labs.watchtowr.com Open in urlscan Pro
2a04:4e42::775 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://labs.watchtowr.com/cleo-cve-2024-50623/
Submission: On December 30 via api (December 30th 2024, 11:31:27 am UTC) from IN — Scanned from DE

Summary HTTP 62 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 29 IPs in 4 countries across 23 domains to perform 62 HTTP transactions. The main IP is 2a04:4e42::775, located in United States and belongs to FASTLY, US. The main domain is labs.watchtowr.com.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on November 19th 2024. Valid for: 3 months.

This is the only time labs.watchtowr.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
11	2a04:4e42::775 2a04:4e42::775	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:801::200a	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42:200... 2a04:4e42:200::485	54113 (FASTLY) (FASTLY)
4	2a00:1450:400... 2a00:1450:4001:830::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:8bd1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	104.17.24.14 104.17.24.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.1.195 151.101.1.195	54113 (FASTLY) (FASTLY)
1	2600:9000:225... 2600:9000:2250:f600:4:d7e1:700:93a1	16509 (AMAZON-02) (AMAZON-02)
1	18.66.102.11 18.66.102.11	16509 (AMAZON-02) (AMAZON-02)
2	2a02:26f0:350... 2a02:26f0:3500:2b::17cf:d260	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
1	2606:4700::68... 2606:4700::6810:4869	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	34.160.69.120 34.160.69.120	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	44.193.179.36 44.193.179.36	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:4700::68... 2606:4700::6810:a0a8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:80ac	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:6dfe	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::6812:28f0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	52.222.236.63 52.222.236.63	16509 (AMAZON-02) (AMAZON-02)
1 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	18.245.46.110 18.245.46.110	16509 (AMAZON-02) (AMAZON-02)
1	63.35.138.184 63.35.138.184	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6812:f36c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	108.138.26.124 108.138.26.124	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:7574	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	18.245.46.19 18.245.46.19	16509 (AMAZON-02) (AMAZON-02)
1	172.217.16.196 172.217.16.196	15169 (GOOGLE) (GOOGLE)
3	52.3.58.56 52.3.58.56	14618 (AMAZON-AES) (AMAZON-AES)
62	29

11 2a04:4e42::775 (United States)

ASN54113 (FASTLY, US)

labs.watchtowr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:8bd1 (United States)

ASN13335 (CLOUDFLARENET, US)

js-na1.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.1.195 (San Francisco, United States)

ASN54113 (FASTLY, US)

app.factors.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2250:f600:4:d7e1:700:93a1 (United States)

ASN16509 (AMAZON-02, US)

sc.lfeeder.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.102.11 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-102-11.fra56.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:3500:2b::17cf:d260 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:4869 (United States)

ASN13335 (CLOUDFLARENET, US)

scout-cdn.salesloft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 34.160.69.120 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 120.69.160.34.bc.googleusercontent.com

api.factors.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 44.193.179.36 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-193-179-36.compute-1.amazonaws.com

scout.salesloft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:a0a8 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:80ac (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:6dfe (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:28f0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.236.63 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-63.fra56.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.245.46.110 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-46-110.fra56.r.cloudfront.net

tr-rc.lfeeder.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.35.138.184 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-35-138-184.eu-west-1.compute.amazonaws.com

content.hotjar.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:f36c (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.26.124 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-26-124.fra56.r.cloudfront.net

widget.intercom.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:7574 (United States)

ASN13335 (CLOUDFLARENET, US)

track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.245.46.19 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-46-19.fra56.r.cloudfront.net

js.intercomcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.196 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.3.58.56 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-3-58-56.compute-1.amazonaws.com

api-iam.intercom.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	watchtowr.com labs.watchtowr.com	215 KB
9	factors.ai app.factors.ai — Cisco Umbrella Rank: 87474 api.factors.ai — Cisco Umbrella Rank: 60902	11 KB
6	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 225	11 KB
4	intercom.io widget.intercom.io — Cisco Umbrella Rank: 2266 api-iam.intercom.io — Cisco Umbrella Rank: 2695	9 KB
4	linkedin.com 1 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 333 px4.ads.linkedin.com — Cisco Umbrella Rank: 7032	2 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	346 KB
3	salesloft.com scout-cdn.salesloft.com — Cisco Umbrella Rank: 11366 scout.salesloft.com — Cisco Umbrella Rank: 14334	4 KB
2	intercomcdn.com js.intercomcdn.com — Cisco Umbrella Rank: 2998	288 KB
2	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 3353
2	hscollectedforms.net js.hscollectedforms.net — Cisco Umbrella Rank: 4811 forms.hscollectedforms.net — Cisco Umbrella Rank: 4960	26 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 831	22 KB
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 888 script.hotjar.com — Cisco Umbrella Rank: 1185	61 KB
2	lfeeder.com sc.lfeeder.com — Cisco Umbrella Rank: 15595 tr-rc.lfeeder.com — Cisco Umbrella Rank: 21771	12 KB
1	google.com www.google.com — Cisco Umbrella Rank: 3
1	hubspot.com track.hubspot.com — Cisco Umbrella Rank: 2477	1 KB
1	hubapi.com api.hubapi.com — Cisco Umbrella Rank: 3690	1 KB
1	hotjar.io content.hotjar.io — Cisco Umbrella Rank: 5577	171 B
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2343	23 KB
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3341	4 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2358	25 KB
1	hs-scripts.com js-na1.hs-scripts.com — Cisco Umbrella Rank: 6680	1 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 318	83 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	3 KB
62	23

	Domain	Requested by
11	labs.watchtowr.com	labs.watchtowr.com
8	api.factors.ai	app.factors.ai
6	cdnjs.cloudflare.com	labs.watchtowr.com cdnjs.cloudflare.com
4	www.googletagmanager.com	labs.watchtowr.com js.hsadspixel.net www.googletagmanager.com
3	api-iam.intercom.io	js.intercomcdn.com
3	px.ads.linkedin.com	1 redirects snap.licdn.com
2	js.intercomcdn.com	widget.intercom.io
2	region1.google-analytics.com	www.googletagmanager.com
2	scout.salesloft.com	scout-cdn.salesloft.com
2	snap.licdn.com	labs.watchtowr.com snap.licdn.com
1	www.google.com	www.googletagmanager.com
1	track.hubspot.com
1	widget.intercom.io	labs.watchtowr.com
1	forms.hscollectedforms.net	js.hscollectedforms.net
1	api.hubapi.com	js.hsadspixel.net
1	content.hotjar.io	script.hotjar.com
1	tr-rc.lfeeder.com	labs.watchtowr.com
1	px4.ads.linkedin.com	labs.watchtowr.com
1	script.hotjar.com	static.hotjar.com
1	js.hs-banner.com	js-na1.hs-scripts.com
1	js.hscollectedforms.net	js-na1.hs-scripts.com
1	js.hsadspixel.net	js-na1.hs-scripts.com
1	js.hs-analytics.net	js-na1.hs-scripts.com
1	scout-cdn.salesloft.com	labs.watchtowr.com
1	static.hotjar.com	labs.watchtowr.com
1	sc.lfeeder.com	labs.watchtowr.com
1	app.factors.ai	labs.watchtowr.com
1	js-na1.hs-scripts.com	labs.watchtowr.com
1	cdn.jsdelivr.net	labs.watchtowr.com
1	fonts.googleapis.com	labs.watchtowr.com
62	30

This site contains links to these domains. Also see Links.

Domain
watchtowr.com
www.watchtowr.com
www.linkedin.com
twitter.com
github.com
support.cleo.com
www.huntress.com
ghost.org

Subject Issuer	Validity	Valid
labs.watchtowr.com ZeroSSL RSA Domain Secure Site CA	`2024-11-19` - `2025-02-17`	3 months	crt.sh
upload.video.google.com WR2	`2024-12-02` - `2025-02-24`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2024 Q3	`2024-07-30` - `2025-08-31`	a year	crt.sh
*.google-analytics.com WR2	`2024-12-02` - `2025-02-24`	3 months	crt.sh
hs-scripts.com WE1	`2024-11-24` - `2025-02-22`	3 months	crt.sh
cdnjs.cloudflare.com WE1	`2024-11-26` - `2025-02-24`	3 months	crt.sh
app.factors.ai WR3	`2024-11-10` - `2025-02-08`	3 months	crt.sh
*.lfeeder.com Amazon RSA 2048 M02	`2024-02-20` - `2025-03-20`	a year	crt.sh
*.hotjar.com Amazon RSA 2048 M03	`2024-05-22` - `2025-06-20`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2024-12-02` - `2025-12-01`	a year	crt.sh
salesloft.com Sectigo RSA Domain Validation Secure Server CA	`2024-03-20` - `2025-04-19`	a year	crt.sh
api.factors.ai WR3	`2024-11-18` - `2025-02-16`	3 months	crt.sh
hs-analytics.net WE1	`2024-12-05` - `2025-03-05`	3 months	crt.sh
hsadspixel.net WE1	`2024-12-08` - `2025-03-08`	3 months	crt.sh
hscollectedforms.net WE1	`2024-11-20` - `2025-02-18`	3 months	crt.sh
hs-banner.com WE1	`2024-11-22` - `2025-02-20`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-10-14` - `2025-04-14`	6 months	crt.sh
*.hotjar.io Amazon ECDSA 256 M02	`2024-01-31` - `2025-03-01`	a year	crt.sh
hubapi.com WE1	`2024-11-07` - `2025-02-05`	3 months	crt.sh
*.intercom.com Amazon RSA 2048 M03	`2024-12-14` - `2026-01-11`	a year	crt.sh
hubspot.com WE1	`2024-12-01` - `2025-03-01`	3 months	crt.sh
*.intercomcdn.com Amazon RSA 2048 M02	`2024-10-31` - `2025-11-28`	a year	crt.sh
*.google.com WR2	`2024-12-02` - `2025-02-24`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://labs.watchtowr.com/cleo-cve-2024-50623/
Frame ID: 7C0E61FC7ED8D03ADCDF83604DD64401
Requests: 52 HTTP requests in this frame

