URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Submission: On January 23 via api from TR — Scanned from DE

Summary

This website contacted 27 IPs in 3 countries across 16 domains to perform 111 HTTP transactions. The main IP is 2606:4700:3031::6815:90b, located in United States and belongs to CLOUDFLARENET, US. The main domain is securityaffairs.com. The Cisco Umbrella rank of the primary domain is 336518.
TLS certificate: Issued by GTS CA 1P5 on December 16th 2023. Valid for: 3 months.
This is the only time securityaffairs.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
49 2606:4700:303... 13335 (CLOUDFLAR...)
1 13.32.27.80 16509 (AMAZON-02)
3 2a00:1450:400... 15169 (GOOGLE)
7 2a00:1450:400... 15169 (GOOGLE)
6 2606:4700:10:... 13335 (CLOUDFLAR...)
2 192.0.77.2 2635 (AUTOMATTIC)
2 192.0.76.3 2635 (AUTOMATTIC)
1 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:205... 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 35.157.101.217 16509 (AMAZON-02)
2 2001:4860:480... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
6 2600:9000:214... 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
3 108.138.6.136 16509 (AMAZON-02)
1 99.86.4.71 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
7 2606:4700:303... 13335 (CLOUDFLAR...)
4 18.245.47.29 16509 (AMAZON-02)
1 18.197.231.253 16509 (AMAZON-02)
111 27
Apex Domain
Subdomains
Transfer
49 securityaffairs.com
securityaffairs.com — Cisco Umbrella Rank: 336518
5 MB
10 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 110
tpc.googlesyndication.com — Cisco Umbrella Rank: 157
226 KB
8 amazon-adsystem.com
c.amazon-adsystem.com — Cisco Umbrella Rank: 314
config.aps.amazon-adsystem.com — Cisco Umbrella Rank: 591
aax.amazon-adsystem.com — Cisco Umbrella Rank: 395
77 KB
7 vliplatform.com
px.vliplatform.com — Cisco Umbrella Rank: 36736
2 KB
7 inmobi.com
cmp.inmobi.com — Cisco Umbrella Rank: 3915
api.cmp.inmobi.com — Cisco Umbrella Rank: 13519
213 KB
6 vlitag.com
services.vlitag.com — Cisco Umbrella Rank: 41013
s3.vlitag.com — Cisco Umbrella Rank: 52906
355 KB
5 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 79
googleads.g.doubleclick.net — Cisco Umbrella Rank: 38
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 209
169 KB
4 wp.com
i0.wp.com — Cisco Umbrella Rank: 3696
stats.wp.com — Cisco Umbrella Rank: 2723
pixel.wp.com — Cisco Umbrella Rank: 2679
273 KB
3 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 37
238 KB
3 sharethis.com
platform-api.sharethis.com — Cisco Umbrella Rank: 4337
buttons-config.sharethis.com — Cisco Umbrella Rank: 4843
l.sharethis.com — Cisco Umbrella Rank: 4514
47 KB
2 google.com
region1.analytics.google.com — Cisco Umbrella Rank: 2616
www.google.com — Cisco Umbrella Rank: 2
1 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 28
imasdk.googleapis.com — Cisco Umbrella Rank: 485
132 KB
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 324
2 KB
1 google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 2029
54 B
1 google.de
www.google.de — Cisco Umbrella Rank: 6518
408 B
1 gstatic.com
fonts.gstatic.com
48 KB
111 16
Domain Requested by
49 securityaffairs.com securityaffairs.com
7 px.vliplatform.com
7 pagead2.googlesyndication.com securityaffairs.com
pagead2.googlesyndication.com
tpc.googlesyndication.com
6 cmp.inmobi.com services.vlitag.com
cmp.inmobi.com
4 aax.amazon-adsystem.com c.amazon-adsystem.com
4 services.vlitag.com securityaffairs.com
services.vlitag.com
3 c.amazon-adsystem.com services.vlitag.com
c.amazon-adsystem.com
3 tpc.googlesyndication.com pagead2.googlesyndication.com
tpc.googlesyndication.com
3 www.googletagmanager.com securityaffairs.com
www.googletagmanager.com
2 securepubads.g.doubleclick.net services.vlitag.com
securepubads.g.doubleclick.net
2 s3.vlitag.com services.vlitag.com
2 googleads.g.doubleclick.net pagead2.googlesyndication.com
2 i0.wp.com securityaffairs.com
1 api.cmp.inmobi.com cmp.inmobi.com
1 cdn.jsdelivr.net s3.vlitag.com
1 config.aps.amazon-adsystem.com c.amazon-adsystem.com
1 imasdk.googleapis.com services.vlitag.com
1 www.google.com tpc.googlesyndication.com
1 region1.google-analytics.com www.googletagmanager.com
1 www.google.de securityaffairs.com
1 stats.g.doubleclick.net www.googletagmanager.com
1 region1.analytics.google.com www.googletagmanager.com
1 pixel.wp.com securityaffairs.com
1 l.sharethis.com platform-api.sharethis.com
1 fonts.gstatic.com fonts.googleapis.com
1 buttons-config.sharethis.com platform-api.sharethis.com
1 fonts.googleapis.com securityaffairs.com
1 stats.wp.com securityaffairs.com
1 platform-api.sharethis.com securityaffairs.com
111 29
Subject Issuer Validity Valid
securityaffairs.com
GTS CA 1P5
2023-12-16 -
2024-03-15
3 months crt.sh
sharethis.com
Amazon RSA 2048 M02
2023-05-20 -
2024-06-17
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2023-12-11 -
2024-03-04
3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2023-12-11 -
2024-03-04
3 months crt.sh
vlitag.com
GTS CA 1P5
2023-11-26 -
2024-02-24
3 months crt.sh
*.wp.com
Sectigo ECC Domain Validation Secure Server CA
2023-11-28 -
2024-12-28
a year crt.sh
upload.video.google.com
GTS CA 1C3
2023-12-11 -
2024-03-04
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2023-12-11 -
2024-03-04
3 months crt.sh
www.google.de
GTS CA 1C3
2023-12-11 -
2024-03-04
3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3
2023-12-11 -
2024-03-04
3 months crt.sh
www.google.com
GTS CA 1C3
2023-12-11 -
2024-03-04
3 months crt.sh
cmp.inmobi.com
Sectigo ECC Organization Validation Secure Server CA
2023-08-18 -
2024-08-17
a year crt.sh
c.amazon-adsystem.com
Amazon RSA 2048 M01
2023-12-30 -
2024-12-04
a year crt.sh
config.aps.amazon-adsystem.com
Amazon RSA 2048 M02
2024-01-21 -
2025-02-19
a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2023-05-02 -
2024-05-01
a year crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com
Amazon RSA 2048 M01
2023-03-16 -
2024-03-08
a year crt.sh

This page contains 5 frames:

Primary Page: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Frame ID: 4E8D5A859909CBED4D718558ACCCE840
Requests: 104 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240118/r20190131/zrt_lookup_fy2021.html
Frame ID: 0DAF2FC13C7A64063A2E8AB032CB7F4D
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&adk=1812271804&adf=3025194257&lmt=1705976349&plat=1%3A16777216%2C3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fsecurityaffairs.com%2F157887%2Fmalware%2Fapache-activemq-godzilla-web-shell.html&pra=5&wgl=1&easpi=0&asro=0&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705976348764&bpp=6&bdt=485&idt=228&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2006868135930&frm=20&pv=2&ga_vid=1516209407.1705976349&ga_sid=1705976349&ga_hid=584761618&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31079437%2C31080442%2C42532523%2C95322184%2C95320888%2C95321626%2C95322164&oid=2&pvsid=1285238435965077&tmod=1936921747&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=243
Frame ID: 8904A2637BB5D0026CE48AC2626294E6
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 4A3D210CFF6F89C31A0939B64C930A87
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 506AA0FE0593EA675AA501027946D755
Requests: 2 HTTP requests in this frame

Screenshot

Page Title

Threat actors exploit Apache ActiveMQ flaw to deliver the Godzilla Web Shell

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • <link rel="amphtml"

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/

Overall confidence: 100%
Detected patterns

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • moment(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • select2(?:\.min|\.full)?\.js

Overall confidence: 100%
Detected patterns
  • (?:/([\d.]+))?/slick(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • twemoji(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

111
Requests

99 %
HTTPS

69 %
IPv6

16
Domains

29
Subdomains

27
IPs

3
Countries

6406 kB
Transfer

11053 kB
Size

7
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

111 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request apache-activemq-godzilla-web-shell.html
securityaffairs.com/157887/malware/
213 KB
44 KB
Document
General
Full URL
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9250e53b1ce005202ff23c2d194381269d3b592b4429e7bd4027b088aff0bf8a

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
max-age=3, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
849c8ccffd5165d2-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Tue, 23 Jan 2024 02:19:08 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ox6FejnsfIoPvMW90VL1FbvgcAWq9FTHp%2FISSqiMZVTRmkwCbCcQb5NW7eajyXvqK90jjayIi0hI3KMDpyWWRC%2FH2GwJcW%2FVagllyHndyp42w%2FtKxAzoLtZUIxMZ1O9GDBk2EKn7HZp654rreNWYgHtp"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding, Cookie
style.css
securityaffairs.com/wp-includes/css/dist/block-library/
107 KB
15 KB
Stylesheet
General
Full URL
https://securityaffairs.com/wp-includes/css/dist/block-library/style.css?ver=14a8c44d7b0a2ab5332d79502a35c895
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f36324ad58ad455cb3b2ed61e5e7326afb3de6988fe5c592ded25598f13405a2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
448347
cf-polished
origSize=118143
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 08 Nov 2023 22:53:12 GMT
server
cloudflare
etag
W/"654c1158-1cd7f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Hir4XDArDhUJduoSV0nC%2B3xFvXJN5RjfXokd8ZUjI1SXCXivz4F%2FzMmcKuyXJ2Pin6GAmhCOstnvPeDpbhJBklf0hjLh4uBQi7ldEojeARUNXUPt%2BNBrWgIrggDG8WprOZsVF%2F7syJ%2B5g8P3Y1Qy2tS"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
849c8cd0dda865d2-FRA
expires
Wed, 24 Jan 2024 21:46:41 GMT
mediaelementplayer-legacy.min.css
securityaffairs.com/wp-includes/js/mediaelement/
11 KB
3 KB
Stylesheet
General
Full URL
https://securityaffairs.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 09 Dec 2020 23:31:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
326016
etag
W/"5fd15e34-2bf8"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y6MWbav5R8ZtLTjpDubPQoQ38XIzRN4u%2BqKbizpkhku7YJxSGF3QKJNvel%2B68hqAyHj9q4A0c4D5S1ofCOQybFPbXMGO1xGDRKROIgkh%2Bozz1PuFXhmrJRMA0Qptp1BJUO%2FcRLAX4xZZq8ulp9qYbQZk"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
849c8cd0dda965d2-FRA
alt-svc
h3=":443"; ma=86400
expires
Fri, 26 Jan 2024 07:45:32 GMT
wp-mediaelement.css
securityaffairs.com/wp-includes/js/mediaelement/
4 KB
1 KB
Stylesheet
General
Full URL
https://securityaffairs.com/wp-includes/js/mediaelement/wp-mediaelement.css?ver=14a8c44d7b0a2ab5332d79502a35c895
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4485dc3684588728bba3e5fbbe902c36ad1ec1b47480cc62c911a9403bafecc3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
448347
cf-polished
origSize=4960
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 13 Nov 2019 23:52:08 GMT
server
cloudflare
etag
W/"5dcc9728-1360"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yqAjb%2FJYeOgX1m4rcTZXWv8aR815F6gEpJeDn%2BrzUEsJsPOUVTE3cglLJo%2FRSQdigz5v%2BYbre3KS4Zov3E2ieEGeOzeup3nMOO6PsOTuFNtRWxr3RJCW1wupVUsICJiJNTpIQMAhINKdeTpS1Tn2Yf0W"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
849c8cd0ddaa65d2-FRA
expires
Wed, 24 Jan 2024 21:46:41 GMT
styles.css
securityaffairs.com/wp-content/plugins/contact-form-7/includes/css/
2 KB
1 KB
Stylesheet
General
Full URL
https://securityaffairs.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.8.6
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e2d4b7ac2cf724a064d15a4379ccca7a81c346dcb143f279d83a0e99f9563cc7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
179610
cf-polished
origSize=2894
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Sat, 13 Jan 2024 23:48:29 GMT
server
cloudflare
etag
W/"65a3214d-b4e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RoQpk%2BGKQqBq0QTYFJV%2Feu0sqd4%2BrFr8L4Z3WCmeKcHRvO%2FTrqldtsQ%2F%2F7iQRs88PwK67oiUUCvVIkuB2JH8vi8h%2BkllRdoCtCRYkwzrpEb%2F%2F%2Bj2sro5sqZ%2FLAWDT4zSfNMJbeXMp6An6giVTlHmlhyY"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
849c8cd0ddab65d2-FRA
expires
Sun, 28 Jan 2024 00:25:38 GMT
cookie-law-info-public.css
securityaffairs.com/wp-content/plugins/cookie-law-info/legacy/public/css/
3 KB
1 KB
Stylesheet
General
Full URL
https://securityaffairs.com/wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-public.css?ver=3.1.8
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1f4247657f994f6c9520c982ab95f953ee1c052706594d74f521cae670cf8be

