danamodio.com Open in urlscan Pro
50.63.220.1 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
Effective URL:
http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
Submission: On October 09 via manual (October 9th 2020, 2:50:02 pm UTC) from US

Summary HTTP 28 Redirects Links 23 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 28 HTTP transactions. The main IP is 50.63.220.1, located in Scottsdale, United States and belongs to AS-26496-GO-DADDY-COM-LLC, US. The main domain is danamodio.com.

This is the only time danamodio.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 26	50.63.220.1 50.63.220.1	26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC)
1	192.0.77.32 192.0.77.32	2635 (AUTOMATTIC) (AUTOMATTIC)
2	2a00:1450:400... 2a00:1450:4001:81f::200e	15169 (GOOGLE) (GOOGLE)
28	3

26 50.63.220.1 (Scottsdale, United States) 1 redirects

ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: p3nlhg392c1392.shr.prod.phx3.secureserver.net

www.danamodio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
danamodio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.32 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

s0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
26	danamodio.com 1 redirects www.danamodio.com danamodio.com	434 KB
2	google-analytics.com www.google-analytics.com	17 KB
1	wp.com s0.wp.com	3 KB
28	3

	Domain	Requested by
25	danamodio.com	danamodio.com
2	www.google-analytics.com	danamodio.com
1	s0.wp.com	danamodio.com
1	www.danamodio.com	1 redirects
28	4

This site contains links to these domains. Also see Links.

Domain
twitter.com
www.aspectsecurity.com
jira.spring.io
communities.coverity.com
www.mindedsecurity.com
www.springsource.com
www.owasp.org
www.sonatype.com
jcp.org
static.springsource.org
docs.oracle.com
blogs.apache.org
issues.apache.org
wiki.apache.org
support.springsource.com
grepcode.com
www.linkedin.com

Subject Issuer	Validity	Valid
*.google-analytics.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
Frame ID: DA8199820578BF303F85DBA8E57EF9FD
Requests: 28 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://www.danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/ HTTP 301
http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

28
Requests

7 %
HTTPS

33 %
IPv6

3
Domains

4
Subdomains

3
IPs

2
Countries

454 kB
Transfer

645 kB
Size

0
Cookies

23 Outgoing links

These are links going to different origins than the main page.

URL: http://twitter.com/DanAmodio
Title: DanAmodio

Search URL Search Domain Scan URL

URL: https://www.aspectsecurity.com/research/appsec_docs/
Title: Aspect Security

Search URL Search Domain Scan URL

URL: https://jira.spring.io/browse/SPR-5308
Title: SPR-5308

Search URL Search Domain Scan URL

URL: https://communities.coverity.com/blogs/security/2013/05/29/struts2-remote-code-execution-via-ognl-injection
Title: OGNL Injection in Struts

Search URL Search Domain Scan URL

URL: https://twitter.com/WisecWisec
Title: Stefano Di Paola

Search URL Search Domain Scan URL

URL: http://www.mindedsecurity.com/
Title: Minded Security

Search URL Search Domain Scan URL

URL: https://twitter.com/nahsra
Title: Arshan Dabirsiaghi

Search URL Search Domain Scan URL

URL: https://www.aspectsecurity.com/
Title: Aspect Security

Search URL Search Domain Scan URL

URL: http://www.mindedsecurity.com/fileshare/ExpressionLanguageInjection.pdf
Title: PDF

Search URL Search Domain Scan URL

URL: http://www.springsource.com/security/cve-2011-2730
Title: Advisory

Search URL Search Domain Scan URL

URL: https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)%22%20%5Ct%20%22_blank%22%20%5Co%20%22OWASP:%20Cross-Site%20Scripting%20(XSS)
Title: XSS

Search URL Search Domain Scan URL

URL: http://www.sonatype.com/%22%20%5Ct%20%22_blank%22%20%5Co%20%22Sonatype
Title: Sonatype

Search URL Search Domain Scan URL

URL: http://jcp.org/aboutJava/communityprocess/mrel/jsr245/index.html
Title: EL 2.2

Search URL Search Domain Scan URL

URL: https://www.owasp.org/index.php/User:Jeff_Williams
Title: Jeff Williams

Search URL Search Domain Scan URL

URL: http://static.springsource.org/spring/docs/3.0.x/reference/expressions.html
Title: org.springframework.expression.spel.standard.SpelExpressionParser

Search URL Search Domain Scan URL

URL: http://docs.oracle.com/javase/1.5.0/docs/api/java/net/URLClassLoader.html#newInstance(java.net.URL[])
Title: newInstance method

Search URL Search Domain Scan URL

URL: https://www.aspectsecurity.com/uploads/downloads/2012/03/Aspect-Security-The-Unfortunate-Reality-of-Insecure-Libraries.pdf%22%20%5Ct%20%22_blank%22%20%5Co%20%22Aspect%20Security%20Research:%20The%20Unfortunate%20Reality%20of%20Insecure%20Libraries
Title: update your libraries