Frame: https://js.intercomcdn.com/frame-modern.e04abc33.js
Frame ID: F5432EB03BBD1D32DEC9BFF74004DA83
Requests: 5 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/4cc0/sw_iframe.html?origin=https%3A%2F%2Flabs.watchtowr.com
Frame ID: B845C6AF49B92FD3A2167617C1346E72
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Cleo Harmony, VLTrader, and LexiCom - RCE via Arbitrary File Write (CVE-2024-50623)

Detected technologies

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

62
Requests

98 %
HTTPS

55 %
IPv6

23
Domains

30
Subdomains

29
IPs

4
Countries

1144 kB
Transfer

3206 kB
Size

27
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://watchtowr.com/
Title: Platform

Search URL Search Domain Scan URL

URL: https://www.watchtowr.com/#contact
Title: Contact

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/watchtowr

Search URL Search Domain Scan URL

URL: https://twitter.com/watchtowrcyber

Search URL Search Domain Scan URL

URL: https://github.com/watchtowrlabs

Search URL Search Domain Scan URL

URL: https://support.cleo.com/hc/en-us/articles/27140294267799-Cleo-Product-Security-Advisory-CVE-2024-50623?ref=labs.watchtowr.com
Title: advisory

Search URL Search Domain Scan URL

URL: https://support.cleo.com/hc/en-us/articles/27140294267799-Cleo-Product-Security-Advisory?ref=labs.watchtowr.com
Title: CVE-2024-50623

Search URL Search Domain Scan URL

URL: https://github.com/watchtowrlabs/CVE-2024-50623?ref=labs.watchtowr.com
Title: PoC

Search URL Search Domain Scan URL

URL: https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild?ref=labs.watchtowr.com
Title: Huntress' advice

Search URL Search Domain Scan URL

URL: https://www.watchtowr.com/?ref=watchtowr-labs-blog
Title: watchTowr

Search URL Search Domain Scan URL

URL: https://www.watchtowr.com/

Search URL Search Domain Scan URL

URL: https://ghost.org/
Title: Powered by Ghost

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 35

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3860676&time=1735558283004&url=https%3A%2F%2Flabs.watchtowr.com%2Fcleo-cve-2024-50623%2F HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3860676&time=1735558283004&url=https%3A%2F%2Flabs.watchtowr.com%2Fcleo-cve-2024-50623%2F&e_ipv6=AQIllS1bErVmLwAAAZQXVb9qEE33wg6cONJClwoNyFoaR6AsiIfFvKfO4KO_VqQG

62 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
labs.watchtowr.com/cleo-cve-2024-50623/ 38 KB
13 KB 162ms
10ms Document
text/html 2a04:4e42::775
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.watchtowr.com/cleo-cve-2024-50623/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash: 677a138de946a78b69e7c02f7082023ed6a81823499588196cdc41d770903cc3

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 124738
alt-svc: clear
cache-control: public, max-age=0
content-encoding: gzip
content-length: 13031
content-type: text/html; charset=utf-8
date: Mon, 30 Dec 2024 11:31:22 GMT
etag: W/"99fb-ueDJqL9pz/H4fmVpKIw4LlXEzZY"
ghost-fastly: true
server: openresty
status: 200 OK
vary: Cookie, Accept-Encoding
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache: MISS, HIT, HIT
x-cache-hits: 0, 10, 0
x-request-id: cd130ab3-e285-4840-a1f3-101f81b895f4
x-served-by: cache-ams2100125-AMS, cache-ams2100110-AMS, cache-fra-etou8220122-FRA
x-timer: S1735558283.715049,VS0,VE3

GET
H2 200 css2
fonts.googleapis.com/ 39 KB
3 KB 73ms
20ms Stylesheet
text/css 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Lora:ital,wght@0,400;0,500;0,600;0,700;1,400;1,700&family=Inter:wght@400;500;600;700;800&display=swap

Requested by

Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/cleo-cve-2024-50623/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4b9ee54747beb19126d4829f3bfc45823f5871c145a96256ee14d0000d35bd61

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://labs.watchtowr.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 30 Dec 2024 11:31:22 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 30 Dec 2024 11:31:22 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Mon, 30 Dec 2024 11:31:22 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 screen.css
labs.watchtowr.com/assets/built/ 32 KB
7 KB 21ms
17ms Stylesheet
text/css 2a04:4e42::775
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.watchtowr.com/assets/built/screen.css?v=71f9c9865e
Requested by: Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/cleo-cve-2024-50623/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash: c04c22ec20671d45136ecbb2c6c1729daecf3a089378842a926769966202c863

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/

Response headers

x-request-id: 194b180c-3cd1-46aa-a72c-9e12ddd6a958
content-encoding: gzip
etag: W/"7f54-190396a44ad"
age: 124878
ghost-fastly: true
status: 200 OK
alt-svc: clear
x-cache: MISS, HIT, HIT
date: Mon, 30 Dec 2024 11:31:22 GMT
last-modified: Fri, 21 Jun 2024 06:09:44 GMT
vary: Accept-Encoding
x-cache-hits: 0, 7, 0
content-type: text/css; charset=UTF-8
x-served-by: cache-ams2100117-AMS, cache-ams21045-AMS, cache-fra-etou8220122-FRA
cache-control: public, max-age=31536000
x-timer: S1735558283.739645,VS0,VE2
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 6999
server: openresty

GET
H2 200 sodo-search.min.js Show response
cdn.jsdelivr.net/ghost/sodo-search@~1.5/umd/ 263 KB
83 KB 49ms
14ms Script
application/javascript 2a04:4e42:200::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/ghost/sodo-search@~1.5/umd/sodo-search.min.js

Requested by

Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/cleo-cve-2024-50623/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:200::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

5457a83229acb39e1625c8e08964a52c5fbd5e604182ca19416cabc2ebb41169

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://labs.watchtowr.com
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"41bb3-TlcqTJJfU4QXEfOqOvmN0FRqtPI"
age: 14934
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT
date: Mon, 30 Dec 2024 11:31:22 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-fra-etou8220120-FRA
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=600, s-maxage=43200, stale-while-revalidate=600, stale-if-error=86400
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 84199
x-jsd-version: 1.5.1

GET
H2 200 cards.min.js Show response
labs.watchtowr.com/public/ 6 KB
2 KB 21ms
16ms Script
application/javascript 2a04:4e42::775
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.watchtowr.com/public/cards.min.js?v=71f9c9865e
Requested by: Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/cleo-cve-2024-50623/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash: 7b257e1e81be5f3928d1fa0dc765a5d77eb818b61d72f940ee947dc955bbbb0b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/

Response headers

x-request-id: 35a8d0ec-b7e3-480c-ae08-c8660d3e4f7c
content-encoding: gzip
etag: W/"143954965104cf254bf1a498449c6855"
age: 124877
ghost-fastly: true
status: 200 OK
alt-svc: clear
x-cache: MISS, HIT, HIT
date: Mon, 30 Dec 2024 11:31:22 GMT
content-type: application/javascript
x-served-by: cache-ams2100118-AMS, cache-ams2100122-AMS, cache-fra-etou8220122-FRA
x-cache-hits: 0, 8, 0
vary: Accept-Encoding
cache-control: public, max-age=31536000
x-timer: S1735558283.831587,VS0,VE2
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 1490
server: openresty

GET
H2 200 cards.min.css
labs.watchtowr.com/public/ 37 KB
6 KB 22ms
18ms Stylesheet
text/css 2a04:4e42::775
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.watchtowr.com/public/cards.min.css?v=71f9c9865e
Requested by: Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/cleo-cve-2024-50623/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash: 27c72000333080dee55d65b2323469fa581afe51ee0d5f0653454cc0af078b7e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/

Response headers

x-request-id: 02fcaa47-04b6-4c0d-9908-6a3318ac7a9b
content-encoding: gzip
etag: W/"78a238818fe197705adc97c6ad901852"
age: 124878
ghost-fastly: true
status: 200 OK
alt-svc: clear
x-cache: MISS, HIT, HIT
date: Mon, 30 Dec 2024 11:31:22 GMT
content-type: text/css
x-served-by: cache-ams2100119-AMS, cache-ams21044-AMS, cache-fra-etou8220122-FRA
x-cache-hits: 0, 7, 0
vary: Accept-Encoding
cache-control: public, max-age=31536000
x-timer: S1735558283.740042,VS0,VE2
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 6285
server: openresty

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 300 KB
103 KB 86ms
44ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Q0QQGYH9DL

Requested by

Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/cleo-cve-2024-50623/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7ed5aace5e97d31df74e19a34bf3243c02dfb3b92c5fe3858a921c5e62297977

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Mon, 30 Dec 2024 11:31:22 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 30 Dec 2024 11:31:22 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 104705
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 23785948.js Show response
js-na1.hs-scripts.com/ 2 KB
1 KB 92ms
25ms Script
application/javascript 2606:4700::6810:8bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js-na1.hs-scripts.com/23785948.js

Requested by

Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/cleo-cve-2024-50623/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8bd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3033e81c1e014c17da807364c999ae4c4d6480a0ded667df4714ed38c20e39ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/

Response headers

access-control-max-age: 3600
content-encoding: gzip
cf-cache-status: HIT
age: 7120
x-content-type-options: nosniff
date: Mon, 30 Dec 2024 11:31:22 GMT
x-hubspot-correlation-id: 4c23740b-c89f-4178-a7c2-ae3b7f70bb2a
content-type: application/javascript;charset=utf-8
vary: origin, Accept-Encoding
last-modified: Mon, 30 Dec 2024 09:32:42 GMT
access-control-allow-credentials: true
cf-ray: 8fa1b4041941d37c-FRA
accept-ranges: bytes
access-control-allow-origin: https://labs.watchtowr.com
content-length: 636
server: cloudflare

