labs.watchtowr.com Open in urlscan Pro
2a04:4e42:200::775  Public Scan

14 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 28

• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3860676&time=1734012945248&url=https%3A%2F%2Flabs.watchtowr.com%2Fwhere-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day%2F HTTP 302
• https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3860676&time=1734012945248&url=https%3A%2F%2Flabs.watchtowr.com%2Fwhere-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day%2F&e_ipv6=AQJWI9MxplaTegAAAZO7OcPaZ9O1Q6o1gbEzL8YVaNGdmXBRA6KEx_-9S4fUHcGYSaC_Cvyc0mOdA5vERICAXFMF5MrJFg

49 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/	53 KB 18 KB	57ms 9ms	Document text/html	2a04:4e42:200::775 FASTLY
General Check archive.org Show headers Download Go to Full URL https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:200::775 , United States, ASN54113 (FASTLY, US), Reverse DNS Software openresty / Resource Hash f253b58a75f1de1ac8719428bc9843868e67c15e2878228ccd2a5190a3d5541d Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers accept-ranges bytes age 17627 alt-svc clear cache-control public, max-age=0 content-encoding gzip content-length 17594 content-type text/html; charset=utf-8 date Thu, 12 Dec 2024 14:15:45 GMT etag W/"d331-bxmXeS5jpVG+Pl2V19O5xMfO7Ok" ghost-fastly true server openresty status 200 OK vary Cookie, Accept-Encoding via 1.1 varnish, 1.1 varnish, 1.1 varnish x-cache MISS, MISS, HIT x-cache-hits 0, 0, 0 x-request-id 0a92b239-3bbb-4ecc-8a67-bd72d23da2ca x-served-by cache-ams2100135-AMS, cache-ams2100087-AMS, cache-fra-etou8220078-FRA x-timer S1734012945.099439,VS0,VE2
GET H2	200	css2 fonts.googleapis.com/	39 KB 3 KB	40ms 18ms	Stylesheet text/css	2a00:1450:4001:813::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Lora:ital,wght@0,400;0,500;0,600;0,700;1,400;1,700&family=Inter:wght@400;500;600;700;800&display=swap Requested by Host: labs.watchtowr.com URL: https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 4b9ee54747beb19126d4829f3bfc45823f5871c145a96256ee14d0000d35bd61 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://labs.watchtowr.com/ Response headers content-encoding gzip x-content-type-options nosniff expires Thu, 12 Dec 2024 14:15:45 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Thu, 12 Dec 2024 14:15:45 GMT content-type text/css; charset=utf-8 vary Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site last-modified Thu, 12 Dec 2024 14:15:45 GMT x-frame-options SAMEORIGIN strict-transport-security max-age=31536000 link <https://fonts.gstatic.com>; rel=preconnect; crossorigin cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * cross-origin-opener-policy same-origin-allow-popups cross-origin-resource-policy cross-origin access-control-allow-origin * x-xss-protection 0 server ESF
GET H2	200	screen.css labs.watchtowr.com/assets/built/	32 KB 7 KB	8ms 8ms	Stylesheet text/css	2a04:4e42:200::775 FASTLY
General Check archive.org Show headers Download Go to Full URL https://labs.watchtowr.com/assets/built/screen.css?v=437b7b1f32 Requested by Host: labs.watchtowr.com URL: https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:200::775 , United States, ASN54113 (FASTLY, US), Reverse DNS Software openresty / Resource Hash c04c22ec20671d45136ecbb2c6c1729daecf3a089378842a926769966202c863 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Response headers x-request-id 9d8b4f6e-f3c8-46e3-9c5d-745e64f3d53d content-encoding gzip etag W/"7f54-190396a44ad" age 92829 ghost-fastly true status 200 OK alt-svc clear x-cache MISS, MISS, HIT date Thu, 12 Dec 2024 14:15:45 GMT last-modified Fri, 21 Jun 2024 06:09:44 GMT vary Accept-Encoding x-cache-hits 0, 0, 1 content-type text/css; charset=UTF-8 x-served-by cache-ams2100145-AMS, cache-ams21027-AMS, cache-fra-etou8220078-FRA cache-control public, max-age=31536000 x-timer S1734012945.112187,VS0,VE2 via 1.1 varnish, 1.1 varnish, 1.1 varnish accept-ranges bytes content-length 6999 server openresty
GET H2	200	sodo-search.min.js Show response cdn.jsdelivr.net/ghost/sodo-search@~1.5/umd/	263 KB 83 KB	28ms 6ms	Script application/javascript	2a04:4e42:200::485 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/ghost/sodo-search@~1.5/umd/sodo-search.min.js Requested by Host: labs.watchtowr.com URL: https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:200::485 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 5457a83229acb39e1625c8e08964a52c5fbd5e604182ca19416cabc2ebb41169 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://labs.watchtowr.com Referer https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Response headers access-control-expose-headers * content-encoding br etag W/"41bb3-TlcqTJJfU4QXEfOqOvmN0FRqtPI" age 11687 x-content-type-options nosniff x-jsd-version-type version alt-svc h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 x-cache HIT date Thu, 12 Dec 2024 14:15:45 GMT content-type application/javascript; charset=utf-8 x-served-by cache-fra-etou8220053-FRA vary Accept-Encoding strict-transport-security max-age=31536000; includeSubDomains; preload cache-control public, max-age=600, s-maxage=43200, stale-while-revalidate=600, stale-if-error=86400 timing-allow-origin * cross-origin-resource-policy cross-origin accept-ranges bytes access-control-allow-origin * content-length 84199 x-jsd-version 1.5.1
GET H2	200	cards.min.js Show response labs.watchtowr.com/public/	6 KB 2 KB	9ms 9ms	Script application/javascript	2a04:4e42:200::775 FASTLY
General Check archive.org Show headers Download Go to Full URL https://labs.watchtowr.com/public/cards.min.js?v=437b7b1f32 Requested by Host: labs.watchtowr.com URL: https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:200::775 , United States, ASN54113 (FASTLY, US), Reverse DNS Software openresty / Resource Hash 7b257e1e81be5f3928d1fa0dc765a5d77eb818b61d72f940ee947dc955bbbb0b Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Response headers x-request-id bddd789a-5222-4723-974f-900f729448bc content-encoding gzip etag W/"143954965104cf254bf1a498449c6855" age 92829 ghost-fastly true status 200 OK alt-svc clear x-cache MISS, MISS, HIT date Thu, 12 Dec 2024 14:15:45 GMT content-type application/javascript x-served-by cache-ams21028-AMS, cache-ams21046-AMS, cache-fra-etou8220078-FRA x-cache-hits 0, 0, 1 vary Accept-Encoding cache-control public, max-age=31536000 x-timer S1734012945.153497,VS0,VE3 via 1.1 varnish, 1.1 varnish, 1.1 varnish accept-ranges bytes content-length 1520 server openresty
GET H2	200	cards.min.css labs.watchtowr.com/public/	37 KB 6 KB	9ms 8ms	Stylesheet text/css	2a04:4e42:200::775 FASTLY
General Check archive.org Show headers Download Go to Full URL https://labs.watchtowr.com/public/cards.min.css?v=437b7b1f32 Requested by Host: labs.watchtowr.com URL: https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:200::775 , United States, ASN54113 (FASTLY, US), Reverse DNS Software openresty / Resource Hash 27c72000333080dee55d65b2323469fa581afe51ee0d5f0653454cc0af078b7e Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Response headers x-request-id 3d44219e-5f8d-498b-b3d6-d51e329b9601 content-encoding gzip etag W/"78a238818fe197705adc97c6ad901852" age 92829 ghost-fastly true status 200 OK alt-svc clear x-cache MISS, MISS, HIT date Thu, 12 Dec 2024 14:15:45 GMT content-type text/css x-served-by cache-ams2100126-AMS, cache-ams21041-AMS, cache-fra-etou8220078-FRA x-cache-hits 0, 0, 1 vary Accept-Encoding cache-control public, max-age=31536000 x-timer S1734012945.121041,VS0,VE1 via 1.1 varnish, 1.1 varnish, 1.1 varnish accept-ranges bytes content-length 6285 server openresty