Search URL Search Domain Scan URL

URL: https://blogs.apache.org/tomcat/entry/apache_tomcat_7_released
Title: method

Search URL Search Domain Scan URL

URL: https://issues.apache.org/bugzilla/show_bug.cgi?id=52445
Title: invocation

Search URL Search Domain Scan URL

URL: http://wiki.apache.org/myfaces/HowToEnableEl22
Title: specifically retrofitted

Search URL Search Domain Scan URL

URL: http://support.springsource.com/security/cve-2011-2730
Title: original CVE

Search URL Search Domain Scan URL

URL: http://grepcode.com/file/repository.springsource.com/org.springframework/org.springframework.web/3.1.1/org/springframework/web/util/ExpressionEvaluationUtils.java#ExpressionEvaluationUtils.isSpringJspExpressionSupportActive%28javax.servlet.jsp.PageContext%29
Title: off by default

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/in/danamodio

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/ HTTP 301
http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 20

http://www.google-analytics.com/ga.js HTTP 307
https://www.google-analytics.com/ga.js

Request Chain 26

http://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1530292827&utmhn=danamodio.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Remote%20Code%20with%20Expression%20Language%20Injection%20%7C%20Dan%20Amodio&utmhid=1920357901&utmr=-&utmp=%2Fappsec%2Fresearch%2Fspring-remote-code-with-expression-language-injection%2F&utmht=1602254984929&utmac=UA-36946639-1&utmcc=__utma%3D81565314.2053482404.1602254985.1602254985.1602254985.1%3B%2B__utmz%3D81565314.1602254985.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=76163585&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP 307
https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1530292827&utmhn=danamodio.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Remote%20Code%20with%20Expression%20Language%20Injection%20%7C%20Dan%20Amodio&utmhid=1920357901&utmr=-&utmp=%2Fappsec%2Fresearch%2Fspring-remote-code-with-expression-language-injection%2F&utmht=1602254984929&utmac=UA-36946639-1&utmcc=__utma%3D81565314.2053482404.1602254985.1602254985.1602254985.1%3B%2B__utmz%3D81565314.1602254985.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=76163585&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~

28 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
Redirect Chain

http://www.danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/

39 KB
12 KB

648ms
619ms

Document
text/html

50.63.220.1
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
Protocol: HTTP/1.1
Server: 50.63.220.1 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: p3nlhg392c1392.shr.prod.phx3.secureserver.net
Software: Apache /
Resource Hash: 1361ced10ea855edc02324fc335bfdffab7acc7e7f3c116ccdfdc72ae46fe2c0

Request headers

Host: danamodio.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 09 Oct 2020 14:49:43 GMT
Server: Apache
X-Pingback: http://danamodio.com/xmlrpc.php
Link: <http://danamodio.com/wp-json/>; rel="https://api.w.org/", <http://danamodio.com/?p=158>; rel=shortlink
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 12077
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

Redirect headers

Date: Fri, 09 Oct 2020 14:49:43 GMT
Server: Apache
X-Pingback: http://danamodio.com/xmlrpc.php
Location: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK style.css
danamodio.com/wp-content/themes/themolio/ 19 KB
5 KB 799ms
775ms Stylesheet
text/css 50.63.220.1
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: http://danamodio.com/wp-content/themes/themolio/style.css
Requested by: Host: danamodio.com
URL: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
Protocol: HTTP/1.1
Server: 50.63.220.1 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: p3nlhg392c1392.shr.prod.phx3.secureserver.net
Software: Apache /
Resource Hash: 24d93d3d5f72652e6909165078d63d3489dcc7d76ea8eee550f28e7364fcba9a

Request headers

Referer: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 09 Oct 2020 14:49:44 GMT
Content-Encoding: gzip
Last-Modified: Sat, 08 Dec 2012 21:53:02 GMT
Server: Apache
ETag: "4aad-4d05e5b34a06b-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=86400
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 4488
Expires: Sat, 10 Oct 2020 14:49:44 GMT

GET
H/1.1 200
OK prettify.css
danamodio.com/wp-content/plugins/prettify-gc-syntax-highlighter/ 2 KB
1 KB 429ms
395ms Stylesheet
text/css 50.63.220.1
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: http://danamodio.com/wp-content/plugins/prettify-gc-syntax-highlighter/prettify.css?ver=4.7.18
Requested by: Host: danamodio.com
URL: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
Protocol: HTTP/1.1
Server: 50.63.220.1 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: p3nlhg392c1392.shr.prod.phx3.secureserver.net
Software: Apache /
Resource Hash: 6dbd043c58c12d2f05987476b15992522271d9e3fa70e4e6f504847932dfc869

