onapsis.com Open in urlscan Pro
2606:4700::6811:efbc Public Scan

Go To Rescan
Add Verdict Report

URL:
https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/
Submission: On July 31 via api (July 31st 2025, 11:20:42 am UTC) from US — Scanned from US

Summary HTTP 93 Redirects Links 48 Behaviour Indicators

Summary

This website contacted 31 IPs in 3 countries across 21 domains to perform 93 HTTP transactions. The main IP is 2606:4700::6811:efbc, located in and belongs to CLOUDFLARENET, US. The main domain is onapsis.com. The Cisco Umbrella rank of the primary domain is 911841.
TLS certificate: Issued by WE1 on July 27th 2025. Valid for: 3 months.

This is the only time onapsis.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
21	2606:4700::68... 2606:4700::6811:efbc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2600:141b:1c0... 2600:141b:1c00:16::17c4:309	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
2	52.146.86.174 52.146.86.174	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2607:f8b0:400... 2607:f8b0:4006:824::2001	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:821::200a	15169 (GOOGLE) (GOOGLE)
4	2607:f8b0:400... 2607:f8b0:4006:81d::2008	15169 (GOOGLE) (GOOGLE)
1	2600:141b:1c0... 2600:141b:1c00:258b::f09	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
1	142.250.80.67 142.250.80.67	15169 (GOOGLE) (GOOGLE)
4	142.251.40.132 142.251.40.132	15169 (GOOGLE) (GOOGLE)
1	2600:141b:1c0... 2600:141b:1c00:6::17df:d105	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
5	104.19.148.8 104.19.148.8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.18.16.5 104.18.16.5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:97f0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 3	2620:1ec:50::12 2620:1ec:50::12	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	172.64.146.215 172.64.146.215	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	150.171.22.12 150.171.22.12	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	142.250.80.66 142.250.80.66	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:822::2002	15169 (GOOGLE) (GOOGLE)
2	3.220.20.113 3.220.20.113	14618 (AMAZON-AES) (AMAZON-AES)
1 2	2607:f8b0:400... 2607:f8b0:4006:816::200e	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c17::9d	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:38::178	15169 (GOOGLE) (GOOGLE)
1	150.171.22.14 150.171.22.14	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
14	104.18.17.5 104.18.17.5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:141b:1c0... 2600:141b:1c00:2588::f09	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
3	34.237.219.119 34.237.219.119	14618 (AMAZON-AES) (AMAZON-AES)
3	104.18.37.212 104.18.37.212	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	104.16.118.43 104.16.118.43	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:4f49	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	54.158.196.145 54.158.196.145	14618 (AMAZON-AES) (AMAZON-AES)
1	34.120.195.249 34.120.195.249	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	54.231.204.114 54.231.204.114	16509 (AMAZON-02) (AMAZON-02)
93	31

21 2606:4700::6811:efbc (None, )

ASN13335 (CLOUDFLARENET, US)

onapsis.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 2600:141b:1c00:16::17c4:309 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)

consent.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 52.146.86.174 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.acuteinspiration-inventive.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 2607:f8b0:4006:824::2001 (Council Bluffs, United States)

ASN15169 (GOOGLE, US)

lh7-rt.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 2607:f8b0:4006:821::200a (Council Bluffs, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

4 2607:f8b0:4006:81d::2008 (Council Bluffs, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 2600:141b:1c00:258b::f09 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)

consentcdn.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 142.250.80.67 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s35-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

4 142.251.40.132 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s80-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 2600:141b:1c00:6::17df:d105 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

5 104.19.148.8 (Ascension Island)

ASN13335 (CLOUDFLARENET, US)

script.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 104.18.16.5 (Ascension Island)

ASN13335 (CLOUDFLARENET, US)

js.qualified.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
app.qualified.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 2606:4700::6810:97f0 (None, )

ASN13335 (CLOUDFLARENET, US)

scout-cdn.salesloft.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 2620:1ec:50::12 (United States) 3 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 172.64.146.215 (Ascension Island) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 150.171.22.12 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 142.250.80.66 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s35-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 2607:f8b0:4006:822::2002 (Council Bluffs, United States)

ASN15169 (GOOGLE, US)

td.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 3.220.20.113 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-220-20-113.compute-1.amazonaws.com

scout.salesloft.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 2607:f8b0:4006:816::200e (Council Bluffs, United States) 1 redirects

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 2607:f8b0:4004:c17::9d (Washington, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 2001:4860:4802:38::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 150.171.22.14 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

14 104.18.17.5 (Ascension Island)

ASN13335 (CLOUDFLARENET, US)

app.qualified.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
assets.qualified.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 2600:141b:1c00:2588::f09 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)

imgsct.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 34.237.219.119 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-237-219-119.compute-1.amazonaws.com

go.onapsis.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 104.18.37.212 (Ascension Island)

ASN13335 (CLOUDFLARENET, US)

js.zi-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

5 104.16.118.43 (Ascension Island)

ASN13335 (CLOUDFLARENET, US)

ws-assets.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 2606:4700::6810:4f49 (None, )

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 54.158.196.145 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-158-196-145.compute-1.amazonaws.com

pi.pardot.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 34.120.195.249 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 249.195.120.34.bc.googleusercontent.com

o209747.ingest.us.sentry.io	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 54.231.204.114 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-us-east-1-r-w.amazonaws.com

qualified-production.s3.us-east-1.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

	Apex Domain Subdomains	Transfer
24	onapsis.com onapsis.com — Cisco Umbrella Rank: 911841 go.onapsis.com	896 KB
16	qualified.com js.qualified.com — Cisco Umbrella Rank: 16189 app.qualified.com — Cisco Umbrella Rank: 14964 assets.qualified.com — Cisco Umbrella Rank: 18526	1 MB
8	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 334 www.linkedin.com — Cisco Umbrella Rank: 588 px4.ads.linkedin.com — Cisco Umbrella Rank: 6374	3 KB
6	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 5 analytics.google.com — Cisco Umbrella Rank: 172	415 B
5	zoominfo.com ws-assets.zoominfo.com — Cisco Umbrella Rank: 12792 ws.zoominfo.com — Cisco Umbrella Rank: 3705	17 KB
5	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 65 td.doubleclick.net — Cisco Umbrella Rank: 305 stats.g.doubleclick.net — Cisco Umbrella Rank: 195	7 KB
5	crazyegg.com script.crazyegg.com — Cisco Umbrella Rank: 2605	90 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 67	423 KB
4	cookiebot.com consent.cookiebot.com — Cisco Umbrella Rank: 4511 consentcdn.cookiebot.com — Cisco Umbrella Rank: 4930 imgsct.cookiebot.com — Cisco Umbrella Rank: 5387	136 KB
3	amazonaws.com qualified-production.s3.us-east-1.amazonaws.com — Cisco Umbrella Rank: 22867	10 KB
3	zi-scripts.com js.zi-scripts.com — Cisco Umbrella Rank: 4726	4 KB
3	salesloft.com scout-cdn.salesloft.com — Cisco Umbrella Rank: 12988 scout.salesloft.com — Cisco Umbrella Rank: 16673	4 KB
2	acuteinspiration-inventive.com www.acuteinspiration-inventive.com — Cisco Umbrella Rank: 505767	1 KB
1	sentry.io o209747.ingest.us.sentry.io — Cisco Umbrella Rank: 17937	300 B
1	pardot.com pi.pardot.com — Cisco Umbrella Rank: 6821	1 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 630	7 KB
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 82
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 853	15 KB
1	gstatic.com fonts.gstatic.com	38 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 73	803 B
1	googleusercontent.com lh7-rt.googleusercontent.com — Cisco Umbrella Rank: 2006	43 KB
93	21

	Domain	Requested by
21	onapsis.com	onapsis.com
8	assets.qualified.com	app.qualified.com assets.qualified.com
7	app.qualified.com	js.qualified.com assets.qualified.com
6	px.ads.linkedin.com	3 redirects onapsis.com snap.licdn.com
5	script.crazyegg.com	www.googletagmanager.com script.crazyegg.com
4	ws.zoominfo.com	js.zi-scripts.com ws-assets.zoominfo.com
4	www.google.com	www.googletagmanager.com onapsis.com
4	www.googletagmanager.com	onapsis.com www.googletagmanager.com
3	qualified-production.s3.us-east-1.amazonaws.com
3	js.zi-scripts.com	onapsis.com js.zi-scripts.com
3	go.onapsis.com	onapsis.com js.qualified.com go.onapsis.com
2	analytics.google.com	1 redirects www.googletagmanager.com
2	scout.salesloft.com	scout-cdn.salesloft.com
2	td.doubleclick.net	www.googletagmanager.com
2	googleads.g.doubleclick.net	www.googletagmanager.com
2	www.acuteinspiration-inventive.com	onapsis.com www.acuteinspiration-inventive.com
2	consent.cookiebot.com	onapsis.com consent.cookiebot.com
1	o209747.ingest.us.sentry.io	assets.qualified.com
1	pi.pardot.com	go.onapsis.com
1	static.cloudflareinsights.com	app.qualified.com
1	ws-assets.zoominfo.com	js.zi-scripts.com
1	imgsct.cookiebot.com
1	px4.ads.linkedin.com	onapsis.com
1	www.google-analytics.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	www.linkedin.com	1 redirects
1	scout-cdn.salesloft.com	onapsis.com
1	js.qualified.com	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	fonts.gstatic.com	fonts.googleapis.com
1	consentcdn.cookiebot.com	consent.cookiebot.com
1	fonts.googleapis.com	onapsis.com
1	lh7-rt.googleusercontent.com	onapsis.com
93	33

This site contains links to these domains. Also see Links.

Domain
www.cookiebot.com
www.crazyegg.com
business.safety.google
www.linkedin.com
www.salesforce.com
salesloft.com
foundation.wikimedia.org
onapsis.my.site.com
partners.onapsis.com
twitter.com
www.facebook.com
me.sap.com
nvd.nist.gov
reliaquest.com
www.cisa.gov
www.cve.org
www.rapid7.com
ccb.belgium.be
www.forescout.com
op-c.net
www.cyber.gc.ca
attack.mitre.org
labs.withsecure.com
unit42.paloaltonetworks.com
blog.eclecticiq.com
www.trendmicro.com
redcanary.com
app.crowdsec.net
www.sec.gov
www.mandiant.com
community.onapsis.com
github.com
www.twitter.com
www.youtube.com

Subject Issuer	Validity	Valid
onapsis.com WE1	`2025-07-27` - `2025-10-25`	3 months	crt.sh
consent.cookiebot.com DigiCert TLS RSA SHA256 2020 CA1	`2024-12-30` - `2026-01-07`	a year	crt.sh
secure.norm0care.com Sectigo Public Server Authentication CA DV R36	`2025-07-30` - `2026-08-29`	a year	crt.sh
*.googleusercontent.com WR2	`2025-07-07` - `2025-09-29`	3 months	crt.sh
upload.video.google.com WR2	`2025-07-07` - `2025-09-29`	3 months	crt.sh
*.google-analytics.com WR2	`2025-07-07` - `2025-09-29`	3 months	crt.sh
*.cookiebot.com DigiCert TLS RSA SHA256 2020 CA1	`2024-12-29` - `2026-01-07`	a year	crt.sh
*.gstatic.com WR2	`2025-07-07` - `2025-09-29`	3 months	crt.sh
*.google.com WR2	`2025-07-07` - `2025-09-29`	3 months	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2024-12-13` - `2025-12-12`	a year	crt.sh
script.crazyegg.com WE1	`2025-07-21` - `2025-10-19`	3 months	crt.sh
qualified.com WE1	`2025-06-26` - `2025-09-24`	3 months	crt.sh
salesloft.com Sectigo RSA Domain Validation Secure Server CA	`2025-03-28` - `2026-04-27`	a year	crt.sh
*.g.doubleclick.net WR2	`2025-07-07` - `2025-09-29`	3 months	crt.sh
*.doubleclick.net WR2	`2025-07-07` - `2025-09-29`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2025-03-16` - `2025-09-16`	6 months	crt.sh
go.onapsis.com R10	`2025-07-14` - `2025-10-12`	3 months	crt.sh
zi-scripts.com WE1	`2025-07-14` - `2025-10-12`	3 months	crt.sh
zoominfo.com E6	`2025-07-06` - `2025-10-04`	3 months	crt.sh
cloudflareinsights.com WE1	`2025-06-25` - `2025-09-23`	3 months	crt.sh
pi.pardot.com Amazon RSA 2048 M03	`2025-02-12` - `2026-03-13`	a year	crt.sh
ingest.sentry.io DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2025-07-24` - `2026-08-24`	a year	crt.sh
s3.amazonaws.com Amazon RSA 2048 M01	`2025-07-20` - `2026-06-25`	a year	crt.sh

This page contains 6 frames:

Primary Page: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/
Frame ID: 3B77E32391CC94A208D5D974664C8E0A
Requests: 70 HTTP requests in this frame

Frame: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Frame ID: 25FAA7EB3100A4C11476B8D52A1FC4B9
Requests: 1 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/57f0/sw_iframe.html?origin=https%3A%2F%2Fonapsis.com
Frame ID: 3A2DA1C2B8EC86D65B1DAD24938C51E3
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/752136785?random=1753960846029&cv=11&fst=1753960846029&fmt=3&bg=ffffff&guid=ON&async=1&en=gtag.config&gtm=45be57t1v9168840409z8811990233za200zb811990233zd811990233&gcd=13t3t3t3t5l1&dma=0&tag_exp=101509157~103116026~103200004~103233427~104527907~104684208~104684211~104934122~104934124~104948813~105103161~105103163~105124543~105124545&u_w=1600&u_h=1200&url=https%3A%2F%2Fonapsis.com%2Fblog%2Factive-exploitation-of-sap-vulnerability-cve-2025-31324%2F&hn=www.googleadservices.com&frm=0&tiba=CVE-2025-31324%20SAP%20Zero-Day%20Vulnerability%20%7C%20Full%20Threat%20Brief&did=dMWZhNz&gdid=dMWZhNz&npa=0&us_privacy=1YNY&pscdl=noapi&auid=577482889.1753960846&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Frame ID: A454283753D1AA0DD382717125507511
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/752136785?random=1753960846112&cv=11&fst=1753960846112&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be57t1v9168840409z8811990233za200zb811990233zd811990233&gcd=13t3t3t3t5l1&dma=0&tag_exp=101509157~103116026~103200004~103233427~104527907~104684208~104684211~104934122~104934124~104948813~105103161~105103163~105124543~105124545&u_w=1600&u_h=1200&url=https%3A%2F%2Fonapsis.com%2Fblog%2Factive-exploitation-of-sap-vulnerability-cve-2025-31324%2F&hn=www.googleadservices.com&frm=0&tiba=CVE-2025-31324%20SAP%20Zero-Day%20Vulnerability%20%7C%20Full%20Threat%20Brief&did=dMWZhNz&gdid=dMWZhNz&npa=0&us_privacy=1YNY&pscdl=noapi&auid=577482889.1753960846&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&_tu=Cg
Frame ID: E70EF8C71226C97E07EFD875500DD8AA
Requests: 1 HTTP requests in this frame

Frame: https://app.qualified.com/w/1/oZz3gLc8CHEqcgPU/messenger?uuid=79ad82d2-8bc6-42f4-baf3-beb95c29387d
Frame ID: 73D57719B176192007901A1031C3C954
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

CVE-2025-31324 SAP Zero-Day Vulnerability | Full Threat Brief

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Cookiebot (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

consent\.cookiebot\.com

Crazy Egg (Analytics) Expand

Overall confidence: 100%
Detected patterns

script\.crazyegg\.com/pages/scripts/\d+/\d+\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Page Statistics

93
Requests

95 %
HTTPS

47 %
IPv6

21
Domains

33
Subdomains

31
IPs

3
Countries

3111 kB
Transfer

7787 kB
Size

26
Cookies

48 Outgoing links

These are links going to different origins than the main page.

URL: https://www.cookiebot.com/en/what-is-behind-powered-by-cookiebot/

Search URL Search Domain Scan URL

URL: https://www.crazyegg.com/privacy
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://business.safety.google/privacy/
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/legal/privacy-policy
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.salesforce.com/company/privacy/
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://salesloft.com/privacy-policies/
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://foundation.wikimedia.org/wiki/Privacy_policy
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.cookiebot.com/
Title: Cookiebot

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/build-relation/newsletter-follow?entityUrn=7052366453508870144
Title: subscribe to our newsletter

Search URL Search Domain Scan URL

URL: https://onapsis.my.site.com/
Title: Customer Portal

Search URL Search Domain Scan URL

URL: https://partners.onapsis.com/
Title: Partner Portal

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/post?original_referer=https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/&ref_src=twsrc%5Etfw%7Ctwcamp%5Ebuttonembed%7Ctwterm%5Eshare%7Ctwgr%5E&url=https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Search URL Search Domain Scan URL

URL: https://me.sap.com/notes/3604119
Title: Security Note 3604119

Search URL Search Domain Scan URL

URL: https://nvd.nist.gov/vuln/detail/CVE-2025-42999
Title: CVE-2025-42999

Search URL Search Domain Scan URL

URL: https://nvd.nist.gov/vuln/detail/CVE-2025-31324
Title: CVE-2025-31324

Search URL Search Domain Scan URL

URL: https://reliaquest.com/blog/threat-spotlight-reliaquest-uncovers-vulnerability-behind-sap-netweaver-compromise/
Title: ReliaQuest

Search URL Search Domain Scan URL

URL: https://me.sap.com/notes/3594142
Title: SAP rapidly released an emergency patch

Search URL Search Domain Scan URL

URL: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Title: Known Exploited Vulnerabilities Catalog

Search URL Search Domain Scan URL

URL: https://www.cve.org/CVERecord?id=CVE-2025-42999
Title: CVE-2025-42999

Search URL Search Domain Scan URL

URL: https://www.rapid7.com/blog/post/2025/04/28/etr-active-exploitation-of-sap-netweaver-visual-composer-cve-2025-31324/
Title: Rapid7 noted

Search URL Search Domain Scan URL

URL: https://ccb.belgium.be/advisories/warning-critical-actively-exploited-improper-authorization-vulnerability-sap-netweaver
Title: issued an alert

Search URL Search Domain Scan URL

URL: https://me.sap.com/notes/3593336
Title: SAP Note #3593336

Search URL Search Domain Scan URL

URL: https://www.forescout.com/blog/threat-analysis-sap-vulnerability-exploited-in-the-wild-by-chinese-threat-actor/
Title: here

Search URL Search Domain Scan URL

URL: https://op-c.net/blog/sap-cve-2025-31324-qilin-breach/
Title: OP Innovate posted details

Search URL Search Domain Scan URL

URL: https://www.cyber.gc.ca/en/alerts-advisories/vulnerabilities-impacting-sap-netweaver-cve-2025-31324-cve-2025-42999
Title: Canadian Centre for Cyber Security issued a critical alert

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/
Title: MITRE ATT&CK Framework

Search URL Search Domain Scan URL

URL: https://reliaquest.com/blog/threat-spotlight-reliaquest-uncovers-vulnerability-behind-sap-netweaver-compromise/#iocs
Title: ReliaQuest blogpost

