-transport-security: max-age=31536000
cache-control: public, max-age=2592000
access-control-allow-origin: https://securityonline.info
x-origin-cache-control
server: nginx

GET
H2 200 fa-regular-400.woff2
securityonline.info/wp-content/themes/hueman-pro/assets/front/webfonts/ 13 KB
13 KB 160ms
160ms Font
application/octet-stream 2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://securityonline.info/wp-content/themes/hueman-pro/assets/front/webfonts/fa-regular-400.woff2?v=5.15.2

Requested by

Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

b3b8c21edfe6c5e402fdc607366fd8d15949a65914f58134733dc68922bc8d61

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://securityonline.info
Referer: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/

Response headers

access-control-max-age: 1728000
etag: "675a5987-3514-gzip"
x-middleton-response: 200
access-control-allow-methods: POST, GET, OPTIONS
response: 200
date: Tue, 17 Dec 2024 13:53:12 UTC
x-middleton-display: staticcontent_sol
content-type: application/octet-stream
last-modified: Thu, 12 Dec 2024 03:33:27 GMT
x-ezoic-cdn: Hit d2;mm;ee09e65548cdb191bf8a004736c11aca;2-124533-157;d_CmSrNhOrAW-8WJN2kkp
display: staticcontent_sol
vary: Accept-Encoding,User-Agent,Origin
strict-transport-security: max-age=31536000
cache-control: public, max-age=2592000
access-control-allow-origin: https://securityonline.info
x-origin-cache-control
server: nginx

GET
H2 200 fa-solid-900.woff2
securityonline.info/wp-content/themes/hueman-pro/assets/front/webfonts/ 78 KB
79 KB 161ms
161ms Font
application/octet-stream 2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://securityonline.info/wp-content/themes/hueman-pro/assets/front/webfonts/fa-solid-900.woff2?v=5.15.2

Requested by

Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

6c916669cf923b4f1b2db5c5107c83b6ca205e7ad0dcd840b251e63f0c8d28a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://securityonline.info
Referer: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/

Response headers

access-control-max-age: 1728000
etag: "675a5987-1397c-gzip"
x-middleton-response: 200
access-control-allow-methods: POST, GET, OPTIONS
response: 200
date: Tue, 17 Dec 2024 13:53:12 UTC
x-middleton-display: staticcontent_sol
content-type: application/octet-stream
last-modified: Thu, 12 Dec 2024 03:33:27 GMT
x-ezoic-cdn: Hit d2;mm;46fb3c811b44f0a8c3740b5e8b79dee6;2-124533-157;QFtQEGsq5sXKZM5AiBBFd
display: staticcontent_sol
vary: Accept-Encoding,User-Agent,Origin
strict-transport-security: max-age=31536000
cache-control: public, max-age=2592000
access-control-allow-origin: https://securityonline.info
x-origin-cache-control
server: nginx

GET
H3 200 cmp.js Show response
the.gatekeeperconsent.com/v2/ 150 KB
38 KB 69ms
60ms Script
text/javascript 172.67.199.186
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://the.gatekeeperconsent.com/v2/cmp.js?v=295
Requested by: Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.199.186 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9202936bc04f3327103c738638ba5f8190401d36f96fa749913219bbc8053663

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/

Response headers

server: cloudflare
cache-control: public, max-age=15780000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cf-cache-status: HIT
age: 1595979
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OqFfgQrrpM%2FoQf0N3oTu2JVJlEKpxis7r%2FihRn91RkFkMCHEuDWBUeP87YkWukmPEFxzyyHUYqvKeh0euocltgip6O2syW4geU2akXy%2BH1jazmLh2oYfJYIcNxYVMfZvL7eOmSFAHgGjw0fP"}],"group":"cf-nel","max_age":604800}
cf-ray: 8f3765e7ac87cc38-MAD
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=43585&min_rtt=40149&rtt_var=9210&sent=15&recv=12&lost=0&retrans=0&sent_bytes=5669&recv_bytes=4722&delivery_rate=35812&cwnd=12000&unsent_bytes=0&cid=9103629836685162&ts=426&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 17 Dec 2024 13:53:12 GMT
content-type: text/javascript; charset=utf-8
last-modified: Tue, 19 Nov 2024 21:26:00 GMT
vary: Accept-Encoding
priority: u=3,i=?0

GET
H3 200 surly-badges.min.css
cdn.sur.ly/widget-awards/css/ 17 KB
3 KB 113ms
52ms Stylesheet
text/css 172.67.74.235
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.sur.ly/widget-awards/css/surly-badges.min.css
Requested by: Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.74.235 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 709db6c0f6bdf9ceb176a43adf30eb1be65c0b2b1f7130d203133e4af06a2651

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"62a6bbbc-4517"
age: 1336655
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Aywok7avULzqIRcd%2BjLw3wxGDMQ%2Bj3EveZ8%2Fmhgxri10MrVux32vFTiKFn2i9gFuUsEcJ%2FLql7NSgS6k%2Bzi9KlV1YIkvTbuO05UgqvwNGxuU7nY%2BG9Z8l2CSn4g%3D"}],"group":"cf-nel","max_age":604800}
expires: Sat, 28 Dec 2024 07:32:13 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=41980&min_rtt=41975&rtt_var=15750&sent=10&recv=7&lost=0&retrans=0&sent_bytes=4250&recv_bytes=4289&delivery_rate=76019&cwnd=12000&unsent_bytes=0&cid=774da82832c4b75f&ts=58&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 17 Dec 2024 13:53:12 GMT
content-type: text/css
last-modified: Mon, 13 Jun 2022 04:23:24 GMT
vary: Accept-Encoding
priority: u=0,i=?0
cache-control: max-age=2592000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f3765e5db44c912-MAD
server: cloudflare

GET
H2 200 underscore.min.js Show response
cdn-0.securityonline.info/wp-includes/js/ 18 KB
8 KB 211ms
52ms Script
application/javascript 2606:4700:3035::6815:19f9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-0.securityonline.info/wp-includes/js/underscore.min.js?ver=1.13.7
Requested by: Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:19f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5152316fade8c592fbfd38bc491e059464d967d3d31a582b0c885c0961deed30

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"673bdd27-49be-gzip"
age: 27145
x-middleton-response: 200
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lX2JRKXkMuSOZoDUVpjo%2F87VrXevkKb2AW5xRqZzrnJV5g37IsLhQ5wKESrPZKcarN%2BhpCF2CyFiP%2BFtpidBn97eY198tCux3r4rTJRnjt1z24Mrk6jWIk%2BedDvI8wLYMAcYllww1r5Z4b%2FZLrlYfQTNMw%2BLei%2Fj"}],"group":"cf-nel","max_age":604800}
response: 200
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=42052&min_rtt=41370&rtt_var=9425&sent=9&recv=14&lost=0&retrans=0&sent_bytes=3999&recv_bytes=2816&delivery_rate=97626&cwnd=252&unsent_bytes=0&cid=06ab916a8ffcc156&ts=57&x=0"
date: Tue, 17 Dec 2024 13:53:12 GMT
x-middleton-display: staticcontent_sol, orig_site_sol
content-type: application/javascript
last-modified: Tue, 19 Nov 2024 00:34:47 GMT
x-ezoic-cdn: Hit d2;mm;994c2cb702654a2da393ffa3422be970;2-124533-157;x7VzpQEp1VYokQvMmleww
display: staticcontent_sol, orig_site_sol
vary: Accept-Encoding,User-Agent,Origin
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: public
x-sol: orig
cf-ray: 8f3765e67c66ec89-MAD
x-origin-cache-control: max-age=2592000
server: cloudflare

GET
H3 200 v.js Show response
g.ezodn.com/cmp/v2/ 4 KB
2 KB 67ms
58ms Script
text/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezodn.com/cmp/v2/v.js?v=4
Requested by: Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bb947597b409a7f8b7c3751c6defa7208a7b55881c09387bcf5be94572dbf633

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/

Response headers

server: cloudflare
cache-control: public, max-age=15780000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: HIT
age: 1835643
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uZ7NYRgPRbipFJqm%2FNQLt%2FpaHVRq%2FOwDg6wCrlT6cSwH4MOUpAWk9J9Mt63tBGt6NfoRXCT5E8ONeyzPy3eS2FcOAxTv3G3ot%2FRRpN7XQcD7RLZVkVep4ic5YU0BUw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8f3765e7ad67e08f-MAD
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=42811&min_rtt=40094&rtt_var=1696&sent=219&recv=70&lost=0&retrans=0&sent_bytes=247559&recv_bytes=7262&delivery_rate=1756649&cwnd=115500&unsent_bytes=0&cid=6a4cbfb0c12f4a1c&ts=422&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 17 Dec 2024 13:53:12 GMT
content-type: text/javascript; charset=utf-8
last-modified: Tue, 19 Nov 2024 14:47:56 GMT
vary: Accept-Encoding
priority: u=3,i=?0