Request headers

Referer: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 09 Oct 2020 14:49:44 GMT
Content-Encoding: gzip
Last-Modified: Mon, 10 Dec 2012 21:49:08 GMT
Server: Apache
ETag: "66e-4d08688ed6478-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=86400
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 698
Expires: Sat, 10 Oct 2020 14:49:44 GMT

GET
H/1.1 200
OK easy-fancybox.css.php
danamodio.com/wp-content/plugins/easy-fancybox/ 8 KB
2 KB 437ms
404ms Stylesheet
text/css 50.63.220.1
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: http://danamodio.com/wp-content/plugins/easy-fancybox/easy-fancybox.css.php?ver=1.3.4
Requested by: Host: danamodio.com
URL: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
Protocol: HTTP/1.1
Server: 50.63.220.1 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: p3nlhg392c1392.shr.prod.phx3.secureserver.net
Software: Apache /
Resource Hash: 03aaa04a8f69efd237af16b847c1f204c120b3d4510d7f8677acad46274b3fd6

Request headers

Referer: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 09 Oct 2020 14:49:44 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
Content-Type: text/css; charset=utf-8
Cache-Control: max-age=86400
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 1420
Expires: Sat, 10 Oct 2020 14:49:44 GMT

GET
H/1.1 200
OK jquery.js Show response
danamodio.com/wp-includes/js/jquery/ 95 KB
33 KB 436ms
403ms Script
application/javascript 50.63.220.1
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: http://danamodio.com/wp-includes/js/jquery/jquery.js?ver=1.12.4
Requested by: Host: danamodio.com
URL: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
Protocol: HTTP/1.1
Server: 50.63.220.1 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: p3nlhg392c1392.shr.prod.phx3.secureserver.net
Software: Apache /
Resource Hash: cf34e1b87bbfd9d9b185dec994924a496e279d8dc9387ad8d35bc0110134c4d3

Request headers

Referer: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 09 Oct 2020 14:49:44 GMT
Content-Encoding: gzip
Last-Modified: Thu, 05 Sep 2019 03:15:50 GMT
Server: Apache
ETag: "17a6a-591c5bd1a33e3-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 33776
Expires: Fri, 16 Oct 2020 14:49:44 GMT

GET
H/1.1 200
OK jquery-migrate.min.js Show response
danamodio.com/wp-includes/js/jquery/ 10 KB
4 KB 429ms
396ms Script
application/javascript 50.63.220.1
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: http://danamodio.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
Requested by: Host: danamodio.com
URL: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
Protocol: HTTP/1.1
Server: 50.63.220.1 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: p3nlhg392c1392.shr.prod.phx3.secureserver.net
Software: Apache /
Resource Hash: 48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Request headers

Referer: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 09 Oct 2020 14:49:44 GMT
Content-Encoding: gzip
Last-Modified: Tue, 21 Jun 2016 17:35:45 GMT
Server: Apache
ETag: "2748-535cd4038613b-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 4014
Expires: Fri, 16 Oct 2020 14:49:44 GMT

GET
H/1.1 200
OK themolio.js Show response
danamodio.com/wp-content/themes/themolio/js/ 365 B
592 B 641ms
213ms Script
application/javascript 50.63.220.1
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: http://danamodio.com/wp-content/themes/themolio/js/themolio.js?ver=4.7.18
Requested by: Host: danamodio.com
URL: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
Protocol: HTTP/1.1
Server: 50.63.220.1 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: p3nlhg392c1392.shr.prod.phx3.secureserver.net
Software: Apache /
Resource Hash: bb3195c6016d05f1b42c4e42893ff2ff46ebb4870ac19a6f2d1b840d3befb3a8

Request headers

Referer: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 09 Oct 2020 14:49:44 GMT
Content-Encoding: gzip
Last-Modified: Sat, 08 Dec 2012 21:53:02 GMT
Server: Apache
ETag: "16d-4d05e5b342789-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 188
Expires: Fri, 16 Oct 2020 14:49:44 GMT

GET
H/1.1 200
OK jquery.fancybox-1.3.4.pack.js Show response
danamodio.com/wp-content/plugins/easy-fancybox/fancybox/ 15 KB
6 KB 652ms
218ms Script
application/javascript 50.63.220.1
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: http://danamodio.com/wp-content/plugins/easy-fancybox/fancybox/jquery.fancybox-1.3.4.pack.js?ver=1.3.4
Requested by: Host: danamodio.com
URL: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
Protocol: HTTP/1.1
Server: 50.63.220.1 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: p3nlhg392c1392.shr.prod.phx3.secureserver.net
Software: Apache /
Resource Hash: d84bac3710c2842dc8d5d5ae6e324007443cbd8ae26b909dd89bc2bdc31c8561

Request headers

Referer: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 09 Oct 2020 14:49:44 GMT
Content-Encoding: gzip
Last-Modified: Mon, 10 Dec 2012 16:22:17 GMT
Server: Apache
ETag: "3d08-4d081f808623c-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 5574
Expires: Fri, 16 Oct 2020 14:49:44 GMT