Search URL Search Domain Scan URL

URL: https://labs.withsecure.com/publications/netweaver-cve-2025-31324
Title: WithSecure Labs also noted

Search URL Search Domain Scan URL

URL: https://unit42.paloaltonetworks.com/threat-brief-sap-netweaver-cve-2025-31324/
Title: results from their investigation

Search URL Search Domain Scan URL

URL: https://blog.eclecticiq.com/china-nexus-nation-state-actors-exploit-sap-netweaver-cve-2025-31324-to-target-critical-infrastructures
Title: published a blogpost

Search URL Search Domain Scan URL

URL: https://www.trendmicro.com/en_us/research/25/e/earth-lamia.html
Title: posted an article

Search URL Search Domain Scan URL

URL: https://redcanary.com/blog/threat-intelligence/cve-2025-31324/
Title: Red Canary

Search URL Search Domain Scan URL

URL: https://app.crowdsec.net/cti?q=cves%3A%22CVE-2025-31324%22&page=1
Title: here

Search URL Search Domain Scan URL

URL: https://www.sec.gov/newsroom/press-releases/2023-139
Title: SEC Rules on Cybersecurity

Search URL Search Domain Scan URL

URL: https://me.sap.com/notes/3593336/E
Title: SAP KB #3593336

Search URL Search Domain Scan URL

URL: https://me.sap.com/notes/3596125/E
Title: SAP Note #3596125

Search URL Search Domain Scan URL

URL: https://me.sap.com/notes/3604119/E
Title: SAP Security Note #3604119

Search URL Search Domain Scan URL

URL: https://www.mandiant.com/
Title: Mandiant

Search URL Search Domain Scan URL

URL: https://community.onapsis.com/
Title: Onapsis SAP Defenders Community

Search URL Search Domain Scan URL

URL: https://github.com/Onapsis/Onapsis-Mandiant-CVE-2025-31324-Vuln-Compromise-Assessment
Title: Github repository here

Search URL Search Domain Scan URL

URL: https://github.com/Onapsis/Onapsis_CVE-2025-31324_Scanner_Tools
Title: Github repository here

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/juan-perez-etchegoyen-a062505/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/onapsis
Title: Linkedin

Search URL Search Domain Scan URL

URL: https://www.twitter.com/onapsis
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UC47u2IzZi9anPND_lVimX1Q
Title: Youtube

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Onapsis
Title: Facebook

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 35

https://px.ads.linkedin.com/collect/?pid=503045572&conversionId=4600969&fmt=gif&cb=1753960845653 HTTP 302
https://px.ads.linkedin.com/collect/?pid=503045572&conversionId=4600969&fmt=gif&cb=1753960845653&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%2F%3Fpid%3D503045572%26conversionId%3D4600969%26fmt%3Dgif%26cb%3D1753960845653%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect/?pid=503045572&conversionId=4600969&fmt=gif&cb=1753960845653&cookiesTest=true&liSync=true

Request Chain 49

https://analytics.google.com/g/collect?v=2&tid=G-2HEPRR6DH5&gtm=45je57t1v876365165za200zb811990233zd811990233&_p=1753960843814&gcs=G111&gcd=13t3t3t3t5l1&npa=0&dma=0&tag_exp=101509157~103116026~103200004~103233427~104527907~104684208~104684211~104934122~104934124~104948813~105103161~105103163~105124543~105124545&gdid=dMWZhNz&cid=1591284471.1753960846&ecid=1027911399&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&ec_mode=a&_prs=ok&_eu=AAgAAAQ&_s=2&sid=1753960846&sct=1&seg=0&dl=https%3A%2F%2Fonapsis.com%2Fblog%2Factive-exploitation-of-sap-vulnerability-cve-2025-31324%2F&dt=CVE-2025-31324%20SAP%20Zero-Day%20Vulnerability%20%7C%20Full%20Threat%20Brief&en=ads_conversion_Page_view_Page_load_ona_1&_c=1&_et=52&tfd=4118 HTTP 302
https://www.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=1591284471.1753960846&dbk=17435418530507907489&dma=0&en=ads_conversion_Page_view_Page_load_ona_1&gcs=G111&gtm=45je57t1v876365165za200zb811990233zd811990233&npa=0&tid=G-2HEPRR6DH5&dl=https%3A%2F%2Fonapsis.com%3F

Request Chain 52

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=233121&time=1753960846319&li_adsId=fd0c5a62-92a4-4646-b95a-1f40f072c884&url=https%3A%2F%2Fonapsis.com%2Fblog%2Factive-exploitation-of-sap-vulnerability-cve-2025-31324%2F HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=233121&time=1753960846319&li_adsId=fd0c5a62-92a4-4646-b95a-1f40f072c884&url=https%3A%2F%2Fonapsis.com%2Fblog%2Factive-exploitation-of-sap-vulnerability-cve-2025-31324%2F&e_ipv6=AQJXPtmEHemP-AAAAZhgNpRCG-VdW3DJqZ4lj-wIby8oRP40SMYgyywgmfsoA3ySp7jphg

93 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/ 202 KB
42 KB 1592ms
1438ms Document
text/html 2606:4700::6811:efbc
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:efbc -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a53ea5888ba2b443e175b7b3f2970b4dbb758b2704b2abf5c9cdb33b34365630

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36

Response headers

age: 0
cache-control: public, max-age=600
cf-cache-status: DYNAMIC
cf-ray: 967cb540cfe008e6-LAX
content-encoding: gzip
content-security-policy: upgrade-insecure-requests; frame-ancestors 'self'
content-type: text/html; charset=UTF-8
date: Thu, 31 Jul 2025 11:20:43 GMT
link: <https://onapsis.com/?p=19932>; rel=shortlink
permissions-policy: geolocation=(self), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
referrer-policy: no-referrer-when-downgrade
server: cloudflare
strict-transport-security: max-age=31536000
vary: Accept-Encoding, Cookie, Cookie
via: 1.1 varnish, 1.1 varnish
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-pantheon-styx-hostname: styx-fe4-b-77f5cb5475-hbg7m
x-served-by: cache-chi-klot8100046-CHI, cache-lax-kwhp1940122-LAX
x-styx-req-id: 65229c37-6e00-11f0-879d-66a4728ddf04
x-timer: S1753960842.395551,VS0,VE1332

GET
H2 200 uc.js Show response
consent.cookiebot.com/ 111 KB
34 KB 424ms
148ms Script
application/javascript 2600:141b:1c00:16::17c4:309
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to

Full URL: https://consent.cookiebot.com/uc.js
Requested by: Host: onapsis.com
URL: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:16::17c4:309 Secaucus, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software: /
Resource Hash: a82b6b3cfe141c010b3705ee57e77cfef0983d9c2153419591b527d69f23fab4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

access-control-expose-headers: Request-Context
cache-control: public, max-age=396
content-encoding: gzip
etag: "cd38755ef7db1:0"
cross-origin-resource-policy: cross-origin
request-context: appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
expires: Thu, 31 Jul 2025 11:27:20 GMT
accept-ranges: bytes
content-length: 34776
date: Thu, 31 Jul 2025 11:20:44 GMT
content-type: application/javascript
last-modified: Thu, 17 Jul 2025 11:31:27 GMT
vary: Accept-Encoding

GET
H/1.1 200
OK 804978.js Show response
www.acuteinspiration-inventive.com/js/ 2 KB
1 KB 758ms
132ms Script
text/javascript 52.146.86.174
MICROSOFT-CORP-MS...

General

Check archive.org

Download Go to

Full URL: https://www.acuteinspiration-inventive.com/js/804978.js
Requested by: Host: onapsis.com
URL: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.146.86.174 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: abf82bede9ba04c3b13630e2ea8392922254e44eb29300d21279c7a79bab3716

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

Transfer-Encoding: chunked
Cache-Control: public, max-age=86400
Content-Encoding: br
Connection: keep-alive
Request-Context: appId=cid-v1:bc2713c3-85d3-454a-adab-7b0fd01bd9ed
Date: Thu, 31 Jul 2025 11:20:44 GMT
Content-Type: text/javascript
Vary: Accept-Encoding

GET
H2 200 style.min.css
onapsis.com/wp-includes/css/dist/block-library/ 112 KB
19 KB 176ms
173ms Stylesheet
text/css 2606:4700::6811:efbc
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://onapsis.com/wp-includes/css/dist/block-library/style.min.css?ver=6.7.2

Requested by

Host: onapsis.com
URL: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:efbc -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3bb38d0f302677ff4104564454f60f495133579d6e6dfb722b3de850df596502

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

x-pantheon-styx-hostname: styx-fe4-a-889c95989-6jm2c
content-encoding: gzip
cf-cache-status: HIT
etag: W/"685b0ecc-1c012"
age: 1896012
expires: Sat, 01 Aug 2026 11:20:43 GMT
x-cache: HIT, MISS
date: Thu, 31 Jul 2025 11:20:43 GMT
content-type: text/css
last-modified: Tue, 24 Jun 2025 20:47:08 GMT
x-served-by: cache-chi-klot8100071-CHI, cache-pao-kpao1770080-PAO
x-cache-hits: 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=31536000
cache-control: public, max-age=31622400
x-timer: S1751572634.323333,VS0,VE63
x-styx-req-id: e75526cf-5254-11f0-a44e-4a98c960d331
via: 1.1 varnish, 1.1 varnish
cf-ray: 967cb549e8dc08e6-LAX
accept-ranges: bytes
content-length: 19532
server: cloudflare

GET
H2 200 body.css
onapsis.com/wp-content/themes/punch/assets/css/ 6 KB
2 KB 104ms
101ms Stylesheet
text/css 2606:4700::6811:efbc
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://onapsis.com/wp-content/themes/punch/assets/css/body.css?ver=1.0.94

Requested by

Host: onapsis.com
URL: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:efbc -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

585855ece0f56ae59cf584f5068fc0b2f0742d9e55d6b1ef79b6e54916afbe5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

x-pantheon-styx-hostname: styx-fe4-b-96c86c7bc-8vclt
content-encoding: gzip
cf-cache-status: HIT
etag: W/"686baf01-160c"
age: 1572769
expires: Sat, 01 Aug 2026 11:20:43 GMT
x-cache: HIT, HIT
date: Thu, 31 Jul 2025 11:20:43 GMT
content-type: text/css
last-modified: Mon, 07 Jul 2025 11:26:57 GMT
x-served-by: cache-chi-kigq8000155-CHI, cache-pao-kpao1770078-PAO
x-cache-hits: 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=31536000
cache-control: public, max-age=31622400
x-timer: S1752318523.241418,VS0,VE3
x-styx-req-id: 43a3a673-5b9f-11f0-a458-867a79e558eb
via: 1.1 varnish, 1.1 varnish
cf-ray: 967cb549e8e008e6-LAX
accept-ranges: bytes
content-length: 1372
server: cloudflare

GET
H2 200 style.css
onapsis.com/wp-content/themes/onapsis/ 6 KB
2 KB 103ms
100ms Stylesheet
text/css 2606:4700::6811:efbc
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://onapsis.com/wp-content/themes/onapsis/style.css?ver=1.268

Requested by

Host: onapsis.com
URL: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:efbc -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

13190d1d9f702a388dabcaf2763b023467d6b764f8d9db747e9503b023424bd8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

x-pantheon-styx-hostname: styx-fe4-b-96c86c7bc-h7rcq
content-encoding: gzip
cf-cache-status: HIT
etag: W/"685ad539-179c"
age: 169520
expires: Sat, 01 Aug 2026 11:20:43 GMT
x-cache: HIT, HIT
date: Thu, 31 Jul 2025 11:20:43 GMT
content-type: text/css
last-modified: Tue, 24 Jun 2025 16:41:29 GMT
x-served-by: cache-chi-kigq8000095-CHI, cache-dfw-kdfw8210115-DFW
x-cache-hits: 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=31536000
cache-control: public, max-age=31622400
x-timer: S1752151185.465279,VS0,VE3
x-styx-req-id: a535598d-51eb-11f0-af7e-5a681e28562a
via: 1.1 varnish, 1.1 varnish
cf-ray: 967cb549e8f008e6-LAX
accept-ranges: bytes
content-length: 2039
server: cloudflare

GET
H2 200 single-common.css
onapsis.com/wp-content/themes/onapsis/assets/css/ 19 KB
4 KB 175ms
172ms Stylesheet
text/css 2606:4700::6811:efbc
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://onapsis.com/wp-content/themes/onapsis/assets/css/single-common.css?ver=1.268

Requested by

Host: onapsis.com
URL: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:efbc -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

81b1a0d8dc84df5f772bd7200b0f304daa893d3b3a3997981ac5ec5a62ea3fd5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

x-pantheon-styx-hostname: styx-fe4-b-96c86c7bc-bgqlk
content-encoding: gzip
cf-cache-status: HIT
etag: W/"6866a14d-4a20"
age: 1619677
expires: Sat, 01 Aug 2026 11:20:43 GMT
x-cache: HIT, MISS
date: Thu, 31 Jul 2025 11:20:43 GMT
content-type: text/css
last-modified: Thu, 03 Jul 2025 15:27:09 GMT
x-served-by: cache-chi-klot8100099-CHI, cache-lax-kwhp1940064-LAX
x-cache-hits: 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=31536000
cache-control: public, max-age=31622400
x-timer: S1752341166.042614,VS0,VE59
x-styx-req-id: 2ca0eb7d-584b-11f0-b747-eed65d452c68
via: 1.1 varnish, 1.1 varnish
cf-ray: 967cb549e8f308e6-LAX
accept-ranges: bytes
content-length: 3985
server: cloudflare

GET
H2 200 gutenberg.css
onapsis.com/wp-content/themes/onapsis/assets/css/ 303 B
551 B 174ms
171ms Stylesheet
text/css 2606:4700::6811:efbc
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://onapsis.com/wp-content/themes/onapsis/assets/css/gutenberg.css?ver=1.268

Requested by

Host: onapsis.com
URL: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:efbc -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b75fe1a2f147e9db3d45f687dd4b0a18266d0b2baff630871d646f95963b6e9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

x-pantheon-styx-hostname: styx-fe4-b-79d9f55b98-smbhv
content-encoding: gzip
cf-cache-status: HIT
etag: W/"680f3d70-12f"
age: 1546669
expires: Sat, 01 Aug 2026 11:20:43 GMT
x-cache: MISS, MISS
date: Thu, 31 Jul 2025 11:20:43 GMT
content-type: text/css
last-modified: Mon, 28 Apr 2025 08:33:52 GMT
x-served-by: cache-chi-klot8100134-CHI, cache-dfw-kdfw8210021-DFW
x-cache-hits: 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=31536000
cache-control: public, max-age=31622400
x-timer: S1745943379.042606,VS0,VE45
x-styx-req-id: 48940433-2515-11f0-8b42-b6574fc7474e
via: 1.1 varnish, 1.1 varnish
cf-ray: 967cb549e8f608e6-LAX
accept-ranges: bytes
content-length: 227
server: cloudflare

GET
H2 200 gutenberg.css
onapsis.com/wp-content/themes/punch/assets/css/ 11 KB
2 KB 111ms
108ms Stylesheet
text/css 2606:4700::6811:efbc
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://onapsis.com/wp-content/themes/punch/assets/css/gutenberg.css?ver=1.0.94

Requested by

Host: onapsis.com
URL: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:efbc -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6de47615a27b52925a632e49d688c19a4222eb47292b46e6e779f314c7cde8f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

x-pantheon-styx-hostname: styx-fe4-b-96c86c7bc-pnrcx
content-encoding: gzip
cf-cache-status: HIT
etag: W/"6877cfac-2c2a"
age: 151298
expires: Sat, 01 Aug 2026 11:20:43 GMT
x-cache: MISS, HIT
date: Thu, 31 Jul 2025 11:20:43 GMT
content-type: text/css
last-modified: Wed, 16 Jul 2025 16:13:32 GMT
x-served-by: cache-chi-kigq8000085-CHI, cache-pao-kpao1770021-PAO
x-cache-hits: 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=31536000
cache-control: public, max-age=31622400
x-timer: S1752830560.057212,VS0,VE6
x-styx-req-id: 0d587aa2-6397-11f0-96e7-5ea6705a7ee5
via: 1.1 varnish, 1.1 varnish
cf-ray: 967cb549e8fb08e6-LAX
accept-ranges: bytes
content-length: 1495
server: cloudflare

GET
H2 200 avia-merged-styles-08f4aa14b65f4aba59a51919b43153c9---6716b5e210370.css
onapsis.com/wp-content/uploads/dynamic_avia/ 122 KB
26 KB 104ms
102ms Stylesheet
text/css 2606:4700::6811:efbc
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://onapsis.com/wp-content/uploads/dynamic_avia/avia-merged-styles-08f4aa14b65f4aba59a51919b43153c9---6716b5e210370.css

Requested by

Host: onapsis.com
URL: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:efbc -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

04b80017bd0ae04f5954416339c1ea2f779f5cc1bfbd830a7543bd6c441155a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

x-pantheon-styx-hostname: styx-fe4-a-889c95989-v4hcb
content-encoding: gzip
cf-cache-status: HIT
etag: W/"680a86a7-1e896"
age: 1459199
expires: Sat, 01 Aug 2026 11:20:43 GMT
x-cache: HIT, HIT
date: Thu, 31 Jul 2025 11:20:43 GMT
content-type: text/css
last-modified: Thu, 24 Apr 2025 18:44:55 GMT
x-served-by: cache-chi-kigq8000140-CHI, cache-sjc10025-SJC
x-cache-hits: 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=31536000
cache-control: public, max-age=31622400
x-timer: S1751985059.863422,VS0,VE3
x-styx-req-id: 787d4b67-555b-11f0-acde-b2ab9ecc045d
via: 1.1 varnish, 1.1 varnish
cf-ray: 967cb549e90208e6-LAX
accept-ranges: bytes
content-length: 25946
server: cloudflare

GET
H2 200 Onapsis-Main-Logo-@2x.png
onapsis.com/wp-content/uploads/ 6 KB
6 KB 113ms
111ms Image
image/png 2606:4700::6811:efbc
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL

https://onapsis.com/wp-content/uploads/Onapsis-Main-Logo-@2x.png

Requested by

Host: onapsis.com
URL: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:efbc -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7efc6c869247711fe2ed28022d72bf0bb13d077f50418d4614dd1b28544411cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

x-pantheon-styx-hostname: styx-fe4-b-96c86c7bc-5zvfj
cf-cache-status: HIT
etag: "680a85d7-1678"
age: 1992980
expires: Sat, 01 Aug 2026 11:20:43 GMT
x-cache: HIT, HIT
date: Thu, 31 Jul 2025 11:20:43 GMT
content-type: image/png
last-modified: Thu, 24 Apr 2025 18:41:27 GMT
x-served-by: cache-chi-kigq8000092-CHI, cache-dfw-kdfw8210124-DFW
x-cache-hits: 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=31536000
cache-control: public, max-age=31622400
x-timer: S1751944617.301638,VS0,VE5
x-styx-req-id: a88b32d6-5b0a-11f0-b015-72364700f9de
via: 1.1 varnish, 1.1 varnish
cf-ray: 967cb549e90508e6-LAX
accept-ranges: bytes
content-length: 5752
server: cloudflare