GET H2	200	js Show response www.googletagmanager.com/gtag/	300 KB 103 KB	46ms 25ms	Script application/javascript	2a00:1450:4001:80f::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-Q0QQGYH9DL Requested by Host: labs.watchtowr.com URL: https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash e232f96dfe045d17fd6d39f614c903e877ad390806686f8b95ee30969b1328eb Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Response headers content-encoding br report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],} expires Thu, 12 Dec 2024 14:15:45 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Thu, 12 Dec 2024 14:15:45 GMT content-type application/javascript; charset=UTF-8 vary Accept-Encoding access-control-allow-headers Cache-Control strict-transport-security max-age=31536000; includeSubDomains cache-control private, max-age=900 cross-origin-resource-policy cross-origin access-control-allow-credentials true content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0 access-control-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 104789 x-xss-protection 0 server Google Tag Manager
GET H2	200	23785948.js Show response js-na1.hs-scripts.com/	2 KB 1 KB	40ms 21ms	Script application/javascript	2606:4700::6810:8dd1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js-na1.hs-scripts.com/23785948.js Requested by Host: labs.watchtowr.com URL: https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:8dd1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a8089fca8ed4d9ae5ecda4ee3bf63341772d56c4ac4fa6ef3bf36436583d3f84 Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Response headers access-control-max-age 3600 content-encoding gzip cf-cache-status HIT age 2827 x-content-type-options nosniff date Thu, 12 Dec 2024 14:15:45 GMT x-hubspot-correlation-id b345760f-34fa-4367-9109-10b059e1494a content-type application/javascript;charset=utf-8 vary origin, Accept-Encoding last-modified Thu, 12 Dec 2024 13:28:38 GMT access-control-allow-credentials true cf-ray 8f0e540b5acabb8f-FRA accept-ranges bytes access-control-allow-origin https://labs.watchtowr.com content-length 637 server cloudflare
GET H2	200	watchTowr---Labs-White.svg labs.watchtowr.com/content/images/2022/04/	3 KB 1 KB	10ms 10ms	Image image/svg+xml	2a04:4e42:200::775 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://labs.watchtowr.com/content/images/2022/04/watchTowr---Labs-White.svg Requested by Host: labs.watchtowr.com URL: https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:200::775 , United States, ASN54113 (FASTLY, US), Reverse DNS Software openresty / Resource Hash 653dd026068639c920becd532cf32e17cab76ed6de3d821abfc7ba6c49b6ea64 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Response headers x-request-id 3857a535-7de3-4d15-affb-4be3300b2f94 content-encoding gzip etag W/"c1a-18078df92b7" age 1899081 ghost-fastly true status 200 OK alt-svc clear x-cache MISS, HIT, HIT date Thu, 12 Dec 2024 14:15:45 GMT content-type image/svg+xml last-modified Sat, 30 Apr 2022 05:09:19 GMT x-cache-hits 0, 11, 1 x-served-by cache-ams21080-AMS, cache-ams21080-AMS, cache-fra-etou8220078-FRA vary Accept-Encoding cache-control public, max-age=31536000 x-timer S1734012945.121282,VS0,VE3 via 1.1 varnish, 1.1 varnish, 1.1 varnish accept-ranges bytes access-control-allow-origin * content-length 1192 server openresty
GET H2	200	mitel.png labs.watchtowr.com/content/images/size/w1200/2024/12/	76 KB 76 KB	9ms 9ms	Image image/png	2a04:4e42:200::775 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://labs.watchtowr.com/content/images/size/w1200/2024/12/mitel.png Requested by Host: labs.watchtowr.com URL: https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:200::775 , United States, ASN54113 (FASTLY, US), Reverse DNS Software openresty / Resource Hash c1480fba917c337e2bb8fa13a4039519841f9625c780bd4f3feacefe797c0842 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Response headers x-request-id d32f548f-b355-46ef-aee0-ce31fdeede29 etag W/"12ef7-193901cf8a3" age 723308 ghost-fastly true status 206 Partial Content alt-svc clear x-cache MISS, HIT, HIT date Thu, 12 Dec 2024 14:15:45 GMT content-type image/png last-modified Wed, 04 Dec 2024 05:20:38 GMT x-cache-hits 0, 8, 0 x-served-by cache-ams2100097-AMS, cache-ams2100097-AMS, cache-fra-etou8220078-FRA cache-control public, max-age=31536000 x-timer S1734012945.121302,VS0,VE1 via 1.1 varnish, 1.1 varnish, 1.1 varnish accept-ranges bytes access-control-allow-origin * content-length 77559 server openresty
GET H2	200	logo-white.svg labs.watchtowr.com/assets/images/	630 B 551 B	10ms 9ms	Image image/svg+xml	2a04:4e42:200::775 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://labs.watchtowr.com/assets/images/logo-white.svg Requested by Host: labs.watchtowr.com URL: https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:200::775 , United States, ASN54113 (FASTLY, US), Reverse DNS Software openresty / Resource Hash ceaf8255e1258fa5e1e32c9dee6c940e0562695951c628f7415b9a93eb085e95 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Response headers x-request-id a1a460a3-e2cc-4646-a7f7-54ab4c283fb3 content-encoding gzip etag W/"276-190396a44ef" age 1899081 ghost-fastly true status 200 OK alt-svc clear x-cache MISS, HIT, HIT date Thu, 12 Dec 2024 14:15:45 GMT content-type image/svg+xml vary Accept-Encoding x-cache-hits 0, 11, 1 last-modified Fri, 21 Jun 2024 06:09:44 GMT x-served-by cache-ams2100128-AMS, cache-ams21064-AMS, cache-fra-etou8220078-FRA cache-control public, max-age=31536000 x-timer S1734012945.132576,VS0,VE2 via 1.1 varnish, 1.1 varnish, 1.1 varnish accept-ranges bytes content-length 356 server openresty
GET H2	200	main.min.js Show response labs.watchtowr.com/assets/built/	44 KB 16 KB	8ms 8ms	Script application/javascript	2a04:4e42:200::775 FASTLY
General Check archive.org Show headers Download Go to Full URL https://labs.watchtowr.com/assets/built/main.min.js?v=437b7b1f32 Requested by Host: labs.watchtowr.com URL: https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:200::775 , United States, ASN54113 (FASTLY, US), Reverse DNS Software openresty / Resource Hash 1fca19e97c3cbc726acc8d8e5ccb34aa99a0b6153054d724560a53c07a652397 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Response headers x-request-id 0d3e0cf7-c5da-4308-a746-d3fcef93c363 content-encoding gzip etag W/"b10f-190396a44a4" age 92829 ghost-fastly true status 200 OK alt-svc clear x-cache MISS, MISS, HIT date Thu, 12 Dec 2024 14:15:45 GMT last-modified Fri, 21 Jun 2024 06:09:44 GMT vary Accept-Encoding x-cache-hits 0, 0, 1 content-type application/javascript; charset=UTF-8 x-served-by cache-ams2100127-AMS, cache-ams2100147-AMS, cache-fra-etou8220078-FRA cache-control public, max-age=31536000 x-timer S1734012945.139989,VS0,VE1 via 1.1 varnish, 1.1 varnish, 1.1 varnish accept-ranges bytes content-length 16307 server openresty
GET H2	200	factors.js Show response app.factors.ai/assets/v1/	36 KB 10 KB	30ms 8ms	Script text/javascript	151.101.1.195 FASTLY
General Check archive.org Show headers Download Go to Full URL https://app.factors.ai/assets/v1/factors.js Requested by Host: labs.watchtowr.com URL: https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.1.195 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash fa9677c89fe1c6c38c9080eb6c2474a0c34a7c85e1b7d385c56ee9879a78f454 Security Headers Name Value Strict-Transport-Security max-age=31556926 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Response headers strict-transport-security max-age=31556926 cache-control max-age=3600 content-encoding br etag "9abebb14f23c142cb067556648a1ce394be513129aa6c636e02577685a428140-br" x-timer S1734012945.178093,VS0,VE0 accept-ranges bytes alt-svc h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 x-cache HIT content-length 9809 date Thu, 12 Dec 2024 14:15:45 GMT content-type text/javascript; charset=utf-8 last-modified Thu, 12 Dec 2024 10:59:13 GMT x-served-by cache-fra-etou8220128-FRA x-cache-hits 4 vary x-fh-requested-host, accept-encoding