GET
H/1.1 200
OK stylesheet.css
danamodio.com/wp-content/themes/themolio/fonts/ 557 B
669 B 434ms
402ms Stylesheet
text/css 50.63.220.1
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: http://danamodio.com/wp-content/themes/themolio/fonts/stylesheet.css
Requested by: Host: danamodio.com
URL: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
Protocol: HTTP/1.1
Server: 50.63.220.1 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: p3nlhg392c1392.shr.prod.phx3.secureserver.net
Software: Apache /
Resource Hash: 12dd39d294dc4e86e276cd64a6f8de7f56415d068e4920be93ed710e2faeaa31

Request headers

Referer: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 09 Oct 2020 14:49:44 GMT
Content-Encoding: gzip
Last-Modified: Sat, 08 Dec 2012 21:53:02 GMT
Server: Apache
ETag: "22d-4d05e5b33c9b9-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=86400
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 279
Expires: Sat, 10 Oct 2020 14:49:44 GMT

GET
H/1.1 200
OK spring_rce_calculator-1024x589.png
danamodio.com/wp-content/uploads/2012/12/ 293 KB
293 KB 235ms
234ms Image
image/png 50.63.220.1
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://danamodio.com/wp-content/uploads/2012/12/spring_rce_calculator-1024x589.png
Requested by: Host: danamodio.com
URL: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
Protocol: HTTP/1.1
Server: 50.63.220.1 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: p3nlhg392c1392.shr.prod.phx3.secureserver.net
Software: Apache /
Resource Hash: 1e0a82a031b47ebd7a71f0d25453e5ea15181f2e4953ebce1900b7b8ea8f64b4

Request headers

Referer: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 09 Oct 2020 14:49:45 GMT
Last-Modified: Mon, 10 Dec 2012 15:23:34 GMT
Server: Apache
ETag: "4928f-4d0812606a85e"
Content-Type: image/png
Cache-Control: max-age=5184000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 299663
Expires: Tue, 08 Dec 2020 14:49:45 GMT

GET
H/1.1 200
OK rss.png
danamodio.com/wp-content/uploads/2012/12/ 3 KB
3 KB 360ms
213ms Image
image/png 50.63.220.1
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://danamodio.com/wp-content/uploads/2012/12/rss.png
Requested by: Host: danamodio.com
URL: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
Protocol: HTTP/1.1
Server: 50.63.220.1 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: p3nlhg392c1392.shr.prod.phx3.secureserver.net
Software: Apache /
Resource Hash: 88fc786ce68869fb3d1c49e7d329e391c9e8ce9b510adb12fb3721354b925805

Request headers

Referer: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 09 Oct 2020 14:49:45 GMT
Last-Modified: Fri, 07 Dec 2012 19:33:25 GMT
Server: Apache
ETag: "c5d-4d0484a0c94d5"
Content-Type: image/png
Cache-Control: max-age=5184000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 3165
Expires: Tue, 08 Dec 2020 14:49:45 GMT

GET
H/1.1 200
OK twitter.png
danamodio.com/wp-content/uploads/2012/12/ 3 KB
3 KB 506ms
216ms Image
image/png 50.63.220.1
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://danamodio.com/wp-content/uploads/2012/12/twitter.png
Requested by: Host: danamodio.com
URL: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
Protocol: HTTP/1.1
Server: 50.63.220.1 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: p3nlhg392c1392.shr.prod.phx3.secureserver.net
Software: Apache /
Resource Hash: ef41ebb9584f6f61d741a92d4125bec886c7e4abbd3f51da3c7e3b0dd04b29ef

Request headers

Referer: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 09 Oct 2020 14:49:45 GMT
Last-Modified: Fri, 07 Dec 2012 19:33:26 GMT
Server: Apache
ETag: "ac7-4d0484a2417af"
Content-Type: image/png
Cache-Control: max-age=5184000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 2759
Expires: Tue, 08 Dec 2020 14:49:45 GMT

GET
H/1.1 200
OK linkedin.png
danamodio.com/wp-content/uploads/2012/12/ 2 KB
3 KB 373ms
217ms Image
image/png 50.63.220.1
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://danamodio.com/wp-content/uploads/2012/12/linkedin.png
Requested by: Host: danamodio.com
URL: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
Protocol: HTTP/1.1
Server: 50.63.220.1 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: p3nlhg392c1392.shr.prod.phx3.secureserver.net
Software: Apache /
Resource Hash: 1d7495e475998c46f21df3b5e654fcc3c5c84bf183068ff105aa05bc111ecc20

Request headers

Referer: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 09 Oct 2020 14:49:45 GMT
Last-Modified: Fri, 07 Dec 2012 19:33:23 GMT
Server: Apache
ETag: "9ea-4d04849ec18e9"
Content-Type: image/png
Cache-Control: max-age=5184000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 2538
Expires: Tue, 08 Dec 2020 14:49:45 GMT