GET
H2 200 Onapsis-Logo-Alternate.png
onapsis.com/wp-content/uploads/ 1 KB
2 KB 175ms
173ms Image
image/png 2606:4700::6811:efbc
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL

https://onapsis.com/wp-content/uploads/Onapsis-Logo-Alternate.png

Requested by

Host: onapsis.com
URL: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:efbc -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6d49a0f01e9d1ebed63562ce564659df1b27a333048c93873472013c200277e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

x-pantheon-styx-hostname: styx-fe4-b-79d9f55b98-wwcs7
cf-cache-status: HIT
etag: "680a85d7-5d7"
age: 1636747
expires: Sat, 01 Aug 2026 11:20:43 GMT
x-cache: HIT, MISS
date: Thu, 31 Jul 2025 11:20:43 GMT
content-type: image/png
last-modified: Thu, 24 Apr 2025 18:41:27 GMT
x-served-by: cache-chi-kigq8000117-CHI, cache-pao-kpao1770053-PAO
x-cache-hits: 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=31536000
cache-control: public, max-age=31622400
x-timer: S1747491968.071633,VS0,VE57
x-styx-req-id: 4079954d-214f-11f0-ae79-c64238d80d34
via: 1.1 varnish, 1.1 varnish
cf-ray: 967cb549e90808e6-LAX
accept-ranges: bytes
content-length: 1495
server: cloudflare

GET
H2 200 ORL.png
onapsis.com/wp-content/uploads/ 198 KB
198 KB 113ms
111ms Image
image/png 2606:4700::6811:efbc
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL

https://onapsis.com/wp-content/uploads/ORL.png

Requested by

Host: onapsis.com
URL: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:efbc -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

89cb89becde7f9c0410781dd59cde80a572bd18212443eb43dc6c8f14b1d0676

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

x-pantheon-styx-hostname: styx-fe4-a-889c95989-5rq9v
cf-cache-status: HIT
etag: "680a85ba-316ab"
age: 1693237
expires: Sat, 01 Aug 2026 11:20:43 GMT
x-cache: HIT, MISS
date: Thu, 31 Jul 2025 11:20:43 GMT
content-type: image/png
last-modified: Thu, 24 Apr 2025 18:40:58 GMT
x-served-by: cache-chi-klot8100141-CHI, cache-dfw-kdfw8210153-DFW
x-cache-hits: 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=31536000
cache-control: public, max-age=31622400
x-timer: S1750155679.975250,VS0,VE26
x-styx-req-id: 9e7ccb90-44d0-11f0-913a-a2f88a9de07c
via: 1.1 varnish, 1.1 varnish
cf-ray: 967cb549e90a08e6-LAX
accept-ranges: bytes
content-length: 202411
server: cloudflare

GET
H2 200 AD_4nXcfKpZtBpzOpod8tF3R0Jl3T2f3puVhmL0PaYvc1sS-dErAFTTG8CpXZCizOGqYQVWnRYAq6DRiA0BWjEwX_ZGQyNIAcnnu46bxd1CqpyeZxl7kYFwFuMxoHlkkvyF7i6kDpE6g
lh7-rt.googleusercontent.com/docsz/ 43 KB
43 KB 874ms
471ms Image
image/png 2607:f8b0:4006:824::2001
GOOGLE

General

Check archive.org

Download Go to Show image

Full URL

https://lh7-rt.googleusercontent.com/docsz/AD_4nXcfKpZtBpzOpod8tF3R0Jl3T2f3puVhmL0PaYvc1sS-dErAFTTG8CpXZCizOGqYQVWnRYAq6DRiA0BWjEwX_ZGQyNIAcnnu46bxd1CqpyeZxl7kYFwFuMxoHlkkvyF7i6kDpE6g?key=7SjuWSQoecRciVu8XFsW0ld2

Requested by

Host: onapsis.com
URL: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2001 Council Bluffs, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

783ad500474e1fef5574b1770da364112c896842e0d219dbd416862e0c9ba30c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

access-control-expose-headers: Content-Length
cache-control: private, max-age=86400, no-transform
etag: "v0"
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43829
date: Thu, 31 Jul 2025 11:20:44 GMT
x-xss-protection: 0
content-type: image/png
vary: Origin
server: fife
content-disposition: inline;filename="unnamed.png"

GET
H2 200 email-decode.min.js Show response
onapsis.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
884 B 73ms
72ms Script
application/javascript 2606:4700::6811:efbc
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://onapsis.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: onapsis.com
URL: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:efbc -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=172800, public
content-encoding: gzip
etag: W/"6883a704-4d7"
x-content-type-options: nosniff
cf-ray: 967cb54b6a4108e6-LAX
expires: Sat, 02 Aug 2025 11:20:44 GMT
date: Thu, 31 Jul 2025 11:20:44 GMT
content-type: application/javascript
last-modified: Fri, 25 Jul 2025 15:47:16 GMT
vary: Accept-Encoding
server: cloudflare
x-frame-options: DENY

GET
H2 200 js.cookie.min.js Show response
onapsis.com/wp-content/themes/onapsis/assets/js/dist/ 2 KB
1 KB 97ms
97ms Script
application/x-javascript 2606:4700::6811:efbc
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://onapsis.com/wp-content/themes/onapsis/assets/js/dist/js.cookie.min.js?ver=1.268

Requested by

Host: onapsis.com
URL: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:efbc -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4caf5bf0ac3059aeca01ea3ce04970eac96442c2d87c6e1eee4d4a939f9eba65

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

x-pantheon-styx-hostname: styx-fe4-a-889c95989-btfbb
content-encoding: gzip
cf-cache-status: HIT
etag: W/"6866a14d-6c2"
age: 1038175
expires: Sat, 01 Aug 2026 11:20:44 GMT
x-cache: HIT, HIT
date: Thu, 31 Jul 2025 11:20:44 GMT
content-type: application/x-javascript
last-modified: Thu, 03 Jul 2025 15:27:09 GMT
x-served-by: cache-chi-klot8100110-CHI, cache-dfw-kdfw8210047-DFW
x-cache-hits: 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=31536000
cache-control: public, max-age=31622400
x-timer: S1752493599.911625,VS0,VE2
x-styx-req-id: 1c3fbb49-588f-11f0-8429-4e22074aba76
via: 1.1 varnish, 1.1 varnish
cf-ray: 967cb54beab508e6-LAX
accept-ranges: bytes
content-length: 859
server: cloudflare

GET
H2 200 single-common.js Show response
onapsis.com/wp-content/themes/onapsis/assets/js/ 217 B
374 B 96ms
94ms Script
application/x-javascript 2606:4700::6811:efbc
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://onapsis.com/wp-content/themes/onapsis/assets/js/single-common.js?ver=1.268

Requested by

Host: onapsis.com
URL: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:efbc -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55e169c4e5d2faa26c6e1d402ac890ab852f0ad22281e0eaa02a3c0ab24207af

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

x-pantheon-styx-hostname: styx-fe4-a-5f5496676d-kzpdk
content-encoding: gzip
cf-cache-status: HIT
etag: W/"680f3d70-d9"
age: 1893112
expires: Sat, 01 Aug 2026 11:20:44 GMT
x-cache: MISS, MISS
date: Thu, 31 Jul 2025 11:20:44 GMT
content-type: application/x-javascript
last-modified: Mon, 28 Apr 2025 08:33:52 GMT
x-served-by: cache-chi-klot8100051-CHI, cache-dfw-kdfw8210056-DFW
x-cache-hits: 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=31536000
cache-control: public, max-age=31622400
x-timer: S1745943380.792767,VS0,VE45
x-styx-req-id: 49065503-2515-11f0-a5a4-769618bcf7fc
via: 1.1 varnish, 1.1 varnish
cf-ray: 967cb54c8b4208e6-LAX
accept-ranges: bytes
content-length: 146
server: cloudflare

GET
H2 200 avia-footer-scripts-8997dfee6b47474e3d481f58e1fd4fea---6716b5e2e783f.js Show response
onapsis.com/wp-content/uploads/dynamic_avia/ 11 KB
4 KB 93ms
91ms Script
application/x-javascript 2606:4700::6811:efbc
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://onapsis.com/wp-content/uploads/dynamic_avia/avia-footer-scripts-8997dfee6b47474e3d481f58e1fd4fea---6716b5e2e783f.js

Requested by

Host: onapsis.com
URL: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:efbc -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d64f6d81c97409fe3e32ceb344d0531f3c3d704788d8266a4ee7412221bee620

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

x-pantheon-styx-hostname: styx-fe4-a-5f5496676d-c24cl
content-encoding: gzip
cf-cache-status: HIT
etag: W/"680a86a6-2d37"
age: 1711298
expires: Sat, 01 Aug 2026 11:20:44 GMT
x-cache: HIT, MISS
date: Thu, 31 Jul 2025 11:20:44 GMT
content-type: application/x-javascript
last-modified: Thu, 24 Apr 2025 18:44:54 GMT
x-served-by: cache-chi-klot8100123-CHI, cache-pao-kpao1770033-PAO
x-cache-hits: 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=31536000
cache-control: public, max-age=31622400
x-timer: S1747895307.318240,VS0,VE56
x-styx-req-id: a14ee51e-21de-11f0-ae63-92a7c9cde752
via: 1.1 varnish, 1.1 varnish
cf-ray: 967cb54d2bb308e6-LAX
accept-ranges: bytes
content-length: 3451
server: cloudflare

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
803 B 639ms
154ms Stylesheet
text/css 2607:f8b0:4006:821::200a
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Spline+Sans:wght@300;400;500;600;700&display=swap&text=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789.,!?;(){}[]%C2%AE%C2%A9%26

Requested by

Host: onapsis.com
URL: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::200a Council Bluffs, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c5bfdbc4d9c6810cba005d89d346ed24802905effc597d56e027b9e9eacf651d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Thu, 31 Jul 2025 11:20:45 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 31 Jul 2025 11:20:45 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Thu, 31 Jul 2025 11:20:45 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 421 KB
140 KB 636ms
163ms Script
application/javascript 2607:f8b0:4006:81d::2008
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-T6B79CK

Requested by

Host: onapsis.com
URL: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2008 Council Bluffs, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

362d37d90e331895404cfd94b05731a91ce551ddba58882ee170b7debe344103

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

content-encoding: zstd
report-to: {"group":"ascgcycc:1341:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1341:0"}],}
expires: Thu, 31 Jul 2025 11:20:45 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 31 Jul 2025 11:20:45 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 31 Jul 2025 09:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1341:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1341:0
content-length: 142911
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 cc.js Show response
consent.cookiebot.com/8c85b780-4554-4912-9c0e-576c77e2afb0/ 362 KB
100 KB 315ms
314ms Script
application/x-javascript 2600:141b:1c00:16::17c4:309
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to

Full URL: https://consent.cookiebot.com/8c85b780-4554-4912-9c0e-576c77e2afb0/cc.js?renew=false&referer=onapsis.com&dnt=false&init=false&culture=EN&georegions=%5B%7B%22r%22%3A%22us%22%2C%22i%22%3A%22b0adc992-580e-45d1-bef1-fe333f798542%22%7D%5D
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:16::17c4:309 Secaucus, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software: /
Resource Hash: 4791574df693f97f8cc46b8e97d34443d0d7a13c7f9f82cf4fe49a83bd18ab01

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

cache-control: private, max-age=1
access-control-expose-headers: Request-Context
content-encoding: gzip
cross-origin-resource-policy: cross-origin
request-context: appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
date: Thu, 31 Jul 2025 11:20:44 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding

GET
H/1.1 200
OK Capture.aspx Show response
www.acuteinspiration-inventive.com/Track/ 0
184 B 153ms
152ms Script
text/plain 52.146.86.174
MICROSOFT-CORP-MS...

General

Check archive.org

Download Go to

Full URL: https://www.acuteinspiration-inventive.com/Track/Capture.aspx?retType=js&trk_jshv=1&trk_user=804978&trk_sw=1600&trk_sh=1200&trk_ref=&trk_tit=&trk_loc=https%3A%2F%2Fonapsis.com%2Fblog%2Factive-exploitation-of-sap-vulnerability-cve-2025-31324%2F&trk_agn=Netscape&trk_agv=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F138.0.0.0%20Safari%2F537.36&trk_dom=onapsis.com&trk_cookie=NA
Requested by: Host: www.acuteinspiration-inventive.com
URL: https://www.acuteinspiration-inventive.com/js/804978.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.146.86.174 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

Request-Context: appId=cid-v1:bc2713c3-85d3-454a-adab-7b0fd01bd9ed
Content-Length: 0
Date: Thu, 31 Jul 2025 11:20:44 GMT
Connection: keep-alive
Server: Kestrel

GET 850b66a9-65ee-4e58-b69c-15e7fd6698e0
https://onapsis.com/ 0
0

GET
H2 200 onapsis-icons.woff2
onapsis.com/wp-content/uploads/avia_fonts/onapsis-icons/ 33 KB
33 KB 92ms
91ms Font
font/woff2 2606:4700::6811:efbc
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://onapsis.com/wp-content/uploads/avia_fonts/onapsis-icons/onapsis-icons.woff2?ver=1.268

Requested by

Host: onapsis.com
URL: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:efbc -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3adf3a6f6e8478d69acbeb1a49d05e5f23ae94e5429295d81ea68e4c4e512381

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Origin: https://onapsis.com
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

x-pantheon-styx-hostname: styx-fe4-a-889c95989-vhmnk
cf-cache-status: HIT
etag: "680a868f-84e0"
age: 737342
expires: Sat, 01 Aug 2026 11:20:44 GMT
x-cache: HIT, HIT
date: Thu, 31 Jul 2025 11:20:44 GMT
content-type: font/woff2
last-modified: Thu, 24 Apr 2025 18:44:31 GMT
x-served-by: cache-chi-klot8100148-CHI, cache-dfw-kdfw8210101-DFW
x-cache-hits: 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=31536000
cache-control: public, max-age=31622400
x-timer: S1752718414.684129,VS0,VE7
x-styx-req-id: 76234c08-51cf-11f0-92e8-6e9e581a2d34
via: 1.1 varnish, 1.1 varnish
cf-ray: 967cb54f2d7908e6-LAX
accept-ranges: bytes
access-control-allow-origin: *
content-length: 34016
server: cloudflare

GET
H2 200 fa-fontello.woff2
onapsis.com/wp-content/themes/punch/assets/fonts/ 5 KB
5 KB 100ms
100ms Font
font/woff2 2606:4700::6811:efbc
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://onapsis.com/wp-content/themes/punch/assets/fonts/fa-fontello.woff2?ver=1.268

Requested by

Host: onapsis.com
URL: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:efbc -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6e67d703e0c13b20be535d048fac3610238856ddda14cfb9cb5aa8c4a77486b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Origin: https://onapsis.com
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

x-pantheon-styx-hostname: styx-fe4-b-96c86c7bc-ps48v
cf-cache-status: HIT
etag: "68644bae-121c"
age: 458531
expires: Sat, 01 Aug 2026 11:20:44 GMT
x-cache: HIT, HIT
date: Thu, 31 Jul 2025 11:20:44 GMT
content-type: font/woff2
last-modified: Tue, 01 Jul 2025 20:57:18 GMT
x-served-by: cache-chi-klot8100117-CHI, cache-pao-kpao1770025-PAO
x-cache-hits: 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=31536000
cache-control: public, max-age=31622400
x-timer: S1751968728.983429,VS0,VE2
x-styx-req-id: 9836b065-5773-11f0-81df-6a24df5e562b
via: 1.1 varnish, 1.1 varnish
cf-ray: 967cb54f2d7a08e6-LAX
accept-ranges: bytes
access-control-allow-origin: *
content-length: 4636
server: cloudflare

GET
H2 200 bc-v4.min.html Show response
consentcdn.cookiebot.com/sdk/ Frame 25FA 627 B
813 B 407ms
133ms Document
text/html 2600:141b:1c00:258b::f09
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to

Full URL: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:258b::f09 Secaucus, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 738e5435f2d18427d291a0d6289eee0ebbc87b596d6003919f255760ac293104

Request headers

Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: max-age=29820378
content-encoding: gzip
content-length: 392
content-type: text/html
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 31 Jul 2025 11:20:45 GMT
etag: "3d08665fa4c7bcf9fa2dcbbc7efe1d0f:1649057029.895163"
expires: Sat, 11 Jul 2026 14:47:03 GMT
last-modified: Mon, 04 Apr 2022 07:23:49 GMT
server: AkamaiNetStorage
server-timing: cdn-cache; desc=HIT edge; dur=1 ak_p; desc="1753960845183_399550060_691059893_14_481_132_137_255";dur=1
vary: Accept-Encoding
x-akamai-transformed: 9 - 0 pmb=mRUM,1

GET
H3 200 font
fonts.gstatic.com/l/ 38 KB
38 KB 483ms
134ms Font
font/woff2 142.250.80.67
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://fonts.gstatic.com/l/font?kit=_6_7ED73Uf-2WfU2LzycEYAgimYWbj5LEEpZwSjLJsTXbsgXqbFCybtQ5QZWQla5me5hSkZ5ZSbDq-Qu7fO7lDcueXJ5u8mEVEB8yWQhGbVRebR96KVBdKGdMPSlvTDGoA8&skey=2d5dc1554c49ee5b&v=v15

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Spline+Sans:wght@300;400;500;600;700&display=swap&text=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789.,!?;(){}[]%C2%AE%C2%A9%26

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s35-in-f3.1e100.net

Software

ESF /

Resource Hash

a4b7b079fb0a9962451001ee62f9555abc376f0360028de71a0cf3eb45c8708c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Origin: https://onapsis.com
Referer: https://fonts.googleapis.com/

Response headers

age: 56222
x-content-type-options: nosniff
expires: Thu, 31 Jul 2025 19:43:43 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 30 Jul 2025 19:43:43 GMT
content-disposition: attachment; filename="font.woff2"; filename*=UTF-8''font.woff2
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Thu, 29 May 2025 17:03:24 GMT
x-frame-options: SAMEORIGIN
content-type: font/woff2
cache-control: public, max-age=86400
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 39372
x-xss-protection: 0
server: ESF

GET
H2 200 header-lazy.css
onapsis.com/wp-content/themes/onapsis/assets/css/ 30 KB
5 KB 93ms
92ms Stylesheet
text/css 2606:4700::6811:efbc
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://onapsis.com/wp-content/themes/onapsis/assets/css/header-lazy.css?1.268

Requested by

Host: onapsis.com
URL: https://onapsis.com/wp-content/uploads/dynamic_avia/avia-footer-scripts-8997dfee6b47474e3d481f58e1fd4fea---6716b5e2e783f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:efbc -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

04f51152324eadaa3f4eace582a4be7ebbf1a739a6a24c17e66ce8f10e0b820c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

x-pantheon-styx-hostname: styx-fe4-a-889c95989-qz744
content-encoding: gzip
cf-cache-status: HIT
etag: W/"6864846d-7828"
age: 1145622
expires: Sat, 01 Aug 2026 11:20:45 GMT
x-cache: HIT, HIT
date: Thu, 31 Jul 2025 11:20:45 GMT
content-type: text/css
last-modified: Wed, 02 Jul 2025 00:59:25 GMT
x-served-by: cache-chi-kigq8000141-CHI, cache-dfw-kdfw8210068-DFW
x-cache-hits: 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=31536000
cache-control: public, max-age=31622400
x-timer: S1751980204.523934,VS0,VE3
x-styx-req-id: c1f4b709-57cd-11f0-8551-a264ba0ec9fb
via: 1.1 varnish, 1.1 varnish
cf-ray: 967cb5550b4308e6-LAX
accept-ranges: bytes
content-length: 4637
server: cloudflare