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
179610
cf-polished
origSize=3106
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Sat, 13 Jan 2024 23:48:31 GMT
server
cloudflare
etag
W/"65a3214f-c22"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CWxsEvJ4X17TkGwPyhKwW1rlEO1AsMlCCUXCTXz40t8iLiQJSCDS%2FbQ0Wb1%2FBi%2FLPb04O9uTJr9o6w%2BJMQKFPdALYs66zDecoSjTm2y0bq%2FPCzea7onIHD4ZSGNLSRIVDJnvDezWI7%2Bw6HIEgR48RZAF"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
849c8cd0ddad65d2-FRA
expires
Sun, 28 Jan 2024 00:25:38 GMT
cookie-law-info-gdpr.css
securityaffairs.com/wp-content/plugins/cookie-law-info/legacy/public/css/
22 KB
4 KB
Stylesheet
General
Full URL
https://securityaffairs.com/wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-gdpr.css?ver=3.1.8
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2d0ee8b9f5976ae2dc3eefb7aace301d8540ad3d5f01c88f5049b3b7257a1d2f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
178878
cf-polished
origSize=27249
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Sat, 13 Jan 2024 23:48:31 GMT
server
cloudflare
etag
W/"65a3214f-6a71"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PHXCH%2FljC5prZoftTeMPuSKtRRiMAxdr%2FErR2g1RjJEvv1wMD742WmNXKFCREwcE44JGn8x5d1HPKtfPtM3v25f2Tmtf0NqoZv86EJy2%2Bdd36ddJp2VYKKvqZzI4i1bSHRdhFXT5l6D36y0JSLrTJM9r"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
849c8cd0ddaf65d2-FRA
expires
Sun, 28 Jan 2024 00:37:50 GMT
form-basic.css
securityaffairs.com/wp-content/plugins/mailchimp-for-wp/assets/css/
2 KB
972 B
Stylesheet
General
Full URL
https://securityaffairs.com/wp-content/plugins/mailchimp-for-wp/assets/css/form-basic.css?ver=4.9.11
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
90bed464813fbd721e4991e83fe323e763f91294f98018462c2698d16e60ae5f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
528738
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Tue, 09 Jan 2024 22:59:13 GMT
server
cloudflare
etag
W/"659dcfc1-654"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SVNWtScaKh7oy3mYAkVWlH7Sp%2B7Tkvcgs%2BV6kauiMCCc5VjkLEBY7pSvln%2FC0zDa%2Btwq2K874sQwMPlQKJB5VAeRf7qdA7Ujapl8XWHLtBjZ03FxXfwSCzIamWS95KZfOHwsW74pLbRHzYYNocbauVtS"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
849c8cd0ddb065d2-FRA
expires
Tue, 23 Jan 2024 23:26:50 GMT
bootstrap.min.css
securityaffairs.com/wp-content/themes/security_affairs/css/
152 KB
24 KB
Stylesheet
General
Full URL
https://securityaffairs.com/wp-content/themes/security_affairs/css/bootstrap.min.css?ver=1.0.0
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7633b7c0c97d19e682feee8afa2738523fcb2a14544a550572caeecd2eefe66b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 15 Feb 2023 07:47:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
326016
etag
W/"63ec8df4-260c5"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nmaeqYOJ3H8cFs5zaxHBZoqPk9ZWvZIobyO8BAMWpughkhuwLKFNcXDXTZ3NMk%2FWkfLSJA5QWlMMD7Er%2B3BXbPpIM6Urbze6BSXAmnot2ZHpM%2FLmS%2BNb1MKSXPH6Qr7ApZ5TR6LX3jJvaH5Hxedv5XIc"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
849c8cd0ddb265d2-FRA
alt-svc
h3=":443"; ma=86400
expires
Fri, 26 Jan 2024 07:45:32 GMT
plugins.css
securityaffairs.com/wp-content/themes/security_affairs/css/
30 KB
7 KB
Stylesheet
General
Full URL
https://securityaffairs.com/wp-content/themes/security_affairs/css/plugins.css?ver=1.0.0
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bfbb02b2f82750344aa2bc6329085a7550de92926a22a951db6f1629fab862f0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
156182
cf-polished
origSize=31000
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 15 Feb 2023 07:47:01 GMT
server
cloudflare
etag
W/"63ec8df5-7918"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q4We3pBXzkAV4bQMaXDQPfocdP6MbzhC0YZSfST9OwQXNVqhOJjjj6GQkOY1T1r0PnWugtBaTgx3kxdE0eSR8ZNmZQRffnXdRb4Q0af%2FBvATArloEulcLXVHKz%2FhJCym2ZIXZjKTplVKfU0TYsu3wSi4"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
849c8cd0ddb565d2-FRA
expires
Sun, 28 Jan 2024 06:56:06 GMT
animation.css
securityaffairs.com/wp-content/themes/security_affairs/css/
44 KB
4 KB
Stylesheet
General
Full URL
https://securityaffairs.com/wp-content/themes/security_affairs/css/animation.css?ver=1.0.0
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eaade0e5f063f06ba9ec0303b6e2cf134e7e7ddedce6b51813880fe52bbb5de2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
68019
cf-polished
origSize=45516
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 15 Feb 2023 07:47:00 GMT
server
cloudflare
etag
W/"63ec8df4-b1cc"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5vOVChmXK%2BnszAX%2Fh8zOs0vHcTb4vHrRdz7dcOmu9C%2FNU%2B%2BBU95lp%2FlVJI7iaTvrEuSbF9WcRxcAS%2Be%2BQe3Wg0K4W31xXVL5eOUAg5fyy05StizKX08C2k15LBG5rJmRk5hed%2BTF2nktMVJTAPcWqmG0"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
849c8cd0ddb865d2-FRA
expires
Mon, 29 Jan 2024 07:25:29 GMT
select2.min.css
securityaffairs.com/wp-content/themes/security_affairs/css/
16 KB
3 KB
Stylesheet
General
Full URL
https://securityaffairs.com/wp-content/themes/security_affairs/css/select2.min.css?ver=1.0.0
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cda4a81c187015d95ed2c71f1841540b08203cdec5fa2a7d5d1825a3c2166f8c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 15 Feb 2023 07:47:01 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
495328
etag
W/"63ec8df5-3f88"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l%2FGUb%2BOYHtn8NHZPsP5BxmLVrMqslMQNWjDWRIbTcgeYNtN860kSMhJcZLEiBHKO442VeBCJ4jUEUaDlIO4H067Wr74QKmgdu78p78MXgcZwEDnkphhngp3O4SdMK7nQ5BiAsTPSblH3FsFkx%2F1pReKl"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
849c8cd10dc765d2-FRA
alt-svc
h3=":443"; ma=86400
expires
Wed, 24 Jan 2024 08:43:40 GMT
bootstrap-datetimepicker.min.css
securityaffairs.com/wp-content/themes/security_affairs/css/
5 KB
1 KB
Stylesheet
General
Full URL
https://securityaffairs.com/wp-content/themes/security_affairs/css/bootstrap-datetimepicker.min.css?ver=1.0.0
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
165d6cf0440273d98a7ff9e3a3c996af430f251f139ce41bd21d2b995291a0ff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 15 Feb 2023 07:47:01 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
585620
etag
W/"63ec8df5-13c2"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bipRcknpX2Meo85yh%2BxNeSY7H1ZOxTHDkROaBudsfkSXuR7fpzCANjEr7Bd7spDWtkuscO13d0jgPyH4%2FFBJ%2FVJm1V%2BtsFiU5dJTnxxMV3ywsLJ2t6ZO%2ByuXQwdfX1rpvZ%2B4wT%2F%2FV7OcQrfvLTMr5fsU"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
849c8cd10dc865d2-FRA
alt-svc
h3=":443"; ma=86400
expires
Tue, 23 Jan 2024 07:38:48 GMT
style.css
securityaffairs.com/wp-content/themes/security_affairs/css/
62 KB
10 KB
Stylesheet
General
Full URL
https://securityaffairs.com/wp-content/themes/security_affairs/css/style.css?ver=1.0.0
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ac825c2e7eb874cfe862111097aa63158b575df11b0ea342814a5bc55f450b66

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
326172
cf-polished
origSize=63687
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 16 Aug 2023 19:58:52 GMT
server
cloudflare
etag
W/"64dd2a7c-f8c7"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K9RKF%2BmhAhQIdN8TywWsc4bDU%2FoDg%2BURB40Lth%2BkjnwExepDkPwp8o0pCoQRa0tVrTHT4U76%2Brl5xpWEpT2aLXl8Wz0J1%2FESYaEaXKOM%2B50tvM5Xu2f13DBPTngqfrouiw8cTWpc2MJx7vYb7J8dvSFd"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
849c8cd10dcb65d2-FRA
expires
Fri, 26 Jan 2024 07:42:56 GMT
slick.css
securityaffairs.com/wp-content/themes/security_affairs/slick/
4 KB
1 KB
Stylesheet
General
Full URL
https://securityaffairs.com/wp-content/themes/security_affairs/slick/slick.css?ver=1.0.0
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a21e3d4b193d36cbfab4d9cb007c5f531c86b7c3d5fbadc0ea2a20296330d536

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
407632
cf-polished
origSize=4922
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 15 Feb 2023 07:45:55 GMT
server
cloudflare
etag
W/"63ec8db3-133a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vTLgMeVrkzp86wxFykpLmqUT%2F5p96pdh64qVCTi3I9SVkZvQB%2Fqkd1l9MWlcXSa9ww6mWi0eFmM%2B3gOZw4N30aF1vq2Wi3ba%2FM3vtQciH2rm8eQocjnGHmHHX6%2FpekORiwDmHaXPnKHZJKmX46hLktkS"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
849c8cd10dcc65d2-FRA
expires
Thu, 25 Jan 2024 09:05:16 GMT
jquery.js
securityaffairs.com/wp-includes/js/jquery/
138 KB
41 KB
Script
General
Full URL
https://securityaffairs.com/wp-includes/js/jquery/jquery.js?ver=3.7.1
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
508a8d88a4db7b5ef87b1d5b6fc60e56b7c5384b75b75b10e77f298ea108b510

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
324774
cf-polished
origSize=285334
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 08 Nov 2023 22:53:12 GMT
server
cloudflare
etag
W/"654c1158-45a96"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CQ6wZ3C1c3P3qMXa2mBvvpgZNYUOZ0XKYd4TY1sleE35vTdadvtceKuRm8Q222qzNkU1MooAV5hoT3G4aQU1SVVah2Wwemk4dwx7aGXY19pICIrBfBOz%2F1dZbWGqEbLqyU%2BEVyfxWVXgDA0xOW%2FWygQj"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
849c8cd10dcd65d2-FRA
expires
Fri, 26 Jan 2024 08:06:14 GMT
jquery-migrate.js
securityaffairs.com/wp-includes/js/jquery/
19 KB
6 KB
Script
General
Full URL
https://securityaffairs.com/wp-includes/js/jquery/jquery-migrate.js?ver=3.4.1
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
82815a7dba0c18a1092121e80005ee37b0390b8b755a6dc8ba03e199ed3a2501

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
503091
cf-polished
origSize=31978
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Tue, 08 Aug 2023 22:36:33 GMT
server
cloudflare
etag
W/"64d2c371-7cea"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bJV2HnWf639FZaDAUjYIJ%2B%2BIxNmdOT%2Ff3GDP4%2BEGvchpIps518YzeTenuA%2BoS%2BNH1Y%2FgmD6D0BH6nfObIwJQ0eX%2BvFBSYYn6j5cOAb2viT1Gpg7jeBr83iobVnX%2F8q9MUwFbici4MK9BfpHAN7qUiCNp"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
849c8cd10dce65d2-FRA
expires
Wed, 24 Jan 2024 06:34:17 GMT
cookie-law-info-public.js
securityaffairs.com/wp-content/plugins/cookie-law-info/legacy/public/js/
27 KB
7 KB
Script
General
Full URL
https://securityaffairs.com/wp-content/plugins/cookie-law-info/legacy/public/js/cookie-law-info-public.js?ver=3.1.8
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9701e3cc721b444361494b8586b90ce11a0a0fc7964c0220e2263dd836d0a254

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
178878
cf-polished
origSize=34179
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Sat, 13 Jan 2024 23:48:31 GMT
server
cloudflare
etag
W/"65a3214f-8583"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=edzBweEi3lc1usFPehEPAB46HuH6FoV34635cdsbOsden11w9DdRKoJwyhZHH0r6rTRlKAGMZsvEH6Oo2bu6zIdxcsMJnbShnftlfi19hCc9WjpXR1cxarAaZf1V2xbo0Ivrei8NJv4UPKecxl9d1fqT"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
849c8cd10dcf65d2-FRA
expires
Sun, 28 Jan 2024 00:37:50 GMT
sharethis.js
platform-api.sharethis.com/js/
206 KB
46 KB
Script
General
Full URL
https://platform-api.sharethis.com/js/sharethis.js?ver=8.4.11
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-80.fra56.r.cloudfront.net
Software
/
Resource Hash
cf9e92205faeb2fc9929f8aaf67ee6fb15084be8994babd310cfa01d62e29e5c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:09:36 GMT
content-encoding
gzip
via
1.1 93b0598b43d63761f1a129690721f888.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
FRA56-C2
age
577
etag
W/"3360d-7zvdaxLS2Lhi3Pty7QrCYymkuqI"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
edge-control
cache-maxage=60m,downstream-ttl=60m
cache-control
max-age=600, public
x-cache
Hit from cloudfront
x-amz-cf-id
LhXWU5sP7dIialCFz7r57QvvC8T078feDgathAzxQDpLw1xoxJx1lg==
js
www.googletagmanager.com/gtag/
204 KB
74 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-8ZWTX5HC4Z
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
5ace62af3e5dc973a547aa8cf2387d400d9cb35cca9869324a20f9faad0606d2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
75678
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 23 Jan 2024 02:19:08 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/
146 KB
50 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4918072057181794
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d51ef259be3ead951d500292b27c637b061918c2fa2ac2c4d4e970dfa2104c3b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.com/
Origin
https://securityaffairs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
51097
x-xss-protection
0
server
cafe
etag
6979093018567651163
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
link
<https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires
Tue, 23 Jan 2024 02:19:08 GMT
js
www.googletagmanager.com/gtag/
270 KB
90 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-NPN4VEKBTY
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
7c87fb4391b3160d1965e1178fee8450a7d308451c67e1d79fe79b84f30cf196
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
91855
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 23 Jan 2024 02:19:08 GMT
/
services.vlitag.com/adv1/
546 KB
142 KB
Script
General
Full URL
https://services.vlitag.com/adv1/?q=221a5a398da89ace8729d1cd3c481ec7
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3ac7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f7641586dddf9623dc180f212044ac262abe6dc5c8607c2b242bb62c4cbe675a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:09 GMT
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
server
cloudflare
cf-polished
origSize=559457
etag
W/"221a5a398da89ace8729d1cd3c481ec7 2024-01-19T08:58:51 v1 default"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=900, stale-while-revalidate=3600
x-robots-tag
noindex, nofollow, noarchive, nosnippet
cf-ray
849c8cd2d99d92c3-FRA
alt-svc
h3=":443"; ma=86400
menu-icon.svg
securityaffairs.com/wp-content/themes/security_affairs/images/
467 B
814 B
Image
General
Full URL
https://securityaffairs.com/wp-content/themes/security_affairs/images/menu-icon.svg
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
79ef2c493105913ae8a012433b49e73fec9f4e3dfaf70723bcf66c3e3e0e09e9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 15 Feb 2023 07:46:27 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
4560276
etag
W/"63ec8dd3-1d3"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9%2BXpFqiM5zHh1y30sy86yF6vUBi78GCETQyMgHbJaE8Twbzn1JE%2Bufk8DKOWUyfHsTuOipbNi60MaecNtcATTAuM%2FcO8%2FsVG3Txaz4lM7tC%2B0pkspPtb7flpb%2FKcw0NyOPyJ8otMLseFA%2B%2FVuDqMbMox"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
public, max-age=315360000
cf-ray
849c8cd10dd065d2-FRA
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
logo.png
securityaffairs.com/wp-content/uploads/2023/08/
5 KB
5 KB
Image
General
Full URL
https://securityaffairs.com/wp-content/uploads/2023/08/logo.png
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
51e18fa3a179268df5763ae93f237dfa9ab4733b4e2791fe3cfeecca702a8832

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6569061
alt-svc
h3=":443"; ma=86400
content-length
4751
last-modified
Sun, 27 Aug 2023 14:33:01 GMT
server
cloudflare
etag
"64eb5e9d-128f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NivXORU19bQ7On7BonF%2FCv0oWEKBe5LvhET4zB4vXThHtisgYz%2FhYsnD2q7GQILQ2b%2F6rBhSNjqr3bXAJTX2J6cnb7mk2%2BIZhhOoL084MzuYJwBaDPioSy6MAd24eTjIafReKv1uJZMATw3mr0Cyo6PC"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=315360000
accept-ranges
bytes
cf-ray
849c8cd10dd165d2-FRA
expires
Thu, 31 Dec 2037 23:55:55 GMT
user-icon.svg
securityaffairs.com/wp-content/themes/security_affairs/images/
987 B
1 KB
Image
General
Full URL
https://securityaffairs.com/wp-content/themes/security_affairs/images/user-icon.svg
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1e0352c858984ddb68c11c0b8265ea2ae72ab8d29b4471f888d4cbd95fe881ef