GET
H/1.1 200
OK prettify.js Show response
danamodio.com/wp-content/plugins/prettify-gc-syntax-highlighter/ 40 KB
13 KB 218ms
218ms Script
application/javascript 50.63.220.1
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: http://danamodio.com/wp-content/plugins/prettify-gc-syntax-highlighter/prettify.js?ver=4.7.18
Requested by: Host: danamodio.com
URL: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
Protocol: HTTP/1.1
Server: 50.63.220.1 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: p3nlhg392c1392.shr.prod.phx3.secureserver.net
Software: Apache /
Resource Hash: 1a5d4c169986b4864569fb6d5a3c9fb138078e8693666aaf20b67dea08480b33

Request headers

Referer: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 09 Oct 2020 14:49:44 GMT
Content-Encoding: gzip
Last-Modified: Mon, 10 Dec 2012 21:03:59 GMT
Server: Apache
ETag: "a138-4d085e772cf8a-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 12805
Expires: Fri, 16 Oct 2020 14:49:44 GMT

GET
H/1.1 200
OK launch.js Show response
danamodio.com/wp-content/plugins/prettify-gc-syntax-highlighter/ 2 KB
952 B 218ms
216ms Script
application/javascript 50.63.220.1
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: http://danamodio.com/wp-content/plugins/prettify-gc-syntax-highlighter/launch.js?ver=4.7.18
Requested by: Host: danamodio.com
URL: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
Protocol: HTTP/1.1
Server: 50.63.220.1 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: p3nlhg392c1392.shr.prod.phx3.secureserver.net
Software: Apache /
Resource Hash: c6d11c5ac231c92836b39d72d334a52bbad4f79b4d9df4473378a70e7be78850

Request headers

Referer: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 09 Oct 2020 14:49:44 GMT
Content-Encoding: gzip
Last-Modified: Mon, 10 Dec 2012 21:03:59 GMT
Server: Apache
ETag: "625-4d085e77311f6-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 548
Expires: Fri, 16 Oct 2020 14:49:44 GMT

GET
H/1.1 200
OK devicepx-jetpack.js Show response
s0.wp.com/wp-content/js/ 10 KB
3 KB 108ms
77ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: http://s0.wp.com/wp-content/js/devicepx-jetpack.js?ver=202041
Requested by: Host: danamodio.com
URL: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
Protocol: HTTP/1.1
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: f32d41f2099a0be20e6b57c5e0d1b71c079d3e1345827b0f5c5b97c6e5e3f78d

Request headers

Referer: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-nc: HIT fra 1
Date: Fri, 09 Oct 2020 14:49:44 GMT
Content-Encoding: gzip
Server: nginx
Etag: W/"5c32dc59-52b6"
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/javascript
Cache-Control: max-age=31536000
Transfer-Encoding: chunked
X-ac: 4.fra _dfw
Expires: Mon, 04 Oct 2021 15:34:16 GMT

GET
H/1.1 200
OK comment-reply.min.js Show response
danamodio.com/wp-includes/js/ 1 KB
993 B 242ms
240ms Script
application/javascript 50.63.220.1
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: http://danamodio.com/wp-includes/js/comment-reply.min.js?ver=4.7.18
Requested by: Host: danamodio.com
URL: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
Protocol: HTTP/1.1
Server: 50.63.220.1 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: p3nlhg392c1392.shr.prod.phx3.secureserver.net
Software: Apache /
Resource Hash: 1b1ca0f15010e0124bd4ca481404643c88f7eda1b276e9554d0ed83fb45b7e30

Request headers

Referer: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 09 Oct 2020 14:49:44 GMT
Content-Encoding: gzip
Last-Modified: Sat, 23 Apr 2016 14:31:53 GMT
Server: Apache
ETag: "436-53127ce0427d1-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 589
Expires: Fri, 16 Oct 2020 14:49:44 GMT

GET
H/1.1 200
OK jquery.easing-1.3.pack.js Show response
danamodio.com/wp-content/plugins/easy-fancybox/fancybox/ 7 KB
3 KB 218ms
215ms Script
application/javascript 50.63.220.1
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: http://danamodio.com/wp-content/plugins/easy-fancybox/fancybox/jquery.easing-1.3.pack.js?ver=1.3
Requested by: Host: danamodio.com
URL: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
Protocol: HTTP/1.1
Server: 50.63.220.1 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: p3nlhg392c1392.shr.prod.phx3.secureserver.net
Software: Apache /
Resource Hash: 9a7f76fdc1930049302dff8d3cb5e6e0cbfcf8feb6d1b1a06ef16a7445b05111

Request headers

Referer: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 09 Oct 2020 14:49:44 GMT
Content-Encoding: gzip
Last-Modified: Mon, 10 Dec 2012 16:22:17 GMT
Server: Apache
ETag: "1a3d-4d081f8079ebd-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 2193
Expires: Fri, 16 Oct 2020 14:49:44 GMT