GET
H3 200 prism-tomorrow.min.css
cdnjs.cloudflare.com/ajax/libs/prism/1.28.0/themes/ 1 KB
1 KB 38ms
19ms Stylesheet
text/css 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/prism/1.28.0/themes/prism-tomorrow.min.css

Requested by

Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/cleo-cve-2024-50623/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1b15fe2971998a048aebb60f26f6eed76122071db9ef3b995abd003224f52a98

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://labs.watchtowr.com
Referer

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "625c25f1-1d8"
age: 541097
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MKA6ZbTuEO2jfOxTbGsoFNuYVrSODMgYzyxLdLMaw40jwJCkk3%2FiETYoDeINDyMmhyzxWBu542FvD1%2BqXxNRp%2Fr3s0Cp4SGZcwHvP9yJnLnDwYxJ%2FiP5iojLGwFEwLfk4RbiAKOq"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Sat, 20 Dec 2025 11:31:22 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 30 Dec 2024 11:31:22 GMT
content-type: text/css; charset=utf-8
last-modified: Sun, 17 Apr 2022 14:36:33 GMT
vary: Accept-Encoding
priority: u=0,i=?0
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8fa1b4033b2fdbe7-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 472
server: cloudflare

GET
H2 200 watchTowr---Labs-White.svg
labs.watchtowr.com/content/images/2022/04/ 3 KB
1 KB 20ms
17ms Image
image/svg+xml 2a04:4e42::775
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.watchtowr.com/content/images/2022/04/watchTowr---Labs-White.svg
Requested by: Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/cleo-cve-2024-50623/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash: 653dd026068639c920becd532cf32e17cab76ed6de3d821abfc7ba6c49b6ea64

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/

Response headers

x-request-id: ba46543c-cf86-4141-abf2-1f60bf3be4c3
content-encoding: gzip
etag: W/"c1a-18078df92b7"
age: 3444418
ghost-fastly: true
status: 200 OK
alt-svc: clear
x-cache: MISS, HIT, HIT
date: Mon, 30 Dec 2024 11:31:22 GMT
content-type: image/svg+xml
last-modified: Sat, 30 Apr 2022 05:09:19 GMT
x-cache-hits: 0, 11, 0
x-served-by: cache-ams21080-AMS, cache-ams21080-AMS, cache-fra-etou8220122-FRA
vary: Accept-Encoding
cache-control: public, max-age=31536000
x-timer: S1735558283.739826,VS0,VE1
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1192
server: openresty

GET
H2 200 logo-white.svg
labs.watchtowr.com/assets/images/ 630 B
516 B 20ms
13ms Image
image/svg+xml 2a04:4e42::775
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.watchtowr.com/assets/images/logo-white.svg
Requested by: Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/cleo-cve-2024-50623/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash: ceaf8255e1258fa5e1e32c9dee6c940e0562695951c628f7415b9a93eb085e95

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/

Response headers

x-request-id: 44cbe59a-0939-4e84-be7f-7e0c6d247f59
content-encoding: gzip
etag: W/"276-190396a44ef"
age: 3444418
ghost-fastly: true
status: 200 OK
alt-svc: clear
x-cache: MISS, HIT, HIT
date: Mon, 30 Dec 2024 11:31:22 GMT
content-type: image/svg+xml
vary: Accept-Encoding
x-cache-hits: 0, 11, 0
last-modified: Fri, 21 Jun 2024 06:09:44 GMT
x-served-by: cache-ams2100128-AMS, cache-ams21064-AMS, cache-fra-etou8220122-FRA
cache-control: public, max-age=31536000
x-timer: S1735558283.762593,VS0,VE1
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 356
server: openresty

GET
H2 200 main.min.js Show response
labs.watchtowr.com/assets/built/ 44 KB
16 KB 18ms
16ms Script
application/javascript 2a04:4e42::775
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.watchtowr.com/assets/built/main.min.js?v=71f9c9865e
Requested by: Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/cleo-cve-2024-50623/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash: 1fca19e97c3cbc726acc8d8e5ccb34aa99a0b6153054d724560a53c07a652397

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/

Response headers

x-request-id: 587c17ba-4ed1-43f8-af74-859ef661a265
content-encoding: gzip
etag: W/"b10f-190396a44a4"
age: 124878
ghost-fastly: true
status: 200 OK
alt-svc: clear
x-cache: MISS, HIT, HIT
date: Mon, 30 Dec 2024 11:31:22 GMT
last-modified: Fri, 21 Jun 2024 06:09:44 GMT
vary: Accept-Encoding
x-cache-hits: 0, 8, 0
content-type: application/javascript; charset=UTF-8
x-served-by: cache-ams2100086-AMS, cache-ams21029-AMS, cache-fra-etou8220122-FRA
cache-control: public, max-age=31536000
x-timer: S1735558283.763617,VS0,VE1
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 16307
server: openresty

GET
H3 200 prism-core.min.js Show response
cdnjs.cloudflare.com/ajax/libs/prism/1.28.0/components/ 7 KB
3 KB 38ms
35ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/prism/1.28.0/components/prism-core.min.js

Requested by

Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/cleo-cve-2024-50623/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e2624d4f66cc5f171cd460896b106630f7666a1e638b42dd9ddefd0ca7758683

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://labs.watchtowr.com
Referer

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "625c25f1-aff"
age: 372952
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dINPtZkKk8BmI%2B%2FduDjRpHJ362XUC6XBx5ND6JpkTNNLyuhWWydgaZoRaRHQUgxrhjVpZi%2BmA2ylfuicU10Sm8QbqF38abkTbSQRQuSX2DFZfCXaPOkwNXI6bUF7fzbTg2zqoX9W"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Sat, 20 Dec 2025 11:31:22 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 30 Dec 2024 11:31:22 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 17 Apr 2022 14:36:33 GMT
vary: Accept-Encoding
priority: u=2,i=?0
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8fa1b4036b92dbe7-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 2815
server: cloudflare

GET
H3 200 prism-autoloader.min.js Show response
cdnjs.cloudflare.com/ajax/libs/prism/1.28.0/plugins/autoloader/ 6 KB
3 KB 22ms
21ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/prism/1.28.0/plugins/autoloader/prism-autoloader.min.js

Requested by

Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/cleo-cve-2024-50623/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

74beaf9148829f7d253d337d715ae6407a39510984c0332bc76a69024e088559

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://labs.watchtowr.com
Referer

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "625c25f1-874"
age: 2523059
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uEss6oRIjOUUXVSE5WgkM70xGNuxZtenh21SsEtw36y5bExpEQpn50njXFDhV8XlDXyHeaYBww253n%2F4PiddkkYGuuuFz7DvlXDEkPoXOL1hPbgQfgvRQvY4uZ2sLQWfNEf54k%2B0"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Sat, 20 Dec 2025 11:31:22 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 30 Dec 2024 11:31:22 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 17 Apr 2022 14:36:33 GMT
vary: Accept-Encoding
priority: u=2,i=?0
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8fa1b4037bb5dbe7-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 2164
server: cloudflare

GET
H2 200 factors.js Show response
app.factors.ai/assets/v1/ 36 KB
10 KB 67ms
28ms Script
text/javascript 151.101.1.195
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://app.factors.ai/assets/v1/factors.js

Requested by

Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/cleo-cve-2024-50623/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.195 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

fa9677c89fe1c6c38c9080eb6c2474a0c34a7c85e1b7d385c56ee9879a78f454

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/

Response headers

strict-transport-security: max-age=31556926
cache-control: max-age=3600
content-encoding: br
etag: "9abebb14f23c142cb067556648a1ce394be513129aa6c636e02577685a428140-br"
x-timer: S1735558283.886214,VS0,VE0
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT
content-length: 9809
date: Mon, 30 Dec 2024 11:31:22 GMT
content-type: text/javascript; charset=utf-8
last-modified: Fri, 27 Dec 2024 07:13:35 GMT
x-served-by: cache-fra-etou8220091-FRA
x-cache-hits: 5
vary: x-fh-requested-host, accept-encoding

GET
H2 200 lftracker_v1_3P1w24do6zP7mY5n.js Show response
sc.lfeeder.com/ 31 KB
11 KB 116ms
32ms Script
application/javascript 2600:9000:2250:f600:4:d7e1:700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sc.lfeeder.com/lftracker_v1_3P1w24do6zP7mY5n.js
Requested by: Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/cleo-cve-2024-50623/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:f600:4:d7e1:700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9c076c44c2a65588a5171b190d29e39c5542fae2e2fa68550e830d5fb4b8dc65

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/

Response headers

content-encoding: gzip
x-amz-version-id: RQ3UJdvEZQqmBXWqo2sfKb3Y9TdoJpG3
etag: W/"bd10e6330fa5c45a0c70765b74ddc6a5"
age: 3462
x-cache: Hit from cloudfront
x-amz-cf-id: P52TrtzgDUK0nrd0t9PLsG76jYHJMc6luVfn4Udb_D117nHUlpp7ig==
date: Mon, 30 Dec 2024 11:04:28 GMT
content-type: application/javascript
vary: accept-encoding, Origin
last-modified: Wed, 09 Oct 2024 07:33:36 GMT
cache-control: max-age=3600
cross-origin-resource-policy: cross-origin
via: 1.1 03249875678629095a5ec311a6f1a298.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P2
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 hotjar-2950076.js Show response
static.hotjar.com/c/ 13 KB
6 KB 147ms
110ms Script
application/javascript 18.66.102.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2950076.js?sv=6

Requested by

Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/cleo-cve-2024-50623/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.102.11 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-102-11.fra56.r.cloudfront.net

Software

Resource Hash

3836f658ace0c39610be52496bf15e445138354e4fe140c1c0db9a47b2e04fcc

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=60
content-encoding: br
etag: W/8e45cc8ca4093e23e899e9450ae965ad
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-cache-hit: 1
via: 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-cache: Miss from cloudfront
x-amz-cf-id: Z-QTVexTugcGz9wvATMEfKLM2pJOcsNW2crYrJZZjYquFrLfR4VfaQ==
date: Mon, 30 Dec 2024 11:31:22 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
x-amz-cf-pop: FRA56-P2