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 15 Feb 2023 07:46:29 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
4838588
etag
W/"63ec8dd5-3db"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zNPYS9wIpDHv5Cj7OagALv59%2BNORCGVTTMLffyxfI2n1vG2zLahtrUCe9VM7PvkQoDxI9PVnDGuh5IBsHCpRLKj2dGmV4rk2XgK76DBlaJJMG8Xk%2BmFIo1po2KEHAIJjmb3Mq036I5AzVVX0Knpx8NRX"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
public, max-age=315360000
cf-ray
849c8cd14d3837e4-FRA
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
clock-icon.svg
securityaffairs.com/wp-content/themes/security_affairs/images/
947 B
1 KB
Image
General
Full URL
https://securityaffairs.com/wp-content/themes/security_affairs/images/clock-icon.svg
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
61b5d4f52ec96a0aef85f731e618cb627749775534ae86976446f42350757392

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 15 Feb 2023 07:46:29 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
7159025
etag
W/"63ec8dd5-3b3"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=otAyWm3PtP5D38XH9OMP97%2FgUm%2BZ6TGLOs7oM97Hv3gCqE6LjL0cGuYeycjOE%2Bk747KyElthEARlKdeQ22wrwEMs2x0Goa8IcmsDIApgmXhjXWoCsqx9cKhUjVp%2FA4saKIPrYPHXLA2ehTnEt6ToKoqo"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
public, max-age=315360000
cf-ray
849c8cd14d3a37e4-FRA
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
image-37.png
i0.wp.com/securityaffairs.com/wp-content/uploads/2024/01/
134 KB
135 KB
Image
General
Full URL
https://i0.wp.com/securityaffairs.com/wp-content/uploads/2024/01/image-37.png?fit=902%2C546&ssl=1
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
2b364aed0f0a57b1341d81ead16a2c95814e34df778c2e2337b2efc686841cb7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
content-length
137578
x-nc
HIT hhn 4
last-modified
Mon, 22 Jan 2024 11:19:47 GMT
server
nginx
etag
"1a746d85db64a045"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.com/wp-content/uploads/2024/01/image-37.png>; rel="canonical"
expires
Wed, 21 Jan 2026 23:19:47 GMT
image-37.png
i0.wp.com/securityaffairs.com/wp-content/uploads/2024/01/
134 KB
135 KB
Image
General
Full URL
https://i0.wp.com/securityaffairs.com/wp-content/uploads/2024/01/image-37.png?w=902&ssl=1
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
2b364aed0f0a57b1341d81ead16a2c95814e34df778c2e2337b2efc686841cb7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
content-length
137578
x-nc
HIT hhn 4
last-modified
Mon, 22 Jan 2024 12:01:04 GMT
server
nginx
etag
"023e63d3107b097d"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://securityaffairs.com/wp-content/uploads/2024/01/image-37.png>; rel="canonical"
expires
Thu, 22 Jan 2026 00:01:04 GMT
image-38.png
securityaffairs.com/wp-content/uploads/2024/01/
1 MB
1 MB
Image
General
Full URL
https://securityaffairs.com/wp-content/uploads/2024/01/image-38.png
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d4a53070779cc384ec0aecb06ed6ba9fa923ae4d2de671ebbea3f76afd7874c2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
15006
alt-svc
h3=":443"; ma=86400
content-length
1253439
last-modified
Mon, 22 Jan 2024 21:58:24 GMT
server
cloudflare
etag
"65aee500-13203f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aEAGYy4zavwMLl9iyVofP0m5Q9jysCj35mBTxBDQ2Z9k0ECtgIsVGyMmX9Luu0IDQx965pOcNL2B03NaYCM2epAN%2FbRVGGADjY2rhU7zTyW39et2x925dM%2BjnHsay0gfcv5hN2%2BYOKpPl72sQ%2ByFwNbM"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=315360000
accept-ranges
bytes
cf-ray
849c8cd27dbf37e4-FRA
expires
Thu, 31 Dec 2037 23:55:55 GMT
apple.jpg
securityaffairs.com/wp-content/uploads/2021/03/
32 KB
32 KB
Image
General
Full URL
https://securityaffairs.com/wp-content/uploads/2021/03/apple.jpg
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f6c1b56d72a2f838340b55bd9d710f9a051807d641bf97e111ac9e3ade664911

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1122535
alt-svc
h3=":443"; ma=86400
content-length
32733
last-modified
Sat, 27 Mar 2021 10:24:06 GMT
server
cloudflare
etag
"605f07c6-7fdd"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J6B5d1e6AOt2Pf2z6QdU2mtHrjy%2FyXiykMiUx4gSRLf6tSxlWpOdk9lqPFDLghaVadJqKs8GKdzEWa3UrQwAznsTM%2BYEN%2FXs9TQ9CYZ82OUnOKiV4BNMLmkJxyDtTa8wMgMPYxMCr2EDkMUVrOuZbqqA"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
public, max-age=315360000
accept-ranges
bytes
cf-ray
849c8cd27dc037e4-FRA
expires
Thu, 31 Dec 2037 23:55:55 GMT
adaptive-phishing-2.png
securityaffairs.com/wp-content/uploads/2024/01/
53 KB
53 KB
Image
General
Full URL
https://securityaffairs.com/wp-content/uploads/2024/01/adaptive-phishing-2.png
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
08f284dd0d1883f6e1e285ff3100b20bd397b3e708c59a33d6d9989800eb8a64

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
45552
alt-svc
h3=":443"; ma=86400
content-length
53957
last-modified
Mon, 22 Jan 2024 13:31:16 GMT
server
cloudflare
etag
"65ae6e24-d2c5"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W%2BtljFaPa2NGVFcxMfggc5alMgA8fpO02A%2FJDT5CkhXGyK5ktzXXakPoeRqwJnvOsbaea%2BVtFalJgK5va6TvDP4E6hEhjIdixxGt8gZ77MehUvrkhy%2F%2FFE94yooxRZJK4DRFwQKWO%2BkpRg9SIqMNrW9n"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=315360000
accept-ranges
bytes
cf-ray
849c8cd27dc137e4-FRA
expires
Thu, 31 Dec 2037 23:55:55 GMT
image-37.png
securityaffairs.com/wp-content/uploads/2024/01/
265 KB
265 KB
Image
General
Full URL
https://securityaffairs.com/wp-content/uploads/2024/01/image-37.png
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
91bbe15341b805a7f54fe1b86b251ecc6aff874cf9aa39dda033fbb7b3b296b0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
53871
alt-svc
h3=":443"; ma=86400
content-length
271168
last-modified
Mon, 22 Jan 2024 11:05:11 GMT
server
cloudflare
etag
"65ae4be7-42340"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tNtwsZzJvA0NlWSF1WlK5XsZD375NuYhYgr4Cl7duYKfuOqiViG9RHYNJxr%2FQhx%2BNnWyjBtlUFjYn7qaOb1f0F%2FU%2FuDOssRbq6XvM31xpyqewXctaT8Qhtk1O7UN9F1XFsi%2FK9qToC5V6eiO%2B6oXw6BO"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=315360000
accept-ranges
bytes
cf-ray
849c8cd27dc237e4-FRA
expires
Thu, 31 Dec 2037 23:55:55 GMT
Thailand-data-leak.png
securityaffairs.com/wp-content/uploads/2024/01/
3 MB
3 MB
Image
General
Full URL
https://securityaffairs.com/wp-content/uploads/2024/01/Thailand-data-leak.png
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f8975796042e71d693f3124c6b3f9a1c56324251c80db4f7e42acde0381a5940

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
58636
alt-svc
h3=":443"; ma=86400
content-length
2712184
last-modified
Mon, 22 Jan 2024 09:14:44 GMT
server
cloudflare
etag
"65ae3204-296278"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v53E7Qhe9A5mOY6L%2FhtSHHp4h8edfqg%2BHixGNKnRSIGkHseLixhxDkYel5pmOGb7MrsZHSO%2FHot1I2ksC8sH5UO13v9%2FLu1bSYxZDBnGMY4pSMTtHyfEOPF%2BigbPHcox6W0VjVdE3zYjn8Aek0RTjdh5"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=315360000
accept-ranges
bytes
cf-ray
849c8cd27dc337e4-FRA
expires
Thu, 31 Dec 2037 23:55:55 GMT
footer-logo.png
securityaffairs.com/wp-content/uploads/2023/08/
4 KB
4 KB
Image
General
Full URL
https://securityaffairs.com/wp-content/uploads/2023/08/footer-logo.png
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b253964206a6ce075557f8735e7b57268338885e821f317bc63c6616e75c7b60

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
4647962
alt-svc
h3=":443"; ma=86400
content-length
3916
last-modified
Sun, 27 Aug 2023 14:33:08 GMT
server
cloudflare
etag
"64eb5ea4-f4c"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jlWuolKxoU3GQ6%2BVIwqi5WLufDdZGQFzpGYj%2BOvPrG9sc4ED6i6i3JWXGK18wydjUXV50BhLySfS9ProYXxI2I%2Fh9o553ZPOBzLRvdWwm2mAD%2FtfIxMSuhUYcvLwflCaMKMiNImnsYX2eHSFWUx2VTLh"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=315360000
accept-ranges
bytes
cf-ray
849c8cd27dc437e4-FRA
expires
Thu, 31 Dec 2037 23:55:55 GMT
8374920a-16c8-4a73-b6ba-81f77ca5b849
https://securityaffairs.com/
5 KB
0
Other
General
Full URL
blob:https://securityaffairs.com/8374920a-16c8-4a73-b6ba-81f77ca5b849
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
09587fd0b4c984573371a553f082e27c4e4ba98f65130e1b1eb7c0b7699509e5

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Length
5047
Content-Type
text/javascript
email-decode.min.js
securityaffairs.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/
1 KB
1 KB
Script
General
Full URL
https://securityaffairs.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 05 Jan 2024 17:29:47 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"65983c8b-4d7"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=21oRtAqzGuLiAHdps8E6iTJgDvchFWPYwAvrUncZASIPDRoIq7P%2FL9gokI5yb6y7aC6dwmoSA8vd7rhQp3JsOeAc0%2FkhbJ%2FYpKdxxnvK%2BvRv8GQTM36VatFgsQdwJh2tdnoq3OoSQr90NaAwM49qQr3o"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-frame-options
DENY
cache-control
max-age=172800, public
cf-ray
849c8cd18d5137e4-FRA
expires
Thu, 25 Jan 2024 02:19:08 GMT
image-cdn.js
securityaffairs.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/
701 B
867 B
Script
General
Full URL
https://securityaffairs.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/image-cdn.js?minify=false&ver=132249e245926ae3e188
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
27dd9b075cc59cf5f3c0f6ee075f4bd113782d81ce30a4f16aac669ecfdc4fa2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
407386
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Sat, 13 Jan 2024 23:48:34 GMT
server
cloudflare
etag
W/"65a32152-2bd"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MNExlX8qoVud4PO1gJ7utu%2B05OB1P3i6Ku1SOWXDb43omueo5K%2Fk7eNmDlsnM2QPO%2B%2FYqEyO1B%2B2r%2BHlSknwqY291ZeJT3SBiEogZvCAAnMgl6NERKb%2Fgd9%2F4hXb7YY8kJSsv8CXKkdTLH6s1Uc6XdOR"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
849c8cd18d5237e4-FRA
expires
Thu, 25 Jan 2024 09:09:22 GMT
index.js
securityaffairs.com/wp-content/plugins/contact-form-7/includes/swv/js/
11 KB
4 KB
Script
General
Full URL
https://securityaffairs.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.8.6
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9c1989ecd392a0c54fb799409154242706940a8e6d800542ba579dfda576bb9d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
179674
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Sat, 13 Jan 2024 23:48:29 GMT
server
cloudflare
etag
W/"65a3214d-2b6d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vnod7hbCXCmrZMHk8chSffIG5qZnYK51L2riTwO%2B3PGwcRj%2BG%2F%2FAPUZONaiFb%2B8B%2FhwuaxnMzkYB8zpPLGZqpWOo1kQgwu5Ti8MvUdkcVBZzeybX5ht8%2BYTnWY4x1MzIRSPRdfJAkC16Gj%2FrU0EYFmh1"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
849c8cd21d8a37e4-FRA
expires
Sun, 28 Jan 2024 00:24:34 GMT
index.js
securityaffairs.com/wp-content/plugins/contact-form-7/includes/js/
13 KB
5 KB
Script
General
Full URL
https://securityaffairs.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.8.6
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7ee08c60d39f5712a56938fda3e2ab10fe3ef23ec98aeb3c9a29e54f6f31ffe1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
179674
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Sat, 13 Jan 2024 23:48:29 GMT
server
cloudflare
etag
W/"65a3214d-337e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9PDPEGIMAYf%2FNYUQy2kq9nqB%2Bh94lFiEgricYxGGVRsaObiz%2B0zLChHs7i3r4s5l1p1XJ7878x6Peb53fDJ%2FU%2FfTVN24pf6AEFCS%2BDWVgjMAUpCTjfWWNwEum9ieTaXUQA87ErgicAsvJ3TvdOH8gYXI"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
849c8cd21d8b37e4-FRA
expires
Sun, 28 Jan 2024 00:24:34 GMT
ssba.js
securityaffairs.com/wp-content/plugins/simple-share-buttons-adder/js/
2 KB
1 KB
Script
General
Full URL
https://securityaffairs.com/wp-content/plugins/simple-share-buttons-adder/js/ssba.js?ver=1702508133
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
90b1f6082b0cf09c59ad2a5b87d3e0ab87eadf37c9b0b791318adfaae1a4b0d4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
432899
cf-polished
origSize=3110
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 13 Dec 2023 22:55:33 GMT
server
cloudflare
etag
W/"657a3665-c26"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bgz%2BqZkpv2N65UT4OB3le3bgpTer2MAg16Ujjga%2BA0p8ILkjRw06MTFIUrhi9U5NGogcoPmBZhOBVHbPgrKajs6Xz1mtQkH38%2Bxt6NyP6lsRay5W7t0h5OzHvUWsF8JzY15t57R3IHo50W851kt9q8j%2B"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
849c8cd27db237e4-FRA
expires
Thu, 25 Jan 2024 02:04:09 GMT
jquery-3.5.1.min.js
securityaffairs.com/wp-content/themes/security_affairs/js/
87 KB
32 KB
Script
General
Full URL
https://securityaffairs.com/wp-content/themes/security_affairs/js/jquery-3.5.1.min.js?ver=1.0.0
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 15 Feb 2023 07:46:02 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
443044
etag
W/"63ec8dba-15d84"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mmQFP8jdPcJCY8cTp%2BuQLlGqZlAka1R%2Fh4CJhoiv3oMvvCtJjtP%2FqiuaP5xcFwPMHAorMvxaa2a28awmmfStwEh97QM1sSoO2DFTNg97xaHPFriXcBj%2FXpM1gmD6LE9gi9wV3W2IZSDqZpugpJnagldj"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
849c8cd27db437e4-FRA
alt-svc
h3=":443"; ma=86400
expires
Wed, 24 Jan 2024 23:15:04 GMT
bootstrap.bundle.min.js
securityaffairs.com/wp-content/themes/security_affairs/js/
77 KB
23 KB
Script
General
Full URL
https://securityaffairs.com/wp-content/themes/security_affairs/js/bootstrap.bundle.min.js?ver=1.0.0
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7e1f1503df765cca5e099891b94e318a2ef95081ba2af1eb6d417cc884bfdbfe