POST
H3 200 collect
www.google.com/ccm/ 0
0 496ms
179ms Fetch
text/plain 142.251.40.132
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fonapsis.com%2Fblog%2Factive-exploitation-of-sap-vulnerability-cve-2025-31324%2F&scrsrc=www.googletagmanager.com&frm=0&rnd=408357714.1753960846&dt=CVE-2025-31324%20SAP%20Zero-Day%20Vulnerability%20%7C%20Full%20Threat%20Brief&auid=577482889.1753960846&navt=n&npa=0&us_privacy=1YNY&gtm=45He57t1v811990233za200zd811990233&gcs=G111&gcd=13t3t3t3t5l1&dma=0&tag_exp=101509157~103116026~103200004~103233427~104527907~104684208~104684211~104934122~104934124~104948813~105087538~105087540~105103161~105103163~105113531~105124543~105124545&tft=1753960845623&tfd=3444&apve=1&apvf=f
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T6B79CK
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.40.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga25s80-in-f4.1e100.net
Software: /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 462 KB
152 KB 199ms
198ms Script
application/javascript 2607:f8b0:4006:81d::2008
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-2HEPRR6DH5&cx=c&gtm=45He57t1v811990233za200&tag_exp=101509157~103116026~103200004~103233427~104684208~104684211~104934122~104934124~105087538~105087540~105103161~105103163~105124543~105124545

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T6B79CK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2008 Council Bluffs, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

dd893facda501a51dc2d25d00e2ffb4fa9c74efaeb882a7d3de198377756dfa1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

content-encoding: zstd
report-to: {"group":"ascgcycc:1099:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1099:0"}],}
expires: Thu, 31 Jul 2025 11:20:45 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 31 Jul 2025 11:20:45 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1099:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1099:0
content-length: 155735
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 374 KB
128 KB 163ms
163ms Script
application/javascript 2607:f8b0:4006:81d::2008
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-752136785&cx=c&gtm=45He57t1v811990233za200&tag_exp=101509157~103116026~103200004~103233427~104684208~104684211~104934122~104934124~105087538~105087540~105103161~105103163~105124543~105124545

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T6B79CK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2008 Council Bluffs, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

99d1e561bb319385712dbf3a878e7399a42ee2a7678d18eac4492fe0b1941283

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

content-encoding: zstd
report-to: {"group":"ascgcycc:1099:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1099:0"}],}
expires: Thu, 31 Jul 2025 11:20:45 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 31 Jul 2025 11:20:45 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 31 Jul 2025 09:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1099:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1099:0
content-length: 131073
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 41 KB
15 KB 460ms
144ms Script
application/javascript 2600:141b:1c00:6::17df:d105
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T6B79CK

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:1c00:6::17df:d105 Secaucus, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Resource Hash

de8ff35c6b720fbfd56b85ab2635778ff25cf767201441cc5e0c9fb1ec64a4bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

cache-control: max-age=86400
content-encoding: gzip
x-cdn-proto: HTTP2
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600
content-length: 14848
date: Thu, 31 Jul 2025 11:20:46 GMT
last-modified: Thu, 31 Jul 2025 09:37:29 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-amz-server-side-encryption: AES256

GET
H3 200 0422.js Show response
script.crazyegg.com/pages/scripts/0104/ 7 KB
3 KB 220ms
97ms Script
text/javascript 104.19.148.8
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://script.crazyegg.com/pages/scripts/0104/0422.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T6B79CK
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.148.8 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 13b5dd5e681f003b9cd1dd842215a7fb871600ebde14876f9665d9e3d85e1aab

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

access-control-expose-headers: CE-Version
content-encoding: gzip
cf-cache-status: HIT
age: 1712
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Thu, 31 Jul 2025 11:20:45 GMT
content-type: text/javascript
last-modified: Thu, 31 Jul 2025 10:52:13 GMT
vary: Accept-Encoding
priority: u=3,i=?0
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
cf-ray: 967cb5565d41ebe4-SJC
accept-ranges: bytes
access-control-allow-origin: *
content-length: 2465
ce-version: 11.5.426
server: cloudflare

GET
H3 200 3899.js Show response
script.crazyegg.com/pages/scripts/0106/ 0
244 B 216ms
95ms Script
application/javascript 104.19.148.8
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://script.crazyegg.com/pages/scripts/0106/3899.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T6B79CK
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.148.8 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

server: cloudflare
cache-control: public, max-age=86400, s-maxage=86400
cf-cache-status: HIT
age: 7730
cf-ray: 967cb5565d3bebe4-SJC
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 0
server-timing: cfExtPri
date: Thu, 31 Jul 2025 11:20:45 GMT
content-type: application/javascript
last-modified: Wed, 30 Jul 2025 09:17:21 GMT
vary: Accept-Encoding
priority: u=3,i=?0

GET
H2 200 qualified.js Show response
js.qualified.com/ 570 KB
161 KB 331ms
81ms Script
text/javascript 104.18.16.5
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://js.qualified.com/qualified.js?token=oZz3gLc8CHEqcgPU

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T6B79CK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.16.5 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53570a0890975ab3eb4a7fa3169e450adf9bbe786505c43d9e2b43ff2bbb5a87

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

x-request-id: 0a704e23-0102-4fbf-960a-f9d4203b2023
content-encoding: gzip
cf-cache-status: HIT
etag: W/"4a024662631bc38021404f6b07943a65"
age: 28745
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
x-cache: miss
date: Thu, 31 Jul 2025 11:20:45 GMT
content-type: text/javascript; charset=utf-8
vary: Accept,Accept-Encoding
x-runtime: 0.103033
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubDomains
cache-control: max-age=60, public, stale-while-revalidate=60, stale-if-error=300, s-maxage=86400
x-envoy-upstream-service-time: 120
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 967cb5572bd43efd-LAX
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 sl.js Show response
scout-cdn.salesloft.com/ 6 KB
3 KB 374ms
85ms Script
application/javascript 2606:4700::6810:97f0
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://scout-cdn.salesloft.com/sl.js

Requested by

Host: onapsis.com
URL: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:97f0 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

content-encoding: br
cf-cache-status: HIT
x-amz-version-id: 6anzvBQcvmaBDc8BSO9zI6Th.IIiwArc
etag: W/"d74cc4825c8e333b2116da3fcc649db1"
age: 3875
x-content-type-options: nosniff
expires: Thu, 31 Jul 2025 15:20:45 GMT
alt-svc: h3=":443"; ma=86400
date: Thu, 31 Jul 2025 11:20:45 GMT
content-type: application/javascript
last-modified: Mon, 13 Dec 2021 16:28:37 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-amz-id-2: Iesm8EeRXCPTEqdszqm5AMjvZ7nQUoL87+27BDrpkgGwgqTaUArJsqjOvffAgrByeew4FVK1vAw=
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=14400
x-amz-request-id: NBZDFW6ZNPFRRPA7
cf-ray: 967cb5576a2f2378-LAX
access-control-allow-origin: *
server: cloudflare

GET
H3

200

/
px.ads.linkedin.com/collect/
Redirect Chain

https://px.ads.linkedin.com/collect/?pid=503045572&conversionId=4600969&fmt=gif&cb=1753960845653
https://px.ads.linkedin.com/collect/?pid=503045572&conversionId=4600969&fmt=gif&cb=1753960845653&cookiesTest=true
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%2F%3Fpid%3D503045572%26conversionId%3D4600969%26fmt%3Dgif%26cb%3D1753960845653%26cookiesTest%3Dtrue%26liSync...
https://px.ads.linkedin.com/collect/?pid=503045572&conversionId=4600969&fmt=gif&cb=1753960845653&cookiesTest=true&liSync=true

43 B
111 B

139ms
138ms

Image
image/gif

150.171.22.12
MICROSOFT-CORP-MS...

General

Check archive.org

Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect/?pid=503045572&conversionId=4600969&fmt=gif&cb=1753960845653&cookiesTest=true&liSync=true
Requested by: Host: onapsis.com
URL: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/
Protocol: H3
Server: 150.171.22.12 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lva1-x
content-encoding: gzip
x-msedge-ref: Ref A: FA332819199A47688B1AA85222745BFF Ref B: LAX311000111031 Ref C: 2025-07-31T11:20:46Z
x-li-fabric: prod-lva1
x-li-uuid: AAY7N9U2ZytVOEkNqXznfQ==
x-li-proto: http/1.1
alt-svc: h3=":443"; ma=86400
x-cache: CONFIG_NOCACHE
content-length: 65
date: Thu, 31 Jul 2025 11:20:46 GMT
content-type: image/gif
vary: Accept-Encoding

Redirect headers

linkedin-action: 1
cf-cache-status: DYNAMIC
x-li-fabric: prod-lva1
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
x-li-proto: http/3
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Thu, 31 Jul 2025 11:20:46 GMT
priority: u=3,i
x-frame-options: sameorigin
strict-transport-security: max-age=31536000
x-li-pop: cf-prod-lva1-x
content-security-policy: frame-ancestors 'self'
cache-control: no-cache, no-store
location: https://px.ads.linkedin.com/collect/?pid=503045572&conversionId=4600969&fmt=gif&cb=1753960845653&cookiesTest=true&liSync=true
pragma: no-cache
cf-ray: 967cb55a1c7319db-LAX
x-li-uuid: AAY7N9U0Fxrr0xI2nB5r5g==
content-length: 0
server: cloudflare

GET
H2 200 sw_iframe.html Show response
www.googletagmanager.com/static/service_worker/57f0/ Frame 3A2D 3 KB
2 KB 422ms
135ms Document
text/html 2607:f8b0:4006:81d::2008
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/static/service_worker/57f0/sw_iframe.html?origin=https%3A%2F%2Fonapsis.com

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T6B79CK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2008 Council Bluffs, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2ada301d803d8f4b2ba210c9c57091378255ed54b96e4236a9e2ce587a2a4035

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 57236
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 1486
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="analytics-container-tag-serving"
cross-origin-resource-policy: cross-origin
date: Wed, 30 Jul 2025 19:26:50 GMT
expires: Thu, 30 Jul 2026 19:26:50 GMT
last-modified: Tue, 15 Jul 2025 09:08:00 GMT
report-to: {"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]}
server: sffe
service-worker-allowed: /static/service_worker
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 banner-webinar.png
onapsis.com/wp-content/uploads/ 14 KB
14 KB 109ms
108ms Image
image/png 2606:4700::6811:efbc
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL

https://onapsis.com/wp-content/uploads/banner-webinar.png

Requested by

Host: onapsis.com
URL: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:efbc -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

250aa5ee393f824226b63cf1b9906178e45b2c8d230c6b4f6735bb6c98226b13

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

x-pantheon-styx-hostname: styx-fe4-a-889c95989-qz744
cf-cache-status: HIT
etag: "680a8690-38a8"
age: 1879290
expires: Sat, 01 Aug 2026 11:20:45 GMT
x-cache: HIT, HIT
date: Thu, 31 Jul 2025 11:20:45 GMT
content-type: image/png
last-modified: Thu, 24 Apr 2025 18:44:32 GMT
x-served-by: cache-chi-klot8100096-CHI, cache-sjc10056-SJC
x-cache-hits: 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=31536000
cache-control: public, max-age=31622400
x-timer: S1750869596.548454,VS0,VE3
x-styx-req-id: 44cabbc4-4dd2-11f0-b65d-a264ba0ec9fb
via: 1.1 varnish, 1.1 varnish
cf-ray: 967cb5561c2108e6-LAX
accept-ranges: bytes
content-length: 14504
server: cloudflare

GET
H2 200 Book-Image.png
onapsis.com/wp-content/uploads/ 523 KB
524 KB 99ms
98ms Image
image/png 2606:4700::6811:efbc
CLOUDFLARENET

General

Check archive.org

Download Go to Show image

Full URL

https://onapsis.com/wp-content/uploads/Book-Image.png

Requested by

Host: onapsis.com
URL: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:efbc -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

428c16451c10bef07801218b44496b85e17ca0bebeaea9d4c875ad260ebdce8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

x-pantheon-styx-hostname: styx-fe4-b-96c86c7bc-r7rtd
cf-cache-status: HIT
etag: "680a85a3-82c5d"
age: 1048974
expires: Sat, 01 Aug 2026 11:20:45 GMT
x-cache: HIT, HIT
date: Thu, 31 Jul 2025 11:20:45 GMT
content-type: image/png
last-modified: Thu, 24 Apr 2025 18:40:35 GMT
x-served-by: cache-chi-klot8100054-CHI, cache-dfw-kdfw8210125-DFW
x-cache-hits: 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=31536000
cache-control: public, max-age=31622400
x-timer: S1752576489.918162,VS0,VE2
x-styx-req-id: a5406480-57b9-11f0-b481-f64f16b4741e
via: 1.1 varnish, 1.1 varnish
cf-ray: 967cb5561c2408e6-LAX
accept-ranges: bytes
content-length: 535645
server: cloudflare

GET
DATA 200
OK truncated
/ 293 B
0 Image
image/png

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8181a739bd0ed0fd64624c4aa15b7847bc9d4fd0660bff56c8c9192c4ef75979

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
H3 200 onapsis.com.json Show response
script.crazyegg.com/pages/data-scripts/0104/0422/site/ 403 KB
26 KB 242ms
160ms XHR
application/json 104.19.148.8
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://script.crazyegg.com/pages/data-scripts/0104/0422/site/onapsis.com.json?t=1
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0104/0422.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.148.8 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 39bad03c95f9b6c9a98fb74b39e0ba001334480b232567520ed651d18eec0419

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

access-control-expose-headers: CE-Version
content-encoding: gzip
cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Thu, 31 Jul 2025 11:20:46 GMT
content-type: application/json
last-modified: Thu, 31 Jul 2025 11:05:15 GMT
vary: Accept-Encoding
priority: u=1,i
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
cf-ray: 967cb5579b12a473-SJC
accept-ranges: bytes
access-control-allow-origin: *
content-length: 26491
ce-version: 11.5.426
server: cloudflare

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/752136785/ 4 KB
2 KB 426ms
159ms Script
text/javascript 142.250.80.66
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/752136785/?random=1753960846029&cv=11&fst=1753960846029&bg=ffffff&guid=ON&async=1&en=gtag.config&gtm=45be57t1v9168840409z8811990233za200zb811990233zd811990233&gcd=13t3t3t3t5l1&dma=0&tag_exp=101509157~103116026~103200004~103233427~104527907~104684208~104684211~104934122~104934124~104948813~105103161~105103163~105124543~105124545&u_w=1600&u_h=1200&url=https%3A%2F%2Fonapsis.com%2Fblog%2Factive-exploitation-of-sap-vulnerability-cve-2025-31324%2F&hn=www.googleadservices.com&frm=0&tiba=CVE-2025-31324%20SAP%20Zero-Day%20Vulnerability%20%7C%20Full%20Threat%20Brief&did=dMWZhNz&gdid=dMWZhNz&npa=0&us_privacy=1YNY&pscdl=noapi&auid=577482889.1753960846&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-752136785&cx=c&gtm=45He57t1v811990233za200&tag_exp=101509157~103116026~103200004~103233427~104684208~104684211~104934122~104934124~105087538~105087540~105103161~105103163~105124543~105124545

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s35-in-f2.1e100.net

Software

cafe /

Resource Hash

1d1ec96cae733336526fef6359bb5e34a7132e51c7f6f036710f6baaa5fc87ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 2132
date: Thu, 31 Jul 2025 11:20:46 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H2 200 752136785 Show response
td.doubleclick.net/td/rul/ Frame A454 3 KB
1 KB 460ms
167ms Document
text/html 2607:f8b0:4006:822::2002
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://td.doubleclick.net/td/rul/752136785?random=1753960846029&cv=11&fst=1753960846029&fmt=3&bg=ffffff&guid=ON&async=1&en=gtag.config&gtm=45be57t1v9168840409z8811990233za200zb811990233zd811990233&gcd=13t3t3t3t5l1&dma=0&tag_exp=101509157~103116026~103200004~103233427~104527907~104684208~104684211~104934122~104934124~104948813~105103161~105103163~105124543~105124545&u_w=1600&u_h=1200&url=https%3A%2F%2Fonapsis.com%2Fblog%2Factive-exploitation-of-sap-vulnerability-cve-2025-31324%2F&hn=www.googleadservices.com&frm=0&tiba=CVE-2025-31324%20SAP%20Zero-Day%20Vulnerability%20%7C%20Full%20Threat%20Brief&did=dMWZhNz&gdid=dMWZhNz&npa=0&us_privacy=1YNY&pscdl=noapi&auid=577482889.1753960846&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2002 Council Bluffs, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7d6644bc60ebaefbd1cfa5f2ec60ea893e2e83ac9a53351ada6800d52b890c8f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 1018
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 31 Jul 2025 11:20:46 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/752136785/ 4 KB
2 KB 422ms
165ms Script
text/javascript 142.250.80.66
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/752136785/?random=1753960846112&cv=11&fst=1753960846112&bg=ffffff&guid=ON&async=1&gtm=45be57t1v9168840409z8811990233za200zb811990233zd811990233&gcd=13t3t3t3t5l1&dma=0&tag_exp=101509157~103116026~103200004~103233427~104527907~104684208~104684211~104934122~104934124~104948813~105103161~105103163~105124543~105124545&u_w=1600&u_h=1200&url=https%3A%2F%2Fonapsis.com%2Fblog%2Factive-exploitation-of-sap-vulnerability-cve-2025-31324%2F&hn=www.googleadservices.com&frm=0&tiba=CVE-2025-31324%20SAP%20Zero-Day%20Vulnerability%20%7C%20Full%20Threat%20Brief&did=dMWZhNz&gdid=dMWZhNz&npa=0&us_privacy=1YNY&pscdl=noapi&auid=577482889.1753960846&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&_tu=Cg&rfmt=3&fmt=4

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s35-in-f2.1e100.net

Software

cafe /

Resource Hash

97fe2c6ff162518dbd5bafd59e2ac0c27f6d41076509f7bddc06f6240449f0a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 2113
date: Thu, 31 Jul 2025 11:20:46 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H2 200 752136785 Show response
td.doubleclick.net/td/rul/ Frame E70E 3 KB
1 KB 440ms
161ms Document
text/html 2607:f8b0:4006:822::2002
GOOGLE