GET H2	200	lftracker_v1_3P1w24do6zP7mY5n.js Show response sc.lfeeder.com/	31 KB 12 KB	25ms 8ms	Script application/javascript	2600:9000:2670:8e00:4:d7e1:700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://sc.lfeeder.com/lftracker_v1_3P1w24do6zP7mY5n.js Requested by Host: labs.watchtowr.com URL: https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2670:8e00:4:d7e1:700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 9c076c44c2a65588a5171b190d29e39c5542fae2e2fa68550e830d5fb4b8dc65 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Response headers content-encoding br x-amz-version-id RQ3UJdvEZQqmBXWqo2sfKb3Y9TdoJpG3 etag W/"bd10e6330fa5c45a0c70765b74ddc6a5" age 2489 x-cache Hit from cloudfront x-amz-cf-id g3Obkqp-E9raxP3vGCFPAoqpJkDIjNAnqr_amW-gV8FBs_WMANyVZQ== date Thu, 12 Dec 2024 13:43:54 GMT content-type application/javascript vary accept-encoding, Origin last-modified Wed, 09 Oct 2024 07:33:36 GMT cache-control max-age=3600 cross-origin-resource-policy cross-origin via 1.1 ab3010c44069f62a66a4882fcd391e60.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P9 server AmazonS3 x-amz-server-side-encryption AES256
GET H2	200	hotjar-2950076.js Show response static.hotjar.com/c/	13 KB 5 KB	65ms 37ms	Script application/javascript	18.66.102.53 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://static.hotjar.com/c/hotjar-2950076.js?sv=6 Requested by Host: labs.watchtowr.com URL: https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.102.53 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-102-53.fra56.r.cloudfront.net Software / Resource Hash ce0dee776801aa4653e5ccac35003fe24baa427ba009da603af09b78142a9285 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Response headers strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=60 content-encoding br etag W/bff5a9fd542b8b950318b9b8c104c58c cross-origin-resource-policy cross-origin x-content-type-options nosniff x-cache-hit 1 via 1.1 84294257ed643a88ee54d2e3f7d7ccea.cloudfront.net (CloudFront) access-control-allow-origin * x-cache RefreshHit from cloudfront x-amz-cf-id c8TD2dctxhYJxgP5B-2BvHMq38cBj1iE-XNUJ7QxJPMdYW0rdAWpaQ== date Thu, 12 Dec 2024 14:15:45 GMT content-type application/javascript; charset=UTF-8 vary Accept-Encoding x-amz-cf-pop FRA56-P2
GET H2	200	insight.min.js Show response snap.licdn.com/li.lms-analytics/	2 KB 1006 B	51ms 8ms	Script application/javascript	2a02:26f0:3500:10::210:a99 AKAMAI-ASN1 Akama...
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.min.js Requested by Host: labs.watchtowr.com URL: https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:10::210:a99 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL), Reverse DNS Software / Resource Hash c57865ec6a6956797b18dc7d23a3ade16e7ced5271f4dc0796b2ed0a10f934dc Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Response headers cache-control max-age=50389 content-encoding gzip x-cdn AKAM x-content-type-options nosniff accept-ranges bytes content-length 796 date Thu, 12 Dec 2024 14:15:45 GMT last-modified Mon, 02 Dec 2024 19:28:43 GMT content-type application/javascript;charset=utf-8 vary Accept-Encoding x-amz-server-side-encryption AES256
GET H2	200	sl.js Show response scout-cdn.salesloft.com/	6 KB 3 KB	90ms 24ms	Script application/javascript	2606:4700::6810:4769 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://scout-cdn.salesloft.com/sl.js Requested by Host: labs.watchtowr.com URL: https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:4769 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Response headers content-encoding br cf-cache-status HIT x-amz-version-id 6anzvBQcvmaBDc8BSO9zI6Th.IIiwArc etag W/"d74cc4825c8e333b2116da3fcc649db1" age 1858 x-content-type-options nosniff expires Thu, 12 Dec 2024 18:15:45 GMT alt-svc h3=":443"; ma=86400 date Thu, 12 Dec 2024 14:15:45 GMT content-type application/javascript last-modified Mon, 13 Dec 2021 16:28:37 GMT vary Accept-Encoding x-frame-options SAMEORIGIN x-amz-id-2 vMq9D1XQ/ZluN2tgO1qBlzERgkkkLof+VmxCSbsTzxQW2G9/jhJuQDlpGZjo2HFqQ7pzwXV7kc9icdoh8X0KfXyIhbss8YrO5hnUNFtz+9o= strict-transport-security max-age=31536000; includeSubDomains cache-control public, max-age=14400 x-amz-request-id D26BQY3T1BR4W03V cf-ray 8f0e540ba99318fd-FRA access-control-allow-origin * server cloudflare
GET H2	200	ABCFavorit-Light.woff2 labs.watchtowr.com/assets/fonts/	38 KB 38 KB	9ms 9ms	Font font/woff2	2a04:4e42:200::775 FASTLY
General Check archive.org Show headers Download Go to Full URL https://labs.watchtowr.com/assets/fonts/ABCFavorit-Light.woff2 Requested by Host: labs.watchtowr.com URL: https://labs.watchtowr.com/assets/built/screen.css?v=437b7b1f32 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:200::775 , United States, ASN54113 (FASTLY, US), Reverse DNS Software openresty / Resource Hash 274ba032d9071697b02e08b0833af8b4ed90b453740cdc11528b7e058bdb8f36 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://labs.watchtowr.com Referer https://labs.watchtowr.com/assets/built/screen.css?v=437b7b1f32 Response headers x-request-id 632a6437-c05c-44d4-ab17-2424e3f7e235 etag W/"9884-190396a44c0" age 1899066 ghost-fastly true status 200 OK alt-svc clear x-cache MISS, HIT, HIT date Thu, 12 Dec 2024 14:15:45 GMT content-type font/woff2 last-modified Fri, 21 Jun 2024 06:09:44 GMT x-cache-hits 0, 10, 1 x-served-by cache-ams2100140-AMS, cache-ams2100140-AMS, cache-fra-etou8220078-FRA cache-control public, max-age=31536000 x-timer S1734012945.170565,VS0,VE3 via 1.1 varnish, 1.1 varnish, 1.1 varnish accept-ranges bytes content-length 39044 server openresty
GET H2	200	vlcsnap-2024-11-27-14h11m32s913.png labs.watchtowr.com/content/images/size/w1000/2024/11/	586 KB 586 KB	11ms 11ms	Image image/png	2a04:4e42:200::775 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://labs.watchtowr.com/content/images/size/w1000/2024/11/vlcsnap-2024-11-27-14h11m32s913.png Requested by Host: labs.watchtowr.com URL: https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:200::775 , United States, ASN54113 (FASTLY, US), Reverse DNS Software openresty / Resource Hash adde5601fad21fd6164bdfd3dc47892a18d48c276529c77ecce2a0980f5bdc10 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Response headers x-request-id f9478889-5235-404d-984e-fdb19aee53ba etag W/"9269f-1936c4afec8" age 856352 ghost-fastly true status 206 Partial Content alt-svc clear x-cache MISS, HIT, HIT date Thu, 12 Dec 2024 14:15:45 GMT content-type image/png last-modified Wed, 27 Nov 2024 06:24:34 GMT x-cache-hits 0, 7, 0 x-served-by cache-ams2100103-AMS, cache-ams2100103-AMS, cache-fra-etou8220078-FRA cache-control public, max-age=31536000 x-timer S1734012945.170578,VS0,VE2 via 1.1 varnish, 1.1 varnish, 1.1 varnish accept-ranges bytes access-control-allow-origin * content-length 599711 server openresty
OPTIONS H2	204	get_info api.factors.ai/sdk/ Frame	0 0	177ms 155ms	Preflight	34.160.69.120 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://api.factors.ai/sdk/get_info Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.160.69.120 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 120.69.160.34.bc.googleusercontent.com Software / Resource Hash Request headers Accept */* Access-Control-Request-Headers authorization,content-type Access-Control-Request-Method POST Origin https://labs.watchtowr.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers Origin,Content-Length,Content-Type,Authorization,Access-Control-Allow-Headers,Access-Control-Allow-Origin,Invalidate-Cache,Funnel-V2,Use-Filter-Opt-Profiles,Use-Filter-Opt-Events-Users access-control-allow-methods GET,POST,PUT,HEAD,DELETE access-control-allow-origin https://labs.watchtowr.com access-control-max-age 43200 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Thu, 12 Dec 2024 14:15:45 GMT vary Origin Access-Control-Request-Method Access-Control-Request-Headers via 1.1 google
POST H2	200	get_info Show response api.factors.ai/sdk/	311 B 411 B	157ms 156ms	Fetch application/json	34.160.69.120 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://api.factors.ai/sdk/get_info Requested by Host: app.factors.ai URL: https://app.factors.ai/assets/v1/factors.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.160.69.120 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 120.69.160.34.bc.googleusercontent.com Software / Resource Hash 6c5e9c14b9c5b020f7383449e71690681c1455224590fa46bcecd39721baad01 Request headers Authorization fp50m8phd32g8y5reokdoan3w55o0nc3 Referer https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type application/json Response headers x-req-id ctdf04a73i2s73d4e7p0 access-control-allow-credentials true via 1.1 google access-control-allow-origin https://labs.watchtowr.com alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 311 date Thu, 12 Dec 2024 14:15:45 GMT content-type application/json; charset=utf-8 vary Origin