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 15 Feb 2023 07:46:01 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
513057
etag
W/"63ec8db9-13397"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NTq2ASyKiEaqWHUuBtB3YONGaL34kEzAictYojT7ZgvfXX0FoFN3Poai71aDoN%2BeEa54eypIVaoBXBopKm5goRjWh91gHNihjBWw4PoJQr9YPucK67Aq0XzZgs809pHoDwVozGiekohdyRoHdfRNXuoJ"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
849c8cd27db537e4-FRA
alt-svc
h3=":443"; ma=86400
expires
Wed, 24 Jan 2024 03:48:11 GMT
animation.js
securityaffairs.com/wp-content/themes/security_affairs/js/
3 KB
2 KB
Script
General
Full URL
https://securityaffairs.com/wp-content/themes/security_affairs/js/animation.js?ver=1.0.0
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2c03404e75c3b5dd3190080d5b678433a88aed86b17fba7685f8a36950414fb8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
475374
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 15 Feb 2023 07:46:02 GMT
server
cloudflare
etag
W/"63ec8dba-b93"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0%2FDeSzqZONz0vX%2BwoPN2OODdyzs0Vp9wAkCkzPeG1F5%2F624V%2B%2BkaTUrmCTjYnrJjlDt5UB0hyW48bagVxWlGiMdLRFTkApIOvOtaG%2BEKMywY2kWPOHnrh2fnQLajRTJR1u%2F8WJYGD9tY%2FVcbggZExxy7"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
849c8cd27db637e4-FRA
expires
Wed, 24 Jan 2024 14:16:14 GMT
slick.min.js
securityaffairs.com/wp-content/themes/security_affairs/slick/
42 KB
11 KB
Script
General
Full URL
https://securityaffairs.com/wp-content/themes/security_affairs/slick/slick.min.js?ver=1.0.0
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 15 Feb 2023 07:45:55 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
590891
etag
W/"63ec8db3-a76f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZcPd9a3dr6WQG482UEtzKDo7GDZgmXMQwlFqo5uTDwhscnatfQOrJyIEojRZrjGjHFMgwpPTJupVEs2quWoyPAyyrnUnZt59na%2Fm%2FYnKCrurNKBhLtG4ErQz7LEq5WAihhmOEXo5rMvnBo5WjzAzxqOI"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
849c8cd27db837e4-FRA
alt-svc
h3=":443"; ma=86400
expires
Tue, 23 Jan 2024 06:10:57 GMT
select2.min.js
securityaffairs.com/wp-content/themes/security_affairs/js/
71 KB
20 KB
Script
General
Full URL
https://securityaffairs.com/wp-content/themes/security_affairs/js/select2.min.js?ver=1.0.0
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f7244fff610595b944f76bf3080d74e3af42b5dd234f8f079e698cc39ac966b0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 15 Feb 2023 07:46:01 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
329668
etag
W/"63ec8db9-11dcb"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HmtQqGh0f9UfnXbNFpoZ5hwyk1fgND29XlEAAJaOrXpjbv5qExzp6j2Jc0Mj94XOn0pNv86Ov7NY82PM89mcY1wCidmD8A6mgVjRV0JD32HTBT9SThQZLmVpPzQWTSrRk8nQKo1DgfTmY0DGrsy2KF6h"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
849c8cd27db937e4-FRA
alt-svc
h3=":443"; ma=86400
expires
Fri, 26 Jan 2024 06:44:40 GMT
moment.min.js
securityaffairs.com/wp-content/themes/security_affairs/js/
33 KB
13 KB
Script
General
Full URL
https://securityaffairs.com/wp-content/themes/security_affairs/js/moment.min.js?ver=1.0.0
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4b5dcd8c4de34bf3e2bbbb1499ef55172ca6a8c7124c5aaa04cc6ea48a084b8b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 15 Feb 2023 07:46:02 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
324896
etag
W/"63ec8dba-857b"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=axXdu3dwej7XeYQiwuiOmgKmE9klHLBEyYpSL1nD5XyPr%2B4DIe9zyoq2WkihoAyhPalbet20OV6T7LcMgoNPIkZO7H7s0q3GysF%2FnzpSVPxj2ENuY5cmPPq7T1RdEkSJZXNDIlzOW0UvToGwM53KKx1I"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
849c8cd27dba37e4-FRA
alt-svc
h3=":443"; ma=86400
expires
Fri, 26 Jan 2024 08:04:12 GMT
bootstrap-datetimepicker.min.js
securityaffairs.com/wp-content/themes/security_affairs/js/
23 KB
7 KB
Script
General
Full URL
https://securityaffairs.com/wp-content/themes/security_affairs/js/bootstrap-datetimepicker.min.js?ver=1.0.0
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5220bfc9416c5b55c41b39baaf1744ed2ce2bec1b0e77382067dea40eec68ba2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 15 Feb 2023 07:46:02 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
584062
etag
W/"63ec8dba-5a28"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t4wlFxCLR10sfWnPg%2F1rA0UZN99dKr05CvyVmPyI2qfuHJ0p%2FdyWO8e%2BD52edCvl9cbhPTkQk0LM6r7ruNgyP5d5SYOMFWvhdI8c48U88EijCbBZe92VHbrMjWqob%2FEa%2F52P%2B4w40WIO0%2FYZuELOr8Wt"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
849c8cd27dbc37e4-FRA
alt-svc
h3=":443"; ma=86400
expires
Tue, 23 Jan 2024 08:04:46 GMT
script-datepicker.js
securityaffairs.com/wp-content/themes/security_affairs/js/
236 B
669 B
Script
General
Full URL
https://securityaffairs.com/wp-content/themes/security_affairs/js/script-datepicker.js?ver=1.0.0
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
84e1de7132433ebaa0845af00ce1812287ba004d8288bf78b455f1d9f494f2ab

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
329668
cf-polished
origSize=552
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 15 Feb 2023 07:46:02 GMT
server
cloudflare
etag
W/"63ec8dba-228"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5s1OQqRmWEy9K%2Fw%2FTUoNENOJjJ4mex4zGvGUFQxmKHlFjITo75gBJUh3bCf1Ss%2FFiJJjclcQ8nCNnSHwACH3zXRv9RMplkBzmzufeLnn%2BXZxQDups0nQP4pype2FHL8YQM%2BNnIvanzRWN0I1dc2DZnpQ"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
849c8cd27dbd37e4-FRA
expires
Fri, 26 Jan 2024 06:44:40 GMT
script.js
securityaffairs.com/wp-content/themes/security_affairs/js/
4 KB
2 KB
Script
General
Full URL
https://securityaffairs.com/wp-content/themes/security_affairs/js/script.js?ver=1.0.0
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7a65e356551523b3a3222147ddb49ea4dad9b21d38a9b590effd45d55fc94d03

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
578743
cf-polished
origSize=6278
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 15 Feb 2023 07:46:01 GMT
server
cloudflare
etag
W/"63ec8db9-1886"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B2b7YZsCC3Ivh5Rb5DJngfNx015i50DLfH3VinMPvC8utMF08AT59qkngTxi1ZQwQRD2rycHsfijfZClY5jD9j1nB5HH7G1%2Fd3%2BtT%2BH9UG1WpVbzQdxwyOfQivAGJRUEmSorgNy7Q6kFa61OY8GIMGMT"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
849c8cd27dbe37e4-FRA
expires
Tue, 23 Jan 2024 09:33:25 GMT
e-202404.js
stats.wp.com/
7 KB
3 KB
Script
General
Full URL
https://stats.wp.com/e-202404.js
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
4f9f4e2e225088f9cf3b6b54aa421e0f776d1802255505d2f752e1f83f441641

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-minify-cache
hit
x-nc
HIT hhn
date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
br
server
nginx
x-minify
t
etag
W/14377-1704402356565.5398
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
alt-svc
h3=":443"; ma=86400
expires
Mon, 20 Jan 2025 10:07:35 GMT
css2
fonts.googleapis.com/
34 KB
2 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Open+Sans:wght@300;400;500;600;700;800&display=swap
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/wp-content/themes/security_affairs/css/style.css?ver=1.0.0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
d7f92fca171404f4c87d2cf676ae9ba011e869e03410a9cbc1e0e47a3c32406e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 23 Jan 2024 02:00:51 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 23 Jan 2024 02:19:08 GMT
63aa5463b92caa0012f81022.js
buttons-config.sharethis.com/js/
438 B
882 B
Script
General
Full URL
https://buttons-config.sharethis.com/js/63aa5463b92caa0012f81022.js
Requested by
Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js?ver=8.4.11
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:5400:c:abe:f440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bfc6883863d1d8dc27b491556f0f91df31da6a3f86fa1d9d8dc8686e067bd8a0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:05 GMT
via
1.1 d3039ad83798b26ecb9f9f1e666afe26.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
FRA6-C1
age
7
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
438
last-modified
Tue, 08 Aug 2023 14:14:32 GMT
server
AmazonS3
etag
"0a1ccce781e1a89f4075d4f596f8a0f2"
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=60
accept-ranges
bytes
x-amz-cf-id
sZEkKS3dl_v4fH3TCGY3k6iW_cZvoMvtHussA3qzf1rAHUDvl5Fa9A==
search-icon.svg
securityaffairs.com/wp-content/themes/security_affairs/images/
940 B
1 KB
Image
General
Full URL
https://securityaffairs.com/wp-content/themes/security_affairs/images/search-icon.svg
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/wp-content/themes/security_affairs/css/style.css?ver=1.0.0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1df70b268a34a8036eca2f536d670f59e142b877bf09ad993aec61417c7a4870

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/wp-content/themes/security_affairs/css/style.css?ver=1.0.0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 15 Feb 2023 07:46:24 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
7146714
etag
W/"63ec8dd0-3ac"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7wbQHbGA9qjSkrHja5ElqBYzE%2BFZCK0zLoNmWXQorXJ%2FnbLrCuCTp%2F1%2B1idwsFSIAVv%2BwcD932%2FUdFL1DNwgq0%2Brq8pqOWnmxs8cp9QPqaOlqYWEpjrCVzbU%2BYiiL7%2Bj75TrnaWGRy0kC%2FkxShLdtFB2"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
public, max-age=315360000
cf-ray
849c8cd27dc537e4-FRA
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
fontawesome-webfont.woff2
securityaffairs.com/wp-content/themes/security_affairs/fonts/
75 KB
76 KB
Font
General
Full URL
https://securityaffairs.com/wp-content/themes/security_affairs/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/wp-content/themes/security_affairs/css/plugins.css?ver=1.0.0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Referer
https://securityaffairs.com/wp-content/themes/security_affairs/css/plugins.css?ver=1.0.0
Origin
https://securityaffairs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
cf-cache-status
HIT
last-modified
Wed, 15 Feb 2023 07:46:48 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
4315
etag
"63ec8de8-12d68"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PBZ4EvZQCwecs5kkeyC%2BPBFAAvPm7tIhawkWWuiJb%2BbhsuXajOG9fA4H2%2FtZufR7Dg9OLytibcIhZanfsLsPcdSLlAbyuqiwgGtpIvPAUnwUByK1bxSdy%2Baihj4NvRvmxrX16%2BQj3%2FhOT%2F5ek7N5%2FmcJ"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
849c8cd27dc637e4-FRA
alt-svc
h3=":443"; ma=86400
content-length
77160
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/
47 KB
48 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans:wght@300;400;500;600;700;800&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://securityaffairs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 17 Jan 2024 11:02:10 GMT
x-content-type-options
nosniff
age
487018
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
48236
x-xss-protection
0
last-modified
Thu, 14 Dec 2023 02:08:40 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 16 Jan 2025 11:02:10 GMT
pview
l.sharethis.com/
0
406 B
XHR
General
Full URL
https://l.sharethis.com/pview?event=pview&hostname=securityaffairs.com&location=%2F157887%2Fmalware%2Fapache-activemq-godzilla-web-shell.html&product=gdpr-compliance-tool-v2&url=https%3A%2F%2Fsecurityaffairs.com%2F157887%2Fmalware%2Fapache-activemq-godzilla-web-shell.html&source=simple-share-buttons-adder-wordpress&fcmp=false&fcmpv2=false&has_segmentio=false&title=Threat%20actors%20exploit%20Apache%20ActiveMQ%20flaw%20to%20deliver%20the%20Godzilla%20Web%20Shell&cms=unknown&publisher=63aa5463b92caa0012f81022&sop=true&version=st_sop.js&lang=en&description=Researchers%20warn%20of%20a%20spike%20in%20attacks%20exploiting%20a%20now-patched%20flaw%20in%20Apache%20ActiveMQ%20to%20deliver%20the%20Godzilla%20web%20shell.&ua=&ua_mobile=false&ua_full_version_list=&uuid=9b8750d1-d77b-48a6-b4aa-b36d3607276c
Requested by
Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js?ver=8.4.11
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.157.101.217 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-157-101-217.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Tue, 23 Jan 2024 02:19:08 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains;
Access-Control-Max-Age
1728000
Access-Control-Allow-Origin
https://securityaffairs.com
Access-Control-Expose-Headers
stid
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
*
b-arrow.svg
securityaffairs.com/wp-content/themes/security_affairs/images/
903 B
1 KB
Image
General
Full URL
https://securityaffairs.com/wp-content/themes/security_affairs/images/b-arrow.svg
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/wp-content/themes/security_affairs/css/style.css?ver=1.0.0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
732fe1ff87d948c44d6d26af7aa89d8e1eb9eb8e00c372dadbacb51c0ba5865d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/wp-content/themes/security_affairs/css/style.css?ver=1.0.0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 15 Feb 2023 07:46:32 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
4737849
etag
W/"63ec8dd8-387"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8XmCHxezlohzKWVAdQGfMwABDb%2B%2Fq4ZCBR9qO0F870nkQdhYQoIdVPjVcNE73kLMgj9pxFcmCMVtEU1EPUURucHSN2Fur0UCF1soJ12svfuVR5Mc9gd%2FV9U4TpAfn%2B0kzhHLWG1JDoLcQV5nXffXfBhX"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
public, max-age=315360000
cf-ray
849c8cd2add637e4-FRA
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
g.gif
pixel.wp.com/
50 B
177 B
Image
General
Full URL
https://pixel.wp.com/g.gif?v=ext&blog=29506073&post=157887&tz=0&srv=securityaffairs.com&j=1%3A13.0&host=securityaffairs.com&ref=&fcp=500&rand=0.5338853630229401
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-origin
*
date
Tue, 23 Jan 2024 02:19:08 GMT
cache-control
no-cache
server
nginx
alt-svc
h3=":443"; ma=86400
content-length
50
content-type
image/gif
twemoji.js
securityaffairs.com/wp-includes/js/
17 KB
5 KB
Script
General
Full URL
https://securityaffairs.com/wp-includes/js/twemoji.js?ver=14a8c44d7b0a2ab5332d79502a35c895
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8a8c0bd86eee0230682ed29c5e30936b6b14ab02e1586692840ef8ea4de9dda6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
453226
cf-polished
origSize=33089
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 29 Mar 2023 22:54:43 GMT
server
cloudflare
etag
W/"6424c1b3-8141"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c37xF%2Fi86bB2J811s87c0trckvwhkgA32jVPQ9%2BWO0OcrRJQ1fStbBZl4AEJDk3eAPTLFqDyIsAe24QM%2FjEKPkBXDH1kyiMGSnuX1FHUvF0bxjTFS26tJWKSja2BHu5eKSGSK4VX9JiSzFX2WBlGWbfz"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
849c8cd38e3b37e4-FRA
expires
Wed, 24 Jan 2024 20:25:22 GMT
wp-emoji.js
securityaffairs.com/wp-includes/js/
4 KB
2 KB
Script
General
Full URL
https://securityaffairs.com/wp-includes/js/wp-emoji.js?ver=14a8c44d7b0a2ab5332d79502a35c895
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1528c535d339849cea1f4b18416229bd962819949c62574dcd184cdfa6d056b2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
453226
cf-polished
origSize=8969
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 29 Mar 2023 22:54:43 GMT
server
cloudflare
etag
W/"6424c1b3-2309"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MyA%2F8XPEuLmWFj9u5N%2Buf0KfZHuPlFJm2MqvCIZpJWZP%2FaqS3dhGeeoNJ4qzVhyPkiZMpJz4dEPaM9Qr1%2F9rdUO4%2BKfTa%2BdcFOhxvbZPnXzapHeRmKqXtgFYCWDv6Cgkb6DdYtRF97KypZmVYZBfTjrT"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
cf-ray
849c8cd38e3c37e4-FRA
expires
Wed, 24 Jan 2024 20:25:22 GMT
schema
securityaffairs.com/wp-json/contact-form-7/v1/contact-forms/149934/feedback/
232 B
794 B
Fetch
General
Full URL
https://securityaffairs.com/wp-json/contact-form-7/v1/contact-forms/149934/feedback/schema
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.8.6
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
804aa2016958413450a7751d3d63ea718f0ed5c5af48b65d765adf9ab2f1b139
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
application/json, */*;q=0.1
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