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 19 KB
8 KB 78ms
16ms Script
application/javascript 2a02:26f0:3500:2b::17cf:d260
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/cleo-cve-2024-50623/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:2b::17cf:d260 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Resource Hash

6c0d4e3bd890a4bf01c9a301d3e3ff127af22636c4f94250cc230815eb701593

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/

Response headers

vary: Accept-Encoding
cache-control: max-age=60391
content-encoding: gzip
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 7404
date: Mon, 30 Dec 2024 11:31:22 GMT
last-modified: Wed, 18 Dec 2024 09:08:52 GMT
content-type: application/javascript;charset=utf-8
x-edgeconnect-midmile-rtt: 0, 0
x-edgeconnect-origin-mex-latency: 470, 470
x-amz-server-side-encryption: AES256

GET
H2 200 sl.js Show response
scout-cdn.salesloft.com/ 6 KB
3 KB 85ms
23ms Script
application/javascript 2606:4700::6810:4869
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://scout-cdn.salesloft.com/sl.js

Requested by

Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/cleo-cve-2024-50623/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:4869 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/

Response headers

content-encoding: br
cf-cache-status: HIT
x-amz-version-id: 6anzvBQcvmaBDc8BSO9zI6Th.IIiwArc
etag: W/"d74cc4825c8e333b2116da3fcc649db1"
age: 1086
x-content-type-options: nosniff
expires: Mon, 30 Dec 2024 15:31:22 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 30 Dec 2024 11:31:22 GMT
content-type: application/javascript
last-modified: Mon, 13 Dec 2021 16:28:37 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-amz-id-2: vrQ8qrhHvzv0MEE0c2Gs2LAs8pVU2FXI2el7WsCWD7xNjIk5IXWgO4Bwutw905+UlIwXJZUkwEvqGtGKfQIS1zM1nM2cvevGg3iTQyfk/0M=
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=14400
x-amz-request-id: QH6A5ANP61A7EH51
cf-ray: 8fa1b4041c69dcc2-FRA
access-control-allow-origin: *
server: cloudflare

GET
H2 200 ABCFavorit-Light.woff2
labs.watchtowr.com/assets/fonts/ 38 KB
38 KB 28ms
26ms Font
font/woff2 2a04:4e42::775
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.watchtowr.com/assets/fonts/ABCFavorit-Light.woff2
Requested by: Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/assets/built/screen.css?v=71f9c9865e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash: 274ba032d9071697b02e08b0833af8b4ed90b453740cdc11528b7e058bdb8f36

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://labs.watchtowr.com
Referer: https://labs.watchtowr.com/assets/built/screen.css?v=71f9c9865e

Response headers

x-request-id: bc46ce87-30d3-4532-9924-274ff811831a
etag: W/"9884-190396a44c0"
age: 1155254
ghost-fastly: true
status: 200 OK
alt-svc: clear
x-cache: MISS, HIT, HIT
date: Mon, 30 Dec 2024 11:31:22 GMT
content-type: font/woff2
last-modified: Fri, 21 Jun 2024 06:09:44 GMT
x-cache-hits: 0, 10, 0
x-served-by: cache-ams2100140-AMS, cache-ams2100140-AMS, cache-fra-etou8220122-FRA
cache-control: public, max-age=31536000
x-timer: S1735558283.875044,VS0,VE3
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 39044
server: openresty

GET
H2 200 image-2.png
labs.watchtowr.com/content/images/2024/12/ 51 KB
51 KB 17ms
15ms Image
image/png 2a04:4e42::775
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.watchtowr.com/content/images/2024/12/image-2.png
Requested by: Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/cleo-cve-2024-50623/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash: f7295e1558398f5138bce7483481b07ed8a5faed4c15a1ad690db52cb6cac40c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/

Response headers

x-request-id: 44ae2892-d4a9-4127-86e9-43db49773409
etag: W/"cc83-193b597c239"
age: 1639840
ghost-fastly: true
status: 206 Partial Content
alt-svc: clear
x-cache: MISS, HIT, HIT
date: Mon, 30 Dec 2024 11:31:22 GMT
content-type: image/png
last-modified: Wed, 11 Dec 2024 12:00:42 GMT
x-cache-hits: 0, 4, 0
x-served-by: cache-ams21021-AMS, cache-ams21063-AMS, cache-fra-etou8220122-FRA
cache-control: public, max-age=31536000
x-timer: S1735558283.874791,VS0,VE1
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 52355
server: openresty

GET
H2 200 image-5.png
labs.watchtowr.com/content/images/size/w1000/2024/12/ 75 KB
76 KB 31ms
30ms Image
image/png 2a04:4e42::775
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.watchtowr.com/content/images/size/w1000/2024/12/image-5.png
Requested by: Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/cleo-cve-2024-50623/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash: fe75e2f19995bb98fc0cada1a006e5166046dcc40e07c75434893f1f87b7e854

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/

Response headers

x-request-id: dd32f3ad-6766-4f6b-8112-10f7ada9c716
etag: W/"12d43-193b5b1be30"
age: 535570
ghost-fastly: true
status: 206 Partial Content
alt-svc: clear
x-cache: MISS, HIT, HIT
date: Mon, 30 Dec 2024 11:31:22 GMT
content-type: image/png
last-modified: Wed, 11 Dec 2024 12:29:04 GMT
x-cache-hits: 0, 3, 0
x-served-by: cache-ams2100135-AMS, cache-ams2100101-AMS, cache-fra-etou8220122-FRA
cache-control: public, max-age=31536000
x-timer: S1735558283.875808,VS0,VE2
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 77123
server: openresty

POST
H2 200 get_info Show response
api.factors.ai/sdk/ 311 B
412 B 163ms
161ms Fetch
application/json 34.160.69.120
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.factors.ai/sdk/get_info
Requested by: Host: app.factors.ai
URL: https://app.factors.ai/assets/v1/factors.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.160.69.120 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 120.69.160.34.bc.googleusercontent.com
Software: /
Resource Hash: 0f226cc83a8ef2be2af40f20ef5aa1e8c43cb53854e8bb5a916851feb361a870

Request headers

Authorization: fp50m8phd32g8y5reokdoan3w55o0nc3
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

x-req-id: ctp892v82m9s73b0lqr0
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://labs.watchtowr.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 311
date: Mon, 30 Dec 2024 11:31:23 GMT
content-type: application/json; charset=utf-8
vary: Origin

OPTIONS
H2 204 get_info
api.factors.ai/sdk/ Frame 0
0 203ms
157ms Preflight 34.160.69.120
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.factors.ai/sdk/get_info
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.160.69.120 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 120.69.160.34.bc.googleusercontent.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://labs.watchtowr.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin,Content-Length,Content-Type,Authorization,Access-Control-Allow-Headers,Access-Control-Allow-Origin,Invalidate-Cache,Funnel-V2,Use-Filter-Opt-Profiles,Use-Filter-Opt-Events-Users
access-control-allow-methods: GET,POST,PUT,HEAD,DELETE
access-control-allow-origin: https://labs.watchtowr.com
access-control-max-age: 43200
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 30 Dec 2024 11:31:23 GMT
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers
via: 1.1 google

GET
H3 200 prism-diff.min.js Show response
cdnjs.cloudflare.com/ajax/libs/prism/1.28.0/components/ 605 B
967 B 26ms
24ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/prism/1.28.0/components/prism-diff.min.js

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/prism/1.28.0/plugins/autoloader/prism-autoloader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f16816fb2242a84c6ff6715a48c6d0a3e469e3250912cb9f1b755ca537d02f48

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "625c25f1-153"
age: 17022860
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WgEHnGXD2AwCDiR8XuX6oSXfqVQWPPZ%2BYqZ4XNAPkbk3Ukdtlf6tydCnmaU7%2FG2GqD85AQfGgeaAoM1lbS4QlNaKoA67ESAA0e7kSImEUoGGrGHxs6uLySCTup6dYeMELadzX79y"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Sat, 20 Dec 2025 11:31:22 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 30 Dec 2024 11:31:22 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 17 Apr 2022 14:36:33 GMT
vary: Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8fa1b4045c1635fc-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 339
server: cloudflare

GET
H3 200 prism-clike.min.js Show response
cdnjs.cloudflare.com/ajax/libs/prism/1.28.0/components/ 708 B
1 KB 26ms
25ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/prism/1.28.0/components/prism-clike.min.js

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/prism/1.28.0/plugins/autoloader/prism-autoloader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c76ba4e240932bdc75546be30e550f5ba5e13815ff71511c76e9e27ac3072444

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "625c25f1-17d"
age: 1688964
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4Im%2B6qk2Uj1MrCQ2kgnGWgBTC451naEzZaRKVeoHc77rzyTOG8NwuQZCr3LjZ%2F801eyjF3ivNfLB9qMXZQRyhWWVE9T77eNp8Ra3aMI9jefMtP6Fhj2nV1nwg%2BGyywTgFZOphQ12"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Sat, 20 Dec 2025 11:31:22 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 30 Dec 2024 11:31:22 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 17 Apr 2022 14:36:33 GMT
vary: Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8fa1b4045c1735fc-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 381
server: cloudflare

GET
H2 200 r Show response
scout.salesloft.com/ 41 B
358 B 312ms
97ms XHR
application/json 44.193.179.36
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://scout.salesloft.com/r?tid=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0IjoxMTIzMjd9.VPRLDlVywXvamkHUrZOJN7rKvtF70sMZ21c4f5nxvn0

Requested by

Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

44.193.179.36 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-193-179-36.compute-1.amazonaws.com

Software

Resource Hash

1cfea949b0b2925d27b84d56d18f2ea1c6b948fdf3ae95c534a14706043da178

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-request-id: 12fb6cc89a331a855914342deaaa620e
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://labs.watchtowr.com
content-length: 41
date: Mon, 30 Dec 2024 11:31:23 GMT
content-type: application/json; charset=utf-8