General

Check archive.org

Download Go to

Full URL

https://td.doubleclick.net/td/rul/752136785?random=1753960846112&cv=11&fst=1753960846112&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be57t1v9168840409z8811990233za200zb811990233zd811990233&gcd=13t3t3t3t5l1&dma=0&tag_exp=101509157~103116026~103200004~103233427~104527907~104684208~104684211~104934122~104934124~104948813~105103161~105103163~105124543~105124545&u_w=1600&u_h=1200&url=https%3A%2F%2Fonapsis.com%2Fblog%2Factive-exploitation-of-sap-vulnerability-cve-2025-31324%2F&hn=www.googleadservices.com&frm=0&tiba=CVE-2025-31324%20SAP%20Zero-Day%20Vulnerability%20%7C%20Full%20Threat%20Brief&did=dMWZhNz&gdid=dMWZhNz&npa=0&us_privacy=1YNY&pscdl=noapi&auid=577482889.1753960846&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&_tu=Cg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2002 Council Bluffs, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

166d465bcd83837a6d106db0ec5b8285c89746b1e10152d10a94675a983eebd5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 1018
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 31 Jul 2025 11:20:46 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 r Show response
scout.salesloft.com/ 41 B
487 B 497ms
219ms XHR
application/json 3.220.20.113
AMAZON-AES

General

Check archive.org

Download Go to

Full URL

https://scout.salesloft.com/r?tid=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0IjoxMDQzNzh9.3g9_ygS_-9MTxexxERH_Xt0U3s6OokgoXc9F2ZLKhgA

Requested by

Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.220.20.113 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-220-20-113.compute-1.amazonaws.com

Software

Resource Hash

1cfea949b0b2925d27b84d56d18f2ea1c6b948fdf3ae95c534a14706043da178

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

x-request-id: 227bd6ee20c714955c3e79a0df5f5e7d
access-control-expose-headers
x-global-request-start: t=1753960846.576
x-entry-cluster: k8s04
access-control-allow-methods: GET
x-scout-upstream: : scout.us3.salesloft.com:443
date: Thu, 31 Jul 2025 11:20:46 GMT
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000; includeSubDomains
x-entry-pop: us-east-1
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://onapsis.com
content-length: 41
x-tenant-id: : 104378
x-region: : us3

POST
H2 204 collect
analytics.google.com/g/ 0
0 440ms
149ms Fetch
text/plain 2607:f8b0:4006:816::200e
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-2HEPRR6DH5&gtm=45je57t1v876365165z8811990233za200zb811990233zd811990233&_p=1753960843814&_gaz=1&gcs=G111&gcd=13t3t3t3t5l1&npa=0&dma=0&tag_exp=101509157~103116026~103200004~103233427~104527907~104684208~104684211~104934122~104934124~104948813~105103161~105103163~105124543~105124545&gdid=dMWZhNz&cid=1591284471.1753960846&ecid=1027911399&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&ec_mode=a&_eu=Ag&_s=1&sid=1753960846&sct=1&seg=0&dl=https%3A%2F%2Fonapsis.com%2Fblog%2Factive-exploitation-of-sap-vulnerability-cve-2025-31324%2F&dt=CVE-2025-31324%20SAP%20Zero-Day%20Vulnerability%20%7C%20Full%20Threat%20Brief&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=4049
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-2HEPRR6DH5&cx=c&gtm=45He57t1v811990233za200&tag_exp=101509157~103116026~103200004~103233427~104684208~104684211~104934122~104934124~105087538~105087540~105103161~105103163~105124543~105124545
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:816::200e Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:158:0
report-to: {"group":"ascnsrsggc:158:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:158:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://onapsis.com
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:158:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 31 Jul 2025 11:20:46 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
554 B 423ms
140ms Ping
text/plain 2607:f8b0:4004:c17::9d
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-2HEPRR6DH5&cid=1591284471.1753960846&gtm=45je57t1v876365165z8811990233za200zb811990233zd811990233&aip=1&dma=0&gcs=G111&gcd=13t3t3t3t5l1&npa=0&frm=0&tag_exp=101509157~103116026~103200004~103233427~104527907~104684208~104684211~104934122~104934124~104948813~105103161~105103163~105124543~105124545
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-2HEPRR6DH5&cx=c&gtm=45He57t1v811990233za200&tag_exp=101509157~103116026~103200004~103233427~104684208~104684211~104934122~104934124~105087538~105087540~105103161~105103163~105124543~105124545
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c17::9d Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:127:0
report-to: {"group":"ascnsrsggc:127:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:127:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://onapsis.com
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:127:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 31 Jul 2025 11:20:46 GMT
content-type: text/plain
server: Golfe2

POST
H3 200 /
www.google.com/measurement/conversion/ 0
0 183ms
182ms Fetch
text/html 142.251.40.132
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://www.google.com/measurement/conversion/?random=1753960846276&cv=11&tid=G-2HEPRR6DH5&fst=1753960846276&fmt=6&en=ads_conversion_Page_view_Page_load_ona_1&gtm=45je57t1v876365165za200zb811990233zd811990233&gcs=G111&gcd=13t3t3t3t5l1&dma=0&tag_exp=101509157~103116026~103200004~103233427~104527907~104684208~104684211~104934122~104934124~104948813~105103161~105103163~105124543~105124545&u_w=1600&u_h=1200&url=https%3A%2F%2Fonapsis.com%2Fblog%2Factive-exploitation-of-sap-vulnerability-cve-2025-31324%2F&gacid=1591284471.1753960846&frm=0&tiba=CVE-2025-31324%20SAP%20Zero-Day%20Vulnerability%20%7C%20Full%20Threat%20Brief&gdid=dMWZhNz&npa=0&us_privacy=1YNY&pscdl=noapi&auid=577482889.1753960846&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_tu=Cg
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-2HEPRR6DH5&cx=c&gtm=45He57t1v811990233za200&tag_exp=101509157~103116026~103200004~103233427~104684208~104684211~104934122~104934124~105087538~105087540~105103161~105103163~105124543~105124545
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.40.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga25s80-in-f4.1e100.net
Software: /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

GET
H2

204

https://analytics.google.com/g/collect?v=2&tid=G-2HEPRR6DH5&gtm=45je57t1v876365165za200zb811990233zd811990233&_p=1753960843814&gcs=G111&gcd=13t3t3t3t5l1&npa=0&dma=0&tag_exp=101509157~103116026~1032...
https://www.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=1591284471.1753960846&dbk=17435418530507907489&dma=0&en=ads_conversion_Page_view_Page_load_ona_1&gcs=G111&gtm=45je57t1v...

0
0

248ms
96ms

Fetch
text/plain

2001:4860:4802:38::178
GOOGLE

General

Check archive.org

Download Go to

Full URL: https://www.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=1591284471.1753960846&dbk=17435418530507907489&dma=0&en=ads_conversion_Page_view_Page_load_ona_1&gcs=G111&gtm=45je57t1v876365165za200zb811990233zd811990233&npa=0&tid=G-2HEPRR6DH5&dl=https%3A%2F%2Fonapsis.com%3F
Protocol: H2
Server: 2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
attribution-reporting-info: preferred-platform=os
cross-origin-resource-policy: cross-origin
report-to: {"group":"ascnsrsgnc:90:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgnc:90:0"}],}
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgnc:90:0
attribution-reporting-register-os-trigger: "https://www.google-analytics.com/privacy-sandbox/register-os-conversion?_c=1&cid=1591284471.1753960846&dbk=17435418530507907489&dma=0&en=ads_conversion_Page_view_Page_load_ona_1&gcs=G111&gtm=45je57t1v876365165za200zb811990233zd811990233&npa=0&tid=G-2HEPRR6DH5&dl=https%3A%2F%2Fonapsis.com%3F"
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsgnc:90:0
content-length: 0
attribution-reporting-register-trigger: {"aggregatable_trigger_data":[{"key_piece":"0xb037a3235f0fa17","source_keys":["1"]},{"key_piece":"0x409b91bf3e89d224","source_keys":["2","3","4"]}],"aggregatable_values":{"1":65,"2":65,"3":65,"4":6356},"aggregation_coordinator_origin":"https://publickeyservice.msmt.gcp.privacysandboxservices.com","debug_key":"17435418530507907489","debug_reporting":true,"event_trigger_data":[{"filters":[{"source_type":["event"]}],"priority":"0","trigger_data":"1"}],"filters":{"2":["752136785"],"5":["07-31","07-30","07-29"]}}
date: Thu, 31 Jul 2025 11:20:46 GMT
content-type: text/plain
server: Golfe2

Redirect headers

cache-control: no-cache, no-store, must-revalidate
location: https://www.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=1591284471.1753960846&dbk=17435418530507907489&dma=0&en=ads_conversion_Page_view_Page_load_ona_1&gcs=G111&gtm=45je57t1v876365165za200zb811990233zd811990233&npa=0&tid=G-2HEPRR6DH5&dl=https%3A%2F%2Fonapsis.com%3F
pragma: no-cache
cross-origin-resource-policy: cross-origin
report-to: {"group":"ascnsrsggc:158:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:158:0"}],}
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:158:0
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:158:0
content-length: 521
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 31 Jul 2025 11:20:46 GMT
content-type: text/html; charset=UTF-8
server: Golfe2

GET
H3 200 56c5cafbc57c60bfe01dcd8ebd98c77e.js Show response
script.crazyegg.com/pages/versioned/commontransformations-scripts/ 177 KB
58 KB 94ms
94ms Script
text/javascript 104.19.148.8
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://script.crazyegg.com/pages/versioned/commontransformations-scripts/56c5cafbc57c60bfe01dcd8ebd98c77e.js
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0104/0422.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.148.8 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 44541c3de83c66a160430a4af9d92a91f055807876bfa1971a777a96898420d6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

content-encoding: gzip
cf-cache-status: HIT
age: 623164
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Thu, 31 Jul 2025 11:20:46 GMT
content-type: text/javascript
last-modified: Mon, 07 Jul 2025 17:27:26 GMT
vary: Accept-Encoding
priority: u=3,i=?0
cache-control: public, max-age=31536000, s-maxage=31536000
timing-allow-origin: *
cf-ray: 967cb559adf5ebe4-SJC
accept-ranges: bytes
access-control-allow-origin: *
content-length: 59471
server: cloudflare

GET
H3 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
81 B 358ms
150ms XHR
application/json 150.171.22.12
MICROSOFT-CORP-MS...

General

Check archive.org

Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=233121&time=1753960846319&url=https%3A%2F%2Fonapsis.com%2Fblog%2Factive-exploitation-of-sap-vulnerability-cve-2025-31324%2F
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H3
Security: QUIC, , AES_256_GCM
Server: 150.171.22.12 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Accept: *
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

content-encoding: gzip
x-li-fabric: prod-lva1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
access-control-allow-methods: GET, OPTIONS
x-li-proto: http/1.1
alt-svc: h3=":443"; ma=86400
x-cache: CONFIG_NOCACHE
date: Thu, 31 Jul 2025 11:20:46 GMT
content-type: application/json
access-control-allow-headers: *
x-li-pop: afd-prod-lva1-x
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-fs-uuid: 00063b37d53619f5ece68085bf43888f
x-msedge-ref: Ref A: 2FABB537FD6C4C8596948B404B2C380B Ref B: LAX311000115031 Ref C: 2025-07-31T11:20:46Z
x-restli-protocol-version: 1.0.0
x-li-uuid: AAY7N9U2GfXs5oCFv0OIjw==
access-control-allow-origin: *

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=233121&time=1753960846319&li_adsId=fd0c5a62-92a4-4646-b95a-1f40f072c884&url=https%3A%2F%2Fonapsis.com%2Fblog%2Factive-exploitation-of-sap-vulnerab...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=233121&time=1753960846319&li_adsId=fd0c5a62-92a4-4646-b95a-1f40f072c884&url=https%3A%2F%2Fonapsis.com%2Fblog%2Factive-exploitation-of-sap-vulnera...

0
513 B

395ms
136ms

Image
application/javascript

150.171.22.14
MICROSOFT-CORP-MS...

General

Check archive.org

Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=233121&time=1753960846319&li_adsId=fd0c5a62-92a4-4646-b95a-1f40f072c884&url=https%3A%2F%2Fonapsis.com%2Fblog%2Factive-exploitation-of-sap-vulnerability-cve-2025-31324%2F&e_ipv6=AQJXPtmEHemP-AAAAZhgNpRCG-VdW3DJqZ4lj-wIby8oRP40SMYgyywgmfsoA3ySp7jphg
Requested by: Host: onapsis.com
URL: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/
Protocol: H2
Server: 150.171.22.14 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 08B76CC3276845A9AC484E9E9AE9D24C Ref B: LAX311000112045 Ref C: 2025-07-31T11:20:46Z
x-li-fabric: prod-lva1
x-li-uuid: AAY7N9U5E8J45wI5jBdfGA==
x-li-proto: http/2
alt-svc: h3=":443"; ma=86400
x-cache: CONFIG_NOCACHE
content-length: 0
date: Thu, 31 Jul 2025 11:20:46 GMT
content-type: application/javascript

Redirect headers

linkedin-action: 1
x-li-pop: afd-prod-lva1-x
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=233121&time=1753960846319&li_adsId=fd0c5a62-92a4-4646-b95a-1f40f072c884&url=https%3A%2F%2Fonapsis.com%2Fblog%2Factive-exploitation-of-sap-vulnerability-cve-2025-31324%2F&e_ipv6=AQJXPtmEHemP-AAAAZhgNpRCG-VdW3DJqZ4lj-wIby8oRP40SMYgyywgmfsoA3ySp7jphg
x-msedge-ref: Ref A: A93D57461AD44233A16915303707B1FE Ref B: LAX311000111047 Ref C: 2025-07-31T11:20:46Z
x-li-fabric: prod-lva1
x-li-uuid: AAY7N9UzBUEwfs3y3VsTPw==
x-li-proto: http/2
alt-svc: h3=":443"; ma=86400
x-cache: CONFIG_NOCACHE
content-length: 0
date: Thu, 31 Jul 2025 11:20:45 GMT

OPTIONS
H2 200 visitor_events
app.qualified.com/w/1/oZz3gLc8CHEqcgPU/ Frame 0
0 443ms
279ms Preflight
text/plain 104.18.17.5
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://app.qualified.com/w/1/oZz3gLc8CHEqcgPU/visitor_events?wu=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.17.5 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://onapsis.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-expose-headers
access-control-max-age: 7200
cf-cache-status: DYNAMIC
cf-ray: 967cb55b4e277e95-LAX
content-length: 0
content-type: text/plain; charset=utf-8
date: Thu, 31 Jul 2025 11:20:46 GMT
server: cloudflare
vary: Accept-Encoding
x-cache: bypass
x-envoy-upstream-service-time: 2

POST
H2 204 visitor_events
app.qualified.com/w/1/oZz3gLc8CHEqcgPU/ 0
0 161ms
160ms Fetch
text/plain 104.18.17.5
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://app.qualified.com/w/1/oZz3gLc8CHEqcgPU/visitor_events?wu=

Requested by

Host: js.qualified.com
URL: https://js.qualified.com/qualified.js?token=oZz3gLc8CHEqcgPU

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.17.5 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Content-Type: application/json; charset=utf-8
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

access-control-max-age: 7200
x-request-id: cb98b80a-8760-4255-b11c-6476b91691a3
access-control-expose-headers
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
access-control-allow-methods: POST
x-content-type-options: nosniff
x-cache: bypass
date: Thu, 31 Jul 2025 11:20:46 GMT
content-type: text/plain; charset=utf-8
vary: Accept-Encoding,Origin
x-runtime: 0.007100
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubDomains
cache-control: no-cache
x-envoy-upstream-service-time: 9
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 967cb55d08797e95-LAX
access-control-allow-origin: *
x-xss-protection: 1; mode=block
server: cloudflare

GET
H3 200 /
www.google.com/pagead/1p-user-list/752136785/ 42 B
64 B 156ms
156ms Image
image/gif 142.251.40.132
GOOGLE

General

Check archive.org

Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/752136785/?random=1753960846029&cv=11&fst=1753959600000&bg=ffffff&guid=ON&async=1&en=gtag.config&gtm=45be57t1v9168840409z8811990233za200zb811990233zd811990233&gcd=13t3t3t3t5l1&dma=0&tag_exp=101509157~103116026~103200004~103233427~104527907~104684208~104684211~104934122~104934124~104948813~105103161~105103163~105124543~105124545&u_w=1600&u_h=1200&url=https%3A%2F%2Fonapsis.com%2Fblog%2Factive-exploitation-of-sap-vulnerability-cve-2025-31324%2F&hn=www.googleadservices.com&frm=0&tiba=CVE-2025-31324%20SAP%20Zero-Day%20Vulnerability%20%7C%20Full%20Threat%20Brief&did=dMWZhNz&gdid=dMWZhNz&npa=0&us_privacy=1YNY&pscdl=noapi&auid=577482889.1753960846&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSfADZpuyzQBOCxFgd0_j7guvekTGbfv7bNk6UfHD_9LpiP-l_LayDV_RnW6oVeeUbUN5KjxfCSLi3kJy_5BHIZrVrihzOr36SiqEQLjuXEyEdpJa4g3heojjU0ciKqlWQEUEoXGGFZEEYmZVwUdvvCOj4Sfx9B2uq3i7lrCM&random=4043750308&rmt_tld=0&ipr=y

Requested by

Host: onapsis.com
URL: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s80-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Thu, 31 Jul 2025 11:20:46 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 /
www.google.com/pagead/1p-user-list/752136785/ 42 B
64 B 159ms
158ms Image
image/gif 142.251.40.132
GOOGLE

General

Check archive.org

Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/752136785/?random=1753960846112&cv=11&fst=1753959600000&bg=ffffff&guid=ON&async=1&gtm=45be57t1v9168840409z8811990233za200zb811990233zd811990233&gcd=13t3t3t3t5l1&dma=0&tag_exp=101509157~103116026~103200004~103233427~104527907~104684208~104684211~104934122~104934124~104948813~105103161~105103163~105124543~105124545&u_w=1600&u_h=1200&url=https%3A%2F%2Fonapsis.com%2Fblog%2Factive-exploitation-of-sap-vulnerability-cve-2025-31324%2F&hn=www.googleadservices.com&frm=0&tiba=CVE-2025-31324%20SAP%20Zero-Day%20Vulnerability%20%7C%20Full%20Threat%20Brief&did=dMWZhNz&gdid=dMWZhNz&npa=0&us_privacy=1YNY&pscdl=noapi&auid=577482889.1753960846&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&_tu=Cg&rfmt=3&fmt=3&is_vtc=1&cid=CAQSfADZpuyzlMQjXYfC7C-Z6qNeATRwfZEicxXKuzPM9s0WD1u4O66XFhewYCi_ccBwLDX_nB9aHtfsMHeuS44oKP0AZzK1ZDwq1VMmGwld3L-ge3xrsYjDtPs3GB1k0B9fbXrqn0C3X_ecxx5PkAynZemIVRhRPLWCPQQqW6w&random=1723670776&rmt_tld=0&ipr=y

Requested by

Host: onapsis.com
URL: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s80-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Thu, 31 Jul 2025 11:20:46 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 onapsis.com.json Show response
script.crazyegg.com/pages/data-scripts/0104/0422/sampling/ 12 KB
3 KB 109ms
109ms XHR
application/json 104.19.148.8
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://script.crazyegg.com/pages/data-scripts/0104/0422/sampling/onapsis.com.json?t=1
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/commontransformations-scripts/56c5cafbc57c60bfe01dcd8ebd98c77e.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.148.8 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 110d632541ac58e9a495ee0bf469ec286f222aec118e153bb26d61b16aeb0e32

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

access-control-expose-headers: CE-Version
content-encoding: gzip
cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Thu, 31 Jul 2025 11:20:46 GMT
content-type: application/json
last-modified: Thu, 31 Jul 2025 11:05:16 GMT
vary: Accept-Encoding
priority: u=1,i
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
cf-ray: 967cb55bacd6a473-SJC
accept-ranges: bytes
access-control-allow-origin: *
content-length: 2360
ce-version: 11.5.426
server: cloudflare

GET
H2 200 i Show response
scout.salesloft.com/ 48 B
529 B 141ms
140ms XHR
application/json 3.220.20.113
AMAZON-AES

General

Check archive.org

Download Go to

Full URL

https://scout.salesloft.com/i

Requested by

Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.220.20.113 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-220-20-113.compute-1.amazonaws.com

Software

Resource Hash

9294edc245b7248a9542f1385a77f0575b6a8a8f8ff6d2e5fc8b937d35bc63ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-entry-pop: us-east-1
x-request-id: 3e5bd03da57114910be211d5b2225714
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
x-global-request-start: t=1753960846.720
x-entry-cluster: k8s04
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://onapsis.com
content-length: 48
date: Thu, 31 Jul 2025 11:20:46 GMT
content-type: application/json; charset=utf-8

POST
H3 204 / Show response
px.ads.linkedin.com/wa/ 0
41 B 145ms
144ms XHR
text/plain 150.171.22.12
MICROSOFT-CORP-MS...