GET H2	200	23785948.js Show response js.hs-analytics.net/analytics/1734009900000/	68 KB 25 KB	37ms 20ms	Script text/javascript	2606:4700::6811:afc9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-analytics.net/analytics/1734009900000/23785948.js Requested by Host: js-na1.hs-scripts.com URL: https://js-na1.hs-scripts.com/23785948.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:afc9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5f13a582e4dd93e0b6e6f7147e788f5a3d679e22f57bf3d2814eb990f137a557 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Response headers x-amz-server-side-encryption AES256 x-request-id e7919536-2b38-423d-bbe4-4af053d2e993 content-encoding gzip cf-cache-status HIT etag W/"1b77e8761c7cef61885d26f25de82920" x-amz-version-id null age 205 expires Thu, 12 Dec 2024 14:17:20 GMT x-evy-trace-listener listener_https date Thu, 12 Dec 2024 14:15:45 GMT x-hubspot-correlation-id e7919536-2b38-423d-bbe4-4af053d2e993 content-type text/javascript last-modified Wed, 23 Oct 2024 01:59:14 GMT vary origin, Accept-Encoding x-amz-id-2 KwUmmgGL8uQUykinl1UJv521TMmqyV1BrTzwv7r6Pcfz888gC7b5PqE0iU2WiZeFplwLrOizl+E= x-evy-trace-route-service-name envoyset-translator cache-control max-age=300,public x-evy-trace-served-by-pod iad02/analytics-js-proxy-td/envoy-proxy-8586d94f84-ng79d x-envoy-upstream-service-time 57 access-control-allow-credentials false x-amz-request-id RKC32JVZDPZKMDAC cf-ray 8f0e540bace29738-FRA x-evy-trace-route-configuration listener_https/all server cloudflare x-evy-trace-virtual-host all
GET H2	200	fb.js Show response js.hsadspixel.net/	6 KB 4 KB	40ms 21ms	Script application/javascript	2606:4700::6811:df98 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hsadspixel.net/fb.js Requested by Host: js-na1.hs-scripts.com URL: https://js-na1.hs-scripts.com/23785948.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:df98 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 912abb0cafbeca44d5b1cf2d9d7fe857a75974e2e42fd2aa125405984bf69953 Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Response headers x-evy-trace-virtual-host all x-request-id 8c8e8283-b384-4e8b-b2a5-30b055572fd4 content-encoding gzip cf-cache-status HIT etag W/"c93e083d757d0b4ca5e123cc7fe52d0e" x-amz-version-id WnsFCrZ11_ikNHLZ9dlJoPqENga47yWY cache-tag staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod age 29 x-content-type-options nosniff x-cache Hit from cloudfront x-hs-cache-status HIT x-amz-cf-id 017o_v8azVlbYmgRhT7Lm_KJvuzzlvLnkhJNQByvHjJem11Md_qFUQ== date Thu, 12 Dec 2024 14:15:45 GMT x-hubspot-correlation-id 8c8e8283-b384-4e8b-b2a5-30b055572fd4 content-type application/javascript; charset=utf-8 last-modified Wed, 11 Dec 2024 15:02:51 UTC vary accept-encoding x-evy-trace-listener listener_https x-amz-replication-status COMPLETED x-evy-trace-route-service-name envoyset-translator cache-control max-age=600 x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-856d8787d5-rmctf x-envoy-upstream-service-time 1 content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.949/bundles/pixels-release.js&cfRay=8f066a7b6fccd35e-WAW via 1.1 872e43fac89d80c9557000efb9c31650.cloudfront.net (CloudFront) cf-ray 8f0e540bab880418-FRA x-evy-trace-route-configuration listener_https/all x-hs-target-asset adsscriptloaderstatic/static-1.949/bundles/pixels-release.js x-amz-cf-pop IAD12-P3 server cloudflare x-amz-server-side-encryption AES256
GET H2	200	collectedforms.js Show response js.hscollectedforms.net/	70 KB 25 KB	50ms 33ms	Script application/javascript	2606:4700::6810:6ffe CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hscollectedforms.net/collectedforms.js Requested by Host: js-na1.hs-scripts.com URL: https://js-na1.hs-scripts.com/23785948.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:6ffe , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1764bc84ea6abe91f1634b73a5a6c0ebff400461dfea6a4040bd0c03d86caa8b Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://labs.watchtowr.com Referer https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Response headers x-request-id d41dd81c-c919-48e1-8ce3-5b2e247ea980 content-encoding gzip cf-cache-status HIT x-amz-version-id 8IiNiFnnn0n9avBP.k8Mr32sZxpD8Dx_ etag W/"ceb8bcb73e5536d8416735a3977d227a" age 514 cache-tag staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod x-content-type-options nosniff x-cache Hit from cloudfront x-evy-trace-listener listener_https x-amz-cf-id 4UstEa2hjIJbsRTBW75m0fPHiT2y8gWlW7bHS_PN1uuPtWeYALUphg== x-hubspot-correlation-id d41dd81c-c919-48e1-8ce3-5b2e247ea980 content-type application/javascript; charset=utf-8 last-modified Mon, 09 Dec 2024 13:03:17 UTC x-amz-replication-status COMPLETED x-evy-trace-route-service-name envoyset-translator cache-control s-maxage=600, max-age=300 x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-856d8787d5-b87dx x-envoy-upstream-service-time 9 x-hs-target-asset collected-forms-embed-js/static-1.1112/bundles/project.js server cloudflare x-evy-trace-virtual-host all x-amz-server-side-encryption AES256 access-control-max-age 3000 access-control-allow-methods GET x-hs-cache-status MISS date Thu, 12 Dec 2024 14:15:45 GMT vary Origin,Access-Control-Request-Headers,Access-Control-Request-Method,accept-encoding content-security-policy-report-only frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.1112/bundles/project.js&cfRay=8f0e477eb93068bc-FRA via 1.1 caafbc8a9aa04b09dd564a3ddef60622.cloudfront.net (CloudFront) cf-ray 8f0e540bad3cdcc0-FRA access-control-allow-origin * x-evy-trace-route-configuration listener_https/all x-amz-cf-pop IAD12-P3
GET H2	200	banner.js Show response js.hs-banner.com/v2/23785948/	71 KB 23 KB	66ms 47ms	Script application/javascript	2606:4700:4400::ac40:9310 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-banner.com/v2/23785948/banner.js Requested by Host: js-na1.hs-scripts.com URL: https://js-na1.hs-scripts.com/23785948.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9310 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7e7f73f724d4777cd5cc5c2004f85c3c400d3530ab2d064d3d9558d042677657 Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Response headers access-control-max-age 604800 x-request-id aea73bf5-5e67-4558-825b-f18824b12b54 access-control-expose-headers x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing content-encoding gzip cf-cache-status HIT x-content-type-options nosniff access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD expires Thu, 12 Dec 2024 14:17:20 GMT x-evy-trace-listener listener_http, listener_https date Thu, 12 Dec 2024 14:15:45 GMT x-hubspot-correlation-id aea73bf5-5e67-4558-825b-f18824b12b54 content-type application/javascript; charset=utf-8 vary origin, Accept-Encoding last-modified Fri, 06 Dec 2024 19:25:42 GMT access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id x-evy-trace-route-service-name envoyset-translator, envoyset-translator x-evy-trace-served-by-pod iad02/private-hubapi-td/envoy-proxy-5f9df65f7b-57p2m, iad02/analytics-js-proxy-td/envoy-proxy-8586d94f84-rnhs5 timing-allow-origin * cache-control max-age=300,public x-envoy-upstream-service-time 137 access-control-allow-credentials true cf-ray 8f0e540ba8576ae2-FRA access-control-allow-origin https://labs.watchtowr.com x-evy-trace-route-configuration listener_http/all, listener_https/all server cloudflare x-evy-trace-virtual-host all, all
GET H2	200	insight.old.min.js Show response snap.licdn.com/li.lms-analytics/	40 KB 14 KB	7ms 7ms	Script application/javascript	2a02:26f0:3500:10::210:a99 AKAMAI-ASN1 Akama...