GET
H/1.1 200
OK jquery.mousewheel-3.0.4.pack.js Show response
danamodio.com/wp-content/plugins/easy-fancybox/fancybox/ 1 KB
1 KB 217ms
215ms Script
application/javascript 50.63.220.1
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: http://danamodio.com/wp-content/plugins/easy-fancybox/fancybox/jquery.mousewheel-3.0.4.pack.js?ver=3.0.4
Requested by: Host: danamodio.com
URL: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
Protocol: HTTP/1.1
Server: 50.63.220.1 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: p3nlhg392c1392.shr.prod.phx3.secureserver.net
Software: Apache /
Resource Hash: 1b6d02f909ccab91a8a6b820a8e231e8581a3dffbe3acf9ec435f7871e7a019f

Request headers

Referer: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 09 Oct 2020 14:49:44 GMT
Content-Encoding: gzip
Last-Modified: Mon, 10 Dec 2012 16:22:17 GMT
Server: Apache
ETag: "4ff-4d081f807d588-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 677
Expires: Fri, 16 Oct 2020 14:49:44 GMT

GET
H/1.1 200
OK jquery.metadata.js Show response
danamodio.com/wp-content/plugins/easy-fancybox/ 5 KB
2 KB 212ms
210ms Script
application/javascript 50.63.220.1
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: http://danamodio.com/wp-content/plugins/easy-fancybox/jquery.metadata.js?ver=2.1
Requested by: Host: danamodio.com
URL: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
Protocol: HTTP/1.1
Server: 50.63.220.1 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: p3nlhg392c1392.shr.prod.phx3.secureserver.net
Software: Apache /
Resource Hash: e38ccf96deb41ef93f4d9c1941ec9eb8e746fbe94b9166ad5096fc2353b1d0f5

Request headers

Referer: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 09 Oct 2020 14:49:44 GMT
Content-Encoding: gzip
Last-Modified: Mon, 10 Dec 2012 16:22:17 GMT
Server: Apache
ETag: "13f8-4d081f809581f-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 1749
Expires: Fri, 16 Oct 2020 14:49:44 GMT

GET
H/1.1 200
OK wp-embed.min.js Show response
danamodio.com/wp-includes/js/ 1 KB
1 KB 397ms
209ms Script
application/javascript 50.63.220.1
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: http://danamodio.com/wp-includes/js/wp-embed.min.js?ver=4.7.18
Requested by: Host: danamodio.com
URL: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
Protocol: HTTP/1.1
Server: 50.63.220.1 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: p3nlhg392c1392.shr.prod.phx3.secureserver.net
Software: Apache /
Resource Hash: dcb5e540e62fc85857254a1066afb6a7e8999279c6d4c583eef855d39f9289c0

Request headers

Referer: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 09 Oct 2020 14:49:45 GMT
Content-Encoding: gzip
Last-Modified: Wed, 01 Feb 2017 18:01:14 GMT
Server: Apache
ETag: "576-5477bd5a1351d-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 751
Expires: Fri, 16 Oct 2020 14:49:45 GMT

GET
H3-Q050

200

ga.js Show response
www.google-analytics.com/
Redirect Chain

http://www.google-analytics.com/ga.js
https://www.google-analytics.com/ga.js

45 KB
17 KB

6ms
6ms

Script
text/javascript

2a00:1450:4001:81f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/ga.js

Requested by

Host: danamodio.com
URL: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Sep 2020 01:50:37 GMT
server: Golfe2
age: 5960
date: Fri, 09 Oct 2020 13:10:24 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
expires: Fri, 09 Oct 2020 15:10:24 GMT

Redirect headers

Location: https://www.google-analytics.com/ga.js
Non-Authoritative-Reason: HSTS

GET
H/1.1 200
OK background.png
danamodio.com/wp-content/themes/themolio/images/ 3 KB
3 KB 336ms
216ms Image
image/png 50.63.220.1
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://danamodio.com/wp-content/themes/themolio/images/background.png
Requested by: Host: danamodio.com
URL: http://danamodio.com/wp-content/themes/themolio/style.css
Protocol: HTTP/1.1
Server: 50.63.220.1 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: p3nlhg392c1392.shr.prod.phx3.secureserver.net
Software: Apache /
Resource Hash: 74660a317a791e2652b3ff1cab476be1ef81966d983b9fdaad50b3ba601bca76

Request headers

Referer: http://danamodio.com/wp-content/themes/themolio/style.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 09 Oct 2020 14:49:45 GMT
Last-Modified: Sat, 08 Dec 2012 21:53:02 GMT
Server: Apache
ETag: "afb-4d05e5b340840"
Content-Type: image/png
Cache-Control: max-age=5184000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 2811
Expires: Tue, 08 Dec 2020 14:49:45 GMT