cf-edge-cache
cache,platform=wordpress
date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server
cloudflare
vary
Accept-Encoding, Cookie, Origin
allow
GET
content-type
application/json; charset=UTF-8
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4r4ojwlllAJdqWddgoAxnNz4BK%2Bur8xff2dhkmwmWXTav2kzRZ520qxSUXVD6WJjBepAm9QpTyRRmF5eznf6PemYPOjHmTFW%2F5ZwpO0bPpNzIWrOX8G8NrCUJW6%2BWFXM6oDWWghIl6B3FPb67xIQ9g7J"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
X-WP-Total, X-WP-TotalPages, Link
x-robots-tag
noindex
link
<https://securityaffairs.com/wp-json/>; rel="https://api.w.org/"
access-control-allow-headers
Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
cf-ray
849c8cd38e3e37e4-FRA
js
www.googletagmanager.com/gtag/
204 KB
74 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-8ZWTX5HC4Z&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-NPN4VEKBTY
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
66573fcde908e65bedfdf64f74d8091de44cef2a64c138b4f4ce26e84105bc82
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
75703
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 23 Jan 2024 02:19:08 GMT
collect
region1.analytics.google.com/g/
0
256 B
Ping
General
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-NPN4VEKBTY&gtm=45je41h0v9100359598&_p=1705976348540&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&gdid=dZTNiMT&cid=1516209407.1705976349&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1705976348&sct=1&seg=0&dl=https%3A%2F%2Fsecurityaffairs.com%2F157887%2Fmalware%2Fapache-activemq-godzilla-web-shell.html&dt=Threat%20actors%20exploit%20Apache%20ActiveMQ%20flaw%20to%20deliver%20the%20Godzilla%20Web%20Shell&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=671
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-NPN4VEKBTY
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Jan 2024 02:19:08 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://securityaffairs.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/
0
256 B
Ping
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-NPN4VEKBTY&cid=1516209407.1705976349&gtm=45je41h0v9100359598&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-NPN4VEKBTY
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Jan 2024 02:19:08 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://securityaffairs.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
408 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-NPN4VEKBTY&cid=1516209407.1705976349&gtm=45je41h0v9100359598&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=149189529
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Jan 2024 02:19:08 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
show_ads_impl_with_ama_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401180101/
403 KB
137 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401180101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4918072057181794&plah=securityaffairs.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4918072057181794
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2c3af05f5b54fa2870e1a0c113871d49b5ca864c4a8ea4f335614598d365e63e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:08 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
139807
x-xss-protection
0
server
cafe
etag
14647130943780311625
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Tue, 23 Jan 2024 02:19:08 GMT
zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20240118/r20190131/ Frame 0DAF
9 KB
4 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20240118/r20190131/zrt_lookup_fy2021.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4918072057181794
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
6850
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4173
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 23 Jan 2024 00:24:58 GMT
etag
9219409622527106327
expires
Tue, 06 Feb 2024 00:24:58 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
collect
region1.google-analytics.com/g/
0
54 B
Ping
General
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-8ZWTX5HC4Z&gtm=45je41h0v893534898&_p=1705976348540&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&gdid=dZTNiMT&cid=1516209407.1705976349&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1705976348&sct=1&seg=0&dl=https%3A%2F%2Fsecurityaffairs.com%2F157887%2Fmalware%2Fapache-activemq-godzilla-web-shell.html&dt=Threat%20actors%20exploit%20Apache%20ActiveMQ%20flaw%20to%20deliver%20the%20Godzilla%20Web%20Shell&en=page_view&_fv=1&_ss=1&_ee=1&tfd=738
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-8ZWTX5HC4Z
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Jan 2024 02:19:08 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://securityaffairs.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 8904
603 B
218 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&adk=1812271804&adf=3025194257&lmt=1705976349&plat=1%3A16777216%2C3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fsecurityaffairs.com%2F157887%2Fmalware%2Fapache-activemq-godzilla-web-shell.html&pra=5&wgl=1&easpi=0&asro=0&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705976348764&bpp=6&bdt=485&idt=228&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2006868135930&frm=20&pv=2&ga_vid=1516209407.1705976349&ga_sid=1705976349&ga_hid=584761618&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31079437%2C31080442%2C42532523%2C95322184%2C95320888%2C95321626%2C95322164&oid=2&pvsid=1285238435965077&tmod=1936921747&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=243
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401180101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4918072057181794&plah=securityaffairs.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
46
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 23 Jan 2024 02:19:09 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=DIV&id=cookie-law-info-bar&ign=false&pw=1600&ph=1200&x=0&y=1130.4
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Jan 2024 02:19:09 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
221a5a398da89ace8729d1cd3c481ec7.json
services.vlitag.com/cli/
42 B
366 B
XHR
General
Full URL
https://services.vlitag.com/cli/221a5a398da89ace8729d1cd3c481ec7.json?hn=https://securityaffairs.com
Requested by
Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=221a5a398da89ace8729d1cd3c481ec7
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:10::6816:3ac7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2557bb6bc6cb5f51c6f7bf20a2be9f587863905e453639b44bdaa7af61b6ac36

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Jan 2024 02:19:09 GMT
cf-cache-status
BYPASS
server
cloudflare
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://securityaffairs.com
cache-control
private, no-cache, no-store, must-revalidate
accept-ranges
bytes
x-robots-tag
noindex, nofollow, noarchive, nosnippet
cf-ray
849c8cd6ef6635ec-FRA
content-length
42
alt-svc
h3=":443"; ma=86400
expires
Fri, 01 Jan 1990 00:00:00 GMT
refill
securityaffairs.com/wp-json/contact-form-7/v1/contact-forms/149934/
2 B
641 B
Fetch
General
Full URL
https://securityaffairs.com/wp-json/contact-form-7/v1/contact-forms/149934/refill
Requested by
Host: securityaffairs.com
URL: https://securityaffairs.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.8.6
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:90b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
application/json, */*;q=0.1
Referer
https://securityaffairs.com/157887/malware/apache-activemq-godzilla-web-shell.html
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

cf-edge-cache
cache,platform=wordpress
date
Tue, 23 Jan 2024 02:19:09 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server
cloudflare
vary
Accept-Encoding, Cookie, Origin
allow
GET
content-type
application/json; charset=UTF-8
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qe0Wl8MrAFlRv8diqJ9eck20PnSBf4Sdq2IRTE3Qz6SNlzOyXrQBSsC6e4JYMiLTsKUCzYQYamgmvF80eQHokE08TPesfPMOQFS2qucmFdw0ieb25g1vcnQ4BpX0ATd9oNZpU8Odx3HbAN6lEzGSurdl"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
X-WP-Total, X-WP-TotalPages, Link
x-robots-tag
noindex
link
<https://securityaffairs.com/wp-json/>; rel="https://api.w.org/"
access-control-allow-headers
Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
cf-ray
849c8cd69fef37e4-FRA
sodar
pagead2.googlesyndication.com/getconfig/
16 KB
12 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240118&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401180101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4918072057181794&plah=securityaffairs.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9895209127f127e05277788fcfbf414a85c663686cde714cda00cf65ca07a045
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:09 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12321
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/
17 KB
7 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401180101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4918072057181794&plah=securityaffairs.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Tue, 23 Jan 2024 02:19:09 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 4A3D
13 KB
5 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://securityaffairs.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
58162
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 22 Jan 2024 10:09:47 GMT
expires
Tue, 21 Jan 2025 10:09:47 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 506A
829 B
1 KB
Document
General
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
fe8039b717f95d129190a56aa0571647417ff1480ea2084224ea48584550b9d5
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-WD3ju_jz765-Vdnhvwpv5A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://securityaffairs.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-WD3ju_jz765-Vdnhvwpv5A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Tue, 23 Jan 2024 02:19:09 GMT
expires
Tue, 23 Jan 2024 02:19:09 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js
pagead2.googlesyndication.com/bg/ Frame 4A3D
39 KB
15 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 22 Jan 2024 10:08:32 GMT
content-encoding
br
x-content-type-options
nosniff
age
58237
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15219
x-xss-protection
0
last-modified
Mon, 15 Jan 2024 09:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 21 Jan 2025 10:08:32 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 506A
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20240118&jk=1285238435965077&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

generate_204
tpc.googlesyndication.com/ Frame 4A3D
0
10 B
Image
General
Full URL
https://tpc.googlesyndication.com/generate_204?4Ld2Uw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:09 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
vl.json
services.vlitag.com/vld/1705905553/
13 B
274 B
XHR
General
Full URL
https://services.vlitag.com/vld/1705905553/vl.json?page_url=https%3A%2F%2Fsecurityaffairs.com%2F157887%2Fmalware%2Fapache-activemq-godzilla-web-shell.html
Requested by
Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=221a5a398da89ace8729d1cd3c481ec7
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:10::6816:3ac7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
76aacba4eece592e3a3281e69a5762c6f10b527a29fbba5eae5ac091f47ae554

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:10 GMT
cf-cache-status
HIT
last-modified
Mon, 22 Jan 2024 11:19:47 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://securityaffairs.com
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
x-robots-tag
noindex, nofollow, noarchive, nosnippet
cf-ray
849c8cda585535ec-FRA
content-length
13
alt-svc
h3=":443"; ma=86400
221a5a398da89ace8729d1cd3c481ec7.json
services.vlitag.com/obj/1705905553/
44 KB
5 KB
XHR
General
Full URL
https://services.vlitag.com/obj/1705905553/221a5a398da89ace8729d1cd3c481ec7.json?cc=DE&hn=https://securityaffairs.com
Requested by
Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=221a5a398da89ace8729d1cd3c481ec7
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:10::6816:3ac7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b6fa4c3bc27b5231783e1680cd5e9b7863a8120151214c09b4f575ab0a1da031