GET
H3 200 boise.js Show response
www.ezojs.com/detroitchicago/ 824 B
1 KB 113ms
51ms Script
application/javascript 172.67.170.144
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ezojs.com/detroitchicago/boise.js?gcb=195-2&cb=5
Requested by: Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.170.144 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a4fafcd389d58bbd82e49d9a68e81e9dc8384330ff14ec3283a4d0d11812047b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/

Response headers

x-robots-tag: noindex
content-encoding: gzip
cf-cache-status: HIT
age: 1680393
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CHumiDfee0VZRfk6xV8MSguBbXllDkN5BvM%2FIqvW4nStKyiqmUBUD2shd3kZ43qjAzK%2BDVscVxvS2wMxXIP%2BWm2MczbaFzPKfdEFFEu28dfpq7gKJ1S85JH2fC4WwJfZ"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=39202&min_rtt=39183&rtt_var=14707&sent=15&recv=10&lost=0&retrans=0&sent_bytes=9496&recv_bytes=5110&delivery_rate=85635&cwnd=12000&unsent_bytes=0&cid=aa75b0688e2afa55&ts=54&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 17 Dec 2024 13:53:12 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding
last-modified: Sat, 09 Nov 2024 03:44:51 GMT
priority: u=3,i=?0
cache-control: max-age=31536000, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f3765e7fe4ff767-MAD
server: cloudflare

GET
H3 200 abilene.js Show response
www.ezojs.com/parsonsmaize/ 11 KB
4 KB 153ms
92ms Script
application/javascript 172.67.170.144
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ezojs.com/parsonsmaize/abilene.js?gcb=195-2&cb=0db397a922
Requested by: Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.170.144 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 03ac47569a4c49af3204edc42f44be039d22bffa1ce769c53fc90defb3b7e34d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/

Response headers

x-robots-tag: noindex
content-encoding: gzip
cf-cache-status: HIT
age: 1708117
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AOgdvWExOsWyXeU2e0CpUSae561gbtrkRVOOmi%2Bd%2F27yUNqHjc5EFOR3pjeE%2BG7n%2FDrIJuKaYgQOQnLXA5ND96ds0mw9Q%2FrsBRMz6oqbIwE8ilQ3rg7RZZ2e7MpOT7vA"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=39202&min_rtt=39183&rtt_var=14707&sent=22&recv=10&lost=0&retrans=0&sent_bytes=15565&recv_bytes=5110&delivery_rate=85635&cwnd=12000&unsent_bytes=0&cid=aa75b0688e2afa55&ts=57&x=1", cfExtPri, cfHdrFlush;dur=37
date: Tue, 17 Dec 2024 13:53:12 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 27 Nov 2024 19:24:11 GMT
priority: u=3,i=?0
cache-control: max-age=31536000, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f3765e7fe51f767-MAD
server: cloudflare

GET
H3 200 tulsa.js Show response
www.ezojs.com/detroitchicago/ 13 KB
5 KB 112ms
51ms Script
application/javascript 172.67.170.144
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ezojs.com/detroitchicago/tulsa.js?gcb=195-2&cb=9
Requested by: Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.170.144 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf9d6d0b36c4e43bb90e28078c16ba093457e2bea78030d65502f9ca66a0f85b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/

Response headers

x-robots-tag: noindex
content-encoding: gzip
cf-cache-status: HIT
age: 2312923
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pDKr%2BJ6J%2BuJH8TdD2IWuLfRbSt2u%2Fj3453NCA46IVKTofV1IhylZfqPP%2BpATjoiNUbVJTZG3jQvh0Fb%2FnZ7LJRNYwxBhf%2Bmtr0kB6D56tk9uYKZboTyDXrWeFSIYYqnx"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=39202&min_rtt=39183&rtt_var=14707&sent=10&recv=10&lost=0&retrans=0&sent_bytes=4147&recv_bytes=5110&delivery_rate=85635&cwnd=12000&unsent_bytes=0&cid=aa75b0688e2afa55&ts=54&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 17 Dec 2024 13:53:12 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 06 Nov 2024 04:43:11 GMT
priority: u=3,i=?0
cache-control: max-age=31536000, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f3765e7fe4ef767-MAD
server: cloudflare

POST
H2 200 analytics Show response
securityonline.info/ezais/ 8 KB
3 KB 80ms
78ms XHR
text/plain 2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/ezais/analytics?cb=1
Requested by: Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache/2.4.39 (Ubuntu) /
Resource Hash: c30310a271e34a6346bb7f22c58bb34d894291a8b3fe6ea3d4a6bebf8c0c7680

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/

Response headers

x-robots-tag: noindex
access-control-max-age: 1728000
content-encoding: br
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-allow-origin: https://securityonline.info
date: Tue, 17 Dec 2024 13:53:12 GMT
content-type: text/plain; charset=utf-8
vary: Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
server: Apache/2.4.39 (Ubuntu)
access-control-allow-headers: Content-Type

GET
H3 200 lazy_load.js Show response
www.ezojs.com/tardisrocinante/ 14 KB
6 KB 114ms
53ms Script
application/javascript 172.67.170.144
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ezojs.com/tardisrocinante/lazy_load.js?gcb=2&cb=6
Requested by: Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.170.144 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8dd170013a5961d8e5cecfe293b157f2c27f21cc341997168764478e1c3b49a0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/

Response headers

x-robots-tag: noindex
content-encoding: gzip
cf-cache-status: HIT
age: 1836992
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zu9tq3bwnbEzuf0af0ZikhNtCvA2LXQgVlwBFA73QCrDElUp8XHvyrNSNMrljtAE834OBsDHQ5%2B5gQM0MDK6ZXm0krn4nq8nyQvZTcmMHBV11JwzSzHRslEqTweAOcKy"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=39202&min_rtt=39183&rtt_var=14707&sent=17&recv=10&lost=0&retrans=0&sent_bytes=10726&recv_bytes=5110&delivery_rate=85635&cwnd=12000&unsent_bytes=0&cid=aa75b0688e2afa55&ts=54&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 17 Dec 2024 13:53:12 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 05 Nov 2024 04:35:29 GMT
priority: u=3,i=?0
cache-control: max-age=31536000, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f3765e7fe4cf767-MAD
server: cloudflare

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
662 B 74ms
74ms Stylesheet
text/css 2a00:1450:4001:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Oswald&display=swap

Requested by

Host: cdn.sur.ly
URL: https://cdn.sur.ly/widget-awards/css/surly-badges.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

cac8b9784ba1bb5d7a7b66f0cec55d996907b73ce993138ab998d8b05b11ffea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cdn.sur.ly/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Tue, 17 Dec 2024 13:53:12 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 17 Dec 2024 13:53:12 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Tue, 17 Dec 2024 12:34:25 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/gif

GET
H3 200 bWt97fPFfRzkCa9Jlp6IacVcXA.woff2
fonts.gstatic.com/s/anticslab/v16/ 12 KB
12 KB 164ms
82ms Font
font/woff2 142.250.186.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/anticslab/v16/bWt97fPFfRzkCa9Jlp6IacVcXA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Antic+Slab:regular&display=optional

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f3.1e100.net

Software

sffe /

Resource Hash

3c478d59cd9c14ded18169933a9703a61220b737631fa08035f626f45867c134

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://securityonline.info
Referer: https://fonts.googleapis.com/

Response headers

age: 511688
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Thu, 11 Dec 2025 15:45:05 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 11 Dec 2024 15:45:05 GMT
last-modified: Tue, 19 Apr 2022 18:27:59 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 12136
x-xss-protection: 0
server: sffe

GET
DATA 200
OK truncated
/ 71 B
71 B Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a5ff81c25ae04ab91b762c8903fc77eb26ee587865557818d550eabc11f44ca5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
H2 200 recommended_pages.js Show response
securityonline.info/utilcave_com/apps/js/ 16 KB
3 KB 83ms
83ms Script
application/javascript 2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/utilcave_com/apps/js/recommended_pages.js?cb=7
Requested by: Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache/2.4.39 (Ubuntu) /
Resource Hash: 5b2b8d431ffc12e91090b624fc573a8ef4d18a8c68abc862fe1b1f40b17be72a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/

Response headers

cache-control: public, max-age=2592000
content-encoding: br
etag: "41b3-605c110814c00-gzip-gzip"
x-sol: middleton
date: Tue, 17 Dec 2024 13:53:13 GMT
x-middleton-display: staticcontent_sol
content-type: application/javascript
last-modified: Wed, 20 Sep 2023 02:23:44 GMT
server: Apache/2.4.39 (Ubuntu)
display: staticcontent_sol
vary: Accept-Encoding,Origin