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.old.min.js Requested by Host: snap.licdn.com URL: https://snap.licdn.com/li.lms-analytics/insight.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:10::210:a99 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL), Reverse DNS Software / Resource Hash 8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Response headers cache-control max-age=36060 content-encoding gzip x-cdn AKAM x-content-type-options nosniff accept-ranges bytes content-length 14628 date Thu, 12 Dec 2024 14:15:45 GMT last-modified Mon, 02 Dec 2024 10:13:56 GMT content-type application/javascript;charset=utf-8 vary Accept-Encoding x-amz-server-side-encryption AES256
GET H2	200	modules.88d849cb19f0e6d87c26.js Show response script.hotjar.com/	222 KB 56 KB	64ms 8ms	Script application/javascript	13.32.27.21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://script.hotjar.com/modules.88d849cb19f0e6d87c26.js Requested by Host: static.hotjar.com URL: https://static.hotjar.com/c/hotjar-2950076.js?sv=6 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.27.21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-27-21.fra56.r.cloudfront.net Software / Resource Hash 12fd4887ee01f80f55f5ef58dde1dce0910330574296263181eb1ec502b2eb3b Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Response headers x-robots-tag none content-encoding br etag "7a5a0964cb47152346115d149138d641" age 13238 x-content-type-options nosniff x-cache Hit from cloudfront x-amz-cf-id -Ok-J-80WB1Cefl6Vp1zLT0z7Yv6PpyAS-4BW23RCqgz8ueEWlxyBA== date Thu, 12 Dec 2024 10:35:07 GMT content-type application/javascript; charset=utf-8 last-modified Thu, 12 Dec 2024 10:34:42 GMT vary Accept-Encoding strict-transport-security max-age=2592000; includeSubDomains cache-control max-age=31536000 cross-origin-resource-policy cross-origin via 1.1 cb1bcb02f5d0667fafd0890701965f18.cloudfront.net (CloudFront) accept-ranges bytes access-control-allow-origin * content-length 56276 x-amz-cf-pop FRA56-C2
POST H2	204	collect region1.google-analytics.com/g/	0 0	35ms 14ms	Fetch text/plain	2001:4860:4802:32::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.google-analytics.com/g/collect?v=2&tid=G-Q0QQGYH9DL&gtm=45je4cb0v877901959za200&_p=1734012945150&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102081485&cid=201230385.1734012945&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1734012945&sct=1&seg=0&dl=https%3A%2F%2Flabs.watchtowr.com%2Fwhere-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day%2F&dt=Where%20There%E2%80%99s%20Smoke%2C%20There%E2%80%99s%20Fire%20-%20Mitel%20MiCollab%20CVE-2024-35286%2C%20CVE-2024-41713%20And%20An%200day&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=200 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-Q0QQGYH9DL Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Response headers cache-control no-cache, no-store, must-revalidate pragma no-cache cross-origin-resource-policy cross-origin access-control-allow-credentials true content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0 report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],} expires Fri, 01 Jan 1990 00:00:00 GMT access-control-allow-origin https://labs.watchtowr.com cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Thu, 12 Dec 2024 14:15:45 GMT content-type text/plain server Golfe2
GET H2	200	attribution_trigger Show response px.ads.linkedin.com/	2 B 1 KB	148ms 113ms	XHR application/json	2620:1ec:21::14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://px.ads.linkedin.com/attribution_trigger?pid=3860676&time=1734012945248&url=https%3A%2F%2Flabs.watchtowr.com%2Fwhere-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day%2F Requested by Host: snap.licdn.com URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Accept * Referer https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Response headers content-encoding gzip x-li-fabric prod-lva1 report-to {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true} access-control-allow-methods GET, OPTIONS x-li-proto http/2 x-cache CONFIG_NOCACHE date Thu, 12 Dec 2024 14:15:44 GMT content-type application/json access-control-allow-headers * x-li-pop afd-prod-lva1-x nel {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true} x-fs-uuid 0006291359a47d56b33380aa5be33861 x-msedge-ref Ref A: 763F7223117B43049E92FC42D4838745 Ref B: DUS30EDGE0811 Ref C: 2024-12-12T14:15:45Z x-restli-protocol-version 1.0.0 x-li-uuid AAYpE1mkfVazM4CqW+M4YQ== access-control-allow-origin *
GET H2	200	collect px4.ads.linkedin.com/ Redirect Chain https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3860676&time=1734012945248&url=https%3A%2F%2Flabs.watchtowr.com%2Fwhere-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-... https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3860676&time=1734012945248&url=https%3A%2F%2Flabs.watchtowr.com%2Fwhere-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and...	0 265 B	247ms 224ms	Image application/javascript	13.107.42.14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3860676&time=1734012945248&url=https%3A%2F%2Flabs.watchtowr.com%2Fwhere-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day%2F&e_ipv6=AQJWI9MxplaTegAAAZO7OcPaZ9O1Q6o1gbEzL8YVaNGdmXBRA6KEx_-9S4fUHcGYSaC_Cvyc0mOdA5vERICAXFMF5MrJFg Requested by Host: labs.watchtowr.com URL: https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Protocol H2 Server 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Response headers linkedin-action 1 x-li-pop afd-prod-lor1-x x-msedge-ref Ref A: 8E1AFDB7BE4D43C7BB8C8D06511866C4 Ref B: FRAEDGE2016 Ref C: 2024-12-12T14:15:45Z x-li-fabric prod-lor1 x-li-uuid AAYpE1moG4KXU1EDsSMRAg== x-li-proto http/2 x-cache CONFIG_NOCACHE content-length 0 date Thu, 12 Dec 2024 14:15:44 GMT content-type application/javascript Redirect headers linkedin-action 1 x-li-pop afd-prod-lor1-x location https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3860676&time=1734012945248&url=https%3A%2F%2Flabs.watchtowr.com%2Fwhere-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day%2F&e_ipv6=AQJWI9MxplaTegAAAZO7OcPaZ9O1Q6o1gbEzL8YVaNGdmXBRA6KEx_-9S4fUHcGYSaC_Cvyc0mOdA5vERICAXFMF5MrJFg x-msedge-ref Ref A: 1C708DEDE43C4416BFD427C12A88A0D3 Ref B: FRAEDGE1907 Ref C: 2024-12-12T14:15:45Z x-li-fabric prod-lor1 x-li-uuid AAYpE1mk8Obu7L5DCYJmSw== x-li-proto http/2 x-cache CONFIG_NOCACHE content-length 0 date Thu, 12 Dec 2024 14:15:44 GMT
GET H2	200	r Show response scout.salesloft.com/	41 B 359 B	302ms 98ms	XHR application/json	54.161.20.108 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://scout.salesloft.com/r?tid=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0IjoxMTIzMjd9.VPRLDlVywXvamkHUrZOJN7rKvtF70sMZ21c4f5nxvn0 Requested by Host: scout-cdn.salesloft.com URL: https://scout-cdn.salesloft.com/sl.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 54.161.20.108 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-161-20-108.compute-1.amazonaws.com Software / Resource Hash 1cfea949b0b2925d27b84d56d18f2ea1c6b948fdf3ae95c534a14706043da178 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Response headers strict-transport-security max-age=31536000; includeSubDomains x-request-id 97900e22756e53e1daa432b2cb470c5b access-control-expose-headers cache-control max-age=0, private, must-revalidate access-control-allow-credentials true access-control-allow-methods GET access-control-allow-origin https://labs.watchtowr.com content-length 41 date Thu, 12 Dec 2024 14:15:45 GMT content-type application/json; charset=utf-8