GET
H2 200 23785948.js Show response
js.hs-analytics.net/analytics/1735551000000/ 68 KB
25 KB 59ms
25ms Script
text/javascript 2606:4700::6810:a0a8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1735551000000/23785948.js
Requested by: Host: js-na1.hs-scripts.com
URL: https://js-na1.hs-scripts.com/23785948.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:a0a8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f13a582e4dd93e0b6e6f7147e788f5a3d679e22f57bf3d2814eb990f137a557

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/

Response headers

x-amz-server-side-encryption: AES256
x-request-id: ae2b0dc1-b370-48fa-80c3-a044cec4a3ce
content-encoding: gzip
cf-cache-status: HIT
etag: W/"1b77e8761c7cef61885d26f25de82920"
x-amz-version-id: null
age: 261
expires: Mon, 30 Dec 2024 11:32:02 GMT
x-evy-trace-listener: listener_https
date: Mon, 30 Dec 2024 11:31:23 GMT
x-hubspot-correlation-id: ae2b0dc1-b370-48fa-80c3-a044cec4a3ce
content-type: text/javascript
last-modified: Wed, 23 Oct 2024 01:59:14 GMT
vary: origin, Accept-Encoding
x-amz-id-2: HPATzry/VP8b5ZIUv2nKFHzTLjz+l4rNh6ZGceN7/TI6SWpJ+NBsHhfxIb+52tFG9kHV2ueSZUI=
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=300,public
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-8586d94f84-thqkc
x-envoy-upstream-service-time: 42
access-control-allow-credentials: false
x-amz-request-id: 3AK1SXGT2DTCA3HH
cf-ray: 8fa1b404c8639a05-FRA
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
4 KB 89ms
43ms Script
application/javascript 2606:4700::6811:80ac
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: js-na1.hs-scripts.com
URL: https://js-na1.hs-scripts.com/23785948.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:80ac , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

94c33d6b7a8a3ec1b2fa2f21d8d13e760f5a2b1d0bcd6bc79040eaf8fc3db99a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/

Response headers

x-evy-trace-virtual-host: all
x-request-id: b3a98eac-9ef4-48bc-a86b-9f26b528b1c0
content-encoding: gzip
cf-cache-status: HIT
etag: W/"ca248d7a7c6bd2f9377cb66156837d10"
x-amz-version-id: z1RV9ixsN0LmI92PbMVbn7sOiIZi0lq8
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
age: 532
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-hs-cache-status: HIT
x-amz-cf-id: E_ovi23RAmKj1H9T69NngnkzrVrbsn-R6YyCQamZj46JmgmneBLTzg==
date: Mon, 30 Dec 2024 11:31:23 GMT
x-hubspot-correlation-id: b3a98eac-9ef4-48bc-a86b-9f26b528b1c0
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Dec 2024 17:34:20 UTC
vary: accept-encoding
x-evy-trace-listener: listener_https
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-fpplf
x-envoy-upstream-service-time: 0
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.1043/bundles/pixels-release.js&cfRay=8f7eaa1fba55b61b-WAW
via: 1.1 dfc1931cc62ecd4133c2b9bdae1bb476.cloudfront.net (CloudFront)
cf-ray: 8fa1b404ddce1c13-FRA
x-evy-trace-route-configuration: listener_https/all
x-hs-target-asset: adsscriptloaderstatic/static-1.1043/bundles/pixels-release.js
x-amz-cf-pop: IAD12-P3
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 70 KB
25 KB 168ms
122ms Script
application/javascript 2606:4700::6810:6dfe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hscollectedforms.net/collectedforms.js

Requested by

Host: js-na1.hs-scripts.com
URL: https://js-na1.hs-scripts.com/23785948.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6dfe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1764bc84ea6abe91f1634b73a5a6c0ebff400461dfea6a4040bd0c03d86caa8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://labs.watchtowr.com
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/

Response headers

x-request-id: aaf301ca-7aa9-4cfb-a4f1-b4f1efca44c7
content-encoding: gzip
cf-cache-status: EXPIRED
x-amz-version-id: 8IiNiFnnn0n9avBP.k8Mr32sZxpD8Dx_
etag: W/"ceb8bcb73e5536d8416735a3977d227a"
cache-tag: staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: 6DNAoDrWEBNy6XX8WXuZCbbA0VMaSEJQchicW4fuwvrXb00VrTubQA==
x-hubspot-correlation-id: aaf301ca-7aa9-4cfb-a4f1-b4f1efca44c7
content-type: application/javascript; charset=utf-8
last-modified: Mon, 09 Dec 2024 13:03:17 UTC
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=600, max-age=300
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-2w2nl
x-envoy-upstream-service-time: 10
x-hs-target-asset: collected-forms-embed-js/static-1.1112/bundles/project.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
access-control-max-age: 3000
access-control-allow-methods: GET
x-hs-cache-status: MISS
date: Mon, 30 Dec 2024 11:31:23 GMT
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method,accept-encoding
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.1112/bundles/project.js&cfRay=8fa1b404de7492a7-FRA
via: 1.1 c5f8f8068a88ebb73e505f5e51b5262e.cloudfront.net (CloudFront)
cf-ray: 8fa1b404de7492a7-FRA
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD12-P3

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/23785948/ 71 KB
23 KB 211ms
179ms Script
application/javascript 2606:4700:4400::6812:28f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-banner.com/v2/23785948/banner.js

Requested by

Host: js-na1.hs-scripts.com
URL: https://js-na1.hs-scripts.com/23785948.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:28f0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e7f73f724d4777cd5cc5c2004f85c3c400d3530ab2d064d3d9558d042677657

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/

Response headers

access-control-max-age: 604800
x-request-id: aea73bf5-5e67-4558-825b-f18824b12b54
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
content-encoding: gzip
cf-cache-status: REVALIDATED
x-content-type-options: nosniff
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
expires: Mon, 30 Dec 2024 11:36:23 GMT
x-evy-trace-listener: listener_http, listener_https
date: Mon, 30 Dec 2024 11:31:23 GMT
x-hubspot-correlation-id: aea73bf5-5e67-4558-825b-f18824b12b54
content-type: application/javascript; charset=utf-8
vary: origin, Accept-Encoding
last-modified: Fri, 06 Dec 2024 19:25:42 GMT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
x-evy-trace-route-service-name: envoyset-translator, envoyset-translator
x-evy-trace-served-by-pod: iad02/private-hubapi-td/envoy-proxy-5f9df65f7b-57p2m, iad02/analytics-js-proxy-td/envoy-proxy-8586d94f84-rnhs5
timing-allow-origin: *
cache-control: max-age=300,public
x-envoy-upstream-service-time: 137
access-control-allow-credentials: true
cf-ray: 8fa1b404cb059ba7-FRA
access-control-allow-origin: https://labs.watchtowr.com
x-evy-trace-route-configuration: listener_http/all, listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all, all

GET
H2 200 insight.old.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
14 KB 18ms
7ms Script
application/javascript 2a02:26f0:3500:2b::17cf:d260
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.old.min.js

Requested by

Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:2b::17cf:d260 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Resource Hash

8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/

Response headers

cache-control: max-age=63665
content-encoding: gzip
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 14628
date: Mon, 30 Dec 2024 11:31:22 GMT
last-modified: Mon, 02 Dec 2024 10:13:56 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-amz-server-side-encryption: AES256

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 61ms
26ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-Q0QQGYH9DL&gtm=45je4cc1v877901959za200&_p=1735558282820&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=1182233953.1735558283&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1735558282&sct=1&seg=0&dl=https%3A%2F%2Flabs.watchtowr.com%2Fcleo-cve-2024-50623%2F&dt=Cleo%20Harmony%2C%20VLTrader%2C%20and%20LexiCom%20-%20RCE%20via%20Arbitrary%20File%20Write%20(CVE-2024-50623)&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=437
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-Q0QQGYH9DL
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://labs.watchtowr.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 30 Dec 2024 11:31:23 GMT
content-type: text/plain
server: Golfe2

GET
H3 200 prism-java.min.js Show response
cdnjs.cloudflare.com/ajax/libs/prism/1.28.0/components/ 3 KB
2 KB 23ms
23ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/prism/1.28.0/components/prism-java.min.js

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/prism/1.28.0/plugins/autoloader/prism-autoloader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bde5702d65117123b38f2bce3c66a4880a246d9ba2055196a43a5be0d2992998

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "625c25f1-41e"
age: 7045669
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7BJzmNqQ2rWMJdMQvycdDvjIB7VDCon%2Bht4mk6j82QSy5u5LpfvDqIm9ipVQoDKSk7QOXHRJ7%2B%2FsZ%2Fb8xMjKxvEK9qAAUSCDfjnCJJh9R%2BOVmd9GWRlzOy1%2Boj8qT6uixQKUbifz"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Sat, 20 Dec 2025 11:31:23 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Mon, 30 Dec 2024 11:31:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 17 Apr 2022 14:36:33 GMT
vary: Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8fa1b404bc4f35fc-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1054
server: cloudflare

GET
H2 200 modules.60031afbf51fb3e88a5b.js Show response
script.hotjar.com/ 223 KB
56 KB 65ms
10ms Script
application/javascript 52.222.236.63
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.60031afbf51fb3e88a5b.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2950076.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.63 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-63.fra56.r.cloudfront.net

Software

Resource Hash

e38338484d969872e570a554c807dab4a79233b82d64a7cb7028fb459123d44a

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/

Response headers

x-robots-tag: none
content-encoding: br
etag: "b4a1a7933e55e780894c3f39b1aca0b4"
age: 1035616
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: jHNBtV8e3fQ7D9eHoaLZUqADKwwblRmuWoSV5u-eeXbOMnCaFj_Kuw==
date: Wed, 18 Dec 2024 11:51:07 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 18 Dec 2024 11:50:24 GMT
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
cross-origin-resource-policy: cross-origin
via: 1.1 3d34e163f3f1a0c4a397ad818b79a810.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 56408
x-amz-cf-pop: FRA56-P4

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
815 B 253ms
202ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=3860676&time=1735558283004&url=https%3A%2F%2Flabs.watchtowr.com%2Fcleo-cve-2024-50623%2F
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: *
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/

Response headers

x-li-pop: afd-prod-lor1-x
content-encoding: gzip
x-fs-uuid: 00062a7b26f435777c7f28c5b3e551c7
x-msedge-ref: Ref A: 943DD585D437496EA8D159A3D34203E4 Ref B: FRAEDGE1219 Ref C: 2024-12-30T11:31:23Z
x-li-fabric: prod-lor1
x-restli-protocol-version: 1.0.0
access-control-allow-methods: GET, OPTIONS
x-li-uuid: AAYqeyb0NXd8fyjFs+VRxw==
x-li-proto: http/2
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Mon, 30 Dec 2024 11:31:23 GMT
content-type: application/json
access-control-allow-headers: *

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3860676&time=1735558283004&url=https%3A%2F%2Flabs.watchtowr.com%2Fcleo-cve-2024-50623%2F
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3860676&time=1735558283004&url=https%3A%2F%2Flabs.watchtowr.com%2Fcleo-cve-2024-50623%2F&e_ipv6=AQIllS1bErVmLwAAAZQXVb9qEE33wg6cONJClwoNyFoaR6Asi...