GET
H/1.1 200
OK header_bg.png
danamodio.com/wp-content/themes/themolio/images/ 4 KB
5 KB 289ms
217ms Image
image/png 50.63.220.1
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://danamodio.com/wp-content/themes/themolio/images/header_bg.png
Requested by: Host: danamodio.com
URL: http://danamodio.com/wp-content/themes/themolio/style.css
Protocol: HTTP/1.1
Server: 50.63.220.1 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: p3nlhg392c1392.shr.prod.phx3.secureserver.net
Software: Apache /
Resource Hash: 8cf5af1f8cb9751d35e711caad199b3c24cde5e170332fc2c249b3a7495abace

Request headers

Referer: http://danamodio.com/wp-content/themes/themolio/style.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 09 Oct 2020 14:49:45 GMT
Last-Modified: Sat, 08 Dec 2012 21:53:02 GMT
Server: Apache
ETag: "10c0-4d05e5b33f495"
Content-Type: image/png
Cache-Control: max-age=5184000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 4288
Expires: Tue, 08 Dec 2020 14:49:45 GMT

GET
H/1.1 200
OK button_bg.png
danamodio.com/wp-content/themes/themolio/images/ 3 KB
3 KB 339ms
216ms Image
image/png 50.63.220.1
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://danamodio.com/wp-content/themes/themolio/images/button_bg.png
Requested by: Host: danamodio.com
URL: http://danamodio.com/wp-content/themes/themolio/style.css
Protocol: HTTP/1.1
Server: 50.63.220.1 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: p3nlhg392c1392.shr.prod.phx3.secureserver.net
Software: Apache /
Resource Hash: de0ebd608d6bff01ae92ba8bc0bdf0efe80aa1252023f6c10d81eb3927ae4693

Request headers

Referer: http://danamodio.com/wp-content/themes/themolio/style.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 09 Oct 2020 14:49:45 GMT
Last-Modified: Sat, 08 Dec 2012 21:53:02 GMT
Server: Apache
ETag: "b1a-4d05e5b340ff8"
Content-Type: image/png
Cache-Control: max-age=5184000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 2842
Expires: Tue, 08 Dec 2020 14:49:45 GMT

GET
H/1.1 200
OK menu_bg.png
danamodio.com/wp-content/themes/themolio/images/ 20 KB
20 KB 340ms
218ms Image
image/png 50.63.220.1
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://danamodio.com/wp-content/themes/themolio/images/menu_bg.png
Requested by: Host: danamodio.com
URL: http://danamodio.com/wp-content/themes/themolio/style.css
Protocol: HTTP/1.1
Server: 50.63.220.1 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: p3nlhg392c1392.shr.prod.phx3.secureserver.net
Software: Apache /
Resource Hash: b2ef6ef3225aea0e89829ea9026b848caecadb5bb5b3a14a422fb47750d19f5e

Request headers

Referer: http://danamodio.com/wp-content/themes/themolio/style.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 09 Oct 2020 14:49:45 GMT
Last-Modified: Sat, 08 Dec 2012 21:53:02 GMT
Server: Apache
ETag: "508f-4d05e5b33e4ee"
Content-Type: image/png
Cache-Control: max-age=5184000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 20623
Expires: Tue, 08 Dec 2020 14:49:45 GMT

GET
H/1.1 200
OK TrashHand-webfont.woff
danamodio.com/wp-content/themes/themolio/fonts/trashhand/ 14 KB
14 KB 233ms
218ms Font
font/woff 50.63.220.1
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: http://danamodio.com/wp-content/themes/themolio/fonts/trashhand/TrashHand-webfont.woff
Requested by: Host: danamodio.com
URL: http://danamodio.com/wp-content/themes/themolio/fonts/stylesheet.css
Protocol: HTTP/1.1
Server: 50.63.220.1 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: p3nlhg392c1392.shr.prod.phx3.secureserver.net
Software: Apache /
Resource Hash: b48d83103acc923f7cc813af4014be21be548ca27107effe4d2598544f090fd5

Request headers

Origin: http://danamodio.com
Referer: http://danamodio.com/wp-content/themes/themolio/fonts/stylesheet.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 09 Oct 2020 14:49:44 GMT
Last-Modified: Sat, 08 Dec 2012 21:53:02 GMT
Server: Apache
ETag: "3634-4d05e5b33c59e"
Content-Type: font/woff
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 13876

GET
H3-Q050

200

__utm.gif
www.google-analytics.com/r/
Redirect Chain

http://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1530292827&utmhn=danamodio.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Remote%...
https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1530292827&utmhn=danamodio.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Remote...