GET H2	200	json Show response forms.hscollectedforms.net/collected-forms/v1/config/	136 B 640 B	133ms 127ms	XHR application/json	2606:4700::6810:6ffe CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=23785948&utk= Requested by Host: js.hscollectedforms.net URL: https://js.hscollectedforms.net/collectedforms.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:6ffe , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1102619929d461c761d302e6023c47c0e8440f2c1e6215cced390867bd868e09 Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Accept application/json, text/plain, */* Referer https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Response headers x-robots-tag none access-control-max-age 180 x-request-id 916e8772-a277-4b29-a58f-cc75c5e74a64 content-encoding br cf-cache-status DYNAMIC access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD x-content-type-options nosniff x-evy-trace-listener listener_https date Thu, 12 Dec 2024 14:15:45 GMT x-hubspot-correlation-id 916e8772-a277-4b29-a58f-cc75c5e74a64 content-type application/json;charset=utf-8 vary Accept-Encoding access-control-allow-headers * x-evy-trace-route-service-name envoyset-translator cache-control max-age=0 x-evy-trace-served-by-pod iad02/app-td/envoy-proxy-856d8787d5-xbknh x-envoy-upstream-service-time 11 cf-ray 8f0e540c0e27dcc0-FRA access-control-allow-origin https://labs.watchtowr.com x-evy-trace-route-configuration listener_https/all server cloudflare x-evy-trace-virtual-host all
GET H2	200	json Show response api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/	114 B 1003 B	144ms 128ms	XHR application/json	2606:4700::6812:f06c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=23785948 Requested by Host: js.hsadspixel.net URL: https://js.hsadspixel.net/fb.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:f06c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6197ceff1122e8aa36a89d3554018d665b3ee7efb485588565c53cf9995654ba Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Response headers access-control-max-age 180 content-encoding br cf-cache-status DYNAMIC report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AWFAwa66gZk0loIGJyT34I67Cc5aJNfcX8c0uT5Y3PSnhhhl1lQtGrElJNNYZNWXSqJxIME5a3VNLnpyF7qxRy7XtOBzKZ41CMA9pAWgDO1zhAiXrAjGDnQM0qtIRyK4UX0P8TNSdBExz0oe"}],"group":"cf-nel","max_age":604800} access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD x-content-type-options nosniff date Thu, 12 Dec 2024 14:15:45 GMT x-hubspot-correlation-id 5c47fad8-a158-4b92-af00-aa494fe7abb3 content-type application/json;charset=utf-8 vary origin, Accept-Encoding access-control-allow-headers * strict-transport-security max-age=31536000; includeSubDomains; preload nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} access-control-allow-credentials false cf-ray 8f0e540c1c6ed21b-FRA access-control-allow-origin https://labs.watchtowr.com server cloudflare
GET H2	200	/ tr-rc.lfeeder.com/	43 B 336 B	70ms 56ms	Image image/gif	108.138.26.15 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://tr-rc.lfeeder.com/?sid=3P1w24do6zP7mY5n&data=eyJnYVRyYWNraW5nSWRzIjpbXSwiZ2FNZWFzdXJlbWVudElkcyI6WyJHLVEwUVFHWUg5REwiXSwiZ2FDbGllbnRJZHMiOlsiMjAxMjMwMzg1LjE3MzQwMTI5NDUiXSwiY29udGV4dCI6eyJsaWJyYXJ5Ijp7Im5hbWUiOiJsZnRyYWNrZXIiLCJ2ZXJzaW9uIjoiMi42NC4xIn0sInBhZ2VVcmwiOiJodHRwczovL2xhYnMud2F0Y2h0b3dyLmNvbS93aGVyZS10aGVyZXMtc21va2UtdGhlcmVzLWZpcmUtbWl0ZWwtbWljb2xsYWItY3ZlLTIwMjQtMzUyODYtY3ZlLTIwMjQtNDE3MTMtYW5kLWFuLTBkYXkvIiwicGFnZVRpdGxlIjoiV2hlcmUgVGhlcmXigJlzIFNtb2tlLCBUaGVyZeKAmXMgRmlyZSAtIE1pdGVsIE1pQ29sbGFiIENWRS0yMDI0LTM1Mjg2LCBDVkUtMjAyNC00MTcxMyBBbmQgQW4gMGRheSIsInJlZmVycmVyIjoiIn0sImV2ZW50IjoidHJhY2tpbmctZXZlbnQiLCJjbGllbnRFdmVudElkIjoiYzJhMTQ3ZDJiMTMwOTIyMCIsInNjcmlwdElkIjoiM1AxdzI0ZG82elA3bVk1biIsImNvb2tpZXNFbmFibGVkIjp0cnVlLCJjb25zZW50TGV2ZWwiOiJub25lIiwiYW5vbnltaXplSXAiOmZhbHNlLCJsZkNsaWVudElkIjoiTEYxLjEuYjFiZDlmODY0MzkxZmNiNC4xNzM0MDEyOTQ1MjgyIiwiZm9yZWlnbkNvb2tpZXMiOltdLCJwcm9wZXJ0aWVzIjp7fSwiYXV0b1RyYWNraW5nRW5hYmxlZCI6dHJ1ZSwiYXV0b1RyYWNraW5nTW9kZSI6Im9uX3NjcmlwdF9sb2FkIn0= Requested by Host: labs.watchtowr.com URL: https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 108.138.26.15 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-26-15.fra56.r.cloudfront.net Software CloudFront / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Response headers cross-origin-resource-policy cross-origin via 1.1 a811170f30183becd909b501e545e756.cloudfront.net (CloudFront) x-cache LambdaGeneratedResponse from cloudfront content-length 43 x-amz-cf-id Vw61unnNlFx29elyOrf0bYlSy2a1-bRcfJsoBeOfK83-qh4im2Arcg== date Thu, 12 Dec 2024 14:15:45 GMT content-type image/gif x-amz-cf-pop FRA56-P7 server CloudFront vary Origin
POST H2	204	/ Show response px.ads.linkedin.com/wa/	0 477 B	235ms 233ms	XHR text/plain	2620:1ec:21::14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://px.ads.linkedin.com/wa/ Requested by Host: snap.licdn.com URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Accept * Content-Type text/plain;charset=UTF-8 Response headers linkedin-action 1 x-li-pop afd-prod-ltx1-x x-msedge-ref Ref A: 03DAA08B8298401F9C1853D531C3BE21 Ref B: FRAEDGE1907 Ref C: 2024-12-12T14:15:45Z x-li-fabric prod-lor1 access-control-allow-credentials true x-li-uuid AAYpE1mm82M+LhuD68atjg== x-li-proto http/2 access-control-allow-origin https://labs.watchtowr.com x-cache CONFIG_NOCACHE x-li-source-fabric prod-ltx1 date Thu, 12 Dec 2024 14:15:45 GMT vary Origin
OPTIONS H3	204	track api.factors.ai/sdk/event/ Frame	0 0	158ms 157ms	Preflight	34.160.69.120 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://api.factors.ai/sdk/event/track Protocol H3 Security QUIC, , AES_128_GCM Server 34.160.69.120 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 120.69.160.34.bc.googleusercontent.com Software / Resource Hash Request headers Accept */* Access-Control-Request-Headers authorization,content-type Access-Control-Request-Method POST Origin https://labs.watchtowr.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers Origin,Content-Length,Content-Type,Authorization,Access-Control-Allow-Headers,Access-Control-Allow-Origin,Invalidate-Cache,Funnel-V2,Use-Filter-Opt-Profiles,Use-Filter-Opt-Events-Users access-control-allow-methods GET,POST,PUT,HEAD,DELETE access-control-allow-origin https://labs.watchtowr.com access-control-max-age 43200 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Thu, 12 Dec 2024 14:15:45 GMT vary Origin Access-Control-Request-Method Access-Control-Request-Headers via 1.1 google
OPTIONS H3	204	add_properties api.factors.ai/sdk/user/ Frame	0 0	154ms 154ms	Preflight	34.160.69.120 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://api.factors.ai/sdk/user/add_properties Protocol H3 Security QUIC, , AES_128_GCM Server 34.160.69.120 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 120.69.160.34.bc.googleusercontent.com Software / Resource Hash Request headers Accept */* Access-Control-Request-Headers authorization,content-type Access-Control-Request-Method POST Origin https://labs.watchtowr.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers Origin,Content-Length,Content-Type,Authorization,Access-Control-Allow-Headers,Access-Control-Allow-Origin,Invalidate-Cache,Funnel-V2,Use-Filter-Opt-Profiles,Use-Filter-Opt-Events-Users access-control-allow-methods GET,POST,PUT,HEAD,DELETE access-control-allow-origin https://labs.watchtowr.com access-control-max-age 43200 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Thu, 12 Dec 2024 14:15:45 GMT vary Origin Access-Control-Request-Method Access-Control-Request-Headers via 1.1 google