0
266 B

196ms
111ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3860676&time=1735558283004&url=https%3A%2F%2Flabs.watchtowr.com%2Fcleo-cve-2024-50623%2F&e_ipv6=AQIllS1bErVmLwAAAZQXVb9qEE33wg6cONJClwoNyFoaR6AsiIfFvKfO4KO_VqQG
Requested by: Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/cleo-cve-2024-50623/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: CAB93AA893CA47948423C63C9FB7826F Ref B: DUS30EDGE0416 Ref C: 2024-12-30T11:31:23Z
x-li-fabric: prod-lva1
x-li-uuid: AAYqeyb2soRZ/fW47z9/Ug==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Mon, 30 Dec 2024 11:31:22 GMT
content-type: application/javascript

Redirect headers

linkedin-action: 1
x-li-pop: afd-prod-lva1-x
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3860676&time=1735558283004&url=https%3A%2F%2Flabs.watchtowr.com%2Fcleo-cve-2024-50623%2F&e_ipv6=AQIllS1bErVmLwAAAZQXVb9qEE33wg6cONJClwoNyFoaR6AsiIfFvKfO4KO_VqQG
x-msedge-ref: Ref A: 25AB52BD86A64FB49C12EB416D32A1ED Ref B: DUS30EDGE0807 Ref C: 2024-12-30T11:31:23Z
x-li-fabric: prod-lva1
x-li-uuid: AAYqeybznJZa0uEQWkB7qQ==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Mon, 30 Dec 2024 11:31:23 GMT

GET
H2 200 /
tr-rc.lfeeder.com/ 43 B
337 B 94ms
52ms Image
image/gif 18.245.46.110
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr-rc.lfeeder.com/?sid=3P1w24do6zP7mY5n&data=eyJnYVRyYWNraW5nSWRzIjpbXSwiZ2FNZWFzdXJlbWVudElkcyI6WyJHLVEwUVFHWUg5REwiXSwiZ2FDbGllbnRJZHMiOlsiMTE4MjIzMzk1My4xNzM1NTU4MjgzIl0sImNvbnRleHQiOnsibGlicmFyeSI6eyJuYW1lIjoibGZ0cmFja2VyIiwidmVyc2lvbiI6IjIuNjQuMSJ9LCJwYWdlVXJsIjoiaHR0cHM6Ly9sYWJzLndhdGNodG93ci5jb20vY2xlby1jdmUtMjAyNC01MDYyMy8iLCJwYWdlVGl0bGUiOiJDbGVvIEhhcm1vbnksIFZMVHJhZGVyLCBhbmQgTGV4aUNvbSAtIFJDRSB2aWEgQXJiaXRyYXJ5IEZpbGUgV3JpdGUgKENWRS0yMDI0LTUwNjIzKSIsInJlZmVycmVyIjoiIn0sImV2ZW50IjoidHJhY2tpbmctZXZlbnQiLCJjbGllbnRFdmVudElkIjoiNDNmYjU0ZTFhMzRkNDgxMSIsInNjcmlwdElkIjoiM1AxdzI0ZG82elA3bVk1biIsImNvb2tpZXNFbmFibGVkIjp0cnVlLCJjb25zZW50TGV2ZWwiOiJub25lIiwiYW5vbnltaXplSXAiOmZhbHNlLCJsZkNsaWVudElkIjoiTEYxLjEuYTQ3MGNlYTk1NGM3Mzk3Ny4xNzM1NTU4MjgzMDY5IiwiZm9yZWlnbkNvb2tpZXMiOltdLCJwcm9wZXJ0aWVzIjp7fSwiYXV0b1RyYWNraW5nRW5hYmxlZCI6dHJ1ZSwiYXV0b1RyYWNraW5nTW9kZSI6Im9uX3NjcmlwdF9sb2FkIn0=
Requested by: Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/cleo-cve-2024-50623/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.245.46.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-245-46-110.fra56.r.cloudfront.net
Software: CloudFront /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/

Response headers

cross-origin-resource-policy: cross-origin
via: 1.1 16cea8ae3ccd098a5d0b3b2c45b25a84.cloudfront.net (CloudFront)
x-cache: LambdaGeneratedResponse from cloudfront
content-length: 43
x-amz-cf-id: 1AxrAoZs_SsL44w84sMp_ZUkRyVfRJkadMOROtGclX8UgsMAWHDv3Q==
date: Mon, 30 Dec 2024 11:31:23 GMT
content-type: image/gif
x-amz-cf-pop: FRA56-P9
server: CloudFront
vary: Origin

POST
H2 200 / Show response
content.hotjar.io/ 56 B
171 B 166ms
65ms XHR
application/json 63.35.138.184
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.hotjar.io/?site_id=2950076&gzip=1
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.60031afbf51fb3e88a5b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 63.35.138.184 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-35-138-184.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 491866178d9a1a108c5ef0bba9e5ce65342ad1b575b46d271eaf9a99706c68c9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain; charset=UTF-8
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/

Response headers

access-control-max-age: 86400
access-control-allow-origin: *
content-length: 56
date: Mon, 30 Dec 2024 11:31:23 GMT
content-type: application/json

GET
H2 200 json Show response
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 180 B
1 KB 191ms
136ms XHR
application/json 2606:4700::6812:f36c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=23785948

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:f36c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b33b64a601de7635ad9acc7a75e0213f70643f9808f71baed179a591db758a46

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/

Response headers

access-control-max-age: 180
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RrRa4JBs9o44HtRzokBYFQlgH4Y%2F%2BxznVwhZ%2Bgcm8YiTvY1slOlAb0cFklSxeMZFQVTW02wBS754o144AqjQb%2FvD4w5all4%2BAop6sBfU1sLEJyUJE%2BRWmdbAO5r1RurH1fKIX%2BxBp37xe16G"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-content-type-options: nosniff
date: Mon, 30 Dec 2024 11:31:23 GMT
x-hubspot-correlation-id: aecbc66c-539d-4993-a4d5-bbfa92fe54b7
content-type: application/json;charset=utf-8
vary: origin, Accept-Encoding
access-control-allow-headers: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials: false
cf-ray: 8fa1b4065d585d50-FRA
access-control-allow-origin: https://labs.watchtowr.com
server: cloudflare

GET
H2 200 json Show response
forms.hscollectedforms.net/collected-forms/v1/config/ 136 B
640 B 145ms
116ms XHR
application/json 2606:4700::6810:6dfe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=23785948&utk=

Requested by

Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6dfe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1102619929d461c761d302e6023c47c0e8440f2c1e6215cced390867bd868e09

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/

Response headers

x-robots-tag: none
access-control-max-age: 180
x-request-id: fe9ccc45-1966-498e-b8e1-33f0adf3c8ef
content-encoding: br
cf-cache-status: DYNAMIC
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
date: Mon, 30 Dec 2024 11:31:23 GMT
x-hubspot-correlation-id: fe9ccc45-1966-498e-b8e1-33f0adf3c8ef
content-type: application/json;charset=utf-8
vary: Accept-Encoding
access-control-allow-headers: *
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-fpplf
x-envoy-upstream-service-time: 3
cf-ray: 8fa1b4062f5d92a7-FRA
access-control-allow-origin: https://labs.watchtowr.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

OPTIONS
H3 204 track
api.factors.ai/sdk/event/ Frame 0
0 161ms
161ms Preflight 34.160.69.120
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.factors.ai/sdk/event/track
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.160.69.120 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 120.69.160.34.bc.googleusercontent.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://labs.watchtowr.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin,Content-Length,Content-Type,Authorization,Access-Control-Allow-Headers,Access-Control-Allow-Origin,Invalidate-Cache,Funnel-V2,Use-Filter-Opt-Profiles,Use-Filter-Opt-Events-Users
access-control-allow-methods: GET,POST,PUT,HEAD,DELETE
access-control-allow-origin: https://labs.watchtowr.com
access-control-max-age: 43200
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 30 Dec 2024 11:31:23 GMT
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers
via: 1.1 google

OPTIONS
H3 204 add_properties
api.factors.ai/sdk/user/ Frame 0
0 162ms
162ms Preflight 34.160.69.120
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.factors.ai/sdk/user/add_properties
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.160.69.120 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 120.69.160.34.bc.googleusercontent.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://labs.watchtowr.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin,Content-Length,Content-Type,Authorization,Access-Control-Allow-Headers,Access-Control-Allow-Origin,Invalidate-Cache,Funnel-V2,Use-Filter-Opt-Profiles,Use-Filter-Opt-Events-Users
access-control-allow-methods: GET,POST,PUT,HEAD,DELETE
access-control-allow-origin: https://labs.watchtowr.com
access-control-max-age: 43200
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 30 Dec 2024 11:31:23 GMT
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers
via: 1.1 google