General

Check archive.org

Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H3
Security: QUIC, , AES_256_GCM
Server: 150.171.22.12 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Accept: *
Content-Type: text/plain;charset=UTF-8

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: F5BF894E167846B1B7C11AAE794665DE Ref B: LAX311000111031 Ref C: 2025-07-31T11:20:46Z
x-li-fabric: prod-lva1
access-control-allow-credentials: true
x-li-uuid: AAY7N9U7RNkyOTvKgGJ9oA==
x-li-proto: http/1.1
access-control-allow-origin: https://onapsis.com
x-cache: CONFIG_NOCACHE
alt-svc: h3=":443"; ma=86400
date: Thu, 31 Jul 2025 11:20:46 GMT
vary: Origin

GET
H/1.1 200
OK 1.gif
imgsct.cookiebot.com/ 35 B
785 B 422ms
136ms Image
image/gif 2600:141b:1c00:2588::f09
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL: https://imgsct.cookiebot.com/1.gif?dgi=8c85b780-4554-4912-9c0e-576c77e2afb0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:2588::f09 Secaucus, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

x-goog-metageneration: 1
Access-Control-Expose-Headers: *
x-goog-hash: crc32c=rX4K2g==, md5=whlt6LpBLGDCKrSRr3sUCQ==
ETag: "c2196de8ba412c60c22ab491af7b1409"
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 35
Date: Thu, 31 Jul 2025 11:20:47 GMT
Last-Modified: Mon, 23 Oct 2023 11:39:32 GMT
Content-Type: image/gif
X-GUploader-UploadID: ABgVH88OK1Vlwdp4DFGDmjM_3uKv6a-w8EH1IfhvDC0O_hQsAxoyYeEAjGzEts6hXo4zDhYWQ7A3yTE
Cache-Control: public,max-age=1800
x-goog-storage-class: STANDARD
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
x-goog-generation: 1698061172769999
Content-Length: 35
Server: UploadServer

GET
H/1.1 200
OK pd.js Show response
go.onapsis.com/ 5 KB
2 KB 444ms
133ms Script
application/javascript 34.237.219.119
AMAZON-AES

General

Check archive.org

Download Go to

Full URL: https://go.onapsis.com/pd.js
Requested by: Host: onapsis.com
URL: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 34.237.219.119 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-237-219-119.compute-1.amazonaws.com
Software: /
Resource Hash: 41402adfc915ad6dfd6328c06c8038763d25fe603e63beba4a2638a2bbc03136

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

cache-control: max-age=63072000
content-encoding: gzip
etag: "15f4-gzip"
Connection: keep-alive
X-Pardot-Route: e8229a0ff18ebffc83a98010d2521dd5
expires: Sat, 31 Jul 2027 11:20:47 GMT
accept-ranges: bytes
Content-Length: 1988
Date: Thu, 31 Jul 2025 11:20:47 GMT
Content-Type: application/javascript
last-modified: Wed, 30 Jul 2025 21:02:35 GMT
vary: Accept-Encoding,User-Agent

GET
H3 200 zi-tag.js Show response
js.zi-scripts.com/ 9 KB
3 KB 187ms
101ms Script
application/javascript 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://js.zi-scripts.com/zi-tag.js
Requested by: Host: onapsis.com
URL: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.37.212 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3d068ef00c6c828cb59cc6c9957691c1e8f32d76d2085a5f80a9a312c2956d2f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
x-amz-version-id: rBH9QXTOd_Th.cIQv8GLyyH5x768sc8C
etag: W/"7341d29d35a92e01a30e0cc83f0f5b13"
age: 67120
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: rhRNNS43e6Q4ghv6-aqndth50vAE181zTEIw0fij6B1Zokt6iFX7dw==
date: Thu, 31 Jul 2025 11:20:47 GMT
content-type: application/javascript
last-modified: Thu, 15 May 2025 12:53:38 GMT
vary: accept-encoding
priority: u=3,i=?0
server-timing: cfExtPri
via: 1.1 16523cce37523eba437c692a0fe3e8b4.cloudfront.net (CloudFront)
cf-ray: 967cb55db8cf2aa0-LAX
x-amz-cf-pop: SFO53-P4
server: cloudflare

GET
H2 200 Onapsis-favicon-64x64-1.png
onapsis.com/wp-content/uploads/ 456 B
757 B 100ms
99ms Other
image/png 2606:4700::6811:efbc
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://onapsis.com/wp-content/uploads/Onapsis-favicon-64x64-1.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:efbc -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5cdd40ceedce2dc6ec04b3293c11736761c026e623912eb0fd2db4a4af20b2f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

x-pantheon-styx-hostname: styx-fe4-a-889c95989-ngrfl
cf-cache-status: HIT
etag: "680a85fd-1c8"
age: 1012776
expires: Sat, 01 Aug 2026 11:20:46 GMT
x-cache: HIT, HIT
date: Thu, 31 Jul 2025 11:20:46 GMT
content-type: image/png
last-modified: Thu, 24 Apr 2025 18:42:05 GMT
x-served-by: cache-chi-klot8100048-CHI, cache-dfw-kdfw8210027-DFW
x-cache-hits: 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=31536000
cache-control: public, max-age=31622400
x-timer: S1752494945.820422,VS0,VE2
x-styx-req-id: 60f5df88-5feb-11f0-a700-526665ac3503
via: 1.1 varnish, 1.1 varnish
cf-ray: 967cb55d3ade08e6-LAX
accept-ranges: bytes
content-length: 456
server: cloudflare

GET
H3 200 getSubscriptions Show response
js.zi-scripts.com/unified/v1/master/ 363 B
690 B 120ms
120ms Fetch
application/json 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.37.212 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: fbe6d564d69d1db6bc280883eb67d01c6d4cff0c4a43bd3feeefa2ed8e5e17a1

Request headers

Authorization: Bearer 23d0ce103e1671112507
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Content-Type: application/json
visited_url: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"16b-NJOkxIusFmX248QhaegouOLRc90"
apigw-requestid: Okmudg2ZvHcEPNA=
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: qTEnasAA601Dat6uvNnhjwePuadXazmo-AnmvOfDRCUcQfa4hGH47A==
date: Thu, 31 Jul 2025 11:20:47 GMT
content-type: application/json; charset=utf-8
vary: Origin
priority: u=1,i
server-timing: cfExtPri
via: 1.1 487030e98b2d847971febb6af0277360.cloudfront.net (CloudFront)
cf-ray: 967cb55f9c6f7d80-LAX
access-control-allow-origin: https://onapsis.com
x-amz-cf-pop: LAX54-P8
x-powered-by: Express
server: cloudflare

OPTIONS
H3 204 getSubscriptions
js.zi-scripts.com/unified/v1/master/ Frame 0
0 199ms
120ms Preflight 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.37.212 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,visited_url
Access-Control-Request-Method: GET
Origin: https://onapsis.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Origin,X-Requested-With,Content-Type,Accept,Authorization,X-Amp-Device-Id,X-Amp-Session-Id,visited_url,_zitok,forwarded,x-ziaccesstoken
access-control-allow-methods: POST, GET, OPTIONS, PATCH, DELETE, PUT
access-control-allow-origin: https://onapsis.com
alt-svc: h3=":443"; ma=86400
apigw-requestid: Okmucg_OPHcEPcA=
cf-cache-status: DYNAMIC
cf-ray: 967cb55edbf77d80-LAX
date: Thu, 31 Jul 2025 11:20:47 GMT
priority: u=1,i
server: cloudflare
server-timing: cfExtPri
vary: Origin
via: 1.1 487030e98b2d847971febb6af0277360.cloudfront.net (CloudFront)
x-amz-cf-id: cAyODLWZUJpMeDnm2g66fm3cAQGohdGYGBBineTHNtjhjk5TfbLK_A==
x-amz-cf-pop: LAX54-P8
x-cache: Miss from cloudfront
x-powered-by: Express

GET
H2 200 messenger Show response
app.qualified.com/w/1/oZz3gLc8CHEqcgPU/ Frame 73D5 8 KB
3 KB 457ms
316ms Document
text/html 104.18.17.5
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://app.qualified.com/w/1/oZz3gLc8CHEqcgPU/messenger?uuid=79ad82d2-8bc6-42f4-baf3-beb95c29387d

Requested by

Host: js.qualified.com
URL: https://js.qualified.com/qualified.js?token=oZz3gLc8CHEqcgPU

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.17.5 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

217a5b243049e130b653452767dcb9d107f7ac4ce63a55b6db465126170fd3a0

Security Headers

Name	Value
Content-Security-Policy
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36

Response headers

cache-control: max-age=0, private, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 967cb55f8a0bb860-LAX
content-encoding: gzip
content-security-policy
content-type: text/html; charset=utf-8
date: Thu, 31 Jul 2025 11:20:47 GMT
link: <https://assets.qualified.com/packs/css/vendors~widget/sandboxed/messenger-73e3bbe0.chunk.css>; rel=preload; as=style; nopush,<https://assets.qualified.com/packs/css/widget/sandboxed/messenger-ea37ea0f.chunk.css>; rel=preload; as=style; nopush
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
server-timing: cfCacheStatus;desc="DYNAMIC" cfOrigin;dur=236,cfEdge;dur=11
strict-transport-security: max-age=63072000; includeSubDomains
vary: Accept-Encoding
x-cache: miss
x-content-type-options: nosniff
x-download-options: noopen
x-envoy-upstream-service-time: 41
x-permitted-cross-domain-policies: none
x-request-id: 2647e3cd-32eb-4d61-909e-219b6147749e
x-runtime: 0.037694
x-xss-protection: 1; mode=block

OPTIONS
H2 200 visitor_events
app.qualified.com/w/1/oZz3gLc8CHEqcgPU/ Frame 0
0 149ms
148ms Preflight
text/plain 104.18.17.5
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://app.qualified.com/w/1/oZz3gLc8CHEqcgPU/visitor_events?wu=f56a8e31-692d-46f8-9ac0-b4dcbef48c74&uuid=79ad82d2-8bc6-42f4-baf3-beb95c29387d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.17.5 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://onapsis.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-expose-headers
access-control-max-age: 7200
cf-cache-status: DYNAMIC
cf-ray: 967cb55eaa8a7e95-LAX
content-length: 0
content-type: text/plain; charset=utf-8
date: Thu, 31 Jul 2025 11:20:47 GMT
server: cloudflare
vary: Accept-Encoding
x-cache: bypass
x-envoy-upstream-service-time: 2

POST
H2 204 visitor_events
app.qualified.com/w/1/oZz3gLc8CHEqcgPU/ 0
0 171ms
168ms Fetch
text/plain 104.18.17.5
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://app.qualified.com/w/1/oZz3gLc8CHEqcgPU/visitor_events?wu=f56a8e31-692d-46f8-9ac0-b4dcbef48c74&uuid=79ad82d2-8bc6-42f4-baf3-beb95c29387d

Requested by

Host: js.qualified.com
URL: https://js.qualified.com/qualified.js?token=oZz3gLc8CHEqcgPU

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.17.5 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Content-Type: application/json; charset=utf-8
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

access-control-max-age: 7200
x-request-id: 260efb2d-d371-4105-b211-10b553221197
access-control-expose-headers
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
access-control-allow-methods: POST
x-content-type-options: nosniff
x-cache: bypass
date: Thu, 31 Jul 2025 11:20:47 GMT
content-type: text/plain; charset=utf-8
vary: Accept-Encoding,Origin
x-runtime: 0.020774
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubDomains
cache-control: no-cache
x-envoy-upstream-service-time: 23
referrer-policy: strict-origin-when-cross-origin
x-download-options: noopen
cf-ray: 967cb55fabd97e95-LAX
access-control-allow-origin: *
x-xss-protection: 1; mode=block
server: cloudflare

GET
H/1.1 200
OK dc.js Show response
go.onapsis.com/dcjs/127021/2070/ 46 B
566 B 431ms
224ms Script
text/javascript 34.237.219.119
AMAZON-AES

General

Check archive.org

Download Go to

Full URL: https://go.onapsis.com/dcjs/127021/2070/dc.js
Requested by: Host: js.qualified.com
URL: https://js.qualified.com/qualified.js?token=oZz3gLc8CHEqcgPU
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 34.237.219.119 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-237-219-119.compute-1.amazonaws.com
Software: /
Resource Hash: 7bba17b490076798f613f9b01da8d6a2eb79808ae687d3e56543ba95fff3b16c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

x-pardot-rsp: 0/0/1
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
Connection: keep-alive
X-Pardot-Route: e8229a0ff18ebffc83a98010d2521dd5
expires: Thu, 19 Nov 1981 08:52:00 GMT
Content-Length: 46
p3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Date: Thu, 31 Jul 2025 11:20:47 GMT
Content-Type: text/javascript; charset=utf-8
vary: User-Agent

GET
H/1.1 200
OK analytics Show response
go.onapsis.com/ 3 KB
3 KB 545ms
493ms Script
text/javascript 34.237.219.119
AMAZON-AES

General

Check archive.org

Download Go to

Full URL: https://go.onapsis.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=40411&account_id=128021&title=CVE-2025-31324%20SAP%20Zero-Day%20Vulnerability%20%7C%20Full%20Threat%20Brief&url=https%3A%2F%2Fonapsis.com%2Fblog%2Factive-exploitation-of-sap-vulnerability-cve-2025-31324%2F&referrer=
Requested by: Host: go.onapsis.com
URL: https://go.onapsis.com/pd.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 34.237.219.119 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-237-219-119.compute-1.amazonaws.com
Software: /
Resource Hash: b345f8e221b5f533d5b361c6f7179e395f79e63cda1b88271227d97a8d809292

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

x-pardot-rsp: 0/0/1
cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
pragma: no-cache
Connection: keep-alive
X-Pardot-Route: 9b06e8e2308c32c7bf9ba8adfb7be2e1
expires: Thu, 19 Nov 1981 08:52:00 GMT
Content-Length: 1440
p3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Date: Thu, 31 Jul 2025 11:20:47 GMT
Content-Type: text/javascript; charset=utf-8
vary: Accept-Encoding,User-Agent

GET
H3 200 formcomplete.js Show response
ws-assets.zoominfo.com/ 49 KB
14 KB 209ms
114ms Script
application/javascript 104.16.118.43
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://ws-assets.zoominfo.com/formcomplete.js
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.16.118.43 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dcb09186a3d016b8ae56ecd0cb76f787254388177fc8318061d619b56a7d81b2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

x-goog-metageneration: 1
x-goog-hash: crc32c=A2aW0Q==, md5=JRurSHzL3UB0yE1Wjm0Zqg==
cf-cache-status: DYNAMIC
etag: W/"251bab487ccbdd4074c84d568e6d19aa"
age: 2390
content-encoding: gzip
x-goog-stored-content-encoding: identity
expires: Thu, 31 Jul 2025 11:40:57 GMT
alt-svc: h3=":443"; ma=86400
x-goog-stored-content-length: 50634
server-timing: cfExtPri
date: Thu, 31 Jul 2025 11:20:47 GMT
content-type: application/javascript
last-modified: Wed, 06 Nov 2024 05:44:23 GMT
priority: u=3,i=?0
x-guploader-uploadid: ABgVH89pEPTjTX0n0910asSB564hZuiM6S67EjLeAo4SjtntxRZYU-VIgBW_ffOrhG2jsjmfJTodfMM
cache-control: public, max-age=3600
x-goog-storage-class: STANDARD
cf-ray: 967cb5610a56cf0e-SJC
x-goog-generation: 1730871862939881
server: cloudflare

GET
H3 200 / Show response
ws.zoominfo.com/pixel/627032caf8fce90012dbe581/ 3 KB
2 KB 342ms
259ms Fetch
text/javascript 104.16.118.43
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://ws.zoominfo.com/pixel/627032caf8fce90012dbe581/?iszitag=true

Requested by

Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.118.43 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

bcd8f12bb15fe2f7439a3436246da7c6cf1bd3477297c719cc22f78c56ffa765

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

_zitok: 0a4662d6ce480127d0381753960847
_vtok: MTYyLjI0NS4yMDYuMjQ1
visited-url: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Content-Type: text/javascript

Response headers

x-robots-tag: noindex, nofollow
content-encoding: gzip
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Thu, 31 Jul 2025 11:20:47 GMT
content-type: text/javascript
vary: Accept-Encoding
priority: u=1,i
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url,page-url,evi
access-control-allow-credentials: true
via: 1.1 google
cf-ray: 967cb562abc5cec1-SJC
access-control-allow-origin: https://onapsis.com
x-powered-by: Express
server: cloudflare

OPTIONS
H3 200 /
ws.zoominfo.com/pixel/627032caf8fce90012dbe581/ Frame 0
0 268ms
174ms Preflight
text/html 104.16.118.43
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://ws.zoominfo.com/pixel/627032caf8fce90012dbe581/?iszitag=true

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.118.43 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: _vtok,_zitok,content-type,visited-url
Access-Control-Request-Method: GET
Origin: https://onapsis.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url,page-url,evi
access-control-allow-origin: https://onapsis.com
allow: GET,HEAD
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 967cb5610dd4fc54-SJC
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 31 Jul 2025 11:20:47 GMT
priority: u=1,i
server: cloudflare
server-timing: cfExtPri
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

GET
H2 200 messenger-73e3bbe0.chunk.css
assets.qualified.com/packs/css/vendors~widget/sandboxed/ Frame 73D5 35 KB
7 KB 96ms
81ms Stylesheet
text/css 104.18.17.5
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://assets.qualified.com/packs/css/vendors~widget/sandboxed/messenger-73e3bbe0.chunk.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.17.5 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 539a0f79ee1e1adcceae9e4da45d8024c892b54da0a9cafe552d4356e35459bf