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:09 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 22 Jan 2024 06:40:06 GMT
server
cloudflare
age
65464
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://securityaffairs.com
cache-control
public, immutable, max-age=31536000
x-robots-tag
noindex, nofollow, noarchive, nosnippet
cf-ray
849c8cda585635ec-FRA
alt-svc
h3=":443"; ma=86400
choice.js
cmp.inmobi.com/choice/pCNAReJk6bG2R/soamaps.com/
3 KB
2 KB
Script
General
Full URL
https://cmp.inmobi.com/choice/pCNAReJk6bG2R/soamaps.com/choice.js?tag_version=V3
Requested by
Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=221a5a398da89ace8729d1cd3c481ec7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:da00:1b:cadc:ef40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c696e0b058138e41157ab0a7fdea44a11fddfa5235c6ac81a84aaf4ed931b1d8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:18:32 GMT
content-encoding
gzip
via
1.1 6080b2713e502211e152f21f5c59c5a6.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 20:16:38 GMT
server
AmazonS3
x-amz-cf-pop
FRA53-C1
age
38
x-amz-server-side-encryption
AES256
etag
W/"d4ae11d37c865a7c5762948a6025968c"
vary
Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=900
cross-origin-resource-policy
cross-origin
x-amz-cf-id
O3yCdJxf-wnvvmKk0-3im7Yq7Ldf6IEWy-PZkdDDGFJpM5vGgv8xvA==
prebid-8.30.0.js
s3.vlitag.com/vli-assets/prebid/default/
627 KB
191 KB
Script
General
Full URL
https://s3.vlitag.com/vli-assets/prebid/default/prebid-8.30.0.js
Requested by
Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=221a5a398da89ace8729d1cd3c481ec7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3ac7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5a4c7a219afd706285884c6ccf2ea6e5e45334c11110fa00867a0401ac328147
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:09 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-amz-version-id
ae08829c-fca7-42b2-9df6-f667bac2c9d0
cf-cache-status
HIT
x-amz-request-id
17A76D352F1E2560
age
1525284
cf-polished
origSize=643246
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-amz-id-2
dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
x-xss-protection
1; mode=block
cf-bgj
minify
last-modified
Fri, 05 Jan 2024 10:37:22 GMT
server
cloudflare
etag
W/"74a4dfa05f04583c9ad24ccee3805e13"
vary
Accept-Encoding, Origin, Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
cf-ray
849c8cdabba292c3-FRA
gpt.js
securepubads.g.doubleclick.net/tag/js/
97 KB
29 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=221a5a398da89ace8729d1cd3c481ec7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a2f9ee037559f82c5a093300d46c8c9a89af73164eb05698091696d4b9d14149
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:09 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29392
x-xss-protection
0
server
cafe
etag
939 / 19745 / m202401180101 / config-hash: 18080187960036651006
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
expires
Tue, 23 Jan 2024 02:19:09 GMT
ima3.js
imasdk.googleapis.com/js/sdkloader/
377 KB
130 KB
Script
General
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=221a5a398da89ace8729d1cd3c481ec7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
953325ef312677dfe665b590bd76189f5be389c4b0450c004d28bbb4e904cdf0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
132611
x-xss-protection
0
expires
Tue, 23 Jan 2024 02:19:09 GMT
sf_host.min.js
s3.vlitag.com/vli-assets/plugins/safeframe/src/js/
38 KB
17 KB
Script
General
Full URL
https://s3.vlitag.com/vli-assets/plugins/safeframe/src/js/sf_host.min.js
Requested by
Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=221a5a398da89ace8729d1cd3c481ec7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3ac7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1916cf4455a526aadafd82710bf7304154905dcdf69dd9e0b516a63cc82e27e0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:09 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-amz-version-id
3719e857-24af-48f6-94aa-43f986411778
cf-cache-status
HIT
x-amz-request-id
17A5A88BA4D32B5A
age
2022997
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-amz-id-2
dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
x-xss-protection
1; mode=block
last-modified
Tue, 05 Dec 2023 07:19:33 GMT
server
cloudflare
etag
W/"70e454e451af63d76af1fc5b9b2ce1e4"
vary
Accept-Encoding, Origin, Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
cf-ray
849c8cdabba092c3-FRA
apstag.js
c.amazon-adsystem.com/aax2/
282 KB
70 KB
Script
General
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=221a5a398da89ace8729d1cd3c481ec7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.6.136 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-6-136.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
fdd7dee6d9646659484627be1b021802c63b5aad59e54578fc78907d7656122f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:13:56 GMT
content-encoding
gzip
via
1.1 3141f89cca62ae5784a211a8d1176d1c.cloudfront.net (CloudFront), 1.1 fb5610ec56d3f427bcbcfdd851770614.cloudfront.net (CloudFront)
last-modified
Thu, 18 Jan 2024 20:22:21 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P1, FRA56-P6
age
314
x-amz-server-side-encryption
AES256
etag
W/"52fe24770c24b721be36a89d69576119"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=3600
x-amz-cf-id
51YmA0kHcrKLt7KOiC2sJEzR1JXYFNj52E31YTH1LDgeoQdnOszSaA==
cmp2.js
cmp.inmobi.com/tcfv2/
158 KB
44 KB
Script
General
Full URL
https://cmp.inmobi.com/tcfv2/cmp2.js?referer=soamaps.com
Requested by
Host: cmp.inmobi.com
URL: https://cmp.inmobi.com/choice/pCNAReJk6bG2R/soamaps.com/choice.js?tag_version=V3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:da00:1b:cadc:ef40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6c31b1c28a5c2eb512c04004dc1f3961a4a4e72f1faeda9cc1f18f5718c486bc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 01:31:14 GMT
content-encoding
gzip
via
1.1 6080b2713e502211e152f21f5c59c5a6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA53-C1
age
2875
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
last-modified
Wed, 06 Dec 2023 23:27:11 GMT
server
AmazonS3
etag
W/"50f82c7ed55d2acc412a5ede5e7b40f6"
access-control-max-age
86400
access-control-allow-methods
GET
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=3600
x-amz-meta-qc-ineu
True
vary
Accept-Encoding
x-amz-cf-id
pLw76JRdGq7MBWlZb1JToJGjssKX_Gc16rduML6CgBSaQwjfdHu5nw==
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/
6 KB
3 KB
XHR
General
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.6.136 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-6-136.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-amz-version-id
9yABOonr2HqHtwbarUcdbIqN0f4A8Qog
content-encoding
gzip
via
1.1 88cabd6b8652306789c6bc8090fbcb1a.cloudfront.net (CloudFront)
date
Mon, 22 Jan 2024 05:56:33 GMT
x-amz-cf-pop
FRA56-P6
age
73358
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Tue, 29 Aug 2023 08:30:37 GMT
server
AmazonS3
etag
W/"a4d296427fc806b21335359e398c025c"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
vary
Accept-Encoding,Origin
x-amz-cf-id
U4UfcIHylxSnqczyyXND4JDI-lxctMB5Qa_KhnTSCGGoB4Im6g_ADw==
sodar
pagead2.googlesyndication.com/pagead/
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20240118&jk=1285238435965077&bg=!DA-lD0DNAAa8BdJLnAU7ADQBe5WfOFpnOmctFGVGzscIKNQni9r4WgmCRnTQpEVFyEAPHiU0zla7UcGZ03zD9h6BirsAAgAAADxSAAAAA2gBBwoAI_YzSOcOMohnI9-Nk7EAg189ku_fIhnmAvFr0qnURlMK-jXKmQK7Zubc5g7FWlnG53JkjEvouRhsSmv3v2RAlTWsHaMly318S3NTtG2B3m6HQdwtmohcaIaTs4ctNbGWNc-r5RrBHFCpfVAgYRMmu7BslnoB2iCElyZqbgTsSpmVl_23e6u8QQ2tBwv7WR80iTpPShOrDLkpAoaMbLmZBYVeq0Z5d0fBa_qg2g3DOmvsNrjX7qWTo6Xi7mZpVsz8HgsIEt4IkJ5e3NB6BnBZP9lkFKNm8k1beruAf7Z0yL3wAwi23irEb6AwpFTTWb7h3XyYHNNVgXDdgA6xoMjJuzl7DYMciq4WaDciEs-Rjb1yrmKKEkAlV93jW1whrhTJtLZt796IaoDCzSm05pY-BNHFrPQDolVk9Y8gC8X7MozAoyFf6T_OQtmxhno5TaPTJwqP92E5Ekf69tDECY55VrOfJFw4Y0IHv24zb5tZEvrDB7ad0DbsRQ1k3rqeXbfrhUDuy3-esgYNm4BW-9k4J_qNxQeyXOG09c8jbpSHbLs9XRxk10RWWZ4amGtMXpNW-Q-OiBggiNZbGJsOYXuzAveoa3DuNYsbX5WO_lHjaUGjbAvDJEcNo_B40WUpymnEX5iFm5Xk0STIDFjduPaatqvc7nxwSexiKcYtb6TN0BWF8VGRr7R3eZDXYMpSEGk7f8hEHIsKbsV3GFzvOvlOPEI27401ZbyXVSRTv4HEr47qQlZ2wRDCs_QbH5zWZL5zdqIPbHh7roffA6s9horeSE99Mdb5jhvJuGf1wzrlXv2nJyHl4NXW2yAysvKNABx18rl2OfGNv-QfL2fbptzXa7lV2dh6YzBXnwIdLSVXHv16RzGKgc6rq0Dcy_P5ufCynSXVTd6qk9n-JiUgZyeFBASYTOAYs4tcGReW-knzNFKs4aULsfq2BBTtQaxmBPY9le4umjAcCY3WQ2kFD5l10fzz
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

cmp-list.json
cmp.inmobi.com/GVL-v2/
12 KB
3 KB
XHR
General
Full URL
https://cmp.inmobi.com/GVL-v2/cmp-list.json
Requested by
Host: cmp.inmobi.com
URL: https://cmp.inmobi.com/tcfv2/cmp2.js?referer=soamaps.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:da00:1b:cadc:ef40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6bc00ca06b7a18ab6350e79dcbfb30217eccf1cb6f52f5c2f05432a51ff19385

Request headers

Accept
application/json, text/plain, */*
Referer
https://securityaffairs.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 22 Jan 2024 03:00:46 GMT
content-encoding
br
via
1.1 511c8b6c7e903efca023a504d527516a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA53-C1
age
83905
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Mon, 22 Jan 2024 03:00:42 GMT
server
AmazonS3
etag
W/"a53bb1b052814a27dee8af64c4e554fc"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
vary
Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id
AIE7MCV_vqp_GWchf-uaDlkDqh3z5udgKm3CnKtwWL0jyf4_ycCuHA==
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401180101/
430 KB
135 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401180101/pubads_impl.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5dd0b5724f4bbac4bd58de274236fce36135ce302364b3b8ff5c4c3631e81139
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 22 Jan 2024 13:05:09 GMT
content-encoding
br
x-content-type-options
nosniff
age
47641
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
138095
x-xss-protection
0
server
cafe
etag
16105826302836755247
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
expires
Tue, 21 Jan 2025 13:05:09 GMT
9cf0c4f1-7630-476b-9141-f4472e005192
config.aps.amazon-adsystem.com/configs/
564 B
830 B
Script
General
Full URL
https://config.aps.amazon-adsystem.com/configs/9cf0c4f1-7630-476b-9141-f4472e005192
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-71.fra6.r.cloudfront.net
Software
CloudFront /
Resource Hash
63b57f1c807cff36d05a0cc7f364cf39cb6a00aa0769f35ed051c71e5519e804

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 01:23:39 GMT
via
1.1 baa5702f7bd64fcbae1e3bd950d9a244.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
FRA6-C1
age
3331
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=3600
content-length
564
x-amz-cf-id
FjVW5lfJpPMAYZP1iqauLep3JYRzKsZ5E2J7S2juMgL7ROGpSs9QrQ==
config
c.amazon-adsystem.com/cdn/prod/
0
312 B
XHR
General
Full URL
https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fsecurityaffairs.com&pubid=9cf0c4f1-7630-476b-9141-f4472e005192
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.6.136 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-6-136.fra56.r.cloudfront.net
Software
Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 22 Jan 2024 23:11:25 GMT
via
1.1 fb5610ec56d3f427bcbcfdd851770614.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA56-P6
age
11264
x-cache
Hit from cloudfront
access-control-allow-origin
https://securityaffairs.com
cache-control
max-age=21550, s-maxage=21600
access-control-allow-credentials
true
x-amz-cf-id
HAiv1eagjHao0PhEEOH2eNfkiJ_xN91davrFI34kgUmsHj2G-ajUHw==
latest.json
cdn.jsdelivr.net/gh/prebid/currency-file@1/
2 KB
2 KB
Fetch
General
Full URL
https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20240123
Requested by
Host: s3.vlitag.com
URL: https://s3.vlitag.com/vli-assets/prebid/default/prebid-8.30.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1140c2d2f752a7f86e08b5880a1d1742b21da4154af6910c30b644f75d62deaa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://securityaffairs.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
content-type
text/plain