35 B
80 B

14ms
13ms

Image
image/gif

2a00:1450:4001:81f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1530292827&utmhn=danamodio.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Remote%20Code%20with%20Expression%20Language%20Injection%20%7C%20Dan%20Amodio&utmhid=1920357901&utmr=-&utmp=%2Fappsec%2Fresearch%2Fspring-remote-code-with-expression-language-injection%2F&utmht=1602254984929&utmac=UA-36946639-1&utmcc=__utma%3D81565314.2053482404.1602254985.1602254985.1602254985.1%3B%2B__utmz%3D81565314.1602254985.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=76163585&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~

Requested by

Host: danamodio.com
URL: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://danamodio.com/appsec/research/spring-remote-code-with-expression-language-injection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Oct 2020 14:49:44 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1530292827&utmhn=danamodio.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Remote%20Code%20with%20Expression%20Language%20Injection%20%7C%20Dan%20Amodio&utmhid=1920357901&utmr=-&utmp=%2Fappsec%2Fresearch%2Fspring-remote-code-with-expression-language-injection%2F&utmht=1602254984929&utmac=UA-36946639-1&utmcc=__utma%3D81565314.2053482404.1602254985.1602254985.1602254985.1%3B%2B__utmz%3D81565314.1602254985.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=76163585&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~
Non-Authoritative-Reason: HSTS

Verdicts & Comments Add Verdict or Comment

24 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: http://danamodio.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1(Line 2) Message: JQMIGRATE: Migrate is installed, version 1.4.1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

danamodio.com
s0.wp.com
www.danamodio.com
www.google-analytics.com
192.0.77.32
2a00:1450:4001:81f::200e
50.63.220.1
03aaa04a8f69efd237af16b847c1f204c120b3d4510d7f8677acad46274b3fd6
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
12dd39d294dc4e86e276cd64a6f8de7f56415d068e4920be93ed710e2faeaa31
1361ced10ea855edc02324fc335bfdffab7acc7e7f3c116ccdfdc72ae46fe2c0
1a5d4c169986b4864569fb6d5a3c9fb138078e8693666aaf20b67dea08480b33
1b1ca0f15010e0124bd4ca481404643c88f7eda1b276e9554d0ed83fb45b7e30
1b6d02f909ccab91a8a6b820a8e231e8581a3dffbe3acf9ec435f7871e7a019f
1d7495e475998c46f21df3b5e654fcc3c5c84bf183068ff105aa05bc111ecc20
1e0a82a031b47ebd7a71f0d25453e5ea15181f2e4953ebce1900b7b8ea8f64b4
24d93d3d5f72652e6909165078d63d3489dcc7d76ea8eee550f28e7364fcba9a
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
6dbd043c58c12d2f05987476b15992522271d9e3fa70e4e6f504847932dfc869
74660a317a791e2652b3ff1cab476be1ef81966d983b9fdaad50b3ba601bca76
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
88fc786ce68869fb3d1c49e7d329e391c9e8ce9b510adb12fb3721354b925805
8cf5af1f8cb9751d35e711caad199b3c24cde5e170332fc2c249b3a7495abace
9a7f76fdc1930049302dff8d3cb5e6e0cbfcf8feb6d1b1a06ef16a7445b05111
b2ef6ef3225aea0e89829ea9026b848caecadb5bb5b3a14a422fb47750d19f5e
b48d83103acc923f7cc813af4014be21be548ca27107effe4d2598544f090fd5
bb3195c6016d05f1b42c4e42893ff2ff46ebb4870ac19a6f2d1b840d3befb3a8
c6d11c5ac231c92836b39d72d334a52bbad4f79b4d9df4473378a70e7be78850
cf34e1b87bbfd9d9b185dec994924a496e279d8dc9387ad8d35bc0110134c4d3
d84bac3710c2842dc8d5d5ae6e324007443cbd8ae26b909dd89bc2bdc31c8561
dcb5e540e62fc85857254a1066afb6a7e8999279c6d4c583eef855d39f9289c0
de0ebd608d6bff01ae92ba8bc0bdf0efe80aa1252023f6c10d81eb3927ae4693
e38ccf96deb41ef93f4d9c1941ec9eb8e746fbe94b9166ad5096fc2353b1d0f5
ef41ebb9584f6f61d741a92d4125bec886c7e4abbd3f51da3c7e3b0dd04b29ef
f32d41f2099a0be20e6b57c5e0d1b71c079d3e1345827b0f5c5b97c6e5e3f78d

danamodio.com Open in urlscan Pro 50.63.220.1 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

28 Requests

7 %HTTPS

33 %IPv6

3 Domains

4 Subdomains

3 IPs

2 Countries

454 kBTransfer

645 kBSize

0 Cookies

23 Outgoing links

Page URL History

Redirected requests

28 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

danamodio.com Open in urlscan Pro
50.63.220.1 Public Scan

Screenshot
Live screenshot

Full Image

28
Requests

7 %
HTTPS

33 %
IPv6

3
Domains

4
Subdomains

3
IPs

2
Countries

454 kB
Transfer

645 kB
Size

0
Cookies

28 HTTP transactions
0 data transactions