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://app.qualified.com/

Response headers

x-amz-id-2: JDijG78W4uwPlRO+Fw+EOTznyB0knNVSSpUJZCALo6N3ifjfBXh23SEAU3PHCmVs84oVNdpYS4w=
content-encoding: gzip
cf-cache-status: HIT
x-amz-version-id: null
etag: W/"ce59116d87567405bc4b426a05a1ba41"
age: 5676
x-amz-request-id: 7T1N6976PCYC0BWR
cf-ray: 967cb561ae1fb860-LAX
date: Thu, 31 Jul 2025 11:20:47 GMT
content-type: text/css
last-modified: Fri, 18 Jul 2025 14:38:42 GMT
vary: Accept-Encoding
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 messenger-ea37ea0f.chunk.css
assets.qualified.com/packs/css/widget/sandboxed/ Frame 73D5 5 KB
1 KB 97ms
82ms Stylesheet
text/css 104.18.17.5
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://assets.qualified.com/packs/css/widget/sandboxed/messenger-ea37ea0f.chunk.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.17.5 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6ec35ab99388f6afab345622a22772619b83b7d63705d98df3c404da782fcabb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://app.qualified.com/

Response headers

x-amz-id-2: pV+pGahfdYYg2ascqgDinnWk9ytl/yvoCcqUp4BgVtOaBFcUD+3iOtzWMfoAFcs610KlyNWFznI=
content-encoding: gzip
cf-cache-status: HIT
x-amz-version-id: null
etag: W/"22d5f23e695250d3c5a5b1e76a015c5e"
age: 4688
x-amz-request-id: 2NRVRY3FDTEAR5MP
cf-ray: 967cb561ae21b860-LAX
date: Thu, 31 Jul 2025 11:20:47 GMT
content-type: text/css
last-modified: Wed, 16 Jul 2025 22:14:10 GMT
vary: Accept-Encoding
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 messenger~runtime-b6a8d296e82f3954cf17.js Show response
assets.qualified.com/packs/js/widget/sandboxed/ Frame 73D5 2 KB
1 KB 98ms
84ms Script
application/javascript 104.18.17.5
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://assets.qualified.com/packs/js/widget/sandboxed/messenger~runtime-b6a8d296e82f3954cf17.js
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/oZz3gLc8CHEqcgPU/messenger?uuid=79ad82d2-8bc6-42f4-baf3-beb95c29387d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.17.5 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1cb138762b26b0a03f76f2a1724c0e4d8ecbde3c5fda1a581a38b2f09bc1653a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://app.qualified.com/

Response headers

x-amz-id-2: 8E5pQeKm890yqbKKGLmDSywN5CPl0YbPAuEEWlrmuaTx7cIqarlSTotY8Yvt7j7nJiifUbjYsVE=
content-encoding: gzip
cf-cache-status: HIT
x-amz-version-id: null
etag: W/"12811ee0d1deb75afa4ccca751f08178"
age: 6781
x-amz-request-id: VE4P9MBQV0SJCW9E
cf-ray: 967cb561ae24b860-LAX
date: Thu, 31 Jul 2025 11:20:47 GMT
content-type: application/javascript
last-modified: Thu, 31 Jul 2025 00:20:53 GMT
vary: Accept-Encoding
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 messenger-b6a8d296e82f3954cf17.chunk.js Show response
assets.qualified.com/packs/js/widget-sandboxed-chunks/vendors~widget/sandboxed/ Frame 73D5 2 MB
484 KB 96ms
85ms Script
application/javascript 104.18.17.5
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://assets.qualified.com/packs/js/widget-sandboxed-chunks/vendors~widget/sandboxed/messenger-b6a8d296e82f3954cf17.chunk.js
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/oZz3gLc8CHEqcgPU/messenger?uuid=79ad82d2-8bc6-42f4-baf3-beb95c29387d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.17.5 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: de69e693ba5e33c46a3054f2aab8cec6ae1c4675f54ccb245b6d49ede72bb451

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://app.qualified.com/

Response headers

x-amz-id-2: N8ByKQVLvRfGtkDSI8kMrgTUJQ5i+uNZPA+L3hXy6goOTKmMDGIXuKAe8s0TUdL1O1oUkVWVRyXFeJDKWp1IP81hIXGqWOP6
content-encoding: gzip
cf-cache-status: HIT
x-amz-version-id: null
etag: W/"c3c82b1b00d2d14be0bb89041ff1725f"
age: 6781
x-amz-request-id: VE4KJVA3M4W2DVH1
cf-ray: 967cb561ae23b860-LAX
date: Thu, 31 Jul 2025 11:20:47 GMT
content-type: application/javascript
last-modified: Thu, 31 Jul 2025 00:20:54 GMT
vary: Accept-Encoding
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 messenger-b6a8d296e82f3954cf17.chunk.js Show response
assets.qualified.com/packs/js/widget-sandboxed-chunks/widget/sandboxed/ Frame 73D5 1 MB
330 KB 138ms
136ms Script
application/javascript 104.18.17.5
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://assets.qualified.com/packs/js/widget-sandboxed-chunks/widget/sandboxed/messenger-b6a8d296e82f3954cf17.chunk.js
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/oZz3gLc8CHEqcgPU/messenger?uuid=79ad82d2-8bc6-42f4-baf3-beb95c29387d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.17.5 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8b1bdd072dab97246d340dcb1271d25fd1f2d8dbc7c9f15fab6f79da153e54b4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://app.qualified.com/

Response headers

x-amz-id-2: 5FnzGhi2PV3pqT4/dUJIlLtFrHh1aXeD1rRAdZ828MZxhCcO2OdPjRS/sAgOGzg7Fq8tJhvwkys=
content-encoding: gzip
cf-cache-status: HIT
x-amz-version-id: null
etag: W/"4dd41a639d4e0a124009301dc05d4f49"
age: 6780
x-amz-request-id: VE4NDV69QH4AP6NS
cf-ray: 967cb5623f0cb860-LAX
date: Thu, 31 Jul 2025 11:20:47 GMT
content-type: application/javascript
last-modified: Thu, 31 Jul 2025 00:20:54 GMT
vary: Accept-Encoding
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 Inter-Regular-c8ba52b05a9ef10f47584d08ece2ec5c.woff2
assets.qualified.com/packs/media/fonts/inter/ Frame 73D5 97 KB
97 KB 331ms
165ms Font
font/woff2 104.18.17.5
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://assets.qualified.com/packs/media/fonts/inter/Inter-Regular-c8ba52b05a9ef10f47584d08ece2ec5c.woff2
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/oZz3gLc8CHEqcgPU/messenger?uuid=79ad82d2-8bc6-42f4-baf3-beb95c29387d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.17.5 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d612f1212b452af07f1a5defb2b672e76a91f7139e7499fa48bb9b2b985c22d6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Origin: https://app.qualified.com
Referer: https://app.qualified.com/

Response headers

access-control-max-age: 3600
access-control-expose-headers: ETag, Last-Modified, Cache-Control, Expires, CF-Cache-Status, CF-Ray
cf-cache-status: HIT
etag: "dc131113894217b5031000575d9de002"
x-amz-version-id: null
age: 1250481
access-control-allow-methods: GET, HEAD
expires: Fri, 17 Jul 2026 04:14:31 GMT
date: Thu, 31 Jul 2025 11:20:47 GMT
content-type: font/woff2
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 16 Jul 2025 22:14:33 GMT
x-amz-id-2: 1aAsMrEv5NtrB0gjuR3ueeE9RYCipvpE8CRph+mhN3W1jiTikEvlFbDfq3jjOSlfQxWhGEN6Kl4yWUvMS+Letg==
cache-control: public, max-age=31557600
x-amz-request-id: 2NRWYCMQAJHRF94A
cf-ray: 967cb562aefb08f4-LAX
accept-ranges: bytes
access-control-allow-origin: *
content-length: 98868
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 Inter-SemiBold-b5f0f109bc88052d4000c58ca615671d.woff2
assets.qualified.com/packs/media/fonts/inter/ Frame 73D5 103 KB
104 KB 255ms
89ms Font
font/woff2 104.18.17.5
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://assets.qualified.com/packs/media/fonts/inter/Inter-SemiBold-b5f0f109bc88052d4000c58ca615671d.woff2
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/oZz3gLc8CHEqcgPU/messenger?uuid=79ad82d2-8bc6-42f4-baf3-beb95c29387d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.17.5 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 152261291c938aa5aad6a56d52b47ffcb893d1c0387e76d7f270a7382ff786d5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Origin: https://app.qualified.com
Referer: https://app.qualified.com/

Response headers

access-control-max-age: 3600
access-control-expose-headers: ETag, Last-Modified, Cache-Control, Expires, CF-Cache-Status, CF-Ray
cf-cache-status: HIT
etag: "007ad31a53f4ab3f58ee74f2308482ce"
x-amz-version-id: null
age: 1250481
access-control-allow-methods: GET, HEAD
expires: Fri, 17 Jul 2026 04:14:31 GMT
date: Thu, 31 Jul 2025 11:20:47 GMT
content-type: font/woff2
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 16 Jul 2025 22:14:33 GMT
x-amz-id-2: qTvcQH5bv0wZchBJBp70WrZUgPdVMWtkfoHWoRlYhxXoiYnCBSvqOl0y1uMbBJb6M3mv33UFOPL5k7dlLwpWERIYmqCWTcY3aifZgo4xc2I=
cache-control: public, max-age=31557600
x-amz-request-id: FXDXC5QE5Q0G8YP1
cf-ray: 967cb562aef908f4-LAX
accept-ranges: bytes
access-control-allow-origin: *
content-length: 105804
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 vcd15cbe7772f49c399c6a5babf22c1241717689176015 Show response
static.cloudflareinsights.com/beacon.min.js/ Frame 73D5 19 KB
7 KB 245ms
82ms Script
text/javascript 2606:4700::6810:4f49
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/oZz3gLc8CHEqcgPU/messenger?uuid=79ad82d2-8bc6-42f4-baf3-beb95c29387d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:4f49 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Origin: https://app.qualified.com
Referer: https://app.qualified.com/

Response headers

cache-control: public, max-age=86400
content-encoding: gzip
etag: W/"2024.6.1"
cross-origin-resource-policy: cross-origin
cf-ray: 967cb5629ffa69a6-LAX
access-control-allow-origin: *
date: Thu, 31 Jul 2025 11:20:47 GMT
content-type: text/javascript;charset=UTF-8
last-modified: Thu, 06 Jun 2024 15:52:56 GMT
vary: Accept-Encoding
server: cloudflare

OPTIONS
H3 200 forms
ws.zoominfo.com/formcomplete-v2/ Frame 0
0 174ms
173ms Preflight
text/html 104.16.118.43
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/forms

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.118.43 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://onapsis.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,Authorization,visitorId,_zitok
access-control-allow-origin: https://onapsis.com
allow: POST
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 967cb5625895fc54-SJC
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 31 Jul 2025 11:20:47 GMT
priority: u=1,i
server: cloudflare
server-timing: cfExtPri
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

POST
H3 200 forms Show response
ws.zoominfo.com/formcomplete-v2/ 1 KB
899 B 197ms
194ms Fetch
application/json 104.16.118.43
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/forms

Requested by

Host: ws-assets.zoominfo.com
URL: https://ws-assets.zoominfo.com/formcomplete.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.118.43 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

90d335e04f7e9af5acc3909211ad9b816b5c39429b93d0883bb2335bb5378268

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Authorization: bearer 59bfb4fd5caefd5a63f1613529a522
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

x-robots-tag: noindex, nofollow
content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"4da-fOiINVSshKX3/3cTURTPZLjZ0Hw"
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Thu, 31 Jul 2025 11:20:48 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
priority: u=1,i
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,Authorization, visitorId, _zitok
access-control-allow-credentials: true
via: 1.1 google
cf-ray: 967cb5637c78cec1-SJC
access-control-allow-origin: https://onapsis.com
x-powered-by: Express
server: cloudflare

GET
H/1.1 200
OK analytics Show response
pi.pardot.com/ 50 B
1 KB 513ms
241ms Script
text/javascript 54.158.196.145
AMAZON-AES

General

Check archive.org

Download Go to

Full URL

https://pi.pardot.com/analytics?conly=true&visitor_id=666214085&visitor_id_sign=cf499703e47ff157c6cc49408795b85b5f262bfbe4548f7396bbce5cc48177765ce909b3490639b841c34e3b90cdc4e388230658&pi_opt_in=&campaign_id=40411&account_id=128021&title=CVE-2025-31324%20SAP%20Zero-Day%20Vulnerability%20%7C%20Full%20Threat%20Brief&url=https%3A%2F%2Fonapsis.com%2Fblog%2Factive-exploitation-of-sap-vulnerability-cve-2025-31324%2F&referrer=

Requested by

Host: go.onapsis.com
URL: https://go.onapsis.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=40411&account_id=128021&title=CVE-2025-31324%20SAP%20Zero-Day%20Vulnerability%20%7C%20Full%20Threat%20Brief&url=https%3A%2F%2Fonapsis.com%2Fblog%2Factive-exploitation-of-sap-vulnerability-cve-2025-31324%2F&referrer=

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

54.158.196.145 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-158-196-145.compute-1.amazonaws.com

Software

Resource Hash

dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-pardot-rsp: 0/0/1
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
Connection: keep-alive
X-Pardot-Route: 9b06e8e2308c32c7bf9ba8adfb7be2e1
expires: Thu, 19 Nov 1981 08:52:00 GMT
Content-Length: 50
p3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Date: Thu, 31 Jul 2025 11:20:48 GMT
Content-Type: text/javascript; charset=utf-8
vary: User-Agent

POST
H2 200 / Show response
o209747.ingest.us.sentry.io/api/4508915056574464/envelope/ Frame 73D5 2 B
300 B 257ms
94ms Fetch
application/json 34.120.195.249
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Download Go to

Full URL

https://o209747.ingest.us.sentry.io/api/4508915056574464/envelope/?sentry_key=c36ec735e564530732f0d75311d173b6&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.119.1

Requested by

Host: assets.qualified.com
URL: https://assets.qualified.com/packs/js/widget-sandboxed-chunks/vendors~widget/sandboxed/messenger-b6a8d296e82f3954cf17.chunk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

249.195.120.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://app.qualified.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy: cross-origin
via: 1.1 google
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
date: Thu, 31 Jul 2025 11:20:48 GMT
content-type: application/json
vary: origin, access-control-request-method, access-control-request-headers
server: nginx

POST
H2 204 rum Show response
app.qualified.com/cdn-cgi/ Frame 73D5 0
183 B 76ms
74ms XHR
text/plain 104.18.17.5
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://app.qualified.com/cdn-cgi/rum?

Requested by

Host: assets.qualified.com
URL: https://assets.qualified.com/packs/js/widget-sandboxed-chunks/vendors~widget/sandboxed/messenger-b6a8d296e82f3954cf17.chunk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.17.5 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
content-type: application/json
Referer: https://app.qualified.com/w/1/oZz3gLc8CHEqcgPU/messenger?uuid=79ad82d2-8bc6-42f4-baf3-beb95c29387d

Response headers

access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-methods: POST,OPTIONS
x-content-type-options: nosniff
cf-ray: 967cb5660e5bb860-LAX
access-control-allow-origin: https://app.qualified.com
date: Thu, 31 Jul 2025 11:20:48 GMT
vary: Origin
server: cloudflare
x-frame-options: DENY

GET
BLOB 200
OK 65b7aa5f-34b3-4c45-9082-5ef840242b89 Show response
https://onapsis.com/ 3 KB
0 Script
text/javascript

General

Check archive.org

Download Go to

Full URL: blob:https://onapsis.com/65b7aa5f-34b3-4c45-9082-5ef840242b89
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bcd8f12bb15fe2f7439a3436246da7c6cf1bd3477297c719cc22f78c56ffa765

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: text/javascript
Content-Length: 3456

GET
H/1.1 200
OK c83fac3ecbd7e775bc52b90427860dc786ec6f993ad9beead4288ae5bdf0b7c1.png
qualified-production.s3.us-east-1.amazonaws.com/uploads/ Frame 73D5 4 KB
5 KB 451ms
148ms Image
image/png 54.231.204.114
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://qualified-production.s3.us-east-1.amazonaws.com/uploads/c83fac3ecbd7e775bc52b90427860dc786ec6f993ad9beead4288ae5bdf0b7c1.png
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 54.231.204.114 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-east-1-r-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 340596495504bf1de45ed32545219fe547c17113c14b8721af2dbde0eb18d46f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://app.qualified.com/

Response headers

x-amz-id-2: U5nECryPZ+/mhvGnPlgKOPyml5abWeIN9e/GFis47eYeWB6FEMkDvsU6bEixRuiJB9CDJundtkE=
Cache-Control: Cache-Control: public, max-age=31536000
ETag: "50a551e80a783169c908e8bdbb6d28ca"
x-amz-version-id: null
x-amz-request-id: FNPMH778VCD3GA5S
Accept-Ranges: bytes
Content-Length: 4430
Date: Thu, 31 Jul 2025 11:20:51 GMT
Last-Modified: Tue, 12 Mar 2024 13:38:23 GMT
Content-Type: image/png
Server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H/1.1 200
OK 7af6569e3de1da8e3011b32b4efeaf146dc62e0637cee5ecd6c39cb5fb76d36a.png
qualified-production.s3.us-east-1.amazonaws.com/uploads/ Frame 73D5 4 KB
5 KB 147ms
147ms Image
image/png 54.231.204.114
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://qualified-production.s3.us-east-1.amazonaws.com/uploads/7af6569e3de1da8e3011b32b4efeaf146dc62e0637cee5ecd6c39cb5fb76d36a.png
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 54.231.204.114 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-east-1-r-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 340596495504bf1de45ed32545219fe547c17113c14b8721af2dbde0eb18d46f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://app.qualified.com/

Response headers

x-amz-id-2: Evf5Z/4nyR3O/yQvmXC0jy442B7x6cm28NLRNUwiCga07lCHheUcCLBNvKlg5y7ycCa5O1d0Yrw=
Cache-Control: Cache-Control: public, max-age=31536000
ETag: "50a551e80a783169c908e8bdbb6d28ca"
x-amz-version-id: null
x-amz-request-id: FNPKD6S768C77KSE
Accept-Ranges: bytes
Content-Length: 4430
Date: Thu, 31 Jul 2025 11:20:51 GMT
Last-Modified: Tue, 12 Mar 2024 13:38:01 GMT
Content-Type: image/png
Server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H/1.1 200
OK c83fac3ecbd7e775bc52b90427860dc786ec6f993ad9beead4288ae5bdf0b7c1.png
qualified-production.s3.us-east-1.amazonaws.com/uploads/ Frame 73D5 4 KB
0 0ms
0ms Image
image/png 54.231.204.114
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL: https://qualified-production.s3.us-east-1.amazonaws.com/uploads/c83fac3ecbd7e775bc52b90427860dc786ec6f993ad9beead4288ae5bdf0b7c1.png
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 54.231.204.114 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-east-1-r-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 340596495504bf1de45ed32545219fe547c17113c14b8721af2dbde0eb18d46f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Referer: https://app.qualified.com/