GET
H3 200 indy.js Show response
go.ezodn.com/detroitchicago/ 141 KB
39 KB 52ms
52ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/detroitchicago/indy.js?cb=19&gcb=0
Requested by: Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f43596f7fe4c61d350362b2dbf26b7b0d9bc4a88b5bce6c30faff14c90c63be1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/

Response headers

x-robots-tag: noindex
content-encoding: zstd
cf-cache-status: HIT
age: 384408
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BRVm4DWi7qGS4cFhlwDub%2BPc5P47lnHHRoXP7D76DLH2rk33rpHCg7k1qMOuWYNYV0870M6eMAc0NZMmiDgBqhzrlmxfkBfu%2BBwIwqjn8ldIfF1PCgxVH8wRdF%2Bo7XQ%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=43585&min_rtt=40094&rtt_var=2819&sent=222&recv=72&lost=0&retrans=0&sent_bytes=249794&recv_bytes=7587&delivery_rate=14740&cwnd=115500&unsent_bytes=0&cid=6a4cbfb0c12f4a1c&ts=490&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 17 Dec 2024 13:53:12 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 13 Dec 2024 03:06:24 GMT
priority: u=3,i=?0
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f3765e81dcae08f-MAD
server: cloudflare

GET
H3 200 et.js Show response
www.ezojs.com/porpoiseant/ 1 KB
1 KB 71ms
71ms Script
application/javascript 172.67.170.144
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ezojs.com/porpoiseant/et.js?gcb=195-2&cb=3
Requested by: Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.170.144 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0f67393986c012dbf48aa3149e2874bd84ed5f466362ad1ac31305f697f1da7b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/

Response headers

x-robots-tag: noindex
content-encoding: gzip
cf-cache-status: HIT
age: 1586293
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pOG27zRX9KfleWCpTSPY%2FKpjKfWFVm3pHnaup2Fz11C2h%2FhNsDFnzw3oVlQK0oMPYuonAJ3rwSfRAzpiG8GUXiOfX5vtvELUcSrRAd37OY3EPbzgyCewN6WK4JKfHAJP"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=39202&min_rtt=39183&rtt_var=14707&sent=23&recv=12&lost=0&retrans=0&sent_bytes=15588&recv_bytes=5676&delivery_rate=85635&cwnd=12000&unsent_bytes=0&cid=aa75b0688e2afa55&ts=70&x=1", cfExtPri, cfHdrFlush;dur=24
date: Tue, 17 Dec 2024 13:53:12 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 05 Nov 2024 07:26:22 GMT
priority: u=3,i=?0
cache-control: max-age=31536000, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f3765e81eb2f767-MAD
server: cloudflare

GET
H3 200 drake.js Show response
www.ezojs.com/beardeddragon/ 4 KB
2 KB 71ms
71ms Script
application/javascript 172.67.170.144
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ezojs.com/beardeddragon/drake.js?gcb=2&cb=67bf6a5e9d
Requested by: Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.170.144 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9db751d9654898d5745902d65f9cbfdee0b19c2adebfbaa210bf772b35f659a8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/

Response headers

x-robots-tag: noindex
content-encoding: gzip
cf-cache-status: HIT
age: 1200154
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t6kbHKwDEhG4NnXs%2BMpzLdTsozS6upMYt8HEQ0YWqEfnG9Ic%2BXILSSaonl3yrv0E3KK1%2FueT3EEL5rNeRH5DEtTOMWzvyGtZXM42g5RobnM5CMbWel53qS5iDHNLuqy1"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=39202&min_rtt=39183&rtt_var=14707&sent=23&recv=12&lost=0&retrans=0&sent_bytes=15588&recv_bytes=5676&delivery_rate=85635&cwnd=12000&unsent_bytes=0&cid=aa75b0688e2afa55&ts=73&x=1", cfExtPri, cfHdrFlush;dur=21
date: Tue, 17 Dec 2024 13:53:12 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 03 Dec 2024 16:30:38 GMT
priority: u=3,i=?0
cache-control: max-age=31536000, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f3765e81eb5f767-MAD
server: cloudflare

GET
H3 200 jellyfish.js Show response
www.ezojs.com/porpoiseant/ 37 KB
10 KB 51ms
50ms Script
application/javascript 172.67.170.144
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ezojs.com/porpoiseant/jellyfish.js?a=a&cb=17&dcb=195-2&shcb=34
Requested by: Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.170.144 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c710cdd34e668d4b076117de6e491db51bfdb199410738766ebc187cf6bd625c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/

Response headers

x-robots-tag: noindex
content-encoding: gzip
cf-cache-status: HIT
age: 1667240
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=czbtxAvCF%2B6hSRAJeeotTM1%2FLyYpSKPi0Yzvh%2BaEfZXich5EFdDaXOWBgCGkW93C5PfOOLiL5E8mflSg7XIxQb%2BvhZ7gQJupD4qVJznqdJjbTFsk7LN7grE%2BZYGqBv7r"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=46252&min_rtt=38910&rtt_var=8598&sent=34&recv=21&lost=0&retrans=0&sent_bytes=25190&recv_bytes=6318&delivery_rate=308397&cwnd=18000&unsent_bytes=0&cid=aa75b0688e2afa55&ts=104&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 17 Dec 2024 13:53:13 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 28 Nov 2024 04:02:20 GMT
priority: u=3,i=?0
cache-control: max-age=31536000, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f3765e85f44f767-MAD
server: cloudflare

GET
DATA 200
OK truncated
/ 450 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1ef12885818ccd0fccaf717b7afb34a93a2dc0b74729d4f2cc1e198e80f8395b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
H3 200 TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2
fonts.gstatic.com/s/oswald/v53/ 12 KB
12 KB 70ms
66ms Font
font/woff2 142.250.186.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/oswald/v53/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Oswald&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f3.1e100.net

Software

sffe /

Resource Hash

24df88e7e15c4b0b11eccc139235e04384513c803b5221485375b7acee755bac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://securityonline.info
Referer: https://fonts.googleapis.com/

Response headers

age: 512534
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Thu, 11 Dec 2025 15:30:59 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 11 Dec 2024 15:30:59 GMT
last-modified: Tue, 15 Aug 2023 18:49:41 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 12276
x-xss-protection: 0
server: sffe

GET
H3 200 screx.js Show response
www.ezojs.com/tardisrocinante/ 6 KB
3 KB 50ms
50ms Script
application/javascript 172.67.170.144
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ezojs.com/tardisrocinante/screx.js?gcb=2&cb=5
Requested by: Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.170.144 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 69770890d2cd34c85837868011966441b3234bd52fe0e2a4cb21092665331097

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/

Response headers

x-robots-tag: noindex
content-encoding: zstd
cf-bgj: minify
cf-cache-status: HIT
age: 12037024
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wowsq2o3hSaSGi%2FfXj1dD2GOkXlzKXvzacE%2B4jqlZm4MDCqWuDbzRy2aZVlfqm9LS8RmW30qAOYwNb23VcTMh75J6SLZhLA0bzHwBLmwDExYn5uW9dkPOSw1n8pYU4Xv"}],"group":"cf-nel","max_age":604800}
cf-polished: origSize=6176
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=49154&min_rtt=38910&rtt_var=5727&sent=44&recv=26&lost=0&retrans=0&sent_bytes=35727&recv_bytes=6777&delivery_rate=341451&cwnd=20400&unsent_bytes=0&cid=aa75b0688e2afa55&ts=137&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 17 Dec 2024 13:53:13 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 26 Jul 2024 03:03:53 GMT
priority: u=3,i=?0
cache-control: max-age=31536000, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f3765e88fcff767-MAD
server: cloudflare

GET
H3 200 css
fonts.googleapis.com/ 417 B
417 B 73ms
72ms Image
text/css 142.250.185.234
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fonts.googleapis.com/css?family=Antic+Slab:regular&display=optional

Requested by

Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.234 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f10.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Tue, 17 Dec 2024 13:53:13 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 17 Dec 2024 13:53:13 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Tue, 17 Dec 2024 13:53:13 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 wgs2.css
cdn-0.securityonline.info/wp-content/plugins/wp-google-search/ 3 KB
3 KB 1ms
1ms Image
text/css 2606:4700:3035::6815:19f9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-0.securityonline.info/wp-content/plugins/wp-google-search/wgs2.css?ezmin=true&ff=1&ver=6.7.1&wps=false&ez_used_css_s=119
Requested by: Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:19f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/