Response headers

date
Tue, 23 Jan 2024 02:19:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
37101
x-jsd-version
1.0.1943
content-encoding
br
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-eddf8230103-FRA, cache-lga21973-LGA
x-jsd-version-type
version
server
cloudflare
etag
W/"635-RUeA9OhcTGzJJ7AJIo108ERPmfU"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6YRCCFyG0X3s0wdcEZQ6PE%2F2gBfjefp0y376%2FwUDEVdDE%2FmII2a66JMK93pRKtgQo3djDUIcaIerv%2FPt46VkmviYxU%2BCJ3HHg6%2FADPv3v2N2ULFGe2OgX3qh1%2BHiyJV1FoIjMW0QoTSBdNrVqjI%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
timing-allow-origin
*
cf-ray
849c8cdc6be0913a-FRA
cc.jpeg
px.vliplatform.com/bi-v4/
0
275 B
Image
General
Full URL
https://px.vliplatform.com/bi-v4/cc.jpeg?e=rNYPPaBRrtNrtl0zghRzodtgxzNTAAAR_qkyNBAAAAR_ksdNloufqsR_hgeNgfR_cysNgfR_udgrNofcotvR_qszNsqmn_sgqrR_hwkNoykqdtR_wktjNryhR_cktjNryhR_qdmNgfRzdNPMqraAyK-eZYM-PMeK-MttZ-AwtaBUYKByZwRdzNwqfftkRlmNaKAbaARwlNqdqmgfRkjmNaKAbaA,KYMbaA,PUMbUARrdzNqdqmgfRwkjNARmNTTTBTARleNplR_yszuNyqslt
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:5286 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:10 GMT
cf-cache-status
MISS
last-modified
Tue, 23 Jan 2024 02:19:10 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FwUAgieCo650kFsEEJMx5FM%2Bfl5UT3cLkOpAfPZz6Hkn%2FUjLXoHV%2F4AzudPtcSyGS1ns2BxyE4QwDeBlNkpLWUwQ9PqPFbHEKcTGKeb%2BGtrg3hsimHkLcaV5jlm0R4O%2B2P5m9fB1a85%2Ba9Il1a%2FQww%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
public, max-age=864000, immutable
accept-ranges
bytes
x-robots-tag
noindex, nofollow, noarchive, nosnippet
cf-ray
849c8cdc7fd139e8-FRA
content-length
0
alt-svc
h3=":443"; ma=86400
cc.jpeg
px.vliplatform.com/bi-v4/
0
267 B
Image
General
Full URL
https://px.vliplatform.com/bi-v4/cc.jpeg?e=rNYPPaBRrtNrtl0zghRzodtgxzNTAAAR_qkyNBAAAAR_ksdNloufqsR_hgeNgfR_cysNgfR_udgrNofcotvR_qszNsqmn_sgqrR_hwkNoykqdtR_wktjNryhR_cktjNryhR_qdmNgfRzdNTyZtZwUe-KAAP-Pwea-qKBT-yByBataMKBZqRdzNwqfftkRlmNBAAbYZARwlNqdqmgfRkjmNBAAbYZA,YZAbYZARrdzNqdqmgfRwkjNARmNTAKUUKRleNplR_yszuNyqslt
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:5286 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:10 GMT
cf-cache-status
MISS
last-modified
Tue, 23 Jan 2024 02:19:10 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bFKiM1GYK9aCBNzqZPlUHzVIT044GkgMRWBGqpkq%2Fa14S2oCRCPl6wGR85TC83wF6YtwjbZoaoocHXaHTDcZ0AO6V9%2FceHuJWbdh4DAJTeHWT2L8ExYSg6nVcQ180AI1wol8fHxnaKsQIjZdPrugrA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
public, max-age=864000, immutable
accept-ranges
bytes
x-robots-tag
noindex, nofollow, noarchive, nosnippet
cf-ray
849c8cdc7fcf39e8-FRA
content-length
0
alt-svc
h3=":443"; ma=86400
cc.jpeg
px.vliplatform.com/bi-v4/
0
271 B
Image
General
Full URL
https://px.vliplatform.com/bi-v4/cc.jpeg?e=rNYPPaBRrtNrtl0zghRzodtgxzNTAAAR_qkyNBAAAAR_ksdNloufqsR_hgeNgfR_cysNgfR_udgrNofcotvR_qszNsqmn_sgqrR_hwkNoykqdtR_wktjNryhR_cktjNryhR_qdmNgfRzdNrYTqwaeP-PYrY-PeKY-qKYY-KtreqqTyrTUqRdzNcortg%20oflzktqdRlmNUPAbPMARwlNqdqmgfRkjmNUPAbPMARrdzNqdqmgfRwkjNARmNTAaPYTRleNplR_yszuNyqslt
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:5286 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:10 GMT
cf-cache-status
MISS
last-modified
Tue, 23 Jan 2024 02:19:10 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wHWsVxk6Lgq8DkSEkAUVY525HooeLXoF0BSEZY0u8mSvBL%2BepywyNrfDGPTJUrWJ44%2Fhthc%2FETHdd9JphPdmFVZRYLH2%2FM4Qce3S5VDHFF219kLEMAueHT5j8gag0iNs4lL9w05qobc%2FgsMoUkGtEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
public, max-age=864000, immutable
accept-ranges
bytes
x-robots-tag
noindex, nofollow, noarchive, nosnippet
cf-ray
849c8cdc7fd239e8-FRA
content-length
0
alt-svc
h3=":443"; ma=86400
cc.jpeg
px.vliplatform.com/bi-v4/
0
268 B
Image
General
Full URL
https://px.vliplatform.com/bi-v4/cc.jpeg?e=rNYPPaBRrtNrtl0zghRzodtgxzNTAAAR_qkyNBAAAAR_ksdNloufqsR_hgeNgfR_cysNgfR_udgrNofcotvR_qszNsqmn_sgqrR_hwkNoykqdtR_wktjNryhR_cktjNryhR_qdmNgfRzdNZrrTYZta-eAMU-PUaZ-qZZT-ZMUyPTeqaaPKRdzNwqfftkRlmNBBUbPMARwlNqdqmgfRkjmNBBUbYMA,BAAbYZARrdzNqdqmgfRwkjNARmNTAaPYTRleNplR_yszuNyqslt
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:5286 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:10 GMT
cf-cache-status
MISS
last-modified
Tue, 23 Jan 2024 02:19:10 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FKhVmwjAq0j4MvWI5S2xruHEOhWKkPWWURu8BdKxVEYgbFR0unGPaYHOWMdyHiDFRKYRq5g8Km1tKJ0OpOpFMNDh1Z1Y7VrvlpMUcEFUsJBEqAcXIPUwCa8o9O20SSTBNKhR7rVWOWjD06Az1F7IxA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
public, max-age=864000, immutable
accept-ranges
bytes
x-robots-tag
noindex, nofollow, noarchive, nosnippet
cf-ray
849c8cdc7fd039e8-FRA
content-length
0
alt-svc
h3=":443"; ma=86400
cc.jpeg
px.vliplatform.com/bi-v4/
0
269 B
Image
General
Full URL
https://px.vliplatform.com/bi-v4/cc.jpeg?e=rNYPPaBRrtNrtl0zghRzodtgxzNTAAAR_qkyNBAAAAR_ksdNloufqsR_hgeNgfR_cysNgfR_udgrNofcotvR_qszNsqmn_sgqrR_hwkNoykqdtR_wktjNryhR_cktjNryhR_qdmNgfRzdNUMBBawer-ywPZ-PYAB-wyAy-YMqttqyaUPqtRdzNwqfftkRlmNaKAbaARwlNqdqmgfRkjmNaKAbaARrdzNqdqmgfRwkjNARmNTAMBMBRleNplR_yszuNyqslt
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:5286 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:10 GMT
cf-cache-status
MISS
last-modified
Tue, 23 Jan 2024 02:19:10 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WZWOVeFSzquAMjl7ai0IadCR02fTn3nSJl9v8%2BludHnGJZ2iwGTZ4CRUsCzvDR6C6vZPJASrl7TvQfYlXGOKs9w4bNM0KqLeqbbGTrraGHUkXeDgm3m833X3Gcv%2Fa2VsLvZLW8SsreNPHnVgRcNWPw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
public, max-age=864000, immutable
accept-ranges
bytes
x-robots-tag
noindex, nofollow, noarchive, nosnippet
cf-ray
849c8cdc7fd539e8-FRA
content-length
0
alt-svc
h3=":443"; ma=86400
cc.jpeg
px.vliplatform.com/bi-v4/
0
524 B
Image
General
Full URL
https://px.vliplatform.com/bi-v4/cc.jpeg?e=rNYPPaBRrtNrtl0zghRzodtgxzNTAAAR_qkyNBAAAAR_ksdNloufqsR_hgeNgfR_cysNgfR_udgrNofcotvR_qszNsqmn_sgqrR_hwkNoykqdtR_wktjNryhR_cktjNryhR_qdmNgfRzdNZAMtyYey-rYwe-Pyra-wwBM-PUtAqKqtraUwRdzNwqfftkRlmNKYMbaARwlNqdqmgfRkjmNKYMbaARrdzNqdqmgfRwkjNARmNTAMBMBRleNplR_yszuNyqslt
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:5286 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:10 GMT
cf-cache-status
MISS
last-modified
Tue, 23 Jan 2024 02:19:10 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gQvMtPrC9xbodxUrNWmyh1oH2vqXESoVFP3gwPTbQj2z7oo%2FzXXJ6GWcsZWIJTfwWmkT9hnSW9iOpgWcrZ0NvX1sj3WGXNYMblzow3DPX3mXyBu%2F9Ypjz2tvHUJcPkODv4uP58CJatjBeZB0dtmZdA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
public, max-age=864000, immutable
accept-ranges
bytes
x-robots-tag
noindex, nofollow, noarchive, nosnippet
cf-ray
849c8cdc7fd639e8-FRA
content-length
0
alt-svc
h3=":443"; ma=86400
cmp2ui-en.js
cmp.inmobi.com/tcfv2/50/
279 KB
68 KB
Script
General
Full URL
https://cmp.inmobi.com/tcfv2/50/cmp2ui-en.js
Requested by
Host: cmp.inmobi.com
URL: https://cmp.inmobi.com/tcfv2/cmp2.js?referer=soamaps.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:da00:1b:cadc:ef40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d6fc381fc8274a8e05c221c15702c0c523d1937fc0719a1d4a9e95cc804c560f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Sun, 21 Jan 2024 06:49:09 GMT
content-encoding
br
via
1.1 6080b2713e502211e152f21f5c59c5a6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA53-C1
age
156601
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
cross-origin-resource-policy
cross-origin
last-modified
Wed, 06 Dec 2023 23:27:04 GMT
server
AmazonS3
etag
W/"1140e593a3bca4a411e76bddf0dcac5d"
access-control-max-age
86400
access-control-allow-methods
GET
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=172800
vary
Accept-Encoding
x-amz-cf-id
Gq9wUtPd7zl9UYFXOrVgOM-8XT5Rsaf5uvS6CkSQTuW93YTnQQ1jmg==
bid
aax.amazon-adsystem.com/e/dtb/
23 B
465 B
XHR
General
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fsecurityaffairs.com%2F157887%2Fmalware%2Fapache-activemq-godzilla-web-shell.html&pid=pySqU2MEOTGYm&cb=0&ws=1600x1200&v=24.116.2102&t=1000&slots=%5B%7B%22sd%22%3A%22vi_24493111310_1%22%2C%22s%22%3A%5B%22970x90%22%2C%22728x90%22%2C%22468x60%22%5D%2C%22sn%22%3A111310%2C%22fc%22%3A%22USD%22%2C%22fp%22%3A1%7D%5D&pj=%7B%22device%22%3A%7B%22sua%22%3A%7B%22mobile%22%3A0%2C%22source%22%3A1%2C%22platform%22%3A%7B%22brand%22%3A%22%22%7D%2C%22browsers%22%3A%5B%5D%7D%7D%7D&schain=1.0%2C1!pubpower.io%2C2108%2C1%2C%2C%2C&pubid=9cf0c4f1-7630-476b-9141-f4472e005192&gdpre=1&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.47.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-47-29.fra56.r.cloudfront.net
Software
Server /
Resource Hash
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:10 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 ad3a844607df41a7152eab5ebe6e4056.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA56-P9
x-amz-rid
2A8KH9R0N8DM52M47ZBD
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://securityaffairs.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
23
x-amz-cf-id
lPoMUIpU5NkUDVuK0hvFqSBfxxLXjLsfJaCFAK_J4SwlZ8iTxhWJTw==
bid
aax.amazon-adsystem.com/e/dtb/
23 B
464 B
XHR
General
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fsecurityaffairs.com%2F157887%2Fmalware%2Fapache-activemq-godzilla-web-shell.html&pid=pySqU2MEOTGYm&cb=1&ws=1600x1200&v=24.116.2102&t=1000&slots=%5B%7B%22sd%22%3A%22vi_24493107667_1%22%2C%22s%22%3A%5B%22300x250%22%2C%22250x250%22%5D%2C%22sn%22%3A107667%2C%22fc%22%3A%22USD%22%2C%22fp%22%3A1%7D%5D&pj=%7B%22device%22%3A%7B%22sua%22%3A%7B%22mobile%22%3A0%2C%22source%22%3A1%2C%22platform%22%3A%7B%22brand%22%3A%22%22%7D%2C%22browsers%22%3A%5B%5D%7D%7D%7D&schain=1.0%2C1!pubpower.io%2C2108%2C1%2C%2C%2C&pubid=9cf0c4f1-7630-476b-9141-f4472e005192&gdpre=1&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.47.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-47-29.fra56.r.cloudfront.net
Software
Server /
Resource Hash
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:10 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 ad3a844607df41a7152eab5ebe6e4056.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA56-P9
x-amz-rid
9JJZ9QRPSPYTF13RR1QM
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://securityaffairs.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
23
x-amz-cf-id
aT7uqYxcp_3GFIO4x9WbpGZAyzuhC8WhbV5l8pkppdsNd4wR3Wqv0Q==
bid
aax.amazon-adsystem.com/e/dtb/
23 B
464 B
XHR
General
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fsecurityaffairs.com%2F157887%2Fmalware%2Fapache-activemq-godzilla-web-shell.html&pid=pySqU2MEOTGYm&cb=2&ws=1600x1200&v=24.116.2102&t=1000&slots=%5B%7B%22fc%22%3A%22USD%22%2C%22fp%22%3A1%2C%22id%22%3A%22Interdog_Media_RON_Instream%22%2C%22mt%22%3A%22v%22%2C%22s%22%3A%5B%22640x480%22%5D%7D%2C%7B%22sd%22%3A%22vi_24493109421_banner%22%2C%22s%22%3A%5B%22336x280%22%2C%22300x250%22%5D%2C%22sn%22%3A109421%2C%22fc%22%3A%22USD%22%2C%22fp%22%3A1%7D%5D&pj=%7B%22device%22%3A%7B%22sua%22%3A%7B%22mobile%22%3A0%2C%22source%22%3A1%2C%22platform%22%3A%7B%22brand%22%3A%22%22%7D%2C%22browsers%22%3A%5B%5D%7D%7D%7D&schain=1.0%2C1!pubpower.io%2C2108%2C1%2C%2C%2C&pubid=9cf0c4f1-7630-476b-9141-f4472e005192&gdpre=1&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.47.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-47-29.fra56.r.cloudfront.net
Software
Server /
Resource Hash
5d7c7d25a0da74c0dd466120c3c09bd94cb982fc66ebc4a78675339f37323bf5
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:10 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 ad3a844607df41a7152eab5ebe6e4056.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA56-P9
x-amz-rid
F5N5NQNPZQTGPQ6MCBPH
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://securityaffairs.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
23
x-amz-cf-id
JNVfliaPxic7DUASux7kFek62jE2cNAINXsG4PV1E21bAvfduXvbLA==
bid
aax.amazon-adsystem.com/e/dtb/
23 B
466 B
XHR
General
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fsecurityaffairs.com%2F157887%2Fmalware%2Fapache-activemq-godzilla-web-shell.html&pid=pySqU2MEOTGYm&cb=3&ws=1600x1200&v=24.116.2102&t=1000&slots=%5B%7B%22sd%22%3A%22vi_24493108383_7%22%2C%22s%22%3A%5B%22970x90%22%5D%2C%22sn%22%3A108383%2C%22fc%22%3A%22USD%22%2C%22fp%22%3A1%7D%2C%7B%22sd%22%3A%22vi_24493108383_8%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A108383%2C%22fc%22%3A%22USD%22%2C%22fp%22%3A1%7D%5D&pj=%7B%22device%22%3A%7B%22sua%22%3A%7B%22mobile%22%3A0%2C%22source%22%3A1%2C%22platform%22%3A%7B%22brand%22%3A%22%22%7D%2C%22browsers%22%3A%5B%5D%7D%7D%7D&schain=1.0%2C1!pubpower.io%2C2108%2C1%2C%2C%2C&pubid=9cf0c4f1-7630-476b-9141-f4472e005192&gdpre=1&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.47.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-47-29.fra56.r.cloudfront.net
Software
Server /
Resource Hash
1c4777fe3a673a05492e27d08032cc91c23ac5389897c9235b09b8b0f5a74db3
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:10 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 ad3a844607df41a7152eab5ebe6e4056.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA56-P9
x-amz-rid
QP2VFG348BCS4FCYFSW6
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://securityaffairs.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
23
x-amz-cf-id
fHvuajBFyv7kw4a8TH8-WGON5Ge72ORMLypDR1KZkqeTWZuQKwbEjg==
vendor-list-trimmed-v1.json
cmp.inmobi.com/GVL-v3/
559 KB
62 KB
XHR
General
Full URL
https://cmp.inmobi.com/GVL-v3/vendor-list-trimmed-v1.json
Requested by
Host: cmp.inmobi.com
URL: https://cmp.inmobi.com/tcfv2/cmp2.js?referer=soamaps.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:da00:1b:cadc:ef40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0f71a8f2172f6a6e9df9766647cb8a70dda69cff763b36867bec5e49698c6ec3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 22 Jan 2024 07:04:34 GMT
content-encoding
br
via
1.1 511c8b6c7e903efca023a504d527516a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA53-C1
age
69276
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
last-modified
Thu, 18 Jan 2024 23:59:20 GMT
server
AmazonS3
etag
W/"77b54ae0004a3b2272c6a722d3893bc8"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=86400
access-control-allow-credentials
true
vary
Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id
8RCohANZxauTh45Kj4vviI-s2Z7MRcCZ4Z6fLKTPgNEm6nYBLowRew==
google-atp-list.json
cmp.inmobi.com/tcfv2/
142 KB
33 KB
XHR
General
Full URL
https://cmp.inmobi.com/tcfv2/google-atp-list.json
Requested by
Host: cmp.inmobi.com
URL: https://cmp.inmobi.com/tcfv2/cmp2.js?referer=soamaps.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:da00:1b:cadc:ef40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ad22a226db701c2dfb8c5e2e9b663c8bd00f4bf1cd1f3298ab603ecacc52d48b

Request headers

Accept
application/json, text/plain, */*
Referer
https://securityaffairs.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 22 Jan 2024 03:00:27 GMT
content-encoding
br
via
1.1 511c8b6c7e903efca023a504d527516a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA53-C1
age
83924
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Mon, 22 Jan 2024 03:00:25 GMT
server
AmazonS3
etag
W/"6c23e457ed047431fc2f5d56a282612d"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=172800
access-control-allow-credentials
true
vary
Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id
rC0eWSDjlN7xPgCJDKQZ7gaf1SRzhHj1r1DdCFOhNzHM0jZDzjuBjw==
/
api.cmp.inmobi.com/
2 B
101 B
XHR
General
Full URL
https://api.cmp.inmobi.com/?log=%7B%22accountId%22%3A%22pCNAReJk6bG2R%22%2C%22domain%22%3A%22securityaffairs.com%22%2C%22publisher%22%3A%22Privacy%22%2C%22cmpId%22%3A10%2C%22cmpVersion%22%3A%222.50%22%2C%22displayType%22%3A%22tcfui%3Amandatory%22%2C%22configurationHashCode%22%3A%22DP8daxmOht%2FITpweldSUng%22%2C%22tagVersion%22%3A%22V3%22%2C%22gvlVersion%22%3A3%2C%22clientTimestamp%22%3A1705976350155%2C%22operationType%22%3A%22init%22%2C%22sessionId%22%3A%22GDPR-duv6azc7x6pxr35ibxev%22%7D
Requested by
Host: cmp.inmobi.com
URL: https://cmp.inmobi.com/tcfv2/50/cmp2ui-en.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.197.231.253 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-197-231-253.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Accept
application/json, text/plain, */*
Referer
https://securityaffairs.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-origin
*
date
Tue, 23 Jan 2024 02:19:10 GMT
content-length
2
content-type
text/plain; charset=utf-8
tf-v1.jpeg
px.vliplatform.com/
0
272 B
Image
General
Full URL
https://px.vliplatform.com/tf-v1.jpeg?e=rNYPPaBRrtNrtl0zghRzodtgxzNTAAAR_qkyNBAAAAR_ksdNloufqsR_hgeNgfR_cysNgfR_udgrNofcotvR_qszNsqmn_sgqrR_hwkNoykqdtR_wktjNryhR_cktjNryhR_qdmNgfRzdNAtBMeyZq-eewy-Patw-wtZB-tZaMPeTUeZwtRzyzNhqut_cotvRws0NA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:5286 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://securityaffairs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 02:19:10 GMT
cf-cache-status
MISS
last-modified
Tue, 23 Jan 2024 02:19:10 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z9CNiJ3%2BvgBtKRvrqWVeFzMjEVBAC6LZgPHhIb6%2BCcv3jYPXcxPPNOWx511qAiSl41NTJdXlW%2F%2BExvsbcGhbnKudjDenu3bkCwfE48qcQZDLFxLPtZbhmZgeMeEiNL1OVN1KKgxEw26McOnFtdtQXw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
public, max-age=864000, immutable
accept-ranges
bytes
x-robots-tag
noindex, nofollow, noarchive, nosnippet
cf-ray
849c8cdd984639e8-FRA
content-length
0
alt-svc
h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