Response headers

x-amz-id-2: U5nECryPZ+/mhvGnPlgKOPyml5abWeIN9e/GFis47eYeWB6FEMkDvsU6bEixRuiJB9CDJundtkE=
Cache-Control: Cache-Control: public, max-age=31536000
ETag: "50a551e80a783169c908e8bdbb6d28ca"
x-amz-version-id: null
x-amz-request-id: FNPMH778VCD3GA5S
Accept-Ranges: bytes
Content-Length: 4430
Date: Thu, 31 Jul 2025 11:20:51 GMT
Last-Modified: Tue, 12 Mar 2024 13:38:23 GMT
Content-Type: image/png
Server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 Inter-roman.var-ba4caefcdf5b36b438db92786991c845.woff2
assets.qualified.com/packs/media/fonts/inter/ Frame 73D5 222 KB
223 KB 85ms
84ms Font
font/woff2 104.18.17.5
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL: https://assets.qualified.com/packs/media/fonts/inter/Inter-roman.var-ba4caefcdf5b36b438db92786991c845.woff2
Requested by: Host: assets.qualified.com
URL: https://assets.qualified.com/packs/css/widget/sandboxed/messenger-ea37ea0f.chunk.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.17.5 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 17fe38ab302c7e5dbfb5c3d87801092d79be958500db6412ed3bc0f126bd53d3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Origin: https://app.qualified.com
Referer: https://assets.qualified.com/packs/css/widget/sandboxed/messenger-ea37ea0f.chunk.css

Response headers

access-control-max-age: 3600
access-control-expose-headers: ETag, Last-Modified, Cache-Control, Expires, CF-Cache-Status, CF-Ray
cf-cache-status: HIT
etag: "66c6e40883646a7ad993108b2ce2da32"
x-amz-version-id: null
age: 1250483
access-control-allow-methods: GET, HEAD
expires: Fri, 17 Jul 2026 04:14:32 GMT
date: Thu, 31 Jul 2025 11:20:50 GMT
content-type: font/woff2
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 16 Jul 2025 22:14:33 GMT
x-amz-id-2: miuq9WOTMxcL5S7etWVbEYMFuf+QuQqN9SbyLuUnDgoQ0PdQm8qQSLp4Lds/ifJ0YBJLqSWMZNw=
cache-control: public, max-age=31557600
x-amz-request-id: M69ZGWWG1NBKB4W1
cf-ray: 967cb573feb408f4-LAX
accept-ranges: bytes
access-control-allow-origin: *
content-length: 227180
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 206 7bfc614b2b8cf39efbfb3b15da61c94a.mp3
app.qualified.com/packs/ 6 KB
6 KB 83ms
82ms Media
audio/mpeg 104.18.16.5
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://app.qualified.com/packs/7bfc614b2b8cf39efbfb3b15da61c94a.mp3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.16.5 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3814cdd9f44b721f9c1cb111462e040b4a885d07cb143ee37b680d871cbfa94e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
Range: bytes=0-

Response headers

strict-transport-security: max-age=63072000; includeSubDomains
cf-cache-status: HIT
x-envoy-upstream-service-time: 1
age: 2797
Content-Range: bytes 0-5869/5870
cf-ray: 967cb579cd203efd-LAX
x-cache: miss
Content-Length: 5870
date: Thu, 31 Jul 2025 11:20:51 GMT
content-type: audio/mpeg
last-modified: Wed, 30 Jul 2025 16:51:03 GMT
vary: Accept-Encoding
server: cloudflare

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: onapsis.com
URL: blob:https://onapsis.com/850b66a9-65ee-4e58-b69c-15e7fd6698e0

Verdicts & Comments Add Verdict or Comment

88 JavaScript Window variables

These are the non-standard variables defined on the window object. These include var declarations and global functions and can be helpful in identifying possible client-side frameworks and code.

26 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.onapsis.com/	1970-01-21 09:22:16	Name: _gcl_au Value: 1.1.577482889.1753960846
.qualified.com/	1970-01-21 07:12:42	Name: __cf_bm Value: YGFgSSsC8_v9nw5FMTLFKbboBwtNx7iEFT5hLSQeN28-1753960845-1.0.1.1-TMGnfgYXKcTFdE.5dprZPuReBJtP.W9.xKaVKmQgGbygD1D3EiTLB0aI5c1kvGfD46ekTPVq1zZXS2Aey0E2JZWVS0mQJf8lWvhRFyeqeA0
.linkedin.com/	1970-01-21 09:22:16	Name: li_sugr Value: 4a0d4082-4cc4-49bf-aaf5-4bed1e3defea
.linkedin.com/	1970-01-21 15:58:16	Name: bcookie Value: "v=2&074af93f-bb0e-43a5-8f60-7d3222e0d603"
.linkedin.com/	1970-01-21 07:14:07	Name: lidc Value: "b=VGST00:s=V:r=V:a=V:p=V:g=3716:u=1:x=1:i=1753960846:t=1754047246:v=2:sig=AQEP1oCL9-orAnJIh15VAvmgNkSD4-Y-"
.onapsis.com/	1970-01-21 16:48:40	Name: _ga Value: GA1.1.1591284471.1753960846
.linkedin.com/	1970-01-21 07:55:52	Name: UserMatchHistory Value: AQJQhAWjaSj9QAAAAZhgNpOJ_IyuuSosjgya780dvUC0Cu8e8hPiF6YCVoFjo3vVuA6ps5RibFDYGQ
.linkedin.com/	1970-01-21 07:55:52	Name: AnalyticsSyncHistory Value: AQJH4qko86P2CAAAAZhgNpOJSLKvYra3vKvKgPmG4pv62P9fy8rdSYf1OVpr1uESn6T2ftLiS5iefNObK1cr6g
.onapsis.com/	1970-01-21 16:48:40	Name: _ga_2HEPRR6DH5 Value: GS2.1.s1753960846$o1$g0$t1753960846$j60$l0$h1027911399
.doubleclick.net/	1970-01-21 07:12:41	Name: test_cookie Value: CheckForPermission
.www.linkedin.com/	1970-01-21 15:58:16	Name: bscookie Value: "v=1&202507311120462d9d320d-5676-4bcf-80ba-3e9b09bbef03AQGnTCXlRySmzFN61jyT4SOnfafBCbob"
.linkedin.com/	1970-01-21 07:12:42	Name: __cf_bm Value: LhjbwmIOICRZM5oR1x4HfsBL16cM7Hxp3FNg5X6cGJM-1753960846-1.0.1.1-2rXSeAZ9VDys58iIbMd0yFuHq9KqM16OXOV1_21QrtMa7_WvayMUd07XZQb8XPTsMxsHjWSS6ZeWTXlRuayKThU53g5qe3W719YEc83GrYc
onapsis.com/	1970-01-21 07:22:45	Name: slireg Value: https://scout.us3.salesloft.com
onapsis.com/	1970-01-21 15:58:16	Name: sliguid Value: f7bcb149-fb81-46f5-9d25-c4586c0989c5
onapsis.com/	1970-01-21 15:58:16	Name: slirequested Value: true
.www.google-analytics.com/	1970-01-21 09:22:16	Name: ar_debug Value: 1
.onapsis.com/	1970-01-21 15:58:16	Name: _zitok Value: 0a4662d6ce480127d0381753960847
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: 9X4.TXUVcDMoCYGV_GFbjoKvkvtck.DSOZibAJjuBGc-1753960847560-0.0.1.1-604800000
go.onapsis.com/	1970-01-21 16:48:40	Name: visitor_id127021 Value: 666214085
go.onapsis.com/	1970-01-21 16:48:40	Name: visitor_id127021-hash Value: cf499703e47ff157c6cc49408795b85b5f262bfbe4548f7396bbce5cc48177765ce909b3490639b841c34e3b90cdc4e388230658
go.onapsis.com/	1970-01-21 07:12:42	Name: lpv127021 Value: aHR0cHM6Ly9vbmFwc2lzLmNvbS9ibG9nL2FjdGl2ZS1leHBsb2l0YXRpb24tb2Ytc2FwLXZ1bG5lcmFiaWxpdHktY3ZlLTIwMjUtMzEzMjQv
onapsis.com/	1970-01-21 16:48:40	Name: visitor_id127021 Value: 666214085
onapsis.com/	1970-01-21 16:48:40	Name: visitor_id127021-hash Value: cf499703e47ff157c6cc49408795b85b5f262bfbe4548f7396bbce5cc48177765ce909b3490639b841c34e3b90cdc4e388230658
.pardot.com/	1970-01-21 16:48:40	Name: visitor_id127021 Value: 666214085
.pardot.com/	1970-01-21 16:48:40	Name: visitor_id127021-hash Value: cf499703e47ff157c6cc49408795b85b5f262bfbe4548f7396bbce5cc48177765ce909b3490639b841c34e3b90cdc4e388230658
.onapsis.com/	1970-01-21 16:48:40	Name: __q_state_oZz3gLc8CHEqcgPU Value: eyJ1dWlkIjoiNzlhZDgyZDItOGJjNi00MmY0LWJhZjMtYmViOTVjMjkzODdkIiwiY29va2llRG9tYWluIjoib25hcHNpcy5jb20iLCJtZXNzZW5nZXJFeHBhbmRlZCI6ZmFsc2UsInByb21wdERpc21pc3NlZCI6ZmFsc2UsImNvbnZlcnNhdGlvbklkIjoiMTcwOTY0NDU4ODg4OTE5NTU0NCJ9

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
violation	error	URL: https://js.qualified.com/qualified.js?token=oZz3gLc8CHEqcgPU(Line 303) Message: Potential permissions policy violation: camera is not allowed in this document.
violation	error	URL: https://js.qualified.com/qualified.js?token=oZz3gLc8CHEqcgPU(Line 303) Message: Potential permissions policy violation: microphone is not allowed in this document.
violation	error	Message: Potential permissions policy violation: camera is not allowed in this document.
violation	error	Message: Potential permissions policy violation: microphone is not allowed in this document.
javascript	verbose	URL: https://assets.qualified.com/packs/js/widget-sandboxed-chunks/vendors~widget/sandboxed/messenger-b6a8d296e82f3954cf17.chunk.js(Line 1) Message: Rendering was performed in a subtree hidden by content-visibility.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.google.com
app.qualified.com
assets.qualified.com
consent.cookiebot.com
consentcdn.cookiebot.com
fonts.googleapis.com
fonts.gstatic.com
go.onapsis.com
googleads.g.doubleclick.net
imgsct.cookiebot.com
js.qualified.com
js.zi-scripts.com
lh7-rt.googleusercontent.com
o209747.ingest.us.sentry.io
onapsis.com
pi.pardot.com
px.ads.linkedin.com
px4.ads.linkedin.com
qualified-production.s3.us-east-1.amazonaws.com
scout-cdn.salesloft.com
scout.salesloft.com
script.crazyegg.com
snap.licdn.com
static.cloudflareinsights.com
stats.g.doubleclick.net
td.doubleclick.net
ws-assets.zoominfo.com
ws.zoominfo.com
www.acuteinspiration-inventive.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.linkedin.com
onapsis.com
104.16.118.43
104.18.16.5
104.18.17.5
104.18.37.212
104.19.148.8
142.250.80.66
142.250.80.67
142.251.40.132
150.171.22.12
150.171.22.14
172.64.146.215
2001:4860:4802:38::178
2600:141b:1c00:16::17c4:309
2600:141b:1c00:2588::f09
2600:141b:1c00:258b::f09
2600:141b:1c00:6::17df:d105
2606:4700::6810:4f49
2606:4700::6810:97f0
2606:4700::6811:efbc
2607:f8b0:4004:c17::9d
2607:f8b0:4006:816::200e
2607:f8b0:4006:81d::2008
2607:f8b0:4006:821::200a
2607:f8b0:4006:822::2002
2607:f8b0:4006:824::2001
2620:1ec:50::12
3.220.20.113
34.120.195.249
34.237.219.119
52.146.86.174
54.158.196.145
54.231.204.114
04b80017bd0ae04f5954416339c1ea2f779f5cc1bfbd830a7543bd6c441155a8
04f51152324eadaa3f4eace582a4be7ebbf1a739a6a24c17e66ce8f10e0b820c
110d632541ac58e9a495ee0bf469ec286f222aec118e153bb26d61b16aeb0e32
13190d1d9f702a388dabcaf2763b023467d6b764f8d9db747e9503b023424bd8
13b5dd5e681f003b9cd1dd842215a7fb871600ebde14876f9665d9e3d85e1aab
152261291c938aa5aad6a56d52b47ffcb893d1c0387e76d7f270a7382ff786d5
166d465bcd83837a6d106db0ec5b8285c89746b1e10152d10a94675a983eebd5
17fe38ab302c7e5dbfb5c3d87801092d79be958500db6412ed3bc0f126bd53d3
1cb138762b26b0a03f76f2a1724c0e4d8ecbde3c5fda1a581a38b2f09bc1653a
1cfea949b0b2925d27b84d56d18f2ea1c6b948fdf3ae95c534a14706043da178
1d1ec96cae733336526fef6359bb5e34a7132e51c7f6f036710f6baaa5fc87ee
217a5b243049e130b653452767dcb9d107f7ac4ce63a55b6db465126170fd3a0
250aa5ee393f824226b63cf1b9906178e45b2c8d230c6b4f6735bb6c98226b13
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2ada301d803d8f4b2ba210c9c57091378255ed54b96e4236a9e2ce587a2a4035
340596495504bf1de45ed32545219fe547c17113c14b8721af2dbde0eb18d46f
362d37d90e331895404cfd94b05731a91ce551ddba58882ee170b7debe344103
3814cdd9f44b721f9c1cb111462e040b4a885d07cb143ee37b680d871cbfa94e
39bad03c95f9b6c9a98fb74b39e0ba001334480b232567520ed651d18eec0419
3adf3a6f6e8478d69acbeb1a49d05e5f23ae94e5429295d81ea68e4c4e512381
3bb38d0f302677ff4104564454f60f495133579d6e6dfb722b3de850df596502
3d068ef00c6c828cb59cc6c9957691c1e8f32d76d2085a5f80a9a312c2956d2f
41402adfc915ad6dfd6328c06c8038763d25fe603e63beba4a2638a2bbc03136
428c16451c10bef07801218b44496b85e17ca0bebeaea9d4c875ad260ebdce8a
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44541c3de83c66a160430a4af9d92a91f055807876bfa1971a777a96898420d6
4791574df693f97f8cc46b8e97d34443d0d7a13c7f9f82cf4fe49a83bd18ab01
4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440
4caf5bf0ac3059aeca01ea3ce04970eac96442c2d87c6e1eee4d4a939f9eba65
53570a0890975ab3eb4a7fa3169e450adf9bbe786505c43d9e2b43ff2bbb5a87
539a0f79ee1e1adcceae9e4da45d8024c892b54da0a9cafe552d4356e35459bf
55e169c4e5d2faa26c6e1d402ac890ab852f0ad22281e0eaa02a3c0ab24207af
585855ece0f56ae59cf584f5068fc0b2f0742d9e55d6b1ef79b6e54916afbe5e
5cdd40ceedce2dc6ec04b3293c11736761c026e623912eb0fd2db4a4af20b2f8
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6d49a0f01e9d1ebed63562ce564659df1b27a333048c93873472013c200277e0
6de47615a27b52925a632e49d688c19a4222eb47292b46e6e779f314c7cde8f6
6e67d703e0c13b20be535d048fac3610238856ddda14cfb9cb5aa8c4a77486b1
6ec35ab99388f6afab345622a22772619b83b7d63705d98df3c404da782fcabb
738e5435f2d18427d291a0d6289eee0ebbc87b596d6003919f255760ac293104
783ad500474e1fef5574b1770da364112c896842e0d219dbd416862e0c9ba30c
7bba17b490076798f613f9b01da8d6a2eb79808ae687d3e56543ba95fff3b16c
7d6644bc60ebaefbd1cfa5f2ec60ea893e2e83ac9a53351ada6800d52b890c8f
7efc6c869247711fe2ed28022d72bf0bb13d077f50418d4614dd1b28544411cb
8181a739bd0ed0fd64624c4aa15b7847bc9d4fd0660bff56c8c9192c4ef75979
81b1a0d8dc84df5f772bd7200b0f304daa893d3b3a3997981ac5ec5a62ea3fd5
89cb89becde7f9c0410781dd59cde80a572bd18212443eb43dc6c8f14b1d0676
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f
8b1bdd072dab97246d340dcb1271d25fd1f2d8dbc7c9f15fab6f79da153e54b4
90d335e04f7e9af5acc3909211ad9b816b5c39429b93d0883bb2335bb5378268
9294edc245b7248a9542f1385a77f0575b6a8a8f8ff6d2e5fc8b937d35bc63ee
97fe2c6ff162518dbd5bafd59e2ac0c27f6d41076509f7bddc06f6240449f0a4
99d1e561bb319385712dbf3a878e7399a42ee2a7678d18eac4492fe0b1941283
a4b7b079fb0a9962451001ee62f9555abc376f0360028de71a0cf3eb45c8708c
a53ea5888ba2b443e175b7b3f2970b4dbb758b2704b2abf5c9cdb33b34365630
a82b6b3cfe141c010b3705ee57e77cfef0983d9c2153419591b527d69f23fab4
abf82bede9ba04c3b13630e2ea8392922254e44eb29300d21279c7a79bab3716
b345f8e221b5f533d5b361c6f7179e395f79e63cda1b88271227d97a8d809292
b75fe1a2f147e9db3d45f687dd4b0a18266d0b2baff630871d646f95963b6e9c
bcd8f12bb15fe2f7439a3436246da7c6cf1bd3477297c719cc22f78c56ffa765
c5bfdbc4d9c6810cba005d89d346ed24802905effc597d56e027b9e9eacf651d
d612f1212b452af07f1a5defb2b672e76a91f7139e7499fa48bb9b2b985c22d6
d64f6d81c97409fe3e32ceb344d0531f3c3d704788d8266a4ee7412221bee620
dcb09186a3d016b8ae56ecd0cb76f787254388177fc8318061d619b56a7d81b2
dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3
dd893facda501a51dc2d25d00e2ffb4fa9c74efaeb882a7d3de198377756dfa1
de69e693ba5e33c46a3054f2aab8cec6ae1c4675f54ccb245b6d49ede72bb451
de8ff35c6b720fbfd56b85ab2635778ff25cf767201441cc5e0c9fb1ec64a4bd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fbe6d564d69d1db6bc280883eb67d01c6d4cff0c4a43bd3feeefa2ed8e5e17a1

onapsis.com Open in urlscan Pro 2606:4700::6811:efbc Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

93 Requests

95 %HTTPS

47 %IPv6

21 Domains

33 Subdomains

31 IPs

3 Countries

3111 kBTransfer

7787 kBSize

26 Cookies

48 Outgoing links

Redirected requests

93 HTTP transactions Everything HTML Script Fetch XHR CSS Image Font Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

onapsis.com Open in urlscan Pro
2606:4700::6811:efbc Public Scan

Screenshot
Live screenshot

Full Image

93
Requests

95 %
HTTPS

47 %
IPv6

21
Domains

33
Subdomains

31
IPs

3
Countries

3111 kB
Transfer

7787 kB
Size

26
Cookies

93 HTTP transactions
1 data transactions