OPTIONS H3	204	add_properties api.factors.ai/sdk/user/ Frame	0 0	155ms 155ms	Preflight	34.160.69.120 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://api.factors.ai/sdk/user/add_properties Protocol H3 Security QUIC, , AES_128_GCM Server 34.160.69.120 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 120.69.160.34.bc.googleusercontent.com Software / Resource Hash Request headers Accept */* Access-Control-Request-Headers authorization,content-type Access-Control-Request-Method POST Origin https://labs.watchtowr.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers Origin,Content-Length,Content-Type,Authorization,Access-Control-Allow-Headers,Access-Control-Allow-Origin,Invalidate-Cache,Funnel-V2,Use-Filter-Opt-Profiles,Use-Filter-Opt-Events-Users access-control-allow-methods GET,POST,PUT,HEAD,DELETE access-control-allow-origin https://labs.watchtowr.com access-control-max-age 43200 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Thu, 12 Dec 2024 14:15:45 GMT vary Origin Access-Control-Request-Method Access-Control-Request-Headers via 1.1 google
POST H3	200	track Show response api.factors.ai/sdk/event/	96 B 113 B	160ms 159ms	Fetch application/json	34.160.69.120 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://api.factors.ai/sdk/event/track Requested by Host: app.factors.ai URL: https://app.factors.ai/assets/v1/factors.js Protocol H3 Security QUIC, , AES_128_GCM Server 34.160.69.120 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 120.69.160.34.bc.googleusercontent.com Software / Resource Hash eeab4614b53685fefcc02bfe632a5239aaf09afdff846d0997c3d8f8ec659b9f Request headers Authorization fp50m8phd32g8y5reokdoan3w55o0nc3 Referer https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type application/json Response headers x-req-id ctdf04d2pkuc7390ls80 access-control-allow-credentials true via 1.1 google access-control-allow-origin https://labs.watchtowr.com alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 96 date Thu, 12 Dec 2024 14:15:45 GMT content-type application/json; charset=utf-8 vary Origin
POST H3	200	add_properties Show response api.factors.ai/sdk/user/	49 B 65 B	156ms 155ms	Fetch application/json	34.160.69.120 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://api.factors.ai/sdk/user/add_properties Requested by Host: app.factors.ai URL: https://app.factors.ai/assets/v1/factors.js Protocol H3 Security QUIC, , AES_128_GCM Server 34.160.69.120 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 120.69.160.34.bc.googleusercontent.com Software / Resource Hash d77e82654b78a6f97d3b45cacbca5901b92394f5489aed5de07fab2d0efc2015 Request headers Authorization fp50m8phd32g8y5reokdoan3w55o0nc3 Referer https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type application/json Response headers x-req-id ctdf04f82m9s73bvl5ug access-control-allow-credentials true via 1.1 google access-control-allow-origin https://labs.watchtowr.com alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 49 date Thu, 12 Dec 2024 14:15:45 GMT content-type application/json; charset=utf-8 vary Origin
POST H3	200	add_properties Show response api.factors.ai/sdk/user/	49 B 65 B	156ms 155ms	Fetch application/json	34.160.69.120 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://api.factors.ai/sdk/user/add_properties Requested by Host: app.factors.ai URL: https://app.factors.ai/assets/v1/factors.js Protocol H3 Security QUIC, , AES_128_GCM Server 34.160.69.120 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 120.69.160.34.bc.googleusercontent.com Software / Resource Hash d77e82654b78a6f97d3b45cacbca5901b92394f5489aed5de07fab2d0efc2015 Request headers Authorization fp50m8phd32g8y5reokdoan3w55o0nc3 Referer https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type application/json Response headers x-req-id ctdf04d2pkuc7390ls7g access-control-allow-credentials true via 1.1 google access-control-allow-origin https://labs.watchtowr.com alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 49 date Thu, 12 Dec 2024 14:15:45 GMT content-type application/json; charset=utf-8 vary Origin
GET H2	200	i Show response scout.salesloft.com/	48 B 466 B	96ms 96ms	XHR application/json	54.161.20.108 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://scout.salesloft.com/i Requested by Host: scout-cdn.salesloft.com URL: https://scout-cdn.salesloft.com/sl.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 54.161.20.108 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-161-20-108.compute-1.amazonaws.com Software / Resource Hash 9d268d960fab0465a35cd17135bcdb71287b45293cb57d8293b275e9a1b45509 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Response headers strict-transport-security max-age=31536000; includeSubDomains x-request-id d1f0a1669496d54539e9267b4eb2c69e access-control-expose-headers cache-control max-age=0, private, must-revalidate access-control-allow-credentials true access-control-allow-methods GET access-control-allow-origin https://labs.watchtowr.com content-length 48 date Thu, 12 Dec 2024 14:15:45 GMT content-type application/json; charset=utf-8
GET H2	200	yl8vfv7j Show response widget.intercom.io/widget/	7 KB 3 KB	37ms 11ms	Script application/javascript	13.32.27.26 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://widget.intercom.io/widget/yl8vfv7j Requested by Host: labs.watchtowr.com URL: https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.27.26 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-27-26.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash f0785b55813ee480a5cacfbbd66aa68271bb976f9fd18fd836c66863f0a388b8 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Response headers content-encoding gzip x-amz-version-id XBC_eBah2RjLnOR3ywwY8YvWXkF0_cRa etag "695e93461d69ff85388c7e7bcbcae6b8" age 139 alt-svc h3=":443"; ma=86400 x-cache Error from cloudfront x-amz-cf-id O6yu2E_FVhObZ5cLiHqL928uzaeZip5q0lVuHlVFEM8Pz-NfnuuVYQ== date Thu, 12 Dec 2024 14:13:27 GMT content-type application/javascript; charset=UTF-8 vary accept-encoding, Origin last-modified Thu, 12 Dec 2024 10:18:34 GMT cache-control max-age=300, s-maxage=300, public cross-origin-resource-policy cross-origin via 1.1 7d3c59ee1b45f72158a8cbce053c8978.cloudfront.net (CloudFront) accept-ranges bytes content-length 2666 x-amz-cf-pop FRA56-C2 server AmazonS3 x-amz-server-side-encryption AES256
GET H2	200	__ptq.gif track.hubspot.com/	45 B 1 KB	136ms 119ms	Image image/gif	2606:4700::6810:7574 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=930271884&v=1.1&a=23785948&rcu=https%3A%2F%2Flabs.watchtowr.com%2Fwhere-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day%2F&pu=https%3A%2F%2Flabs.watchtowr.com%2Fwhere-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day%2F&t=Where+There%E2%80%99s+Smoke%2C+There%E2%80%99s+Fire+-+Mitel+MiCollab+CVE-2024-35286%2C+CVE-2024-41713+And+An+0day&cts=1734012945703&vi=73c7e66ac8f2de01bbbb4c05ea6cb281&nc=true&u=64999280.73c7e66ac8f2de01bbbb4c05ea6cb281.1734012945702.1734012945702.1734012945702.1&b=64999280.1.1734012945702&cc=15 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Response headers x-robots-tag none x-request-id d2779ece-0068-4724-958e-258b232329e3 cf-cache-status DYNAMIC report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ce0gZq5Dl%2B5wyYFffC7wPGpG9A%2BsBfPg396n5RjO4X6JkJ2m3%2By4b0Q64UQnje492pSc7ZYVdPIkB9DcxVM%2BrQtkRR7HFoZStbWGwgOGcG%2FFm6w4fzIvg04Lhh8q81UmfIplPtYuq2QI2Q02yktm"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff x-evy-trace-listener listener_https p3p CP="NOI CUR ADM OUR NOR STA NID" date Thu, 12 Dec 2024 14:15:45 GMT x-hubspot-correlation-id d2779ece-0068-4724-958e-258b232329e3 content-type image/gif vary origin, Accept-Encoding strict-transport-security max-age=31536000; includeSubDomains; preload x-evy-trace-route-service-name envoyset-translator cache-control no-cache, no-store, no-transform nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-evy-trace-served-by-pod iad02/analytics-tracking-td/envoy-proxy-c658cb6d4-wf92v x-envoy-upstream-service-time 6 access-control-allow-credentials false cf-ray 8f0e540ec87cdbe0-FRA x-evy-trace-route-configuration listener_https/all content-length 45 server cloudflare x-evy-trace-virtual-host all