Response headers

content-encoding: gzip
cf-cache-status: MISS
etag: W/"62eaa675-a60-gzip"
x-middleton-response: 200
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ex76PW6iRUzAZ9pLKaRHL3FHnxX612xj9FkN1SdnvCMdU7tCk9vivZcO2qI2eIxB9w30F2DZjVVRpHfVxQlHyoHLCUE0MvU2AugvSC%2Fch6XOikGhxHbgamyivbazvrTSi7b%2B36Wa%2F1aP4vh%2FuKibHWMmvrVK1STt"}],"group":"cf-nel","max_age":604800}
response: 200
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=46634&min_rtt=41000&rtt_var=11629&sent=34&recv=21&lost=0&retrans=0&sent_bytes=23904&recv_bytes=2847&delivery_rate=287414&cwnd=257&unsent_bytes=0&cid=06ab916a8ffcc156&ts=151&x=0"
date: Tue, 17 Dec 2024 13:53:12 GMT
x-middleton-display: staticcontent_sol, orig_site_sol
content-type: text/css
last-modified: Wed, 03 Aug 2022 16:46:45 GMT
x-ezoic-cdn: Hit d2;mm;9df51fa0c39f1fd3877c029121c4b3e6;2-124533-157;gi8iBVLsdztxH7_sU4cqx
display: staticcontent_sol, orig_site_sol
vary: Accept-Encoding,User-Agent,Origin
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: public
x-sol: orig
cf-ray: 8f3765e67c64ec89-MAD
x-origin-cache-control: max-age=2592000
server: cloudflare

GET
H2 200 style.min.css
cdn-0.securityonline.info/wp-includes/css/dist/block-library/ 3 KB
3 KB 1ms
1ms Image
text/css 2606:4700:3035::6815:19f9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-0.securityonline.info/wp-includes/css/dist/block-library/style.min.css?ezmin=true&ff=1&ver=6.7.1&wps=false&ez_used_css_s=119
Requested by: Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:19f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/

Response headers

content-encoding: gzip
cf-cache-status: MISS
etag: W/"673bdd27-1c012-gzip"
x-middleton-response: 200
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f%2BB7M0hJsowo1QNa7yrcQ5UecdnPBxgMcZpbMQFp8o7oHK01IfVlCdRNIheEvP2fPlcK66VBciwDGZ6yxjlHtCNZxf5RcnqfsZ61OBwEpnzK3s%2B5r5vEsujHdDwrTWpOAfNHefS%2Ba3zG3CZJaKLtd18WziQVuIhm"}],"group":"cf-nel","max_age":604800}
response: 200
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=45064&min_rtt=41000&rtt_var=1195&sent=37&recv=32&lost=0&retrans=0&sent_bytes=25358&recv_bytes=2847&delivery_rate=287414&cwnd=257&unsent_bytes=0&cid=06ab916a8ffcc156&ts=178&x=0"
date: Tue, 17 Dec 2024 13:53:12 GMT
x-middleton-display: staticcontent_sol, orig_site_sol
content-type: text/css
last-modified: Tue, 19 Nov 2024 00:34:47 GMT
x-ezoic-cdn: Hit d2;mm;1d5e4e575b1fd1c27787a718da22d39d;2-124533-157;Jwlu6Pkw7yk_yIoytIPvR
display: staticcontent_sol, orig_site_sol
vary: Accept-Encoding,User-Agent,Origin
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: public
x-sol: orig
cf-ray: 8f3765e67c65ec89-MAD
x-origin-cache-control: max-age=2592000
server: cloudflare

GET
H2 200 hph-front.min.css
cdn-0.securityonline.info/wp-content/themes/hueman-pro/addons/assets/front/css/ 3 KB
3 KB 2ms
2ms Image
text/css 2606:4700:3035::6815:19f9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-0.securityonline.info/wp-content/themes/hueman-pro/addons/assets/front/css/hph-front.min.css?ezmin=true&ff=1&ver=1.4.29&wps=false&ez_used_css_s=119
Requested by: Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:19f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/

Response headers

content-encoding: gzip
cf-cache-status: MISS
etag: W/"675a5986-38d1-gzip"
x-middleton-response: 200
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sDqZWSQZ9tWnieapIMkDeP5Y9RODH911vt%2BckRVGqyOy6C8G6Ugg2oPUKUFN0GK5g7Ht2KgglIhKH0jPcInoCPaYFsM51jNbbfFdRrBF7ZxeVzX0f3CfiYQMCuEQGAwzOx%2FtoLJB%2FQGsl1gMe8Tlmc546KXqW8FR"}],"group":"cf-nel","max_age":604800}
response: 200
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=41606&min_rtt=41000&rtt_var=2098&sent=20&recv=20&lost=0&retrans=0&sent_bytes=12485&recv_bytes=2847&delivery_rate=287414&cwnd=257&unsent_bytes=0&cid=06ab916a8ffcc156&ts=119&x=0"
date: Tue, 17 Dec 2024 13:53:12 GMT
x-middleton-display: staticcontent_sol, orig_site_sol
content-type: text/css
last-modified: Thu, 12 Dec 2024 03:33:26 GMT
x-ezoic-cdn: Hit d2;mm;0b853c32519d2969ab738e3656983605;2-124533-157;BDOgThoO7LpcWvu_2Afoc
display: staticcontent_sol, orig_site_sol
vary: Accept-Encoding,User-Agent,Origin
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: public
x-sol: orig
cf-ray: 8f3765e67c63ec89-MAD
x-origin-cache-control: max-age=2592000
server: cloudflare

GET
H2 200 main.min.css
cdn-0.securityonline.info/wp-content/themes/hueman-pro/assets/front/css/ 46 KB
46 KB 3ms
3ms Image
text/css 2606:4700:3035::6815:19f9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-0.securityonline.info/wp-content/themes/hueman-pro/assets/front/css/main.min.css?ezmin=true&ff=1&ver=1.4.29&wps=false&ez_used_css_s=119
Requested by: Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:19f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/

Response headers

content-encoding: gzip
cf-cache-status: MISS
etag: W/"675a5987-17060-gzip"
x-middleton-response: 200
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1M%2BohIllSmLDVRAWk4i7Af9uvmK9oynBu%2FcbRO5baoAsgeYYvBtBInDpETF%2Fx%2B%2F72dljTo061BNfw2wl0W2Rj4bmBeigEg1eekKpM40lkdyEn8xQuv0eJr%2BordD0kDO5B%2BpGx5sRX0f%2FpUfYxcC6ORGVNMqYi8E3"}],"group":"cf-nel","max_age":604800}
response: 200
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=41606&min_rtt=41000&rtt_var=2098&sent=23&recv=20&lost=0&retrans=0&sent_bytes=13984&recv_bytes=2847&delivery_rate=287414&cwnd=257&unsent_bytes=0&cid=06ab916a8ffcc156&ts=132&x=0"
date: Tue, 17 Dec 2024 13:53:12 GMT
x-middleton-display: staticcontent_sol, orig_site_sol
content-type: text/css
last-modified: Thu, 12 Dec 2024 03:33:27 GMT
x-ezoic-cdn: Hit d2;mm;90c2cf1e0e7aebacd3f6efec66bf38e3;2-124533-157;IXEosqPJcIoc9gj_fC9xJ
display: staticcontent_sol, orig_site_sol
vary: Accept-Encoding,User-Agent,Origin
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: public
x-sol: orig
cf-ray: 8f3765e67c5eec89-MAD
x-origin-cache-control: max-age=2592000
server: cloudflare

GET
H3 200 surly-badges.min.css
cdn.sur.ly/widget-awards/css/ 17 KB
17 KB 3ms
3ms Image
text/css 172.67.74.235
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.sur.ly/widget-awards/css/surly-badges.min.css
Requested by: Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.74.235 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"62a6bbbc-4517"
age: 1336655
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Aywok7avULzqIRcd%2BjLw3wxGDMQ%2Bj3EveZ8%2Fmhgxri10MrVux32vFTiKFn2i9gFuUsEcJ%2FLql7NSgS6k%2Bzi9KlV1YIkvTbuO05UgqvwNGxuU7nY%2BG9Z8l2CSn4g%3D"}],"group":"cf-nel","max_age":604800}
expires: Sat, 28 Dec 2024 07:32:13 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=41980&min_rtt=41975&rtt_var=15750&sent=10&recv=7&lost=0&retrans=0&sent_bytes=4250&recv_bytes=4289&delivery_rate=76019&cwnd=12000&unsent_bytes=0&cid=774da82832c4b75f&ts=58&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 17 Dec 2024 13:53:12 GMT
content-type: text/css
last-modified: Mon, 13 Jun 2022 04:23:24 GMT
vary: Accept-Encoding
priority: u=0,i=?0
cache-control: max-age=2592000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f3765e5db44c912-MAD
server: cloudflare

GET
H3 200 config.json Show response
the.gatekeeperconsent.com/v2/ 17 KB
4 KB 129ms
83ms XHR
application/json 172.67.199.186
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://the.gatekeeperconsent.com/v2/config.json?domain=securityonline.info&changeLogId=1998328&cb=295

Requested by

Host: the.gatekeeperconsent.com
URL: https://the.gatekeeperconsent.com/v2/cmp.js?v=295