OPTIONS
H3 204 add_properties
api.factors.ai/sdk/user/ Frame 0
0 162ms
162ms Preflight 34.160.69.120
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.factors.ai/sdk/user/add_properties
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.160.69.120 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 120.69.160.34.bc.googleusercontent.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://labs.watchtowr.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin,Content-Length,Content-Type,Authorization,Access-Control-Allow-Headers,Access-Control-Allow-Origin,Invalidate-Cache,Funnel-V2,Use-Filter-Opt-Profiles,Use-Filter-Opt-Events-Users
access-control-allow-methods: GET,POST,PUT,HEAD,DELETE
access-control-allow-origin: https://labs.watchtowr.com
access-control-max-age: 43200
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 30 Dec 2024 11:31:23 GMT
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers
via: 1.1 google

POST
H3 200 track Show response
api.factors.ai/sdk/event/ 96 B
113 B 164ms
162ms Fetch
application/json 34.160.69.120
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.factors.ai/sdk/event/track
Requested by: Host: app.factors.ai
URL: https://app.factors.ai/assets/v1/factors.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.160.69.120 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 120.69.160.34.bc.googleusercontent.com
Software: /
Resource Hash: 6245ed591dcbcc542299bd620f4c6ac013709369e9e9f39a4dfa1e2a0ef5844e

Request headers

Authorization: fp50m8phd32g8y5reokdoan3w55o0nc3
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

x-req-id: ctp892vh000c73fi48q0
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://labs.watchtowr.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 96
date: Mon, 30 Dec 2024 11:31:23 GMT
content-type: application/json; charset=utf-8
vary: Origin

POST
H3 200 add_properties Show response
api.factors.ai/sdk/user/ 49 B
65 B 160ms
159ms Fetch
application/json 34.160.69.120
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.factors.ai/sdk/user/add_properties
Requested by: Host: app.factors.ai
URL: https://app.factors.ai/assets/v1/factors.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.160.69.120 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 120.69.160.34.bc.googleusercontent.com
Software: /
Resource Hash: d77e82654b78a6f97d3b45cacbca5901b92394f5489aed5de07fab2d0efc2015

Request headers

Authorization: fp50m8phd32g8y5reokdoan3w55o0nc3
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

x-req-id: ctp892vh000c73bpor4g
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://labs.watchtowr.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49
date: Mon, 30 Dec 2024 11:31:23 GMT
content-type: application/json; charset=utf-8
vary: Origin

POST
H3 200 add_properties Show response
api.factors.ai/sdk/user/ 49 B
65 B 161ms
160ms Fetch
application/json 34.160.69.120
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.factors.ai/sdk/user/add_properties
Requested by: Host: app.factors.ai
URL: https://app.factors.ai/assets/v1/factors.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.160.69.120 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 120.69.160.34.bc.googleusercontent.com
Software: /
Resource Hash: d77e82654b78a6f97d3b45cacbca5901b92394f5489aed5de07fab2d0efc2015

Request headers

Authorization: fp50m8phd32g8y5reokdoan3w55o0nc3
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

x-req-id: ctp892t2pkuc73c0dq50
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://labs.watchtowr.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49
date: Mon, 30 Dec 2024 11:31:23 GMT
content-type: application/json; charset=utf-8
vary: Origin

GET
H2 200 i Show response
scout.salesloft.com/ 48 B
467 B 99ms
99ms XHR
application/json 44.193.179.36
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://scout.salesloft.com/i

Requested by

Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

44.193.179.36 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-193-179-36.compute-1.amazonaws.com

Software

Resource Hash

1ed9c85e243307e0b584f3d5e4b808c1fa74d922531af140d3e765dbf987179e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-request-id: ad93d53d03a3d25531465e18ece51478
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://labs.watchtowr.com
content-length: 48
date: Mon, 30 Dec 2024 11:31:23 GMT
content-type: application/json; charset=utf-8

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
197 B 118ms
117ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: *
Content-Type: text/plain;charset=UTF-8

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 11D5571F5DAA4D1087B9219A4CFE0164 Ref B: DUS30EDGE0807 Ref C: 2024-12-30T11:31:23Z
x-li-fabric: prod-lva1
access-control-allow-credentials: true
x-li-uuid: AAYqeyb4cfzF86v1yafZig==
x-li-proto: http/2
access-control-allow-origin: https://labs.watchtowr.com
x-cache: CONFIG_NOCACHE
date: Mon, 30 Dec 2024 11:31:23 GMT
vary: Origin

GET
H2 200 yl8vfv7j Show response
widget.intercom.io/widget/ 7 KB
3 KB 52ms
18ms Script
application/javascript 108.138.26.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.intercom.io/widget/yl8vfv7j
Requested by: Host: labs.watchtowr.com
URL: https://labs.watchtowr.com/cleo-cve-2024-50623/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.26.124 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-26-124.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 24e648acca09d3d25c65b5c939d25690b900ebce39d1f9613f97ad3055672de8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/

Response headers

content-encoding: gzip
x-amz-version-id: dB7tCuGOnLXMdqSBNRlNtXOgWrbCSdnb
etag: "ce6fa2782f80aa64907c190aeaf50b40"
age: 217
alt-svc: h3=":443"; ma=86400
x-cache: Error from cloudfront
x-amz-cf-id: c4dh7wdRM5hS4Gcq7ELTqpIstWfs1q0EFr5FdL2MdaEWDzmbrT5HOw==
date: Mon, 30 Dec 2024 11:28:12 GMT
content-type: application/javascript; charset=UTF-8
vary: accept-encoding, Origin
last-modified: Tue, 24 Dec 2024 06:18:16 GMT
cache-control: max-age=300, s-maxage=300, public
cross-origin-resource-policy: cross-origin
via: 1.1 ca339b9e98820e424be1609317fd0314.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 2666
x-amz-cf-pop: FRA56-P7
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
1 KB 149ms
123ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=930271884&v=1.1&a=23785948&rcu=https%3A%2F%2Flabs.watchtowr.com%2Fcleo-cve-2024-50623%2F&pu=https%3A%2F%2Flabs.watchtowr.com%2Fcleo-cve-2024-50623%2F&t=Cleo+Harmony%2C+VLTrader%2C+and+LexiCom+-+RCE+via+Arbitrary+File+Write+(CVE-2024-50623)&cts=1735558283378&vi=2d4101a701268494b06e7b027b16f163&nc=true&u=64999280.2d4101a701268494b06e7b027b16f163.1735558283376.1735558283376.1735558283376.1&b=64999280.1.1735558283376&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/

Response headers

x-robots-tag: none
x-request-id: db1fb191-a807-49d6-9fe6-f766f66648bd
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ms%2BNrn6%2FWdZZ8T1JWXGoVMg3thvkFYykssZBRshZc4TbqmPn1GmOCRLrCMx9CROAxdk4vrbLONBAlgpEbO%2BH6EMjj90NbiKr8AFs5B%2FXU2%2Bs9v1RnPW4zggjPCXHesuoV3AATsEh2GbOmY2%2FIEUz"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Mon, 30 Dec 2024 11:31:23 GMT
x-hubspot-correlation-id: db1fb191-a807-49d6-9fe6-f766f66648bd
content-type: image/gif
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-c658cb6d4-ktnwt
x-envoy-upstream-service-time: 4
access-control-allow-credentials: false
cf-ray: 8fa1b4075babdc58-FRA
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 Logo.png
labs.watchtowr.com/content/images/size/w256h256/2022/05/ 3 KB
3 KB 11ms
11ms Other
image/png 2a04:4e42::775
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.watchtowr.com/content/images/size/w256h256/2022/05/Logo.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: openresty /
Resource Hash: dba1c596f2785886e854da7993f9e62f17831524432311f1776631ca100ae9f6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/

Response headers

x-request-id: 6b782f31-6f4d-4ac5-a776-f641859135b0
etag: W/"c7f-185e7b6bafe"
age: 752641
ghost-fastly: true
status: 206 Partial Content
alt-svc: clear
x-cache: HIT, HIT
date: Mon, 30 Dec 2024 11:31:23 GMT
content-type: image/png
x-served-by: cache-ams21075-AMS, cache-fra-etou8220122-FRA
x-cache-hits: 12, 0
last-modified: Wed, 25 Jan 2023 06:56:30 GMT
cache-control: public, max-age=31536000
x-timer: S1735558283.388154,VS0,VE1
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 3199
fastly-restarts: 1
server: openresty

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 364 KB
121 KB 53ms
52ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-473120239

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0a657e6f57bc2213dc6414e93f62110613c4f4cad0ceb93e0855c17bdfab48a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Mon, 30 Dec 2024 11:31:23 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 30 Dec 2024 11:31:23 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 124141
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 364 KB
122 KB 33ms
32ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-473120239&l=dataLayer&cx=c&gtm=45je4cc1v877901959za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-Q0QQGYH9DL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

af23249a14edce459b0d198ef8db59080df991d09d630a254545d6c555effb73

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Mon, 30 Dec 2024 11:31:23 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 30 Dec 2024 11:31:23 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 124285
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 frame-modern.e04abc33.js Show response
js.intercomcdn.com/ Frame F543 473 KB
143 KB 74ms
28ms Script
application/javascript 18.245.46.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.intercomcdn.com/frame-modern.e04abc33.js

Requested by

Host: widget.intercom.io
URL: https://widget.intercom.io/widget/yl8vfv7j

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.46.19 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-46-19.fra56.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