GET H2	200	Logo.png labs.watchtowr.com/content/images/size/w256h256/2022/05/	3 KB 3 KB	12ms 12ms	Other image/png	2a04:4e42:200::775 FASTLY
General Check archive.org Show headers Download Go to Full URL https://labs.watchtowr.com/content/images/size/w256h256/2022/05/Logo.png Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:200::775 , United States, ASN54113 (FASTLY, US), Reverse DNS Software openresty / Resource Hash dba1c596f2785886e854da7993f9e62f17831524432311f1776631ca100ae9f6 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ Response headers x-request-id c9ca1793-08e2-417f-8b66-a31e726d4792 etag W/"c7f-185e7b6bafe" age 1899090 ghost-fastly true status 206 Partial Content alt-svc clear x-cache HIT, HIT date Thu, 12 Dec 2024 14:15:45 GMT content-type image/png x-served-by cache-ams21075-AMS, cache-fra-etou8220078-FRA x-cache-hits 12, 1 last-modified Wed, 25 Jan 2023 06:56:30 GMT cache-control public, max-age=31536000 x-timer S1734012946.710934,VS0,VE1 via 1.1 varnish, 1.1 varnish accept-ranges bytes access-control-allow-origin * content-length 3199 fastly-restarts 1 server openresty
GET H2	200	frame-modern.8f8b33d2.js Show response js.intercomcdn.com/ Frame 1270	474 KB 143 KB	32ms 7ms	Script application/javascript	18.244.18.24 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.intercomcdn.com/frame-modern.8f8b33d2.js Requested by Host: widget.intercom.io URL: https://widget.intercom.io/widget/yl8vfv7j Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.244.18.24 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-244-18-24.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash 94b3ecbaafbd536552c8056aeef3be16f42718dcac6b78fa5b89356b1d53263b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers content-encoding gzip x-amz-version-id ps3amwVA5xRHsEHZw0JWvOsGw49yrjCE etag "29fbdae2fca40656e86162361e64c15d" age 7029 alt-svc h3=":443"; ma=86400 x-cache Hit from cloudfront x-amz-cf-id zZKV9FRFM7KwcwlX7MAO22maZ2uY1qC_LihF8A18jmdBjNUoNXOloA== date Thu, 12 Dec 2024 12:18:37 GMT content-type application/javascript; charset=UTF-8 vary accept-encoding last-modified Thu, 12 Dec 2024 10:15:39 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cache-control max-age=31536000, s-maxage=7200, public cross-origin-resource-policy cross-origin via 1.1 5d328d2e734cff11e41c897ec72f465e.cloudfront.net (CloudFront) accept-ranges bytes content-length 145807 x-amz-cf-pop FRA56-P11 server AmazonS3 x-amz-server-side-encryption AES256
GET H2	200	vendor-modern.5c288613.js Show response js.intercomcdn.com/ Frame 1270	456 KB 145 KB	47ms 22ms	Script application/javascript	18.244.18.24 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.intercomcdn.com/vendor-modern.5c288613.js Requested by Host: widget.intercom.io URL: https://widget.intercom.io/widget/yl8vfv7j Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.244.18.24 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-244-18-24.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash ad0e16e3e83936688a11f292ef26cd62ff0b2125053c37e9cc8ac41b24f44342 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers content-encoding gzip x-amz-version-id pDbL.hRO3Npn89wuhR6xvcgbcgZrYBWv etag "cfcbe890471af67f5140f9f36766a673" age 5132 alt-svc h3=":443"; ma=86400 x-cache Hit from cloudfront x-amz-cf-id aL8EazTPTRRe6V7uQFl4wXiukrweNybYqUx_UrDzIRFcsuB71MXpQw== date Thu, 12 Dec 2024 12:50:14 GMT content-type application/javascript; charset=UTF-8 vary accept-encoding last-modified Tue, 10 Dec 2024 15:38:12 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cache-control max-age=31536000, s-maxage=7200, public cross-origin-resource-policy cross-origin via 1.1 5d328d2e734cff11e41c897ec72f465e.cloudfront.net (CloudFront) accept-ranges bytes content-length 147369 x-amz-cf-pop FRA56-P11 server AmazonS3 x-amz-server-side-encryption AES256
POST H2	200	launcher_settings Show response api-iam.intercom.io/messenger/web/ Frame 1270	241 B 899 B	336ms 141ms	XHR application/json	23.21.125.141 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://api-iam.intercom.io/messenger/web/launcher_settings Requested by Host: js.intercomcdn.com URL: https://js.intercomcdn.com/frame-modern.8f8b33d2.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 23.21.125.141 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-23-21-125-141.compute-1.amazonaws.com Software nginx / Resource Hash 01f200cc21bf65f64871c68b0df9a7a69e7ee1704317bf6eb7888d66cfb99517 Security Headers Name Value Strict-Transport-Security max-age=31556952; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type application/x-www-form-urlencoded Referer Response headers x-request-id 0001r0bbucusf4v3d8c0 access-control-expose-headers x-request-id content-encoding gzip etag W/"01f200cc21bf65f64871c68b0df9a7a6" access-control-allow-methods POST, GET, OPTIONS x-content-type-options nosniff status 200 OK date Thu, 12 Dec 2024 14:15:46 GMT content-type application/json; charset=utf-8 vary Accept,Accept-Encoding x-runtime 0.044844 access-control-allow-headers Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA x-frame-options SAMEORIGIN strict-transport-security max-age=31556952; includeSubDomains; preload x-request-queueing 0 cache-control max-age=0, private, must-revalidate access-control-allow-credentials true access-control-allow-origin https://labs.watchtowr.com x-xss-protection 1; mode=block x-intercom-version 3e3a0edbaf041fe88ab65df6ddc6337125c8d9b0 x-ami-version ami-0fa778b2af0c27580 server nginx
POST H2	200	ping Show response api-iam.intercom.io/messenger/web/ Frame 1270	4 KB 2 KB	525ms 331ms	XHR application/json	23.21.125.141 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://api-iam.intercom.io/messenger/web/ping Requested by Host: js.intercomcdn.com URL: https://js.intercomcdn.com/frame-modern.8f8b33d2.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 23.21.125.141 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-23-21-125-141.compute-1.amazonaws.com Software nginx / Resource Hash 689bd4696e72102ec53e22d6662f067d70755a934d206dc484bae41c9cc9d67c Security Headers Name Value Strict-Transport-Security max-age=31556952; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type application/x-www-form-urlencoded Referer Response headers x-request-id 0000331go2h6p4i0jbu0 access-control-expose-headers x-request-id content-encoding gzip etag W/"689bd4696e72102ec53e22d6662f067d" access-control-allow-methods POST, GET, OPTIONS x-content-type-options nosniff status 200 OK date Thu, 12 Dec 2024 14:15:46 GMT content-type application/json; charset=utf-8 vary Accept,Accept-Encoding x-runtime 0.234842 access-control-allow-headers Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA x-frame-options SAMEORIGIN strict-transport-security max-age=31556952; includeSubDomains; preload x-request-queueing 0 cache-control max-age=0, private, must-revalidate access-control-allow-credentials true access-control-allow-origin https://labs.watchtowr.com x-xss-protection 1; mode=block x-intercom-version 3e3a0edbaf041fe88ab65df6ddc6337125c8d9b0 x-ami-version ami-0fa778b2af0c27580 server nginx