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.199.186 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

529967033031ff47b5c03de5fefe053dfee0ec11102a6c59c1aee5638e08616f

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
X-Content-Type-Options	nosniff
X-Frame-Options	deny

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CetjLoxpFT0KP9B4O%2F2JyZ%2FTygfvJSYeEXydOLTvqcTlcp%2F4b6RtZVkGDmRLFzaS0yiJR6%2BIZtYRbIN%2FY875UCv6UgLVlBLtgDa8yImXPIw%2BQe4DBbhblVFc8zTLI%2BGFoO7F9p0iLJC5Xmgq"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=39228&min_rtt=39213&rtt_var=14715&sent=10&recv=7&lost=0&retrans=0&sent_bytes=4122&recv_bytes=4325&delivery_rate=79638&cwnd=12000&unsent_bytes=0&cid=714309227dd5a1e6&ts=88&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 17 Dec 2024 13:53:13 GMT
content-type: application/json
vary: Accept-Encoding
priority: u=1,i
x-frame-options: deny
content-security-policy: default-src 'none'
cache-control: max-age=2592000, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f3765e8da77cbbe-MAD
access-control-allow-origin: *
server: cloudflare

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c90cff659645a312a28804965f3dbc34061338f7234ff5d6ddb2c57e9eadec15

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/webp

GET
H2 200 donate-6153764_640.png
cdn-0.securityonline.info/wp-content/uploads/2024/07/ 43 KB
44 KB 48ms
48ms Image
image/png 2606:4700:3035::6815:19f9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-0.securityonline.info/wp-content/uploads/2024/07/donate-6153764_640.png?ezimgfmt=rs:280x238/rscb1/ngcb1/notWebP
Requested by: Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:19f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 20734053daee5ef81e0d87e8df79fb496b3dc58c39f7bfa4d115a9771cc6bca3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/

Response headers

cf-cache-status: HIT
etag: "66a0d560-30d7-gzip"
age: 26972
x-middleton-response: 200
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SPVlWhOp0Xmg6LyBLEukM4xsH8NOWbENjo1i34JWUVtKsqA5GFJk5EfKw096BbcRL75Ieqt4XDY%2BcViYSVKGHsgT%2B8xb73DhUgfLddAdbaxYliz1L4W48a6nPCA9aPCbED0pt6V8ZJb3wnzqa8CCLnQShnfD0ZUW"}],"group":"cf-nel","max_age":604800}
response: 200
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=44445&min_rtt=41000&rtt_var=852&sent=40&recv=38&lost=0&retrans=0&sent_bytes=27283&recv_bytes=3022&delivery_rate=287414&cwnd=257&unsent_bytes=0&cid=06ab916a8ffcc156&ts=392&x=0"
date: Tue, 17 Dec 2024 13:53:13 GMT
x-middleton-display: staticcontent_sol
content-type: image/png
last-modified: Wed, 24 Jul 2024 10:20:16 GMT
x-ezoic-cdn: Hit d2;mm;f8275a1c4d2b78663547a28667908d6b;2-124533-157;laydXlzYzZEcH0Ihkxrbp
display: staticcontent_sol
vary: Accept-Encoding,X-Ezoic-Excludewebp,User-Agent,Origin
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: public
cf-ray: 8f3765e89b22ec89-MAD
x-origin-cache-control: max-age=2592000
server: cloudflare

GET
H3 200 mulvane.js Show response
www.ezojs.com/parsonsmaize/ 1021 B
1 KB 48ms
47ms Script
application/javascript 172.67.170.144
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ezojs.com/parsonsmaize/mulvane.js?gcb=195-2&cb=c630b8b861
Requested by: Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.170.144 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 14d43b59dd15c6e81b6f4c787f68d98d81a7bf0fbb7fbc4f6c1989e6d29a222e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/

Response headers

x-robots-tag: noindex
content-encoding: gzip
cf-cache-status: HIT
age: 1422957
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=asQhA6wpnRNOgSo589l4lHjoGcdgoMBUkFD6YHooXG2D2SQvwsSeDSbzwgWZn4zAh11ioNLgFErsjstwwPPDO%2FdaretXddA%2BXVv%2BpDNtCN%2FW3zaHaIZDIEoUu9YepJ67"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=55139&min_rtt=38910&rtt_var=10161&sent=49&recv=36&lost=0&retrans=0&sent_bytes=39072&recv_bytes=8940&delivery_rate=356288&cwnd=20400&unsent_bytes=0&cid=aa75b0688e2afa55&ts=149&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 17 Dec 2024 13:53:13 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding
last-modified: Sat, 30 Nov 2024 03:28:55 GMT
priority: u=3,i=?0
cache-control: max-age=31536000, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f3765e8980bf767-MAD
server: cloudflare

GET
H3 200 reno.js Show response
www.ezojs.com/detroitchicago/ 1 KB
1 KB 48ms
47ms Script
application/javascript 172.67.170.144
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ezojs.com/detroitchicago/reno.js?gcb=195-2&cb=3
Requested by: Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.170.144 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a285bc82f73dbd55244657449b4d9b2ecae8b2ea622d5558432bc818bb847df2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/

Response headers

x-robots-tag: noindex
content-encoding: gzip
cf-cache-status: HIT
age: 3584359
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s4dQhZtNjYZvPeBqkveTMHZkEVB9nsrHU4Yvk5cYie%2FnenC3F%2FOIT7%2BE3n%2FRr%2FtSDG%2FWz4hixZb%2FwTBdxak85esg5tws2PlYqSFlye0EI%2FPLrSfCsdxc3H%2B9BloYlhHz"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=55139&min_rtt=38910&rtt_var=10161&sent=51&recv=36&lost=0&retrans=0&sent_bytes=40375&recv_bytes=8940&delivery_rate=356288&cwnd=20400&unsent_bytes=0&cid=aa75b0688e2afa55&ts=149&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 17 Dec 2024 13:53:13 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding
last-modified: Mon, 04 Nov 2024 21:33:25 GMT
priority: u=3,i=?0
cache-control: max-age=31536000, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f3765e8980ef767-MAD
server: cloudflare

GET
H3 200 overlandpark.js Show response
www.ezojs.com/detroitchicago/ 986 B
1 KB 48ms
48ms Script
application/javascript 172.67.170.144
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ezojs.com/detroitchicago/overlandpark.js?gcb=195-2&cb=ca5e4c8a46
Requested by: Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.170.144 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a932b965c53c29da48239fb15b5ae1456d17988a9f81ee788b854903a2ecd169

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/

Response headers

x-robots-tag: noindex
content-encoding: gzip
cf-cache-status: HIT
age: 1845454
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tA9O6LnMvzXJ13WCBZAW%2FRVt%2B0pwPcamL3YO0%2FJB6elqS6XmW9LzcV3ajCcBSxsmuUWKtWc6iDK0THNFuc6Ac7E6vLN78RuO0nBeiMFIDHlLuIBoewFB6qfiB%2BDIFD9I"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=55139&min_rtt=38910&rtt_var=10161&sent=51&recv=36&lost=0&retrans=0&sent_bytes=40375&recv_bytes=8940&delivery_rate=356288&cwnd=20400&unsent_bytes=0&cid=aa75b0688e2afa55&ts=149&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 17 Dec 2024 13:53:13 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 26 Nov 2024 01:46:32 GMT
priority: u=3,i=?0
cache-control: max-age=31536000, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f3765e8980ff767-MAD
server: cloudflare

GET
H3 200 birmingham.js Show response
www.ezojs.com/detroitchicago/ 752 B
1 KB 51ms
50ms Script
application/javascript 172.67.170.144
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ezojs.com/detroitchicago/birmingham.js?gcb=195-2&cb=539c47377c
Requested by: Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.170.144 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 30be558393bd8b0585c806a6eaed6d6f5b51d1ca63c0113061dfe35eaa128ce3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/

Response headers

x-robots-tag: noindex
content-encoding: gzip
cf-cache-status: HIT
age: 1759140
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KT2dPy%2FK1BL9bLhAqB8XBUOIUwcfNXNYJrabShztD5p%2Fnk37ExDwxt4Xr3RZqR8W2T0y8stgdS%2FccG0QLyaihyAO%2FiUpXEBGqnuGKEwqSFehoUNI%2FiUeHj%2Fb35KBwrV2"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=55139&min_rtt=38910&rtt_var=10161&sent=55&recv=36&lost=0&retrans=0&sent_bytes=42992&recv_bytes=8940&delivery_rate=356288&cwnd=20400&unsent_bytes=0&cid=aa75b0688e2afa55&ts=150&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 17 Dec 2024 13:53:13 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 26 Nov 2024 07:07:01 GMT
priority: u=3,i=?0
cache-control: max-age=31536000, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f3765e89810f767-MAD
server: cloudflare