118 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| _wpemojiSettings function| advanced_ads_ready object| advanced_ads_ready_queue function| $ function| jQuery object| Cli_Data object| cli_cookiebar_settings object| log_object object| CLI_Cookie object| CLI object| cliBlocker string| CLI_ACCEPT_COOKIE_NAME string| CLI_PREFERNCE_COOKIE number| CLI_ACCEPT_COOKIE_EXPIRE boolean| CLI_COOKIEBAR_AS_POPUP object| st object| __stdos__ boolean| tpcCookiesEnableCheckingDone boolean| tpcCookiesEnabledStatus function| __sharethis__docReady object| __sharethis__ object| ua_fields function| gtag object| dataLayer object| vitag object| swv object| wpcf7 object| Main number| uidEvent object| bootstrap function| WOW function| moment object| local_data function| IsEmail function| commentliked function| commentdisliked object| _stq object| google_tag_manager object| google_tag_data function| st_go function| linktracker_init object| wpcom function| onYouTubeIframeAPIReady object| gaGlobal string| currentText string| categoryCookie object| categoryCookieValue object| cli_chkbox_elm string| cli_chkbox_data_id string| cli_chkbox_data_id_trimmed object| google_js_reporting_queue number| google_srt object| google_persistent_state_async object| google_logging_queue number| tmod object| google_ad_modifications object| ggeac boolean| google_measure_js_timing object| google_reactive_ads_global_state object| adsbygoogle object| google_sa_queue function| google_process_slots function| google_spfd number| google_unique_id object| google_sv_map number| google_rum_task_id_counter string| google_user_agent_client_hint object| twemoji object| wp function| google_sa_impl object| google_image_requests number| google_global_correlator object| google_prev_clients object| ampInaboxIframes object| ampInaboxPendingMessages object| regeneratorRuntime object| _PBCFG string| tagApi object| viAPItag object| GoogleGcLKhOms function| getEidsByVLI function| __tcfapi function| __uspapi boolean| __VLICMP object| $sf object| vlipbChunk object| vlipb object| _pbjsGlobals object| ADAGIO object| mnet string| nobidVersion object| nobid object| _aps boolean| apstagLOADED object| apstag function| __tcfapiui object| _google_rum_ns_ function| Goog_AdSense_Lidar_sendVastEvent function| Goog_AdSense_Lidar_getViewability function| Goog_AdSense_Lidar_getUrlSignalsArray function| Goog_AdSense_Lidar_getUrlSignalsList object| google object| module$exports$google3$javascript$ads$interactivemedia$sdk$clientside$api$companion_ad_selection_settings object| module$exports$google3$javascript$ads$interactivemedia$sdk$clientside$api$ads_rendering_settings object| ima object| module$exports$google3$javascript$ads$interactivemedia$sdk$clientside$api$ad_error object| module$exports$google3$javascript$ads$interactivemedia$sdk$clientside$api$ad_error_event object| module$exports$google3$javascript$ads$interactivemedia$sdk$clientside$api$ad_event object| module$exports$google3$javascript$ads$interactivemedia$sdk$clientside$api$ads_manager_loaded_event object| goog object| googletag object| observeElementInViewport object| apscustom string| cnsntv2

7 Cookies

Domain/Path Name / Value
.securityaffairs.com/ Name: _ga_NPN4VEKBTY
Value: GS1.1.1705976348.1.0.1705976348.60.0.0
.securityaffairs.com/ Name: _ga
Value: GA1.1.1516209407.1705976349
securityaffairs.com/ Name: cookielawinfo-checkbox-necessary
Value: yes
securityaffairs.com/ Name: cookielawinfo-checkbox-non-necessary
Value: yes
.securityaffairs.com/ Name: _ga_8ZWTX5HC4Z
Value: GS1.1.1705976348.1.0.1705976348.0.0.0
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
securityaffairs.com/ Name: __ppIdCC
Value: aexuritywddwira_xon21795.7034.848

1 Console Messages

Source Level URL
Text
network error URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4918072057181794&output=html&adk=1812271804&adf=3025194257&lmt=1705976349&plat=1%3A16777216%2C3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fsecurityaffairs.com%2F157887%2Fmalware%2Fapache-activemq-godzilla-web-shell.html&pra=5&wgl=1&easpi=0&asro=0&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1705976348764&bpp=6&bdt=485&idt=228&shv=r20240118&mjsv=m202401180101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2006868135930&frm=20&pv=2&ga_vid=1516209407.1705976349&ga_sid=1705976349&ga_hid=584761618&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=95320239%2C44759875%2C44759926%2C31079437%2C31080442%2C42532523%2C95322184%2C95320888%2C95321626%2C95322164&oid=2&pvsid=1285238435965077&tmod=1936921747&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=243
Message:
Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aax.amazon-adsystem.com
api.cmp.inmobi.com
buttons-config.sharethis.com
c.amazon-adsystem.com
cdn.jsdelivr.net
cmp.inmobi.com
config.aps.amazon-adsystem.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
i0.wp.com
imasdk.googleapis.com
l.sharethis.com
pagead2.googlesyndication.com
pixel.wp.com
platform-api.sharethis.com
px.vliplatform.com
region1.analytics.google.com
region1.google-analytics.com
s3.vlitag.com
securepubads.g.doubleclick.net
securityaffairs.com
services.vlitag.com
stats.g.doubleclick.net
stats.wp.com
tpc.googlesyndication.com
www.google.com
www.google.de
www.googletagmanager.com
108.138.6.136
13.32.27.80
18.197.231.253
18.245.47.29
192.0.76.3
192.0.77.2
2001:4860:4802:32::36
2600:9000:2057:5400:c:abe:f440:93a1
2600:9000:214f:da00:1b:cadc:ef40:93a1
2606:4700:10::6816:3ac7
2606:4700:3030::6815:5286
2606:4700:3031::6815:90b
2606:4700::6810:5914
2a00:1450:4001:800::2002
2a00:1450:4001:801::200a
2a00:1450:4001:802::2001
2a00:1450:4001:808::2003
2a00:1450:4001:80e::2002
2a00:1450:4001:811::2003
2a00:1450:4001:811::2008
2a00:1450:4001:829::2004
2a00:1450:4001:82a::200a
2a00:1450:4001:830::2002
2a00:1450:400c:c00::9b
35.157.101.217
99.86.4.71
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
08f284dd0d1883f6e1e285ff3100b20bd397b3e708c59a33d6d9989800eb8a64
09587fd0b4c984573371a553f082e27c4e4ba98f65130e1b1eb7c0b7699509e5
0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740
0f71a8f2172f6a6e9df9766647cb8a70dda69cff763b36867bec5e49698c6ec3
1140c2d2f752a7f86e08b5880a1d1742b21da4154af6910c30b644f75d62deaa
1528c535d339849cea1f4b18416229bd962819949c62574dcd184cdfa6d056b2
165d6cf0440273d98a7ff9e3a3c996af430f251f139ce41bd21d2b995291a0ff
1916cf4455a526aadafd82710bf7304154905dcdf69dd9e0b516a63cc82e27e0
1c4777fe3a673a05492e27d08032cc91c23ac5389897c9235b09b8b0f5a74db3
1df70b268a34a8036eca2f536d670f59e142b877bf09ad993aec61417c7a4870
1e0352c858984ddb68c11c0b8265ea2ae72ab8d29b4471f888d4cbd95fe881ef
2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e
2557bb6bc6cb5f51c6f7bf20a2be9f587863905e453639b44bdaa7af61b6ac36
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
27dd9b075cc59cf5f3c0f6ee075f4bd113782d81ce30a4f16aac669ecfdc4fa2
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2b364aed0f0a57b1341d81ead16a2c95814e34df778c2e2337b2efc686841cb7
2c03404e75c3b5dd3190080d5b678433a88aed86b17fba7685f8a36950414fb8
2c3af05f5b54fa2870e1a0c113871d49b5ca864c4a8ea4f335614598d365e63e
2d0ee8b9f5976ae2dc3eefb7aace301d8540ad3d5f01c88f5049b3b7257a1d2f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
4485dc3684588728bba3e5fbbe902c36ad1ec1b47480cc62c911a9403bafecc3
4b5dcd8c4de34bf3e2bbbb1499ef55172ca6a8c7124c5aaa04cc6ea48a084b8b
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
4f9f4e2e225088f9cf3b6b54aa421e0f776d1802255505d2f752e1f83f441641
508a8d88a4db7b5ef87b1d5b6fc60e56b7c5384b75b75b10e77f298ea108b510
51e18fa3a179268df5763ae93f237dfa9ab4733b4e2791fe3cfeecca702a8832
5220bfc9416c5b55c41b39baaf1744ed2ce2bec1b0e77382067dea40eec68ba2
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5a4c7a219afd706285884c6ccf2ea6e5e45334c11110fa00867a0401ac328147
5ace62af3e5dc973a547aa8cf2387d400d9cb35cca9869324a20f9faad0606d2
5d7c7d25a0da74c0dd466120c3c09bd94cb982fc66ebc4a78675339f37323bf5
5dd0b5724f4bbac4bd58de274236fce36135ce302364b3b8ff5c4c3631e81139
61b5d4f52ec96a0aef85f731e618cb627749775534ae86976446f42350757392
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
63b57f1c807cff36d05a0cc7f364cf39cb6a00aa0769f35ed051c71e5519e804
66573fcde908e65bedfdf64f74d8091de44cef2a64c138b4f4ce26e84105bc82
6bc00ca06b7a18ab6350e79dcbfb30217eccf1cb6f52f5c2f05432a51ff19385
6c31b1c28a5c2eb512c04004dc1f3961a4a4e72f1faeda9cc1f18f5718c486bc
732fe1ff87d948c44d6d26af7aa89d8e1eb9eb8e00c372dadbacb51c0ba5865d
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
7633b7c0c97d19e682feee8afa2738523fcb2a14544a550572caeecd2eefe66b
76aacba4eece592e3a3281e69a5762c6f10b527a29fbba5eae5ac091f47ae554
79ef2c493105913ae8a012433b49e73fec9f4e3dfaf70723bcf66c3e3e0e09e9
7a65e356551523b3a3222147ddb49ea4dad9b21d38a9b590effd45d55fc94d03
7c87fb4391b3160d1965e1178fee8450a7d308451c67e1d79fe79b84f30cf196
7e1f1503df765cca5e099891b94e318a2ef95081ba2af1eb6d417cc884bfdbfe
7ee08c60d39f5712a56938fda3e2ab10fe3ef23ec98aeb3c9a29e54f6f31ffe1
804aa2016958413450a7751d3d63ea718f0ed5c5af48b65d765adf9ab2f1b139
82815a7dba0c18a1092121e80005ee37b0390b8b755a6dc8ba03e199ed3a2501
84e1de7132433ebaa0845af00ce1812287ba004d8288bf78b455f1d9f494f2ab
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
8a8c0bd86eee0230682ed29c5e30936b6b14ab02e1586692840ef8ea4de9dda6
90b1f6082b0cf09c59ad2a5b87d3e0ab87eadf37c9b0b791318adfaae1a4b0d4
90bed464813fbd721e4991e83fe323e763f91294f98018462c2698d16e60ae5f
91bbe15341b805a7f54fe1b86b251ecc6aff874cf9aa39dda033fbb7b3b296b0
9250e53b1ce005202ff23c2d194381269d3b592b4429e7bd4027b088aff0bf8a
953325ef312677dfe665b590bd76189f5be389c4b0450c004d28bbb4e904cdf0
9701e3cc721b444361494b8586b90ce11a0a0fc7964c0220e2263dd836d0a254
9895209127f127e05277788fcfbf414a85c663686cde714cda00cf65ca07a045
9c1989ecd392a0c54fb799409154242706940a8e6d800542ba579dfda576bb9d
a21e3d4b193d36cbfab4d9cb007c5f531c86b7c3d5fbadc0ea2a20296330d536
a2f9ee037559f82c5a093300d46c8c9a89af73164eb05698091696d4b9d14149
ac825c2e7eb874cfe862111097aa63158b575df11b0ea342814a5bc55f450b66
ad22a226db701c2dfb8c5e2e9b663c8bd00f4bf1cd1f3298ab603ecacc52d48b
b1f4247657f994f6c9520c982ab95f953ee1c052706594d74f521cae670cf8be
b253964206a6ce075557f8735e7b57268338885e821f317bc63c6616e75c7b60
b6fa4c3bc27b5231783e1680cd5e9b7863a8120151214c09b4f575ab0a1da031
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
bfbb02b2f82750344aa2bc6329085a7550de92926a22a951db6f1629fab862f0
bfc6883863d1d8dc27b491556f0f91df31da6a3f86fa1d9d8dc8686e067bd8a0
c696e0b058138e41157ab0a7fdea44a11fddfa5235c6ac81a84aaf4ed931b1d8
cda4a81c187015d95ed2c71f1841540b08203cdec5fa2a7d5d1825a3c2166f8c
cf9e92205faeb2fc9929f8aaf67ee6fb15084be8994babd310cfa01d62e29e5c
d4a53070779cc384ec0aecb06ed6ba9fa923ae4d2de671ebbea3f76afd7874c2
d51ef259be3ead951d500292b27c637b061918c2fa2ac2c4d4e970dfa2104c3b
d6fc381fc8274a8e05c221c15702c0c523d1937fc0719a1d4a9e95cc804c560f
d7f92fca171404f4c87d2cf676ae9ba011e869e03410a9cbc1e0e47a3c32406e
e2d4b7ac2cf724a064d15a4379ccca7a81c346dcb143f279d83a0e99f9563cc7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197
eaade0e5f063f06ba9ec0303b6e2cf134e7e7ddedce6b51813880fe52bbb5de2
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f36324ad58ad455cb3b2ed61e5e7326afb3de6988fe5c592ded25598f13405a2
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f6c1b56d72a2f838340b55bd9d710f9a051807d641bf97e111ac9e3ade664911
f7244fff610595b944f76bf3080d74e3af42b5dd234f8f079e698cc39ac966b0
f7641586dddf9623dc180f212044ac262abe6dc5c8607c2b242bb62c4cbe675a
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f8975796042e71d693f3124c6b3f9a1c56324251c80db4f7e42acde0381a5940
fdd7dee6d9646659484627be1b021802c63b5aad59e54578fc78907d7656122f
fe8039b717f95d129190a56aa0571647417ff1480ea2084224ea48584550b9d5