GET
H3 200 wichita.js Show response
www.ezojs.com/detroitchicago/ 2 KB
2 KB 51ms
51ms Script
application/javascript 172.67.170.144
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ezojs.com/detroitchicago/wichita.js?gcb=195-2&cb=9f9286e31b
Requested by: Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.170.144 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 53731718ab10d0a5e783bd3eaef381aa420a233d429903bcde616619e25d330b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/

Response headers

x-robots-tag: noindex
content-encoding: gzip
cf-cache-status: HIT
age: 1704546
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ihWvNMUFUsKwtXl0MVtZlMySSPY11doT%2BXzQkOiX4TRBXk4RhfKhvPCcb8LVMDK0nlbvM6Qh3EMxt4G4eiPK8jC3m2piB6J0fEqSAoc%2BkvUlCcUclakz8z9%2Bnp3dqX5%2B"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=55139&min_rtt=38910&rtt_var=10161&sent=56&recv=36&lost=0&retrans=0&sent_bytes=44145&recv_bytes=8940&delivery_rate=356288&cwnd=20400&unsent_bytes=0&cid=aa75b0688e2afa55&ts=150&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 17 Dec 2024 13:53:13 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 27 Nov 2024 20:23:20 GMT
priority: u=3,i=?0
cache-control: max-age=31536000, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f3765e89811f767-MAD
server: cloudflare

GET
H3 200 raleigh.js Show response
www.ezojs.com/detroitchicago/ 1 KB
1 KB 54ms
54ms Script
application/javascript 172.67.170.144
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ezojs.com/detroitchicago/raleigh.js?gcb=195-2&cb=8
Requested by: Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.170.144 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dcfeafb915fb5e0eaf4cce1e3abf6eeace381b5926e07261cbceffc30fa4e699

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/

Response headers

x-robots-tag: noindex
content-encoding: gzip
cf-cache-status: HIT
age: 1746163
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DZ0ufynbmldWKB7HdseFQaujO%2FxMzQeK2m5xDDdB3JqwkoP7QkX3BNIqwW9KbsFADQuFmnHn3QhHq%2FiN8JndEEOWEM0zOTzGu89DXsbz%2FP%2F7DSzkQn9RJWx%2FoZjgVqqn"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=55139&min_rtt=38910&rtt_var=10161&sent=58&recv=36&lost=0&retrans=0&sent_bytes=45877&recv_bytes=8940&delivery_rate=356288&cwnd=20400&unsent_bytes=0&cid=aa75b0688e2afa55&ts=152&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 17 Dec 2024 13:53:13 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 26 Nov 2024 01:45:20 GMT
priority: u=3,i=?0
cache-control: max-age=31536000, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f3765e89812f767-MAD
server: cloudflare

GET
H3 200 vista.js Show response
www.ezojs.com/detroitchicago/ 705 B
1 KB 54ms
54ms Script
application/javascript 172.67.170.144
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ezojs.com/detroitchicago/vista.js?gcb=195-2&cb=296945a885
Requested by: Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.170.144 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bdb45214f548d4da3ec07c07d9f6f92f2fbff7d1ccefee55631d31729cf02a30

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/

Response headers

x-robots-tag: noindex
content-encoding: gzip
cf-cache-status: HIT
age: 1704546
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mquBbm12ZcPxIp%2F9FvZHgl%2F9IZZMM2xTOjTDS7Fqgt5pLHzHwr2ludvXIOlh20cJAeIn0DiKxF4fpDutQRhfSWyh4gYyZNgRr6LGyZa5Ur9c6o5mw48A5ksCz00E00tF"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=55139&min_rtt=38910&rtt_var=10161&sent=61&recv=36&lost=0&retrans=0&sent_bytes=47361&recv_bytes=8940&delivery_rate=356288&cwnd=20400&unsent_bytes=0&cid=aa75b0688e2afa55&ts=154&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 17 Dec 2024 13:53:13 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 27 Nov 2024 20:23:11 GMT
priority: u=3,i=?0
cache-control: max-age=31536000, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f3765e89813f767-MAD
server: cloudflare

POST
H2 200 app-ajax Show response
securityonline.info/ezoic/ 632 B
481 B 474ms
472ms XHR
text/plain 2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/ezoic/app-ajax
Requested by: Host: securityonline.info
URL: https://securityonline.info/utilcave_com/apps/js/recommended_pages.js?cb=7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache/2.4.39 (Ubuntu) /
Resource Hash: 492847e2eea04a3b67bdd4259294dc479fe9401319d8b6b01f50278dbd055cd0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded
Referer: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/

Response headers

expires: Mon, 16 Dec 2024 13:53:13 GMT
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
content-encoding: br
date: Tue, 17 Dec 2024 13:53:13 GMT
content-type: text/plain; charset=utf-8
vary: Accept-Encoding
server: Apache/2.4.39 (Ubuntu)

GET
H3 200 script_delay.js Show response
www.ezojs.com/tardisrocinante/ 6 KB
3 KB 53ms
52ms Script
application/javascript 172.67.170.144
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ezojs.com/tardisrocinante/script_delay.js?gcb=2&cb=2
Requested by: Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.170.144 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 56de6340e9c22de40661d06684fa868f010fd51a8d4498147ea7e238a95884db

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/

Response headers

x-robots-tag: noindex
content-encoding: gzip
cf-cache-status: HIT
age: 1759140
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oR0zdbRCGKVQYucKptreTbGIWONsSvicAS9I4XVm%2FHEizoPeHeaxZZIDIHUZF3pXHKXqzrOiFw1XISY%2B%2F4XM5%2BYHAUVeHIr9zRH%2FQzPIHadqfpiTH5ySQKo1MxfXCLjg"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=58278&min_rtt=38910&rtt_var=7083&sent=64&recv=50&lost=0&retrans=0&sent_bytes=48547&recv_bytes=10524&delivery_rate=333957&cwnd=20400&unsent_bytes=0&cid=aa75b0688e2afa55&ts=202&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 17 Dec 2024 13:53:13 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 26 Nov 2024 06:13:28 GMT
priority: u=3,i=?0
cache-control: max-age=31536000, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f3765e8e8ebf767-MAD
server: cloudflare

GET
H3 200 olathe.js Show response
www.ezojs.com/parsonsmaize/ 2 KB
2 KB 55ms
53ms Script
application/javascript 172.67.170.144
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ezojs.com/parsonsmaize/olathe.js?gcb=195-2&cb=26
Requested by: Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.170.144 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3cefef7fc952707c97375ef3fa95a8c45a96eda7845d02bc1c28bf3570c0cfba

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/

Response headers

x-robots-tag: noindex
content-encoding: gzip
cf-cache-status: HIT
age: 4126718
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jrpQQNU%2FwnJ2cW9%2F6jniitrih413WHUKZ1X8gJ%2FF0yw%2BG5jAxi%2Fx2glh0%2F6sRyXGTHE56lP22zMpycFcxWsZLTyVDCm0i5Hf7qHP1sgnC29gf%2B4ZHRwH7TIdxWKiEEv2"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=58278&min_rtt=38910&rtt_var=7083&sent=73&recv=50&lost=0&retrans=0&sent_bytes=57571&recv_bytes=10524&delivery_rate=333957&cwnd=20400&unsent_bytes=0&cid=aa75b0688e2afa55&ts=203&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 17 Dec 2024 13:53:13 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 30 Oct 2024 19:34:30 GMT
priority: u=3,i=?0
cache-control: max-age=31536000, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f3765e8e8f5f767-MAD
server: cloudflare

GET
H3 200 vitals.js Show response
www.ezojs.com/tardisrocinante/ 11 KB
4 KB 57ms
55ms Script
application/javascript 172.67.170.144
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ezojs.com/tardisrocinante/vitals.js?gcb=2&cb=5
Requested by: Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.170.144 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6fca1361d81b8d8d05afbe947e257aef026891372b45e0d2de123a907a4ed1af

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/

Response headers

x-robots-tag: noindex
content-encoding: gzip
cf-cache-status: HIT
age: 1746483
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1fTDg0vYlRYkXRbUDrHeDdS6PDFm1qSpY2Ubu%2FWc1C5sfR7xED1LHeW3Z3v%2BF9dg1nQjRjqKc58aT8G0MbWtBEP7nlcM2%2FNdg8LBxkIoc4lVH4E3eXmApNshFPV%2BOgZL"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=58278&min_rtt=38910&rtt_var=7083&sent=75&recv=50&lost=0&retrans=0&sent_bytes=59286&recv_bytes=10524&delivery_rate=333957&cwnd=20400&unsent_bytes=0&cid=aa75b0688e2afa55&ts=206&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 17 Dec 2024 13:53:13 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 30 Oct 2024 19:34:24 GMT
priority: u=3,i=?0
cache-control: max-age=31536000, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f3765e8e8faf767-MAD
server: cloudflare

GET
H3 200 chanute.js Show response
www.ezojs.com/parsonsmaize/ 20 KB
6 KB 54ms
51ms Script
application/javascript 172.67.170.144
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ezojs.com/parsonsmaize/chanute.js?a=a&cb=15&dcb=195-2&shcb=34
Requested by: Host: securityonline.info
URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.170.144 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8369349dbf17562f5c23dc2514cb9566a5f5dab1cd10535b7313f358ed62a5ce

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/

Response headers

x-robots-tag: noindex
content-encoding: gzip
cf-cache-status: HIT
age: 1579769
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Uc1RWyNJ3VpeH0sIQ5srIW6Onu7ltmqR71Kbjq06cXs6T8IvR6ippA27E6llo2WfAIzElWbmeCdIbrdoj%2FqrqOdn6%2FS5Aazp0RWrjPX9%2B48lwwP%2Bq6KOU6Q%2BqvfGJqKk"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=58278&min_rtt=38910&rtt_var=7083&sent=67&recv=50&lost=0&retrans=0&sent_bytes=51316&recv_bytes=10524&delivery_rate=333957&cwnd=20400&unsent_bytes=0&cid=aa75b0688e2afa55&ts=203&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 17 Dec 2024 13:53:13 GMT
x-middleton-display: sol-js
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 12 Nov 2024 07:36:15 GMT
priority: u=3,i=?0
cache-control: max-age=31536000, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f3765e8e8fcf767-MAD
server: cloudflare

POST
H2 200 imp.gif
securityonline.info/detroitchicago/ 43 B
223 B 78ms
76ms Ping
image/gif 2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/detroitchicago/imp.gif
Requested by: Host: www.ezojs.com
URL: https://www.ezojs.com/parsonsmaize/abilene.js?gcb=195-2&cb=0db397a922
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/

Response headers

access-control-max-age: 1728000, 1728000
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, OPTIONS, HEAD, PUT, POST, GET, OPTIONS
expires: Mon, 16 Dec 2024 13:53:13 GMT
access-control-allow-origin: https://securityonline.info, https://securityonline.info
content-length: 43
date: Tue, 17 Dec 2024 13:53:13 GMT
x-middleton-display: imp_sol
content-type: image/gif
vary: Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-headers: Content-Type, Content-Type

GET
H3 200 gvl.json Show response
the.gatekeeperconsent.com/cmp/ 643 KB
80 KB 59ms
59ms XHR
application/json 172.67.199.186
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://the.gatekeeperconsent.com/cmp/gvl.json?v=9&lang=en
Requested by: Host: the.gatekeeperconsent.com
URL: https://the.gatekeeperconsent.com/v2/cmp.js?v=295
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.199.186 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 13d35d251c824b861932e38327d0343c99e1178de5f14e932718c162472f8bdb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/

Response headers

content-encoding: gzip
cf-cache-status: HIT
age: 286779
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3mG49ufzVvtGffszvkQHoXs4r%2FHmRAyz%2FnPM%2BsNW00ulTt%2B3UUItpRPfAAom7l%2FFn2D5sb7q28y4Nc55IZ0B1iAOLx%2F28DbXBMQe5mfMY1Wru0bFg7cwqoKxSy53RfMqQNiFWuzMHWuxcElr"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=41210&min_rtt=39213&rtt_var=5867&sent=16&recv=12&lost=0&retrans=0&sent_bytes=7887&recv_bytes=4838&delivery_rate=78670&cwnd=12000&unsent_bytes=0&cid=714309227dd5a1e6&ts=151&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 17 Dec 2024 13:53:13 GMT
content-type: application/json
last-modified: Fri, 13 Dec 2024 20:19:22 GMT
vary: Accept-Encoding
priority: u=1,i
cache-control: public, max-age=345600
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f3765e96b25cbbe-MAD
access-control-allow-origin: *
server: cloudflare

GET
H2 200 white-hat-h-80x80.png
securityonline.info/wp-content/uploads/2024/09/ 4 KB
5 KB 82ms
82ms Other
image/png 2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://securityonline.info/wp-content/uploads/2024/09/white-hat-h-80x80.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: c8f4b787efd9a8cbe0a58c3015ebfd221ddd881385061c9d9d3a6a2f0b0e1368

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/

Response headers

x-ezoic-cdn: Hit d2;mm;a4b3e31cbaa305d918fefe33dcc327e3;2-124533-157;1wdzVPgGSqBzGIx01b8GQ
x-ezoic-excludewebp: false
x-origin-cache-control: max-age=2592000
cache-control: public, max-age=31536000
etag: "66fb5ece-1144-gzip"
pragma: public
x-middleton-response: 200
response: 200
date: Tue, 17 Dec 2024 13:53:13 UTC
x-middleton-display: staticcontent_sol
content-type: image/png
last-modified: Tue, 01 Oct 2024 02:30:38 GMT
server: nginx
display: staticcontent_sol
vary: Accept-Encoding,X-Ezoic-Excludewebp,User-Agent,Origin

GET
H3 200 gvl.json Show response
the.gatekeeperconsent.com/cmp/ 47 KB
10 KB 57ms
57ms XHR
application/json 172.67.199.186
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://the.gatekeeperconsent.com/cmp/gvl.json?v=9&lang=es
Requested by: Host: the.gatekeeperconsent.com
URL: https://the.gatekeeperconsent.com/v2/cmp.js?v=295
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.199.186 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 941422b1945282bc514cdc959397310ba5b48876808290cf63a80ef979f9bd3b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://securityonline.info/

Response headers

content-encoding: gzip
cf-cache-status: HIT
age: 273058
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3T1MIrOJD%2B3enLc7%2BZPqWLkEoPUO2XEHTzdikjslqxBEHZJeCuHz7CMitwX60CBDi6Fdny%2BROTzFFIuG%2Fye3yAuT7e8MeftHB5rY8G2S9GwkFIGLqFTYj8TbI0sL7Ay6hgt%2BzuCfCkg0V4LU"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=41880&min_rtt=39213&rtt_var=968&sent=88&recv=48&lost=0&retrans=0&sent_bytes=91180&recv_bytes=6691&delivery_rate=950929&cwnd=43200&unsent_bytes=0&cid=714309227dd5a1e6&ts=337&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 17 Dec 2024 13:53:13 GMT
content-type: application/json
last-modified: Fri, 13 Dec 2024 09:09:31 GMT
vary: Accept-Encoding
priority: u=1,i
cache-control: public, max-age=345600
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f3765ea9c72cbbe-MAD
access-control-allow-origin: *
server: cloudflare

OPTIONS
H3 200 main_modal_firstpage
the.gatekeeperconsent.com/cmp/v2/ 0
0 74ms
74ms Preflight
text/plain 172.67.199.186
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://the.gatekeeperconsent.com/cmp/v2/main_modal_firstpage?domain=securityonline.info&region=default&lang=es-ES&cb=295&changeLogId=1998328
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.199.186 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://securityonline.info
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, POST, PUT, OPTIONS
access-control-allow-origin: https://securityonline.info
access-control-max-age: 1728000
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8f3765eafcc9cbbe-MAD
content-length: 0
content-type: text/plain; charset=utf-8
date: Tue, 17 Dec 2024 13:53:13 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority: u=1,i
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hHQrXaATOPHsUFmzJIWi6Zp7E3C7fcHxcfBH15S4VCkX6px5Jhs%2B%2F%2FGEosorZiNSZ3YJrtELL8rRfxdFUQg%2BlLVSXnrEDcLnDhOOiWraJ%2F%2FEDWdm%2Bv8vA8jbJ5J1S0gPpdXMGJNuseF3ADDt"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=QUIC&rtt=43088&min_rtt=39213&rtt_var=1608&sent=98&recv=53&lost=0&retrans=0&sent_bytes=101285&recv_bytes=7273&delivery_rate=188008&cwnd=43200&unsent_bytes=0&cid=714309227dd5a1e6&ts=421&x=1" cfExtPri cfHdrFlush;dur=0
vary: Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers

GET
H3 200 main_modal_firstpage Show response
the.gatekeeperconsent.com/cmp/v2/ 22 KB
5 KB 71ms
70ms Fetch
text/html 172.67.199.186
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://the.gatekeeperconsent.com/cmp/v2/main_modal_firstpage?domain=securityonline.info&region=default&lang=es-ES&cb=295&changeLogId=1998328
Requested by: Host: www.ezojs.com
URL: https://www.ezojs.com/detroitchicago/tulsa.js?gcb=195-2&cb=9
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.199.186 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d3d3fb058e556f4453c826c427d7426e24b5627a7c6097e451f0c293caaea04a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://securityonline.info/

Response headers

access-control-max-age: 1728000
content-encoding: zstd
cf-cache-status: HIT
age: 1870772
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M9SeMO6xmhX3l%2FDs5F902vUjTkpCsxOrfJhl6hkgplrYRzmXKImB%2BKzkIC03Zi4kOPQA%2FKyTCoCkwbKnSTJRrpjR3IHbuC8HdtG0FOJjC70UiybggmjWnfoNeBE1CK6EKjSg9TV6Z91bFuyY"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET, POST, PUT, OPTIONS
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=43164&min_rtt=39213&rtt_var=1357&sent=100&recv=54&lost=0&retrans=0&sent_bytes=102103&recv_bytes=7672&delivery_rate=10154&cwnd=43200&unsent_bytes=0&cid=714309227dd5a1e6&ts=488&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 17 Dec 2024 13:53:13 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
priority: u=1,i
access-control-allow-headers: Content-Type
last-modified: Mon, 25 Nov 2024 22:13:41 GMT
cache-control: public, max-age=2592000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 8f3765eb7d50cbbe-MAD
access-control-allow-origin: https://securityonline.info
server: cloudflare

Verdicts & Comments Add Verdict or Comment

99 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.securityonline.info/	1970-01-21 01:47:25	Name: ezoictest Value: stable

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/ Message: The resource https://go.ezodn.com/hb/dall.js?cb=195-2-111 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/ Message: The resource https://securityonline.info/wp-content/themes/hueman-pro/assets/front/webfonts/fa-brands-400.woff2?v=5.15.2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/ Message: The resource https://securepubads.g.doubleclick.net/tag/js/gpt.js was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/ Message: The resource https://securityonline.info/wp-content/themes/hueman-pro/assets/front/webfonts/fa-regular-400.woff2?v=5.15.2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://securityonline.info/modular-java-backdoor-emerges-in-cleo-exploitation-campaign-cve-2024-50623/ Message: The resource https://securityonline.info/wp-content/themes/hueman-pro/assets/front/webfonts/fa-solid-900.woff2?v=5.15.2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdn-0.securityonline.info
cdn.sur.ly
fonts.googleapis.com
fonts.gstatic.com
g.ezodn.com
go.ezodn.com
privacy.gatekeeperconsent.com
securepubads.g.doubleclick.net
securityonline.info
the.gatekeeperconsent.com
www.ezojs.com
www.googletagmanager.com
142.250.184.226
142.250.185.234
142.250.186.99
172.67.170.144
172.67.199.186
172.67.74.235
188.114.97.3
2606:4700:3035::6815:19f9
2a00:1450:4001:80b::200a
2a00:1450:4001:810::2008
2a00:1450:4001:81c::200a
2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d
03ac47569a4c49af3204edc42f44be039d22bffa1ce769c53fc90defb3b7e34d
0f67393986c012dbf48aa3149e2874bd84ed5f466362ad1ac31305f697f1da7b
13d35d251c824b861932e38327d0343c99e1178de5f14e932718c162472f8bdb
14d43b59dd15c6e81b6f4c787f68d98d81a7bf0fbb7fbc4f6c1989e6d29a222e
1994d6de24d0effc59c81c0a86f223027144e10ca0f416e0ab3ecb7e5a10be0b
1ef12885818ccd0fccaf717b7afb34a93a2dc0b74729d4f2cc1e198e80f8395b
20734053daee5ef81e0d87e8df79fb496b3dc58c39f7bfa4d115a9771cc6bca3
23bfcda874b9fc0054dabaafae0c0668a78af7f60a3fc362ea33034d5d318ae8
24df88e7e15c4b0b11eccc139235e04384513c803b5221485375b7acee755bac
30be558393bd8b0585c806a6eaed6d6f5b51d1ca63c0113061dfe35eaa128ce3
3c478d59cd9c14ded18169933a9703a61220b737631fa08035f626f45867c134
3cefef7fc952707c97375ef3fa95a8c45a96eda7845d02bc1c28bf3570c0cfba
3e2dc943e74b338ab3af4caaff08fe4307d6f914fcee9c60a29b873b445eefcd
492847e2eea04a3b67bdd4259294dc479fe9401319d8b6b01f50278dbd055cd0
509c249a522387df5fbf91bcdadd6a720fe75669654be1318af004bc7ea581f8
5152316fade8c592fbfd38bc491e059464d967d3d31a582b0c885c0961deed30
529967033031ff47b5c03de5fefe053dfee0ec11102a6c59c1aee5638e08616f
529d0a7b3944929222155bca3272ba1a87acc2faa09b2ed26a713872b7ff8794
53731718ab10d0a5e783bd3eaef381aa420a233d429903bcde616619e25d330b
56de6340e9c22de40661d06684fa868f010fd51a8d4498147ea7e238a95884db
5b2b8d431ffc12e91090b624fc573a8ef4d18a8c68abc862fe1b1f40b17be72a
69770890d2cd34c85837868011966441b3234bd52fe0e2a4cb21092665331097
6c916669cf923b4f1b2db5c5107c83b6ca205e7ad0dcd840b251e63f0c8d28a2
6fca1361d81b8d8d05afbe947e257aef026891372b45e0d2de123a907a4ed1af
709db6c0f6bdf9ceb176a43adf30eb1be65c0b2b1f7130d203133e4af06a2651
8369349dbf17562f5c23dc2514cb9566a5f5dab1cd10535b7313f358ed62a5ce
86442bdb7632a879189f0f6423e5a9ad866fee974d4624b07bb959ff7d09ac7c
8aee7c3fb895dd12e91f88722bda0da1bcabd7d0a7e7d27a252b88c814c67c36
8b2bfebe058b0b39e6889aff0590c59a05904d2e74393bf829595a0bc367b6b8
8dd170013a5961d8e5cecfe293b157f2c27f21cc341997168764478e1c3b49a0
9202936bc04f3327103c738638ba5f8190401d36f96fa749913219bbc8053663
925beb768cc9209c0f4de784f15d6c1dde72232c5b457cb186fdea749d07eae8
941422b1945282bc514cdc959397310ba5b48876808290cf63a80ef979f9bd3b
9db751d9654898d5745902d65f9cbfdee0b19c2adebfbaa210bf772b35f659a8
a285bc82f73dbd55244657449b4d9b2ecae8b2ea622d5558432bc818bb847df2
a4fafcd389d58bbd82e49d9a68e81e9dc8384330ff14ec3283a4d0d11812047b
a5ff81c25ae04ab91b762c8903fc77eb26ee587865557818d550eabc11f44ca5
a932b965c53c29da48239fb15b5ae1456d17988a9f81ee788b854903a2ecd169
b040f67d7ee2041edd4110bcc00c7db68d2c7d495f9b95727a4c5b8cb929b231
b3b8c21edfe6c5e402fdc607366fd8d15949a65914f58134733dc68922bc8d61
bb947597b409a7f8b7c3751c6defa7208a7b55881c09387bcf5be94572dbf633
bdb45214f548d4da3ec07c07d9f6f92f2fbff7d1ccefee55631d31729cf02a30
c30310a271e34a6346bb7f22c58bb34d894291a8b3fe6ea3d4a6bebf8c0c7680
c710cdd34e668d4b076117de6e491db51bfdb199410738766ebc187cf6bd625c
c8f4b787efd9a8cbe0a58c3015ebfd221ddd881385061c9d9d3a6a2f0b0e1368
c90cff659645a312a28804965f3dbc34061338f7234ff5d6ddb2c57e9eadec15
cac8b9784ba1bb5d7a7b66f0cec55d996907b73ce993138ab998d8b05b11ffea
cf9d6d0b36c4e43bb90e28078c16ba093457e2bea78030d65502f9ca66a0f85b
d3d3fb058e556f4453c826c427d7426e24b5627a7c6097e451f0c293caaea04a
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dcfeafb915fb5e0eaf4cce1e3abf6eeace381b5926e07261cbceffc30fa4e699
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f43596f7fe4c61d350362b2dbf26b7b0d9bc4a88b5bce6c30faff14c90c63be1
fd6261240ed0f12a5cc73e1a74452182697f4b09560cdfbb3b2f17e0659a2f7f
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

securityonline.info Open in urlscan Pro 2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

58 Requests

100 %HTTPS

42 %IPv6

9 Domains

13 Subdomains

13 IPs

3 Countries

1008 kBTransfer

2899 kBSize

1 Cookies

12 Outgoing links

Redirected requests

58 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

securityonline.info Open in urlscan Pro
2a05:d014:776:a63e:ceb:15ad:bbb7:6a9d Public Scan

Screenshot
Live screenshot

Full Image

58
Requests

100 %
HTTPS

42 %
IPv6

9
Domains

13
Subdomains

13
IPs

3
Countries

1008 kB
Transfer

2899 kB
Size

1
Cookies

58 HTTP transactions
4 data transactions