25ff6776801dfa286a9bdfaca8b6ccee3c610de4d77b8aedc699d3c92915fb5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
x-amz-version-id: P3Pggbfb17b7kSgDoDbyyaiy4LtRJiZr
etag: "c69e634fae23fa0454d845121a0ef415"
age: 1734
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: gtnF6c49YdfSTNuCcf3xUZ27_f9rW_H1HaHXBhaKMfT0xP_ojPQUOg==
date: Mon, 30 Dec 2024 11:02:30 GMT
content-type: application/javascript; charset=UTF-8
vary: accept-encoding
last-modified: Mon, 23 Dec 2024 08:59:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=31536000, s-maxage=7200, public
cross-origin-resource-policy: cross-origin
via: 1.1 16cea8ae3ccd098a5d0b3b2c45b25a84.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 145706
x-amz-cf-pop: FRA56-P9
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 vendor-modern.5c288613.js Show response
js.intercomcdn.com/ Frame F543 456 KB
145 KB 57ms
12ms Script
application/javascript 18.245.46.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.intercomcdn.com/vendor-modern.5c288613.js

Requested by

Host: widget.intercom.io
URL: https://widget.intercom.io/widget/yl8vfv7j

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.46.19 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-46-19.fra56.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

ad0e16e3e83936688a11f292ef26cd62ff0b2125053c37e9cc8ac41b24f44342

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
x-amz-version-id: xO7vAinJMKeVEGoyHqgLOmOlXybuNRZm
etag: "cfcbe890471af67f5140f9f36766a673"
age: 3875
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: 6Uy85ayOA793ifI1Zzby0Gmrkp_YgJ4SfKGbqO4g-vFcr3eba6Bmew==
date: Mon, 30 Dec 2024 10:26:49 GMT
content-type: application/javascript; charset=UTF-8
vary: accept-encoding
last-modified: Wed, 18 Dec 2024 17:16:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=31536000, s-maxage=7200, public
cross-origin-resource-policy: cross-origin
via: 1.1 16cea8ae3ccd098a5d0b3b2c45b25a84.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 147369
x-amz-cf-pop: FRA56-P9
server: AmazonS3
x-amz-server-side-encryption: AES256

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 20ms
19ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-YE8H14CV4Y&gtm=45be4cc1v9133851718za200zb877901959&_p=1735558282820&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102081485~102198178&gdid=dZTQ1Zm&cid=1182233953.1735558283&ul=de-de&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&_s=1&sid=1735558283&sct=1&seg=0&dl=https%3A%2F%2Flabs.watchtowr.com%2Fcleo-cve-2024-50623%2F&dt=Cleo%20Harmony%2C%20VLTrader%2C%20and%20LexiCom%20-%20RCE%20via%20Arbitrary%20File%20Write%20(CVE-2024-50623)&en=page_view&_fv=1&_ss=1&_ee=1&tfd=962
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-473120239&l=dataLayer&cx=c&gtm=45je4cc1v877901959za200
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://labs.watchtowr.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 30 Dec 2024 11:31:23 GMT
content-type: text/plain
server: Golfe2

POST
H3 200 collect
www.google.com/ccm/ 0
0 51ms
17ms Ping
text/plain 172.217.16.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Flabs.watchtowr.com%2Fcleo-cve-2024-50623%2F&scrsrc=www.googletagmanager.com&frm=0&rnd=1819553311.1735558284&dt=Cleo%20Harmony%2C%20VLTrader%2C%20and%20LexiCom%20-%20RCE%20via%20Arbitrary%20File%20Write%20(CVE-2024-50623)&auid=857226741.1735558284&navt=n&npa=1&did=dZTQ1Zm&gdid=dZTQ1Zm&gtm=45be4cc1v9133851718za200zb877901959&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102081485~102198178&tft=1735558283524&tfd=969&apve=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-473120239&l=dataLayer&cx=c&gtm=45je4cc1v877901959za200
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.217.16.196 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s08-in-f4.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://labs.watchtowr.com/cleo-cve-2024-50623/

Response headers

GET
H2 200 sw_iframe.html
www.googletagmanager.com/static/service_worker/4cc0/ Frame B845 0
0 28ms
8ms Document
text/html 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/static/service_worker/4cc0/sw_iframe.html?origin=https%3A%2F%2Flabs.watchtowr.com

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-473120239&l=dataLayer&cx=c&gtm=45je4cc1v877901959za200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 31899
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 1476
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="analytics-container-tag-serving"
cross-origin-resource-policy: cross-origin
date: Mon, 30 Dec 2024 02:39:44 GMT
expires: Tue, 30 Dec 2025 02:39:44 GMT
last-modified: Thu, 12 Dec 2024 10:18:00 GMT
report-to: {"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]}
server: sffe
service-worker-allowed: /static/service_worker
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 launcher_settings Show response
api-iam.intercom.io/messenger/web/ Frame F543 241 B
900 B 342ms
145ms XHR
application/json 52.3.58.56
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api-iam.intercom.io/messenger/web/launcher_settings

Requested by

Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.e04abc33.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.3.58.56 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-3-58-56.compute-1.amazonaws.com

Software

nginx /

Resource Hash

6f1db4336845c912f7cfad2978fd2044ce5d361388a7a5f38fdc808c0669eccd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer

Response headers

x-request-id: 003slur85picc41gqbc0
access-control-expose-headers: x-request-id
content-encoding: gzip
etag: W/"6f1db4336845c912f7cfad2978fd2044"
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
status: 200 OK
date: Mon, 30 Dec 2024 11:31:23 GMT
content-type: application/json; charset=utf-8
vary: Accept,Accept-Encoding
x-runtime: 0.034886
access-control-allow-headers: Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31556952; includeSubDomains; preload
x-request-queueing: 0
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://labs.watchtowr.com
x-xss-protection: 1; mode=block
x-intercom-version: 61107ce7d1b73fce67f96fd8b7033fb50ee3638c
x-ami-version: ami-08947a3930195f6bd
server: nginx

POST
H2 200 ping Show response
api-iam.intercom.io/messenger/web/ Frame F543 4 KB
2 KB 511ms
316ms XHR
application/json 52.3.58.56
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api-iam.intercom.io/messenger/web/ping

Requested by

Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.e04abc33.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.3.58.56 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-3-58-56.compute-1.amazonaws.com

Software

nginx /

Resource Hash

4e4ce82cd52f2c5760ed9bedade870bb483312bd07e4dbfe1571ec7f73d62f31

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer

Response headers

x-request-id: 003sjfg84e27avokok0g
access-control-expose-headers: x-request-id
content-encoding: gzip
etag: W/"4e4ce82cd52f2c5760ed9bedade870bb"
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
status: 200 OK
date: Mon, 30 Dec 2024 11:31:24 GMT
content-type: application/json; charset=utf-8
vary: Accept,Accept-Encoding
x-runtime: 0.212236
access-control-allow-headers: Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31556952; includeSubDomains; preload
x-request-queueing: 0
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://labs.watchtowr.com
x-xss-protection: 1; mode=block
x-intercom-version: 61107ce7d1b73fce67f96fd8b7033fb50ee3638c
x-ami-version: ami-08947a3930195f6bd
server: nginx

POST
H2 200 ping Show response
api-iam.intercom.io/messenger/web/ Frame F543 4 KB
2 KB 283ms
282ms XHR
application/json 52.3.58.56
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api-iam.intercom.io/messenger/web/ping

Requested by

Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.e04abc33.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.3.58.56 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-3-58-56.compute-1.amazonaws.com

Software

nginx /

Resource Hash

1cdddfc92ae36d4842148e09ddaf830e09b31a4d55692f64f29ca6c0a85f50e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer

Response headers

x-request-id: 003sh1meil49kj8v9mj0
access-control-expose-headers: x-request-id
content-encoding: gzip
etag: W/"1cdddfc92ae36d4842148e09ddaf830e"
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
status: 200 OK
date: Mon, 30 Dec 2024 11:31:24 GMT
content-type: application/json; charset=utf-8
vary: Accept,Accept-Encoding
x-runtime: 0.187107
access-control-allow-headers: Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31556952; includeSubDomains; preload
x-request-queueing: 0
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://labs.watchtowr.com
x-xss-protection: 1; mode=block
x-intercom-version: 61107ce7d1b73fce67f96fd8b7033fb50ee3638c
x-ami-version: ami-08947a3930195f6bd
server: nginx

Verdicts & Comments Add Verdict or Comment

75 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

27 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.hs-scripts.com/	1970-01-21 02:06:00	Name: __cf_bm Value: wqcEmjRET8l09AHF6hVvm0CbB26LS8nId.u4pNDnnME-1735558282-1.0.1.1-HVBEEIrGPKkDblbltlEvl1icSpVQoFE3_x6q96bwwQ4jYNh1bf1yEvK8iNj_q0YyoJzpc3EWLb9fTJrsbcUBMw
.watchtowr.com/	1970-01-21 11:41:58	Name: _ga_Q0QQGYH9DL Value: GS1.1.1735558282.1.0.1735558282.0.0.0
.watchtowr.com/	1970-01-21 11:41:58	Name: _ga Value: GA1.1.1182233953.1735558283
.hs-analytics.net/	1970-01-21 02:06:00	Name: __cf_bm Value: scWxYhZ.bX0xZzZ4.zCN9TK8QiudX3dw9Ecvze3or3g-1735558283-1.0.1.1-.3tVaBsaVsUK6r_NDArKBAwz7x3.tRGhVM.hPT_0hG.WXHHYCvADmx0BbM5u6rJUQO402YZmsA9iifff4FJ2sA
.hsadspixel.net/	1970-01-21 02:06:00	Name: __cf_bm Value: _SUNLeXujVkpKz0pxn.auJhEaLK8TtYPuAPMYYQ_WUg-1735558283-1.0.1.1-b_8_.1Wov6W6xJw0.CX7FAu_JDJcppsCfqYTHkoxDzi9yN9FofN9EBYx2qgHBztoyH1u5HInUUciaG3YqUv2Zw
.watchtowr.com/	1970-01-21 10:51:34	Name: _lfa Value: LF1.1.a470cea954c73977.1735558283069
.watchtowr.com/	1970-01-21 10:51:34	Name: _hjSessionUser_2950076 Value: eyJpZCI6IjQ4NTlkM2Y3LTY1OWUtNTExZi1hYTkzLTBlMGRiZDg5MmIwYiIsImNyZWF0ZWQiOjE3MzU1NTgyODMxMTYsImV4aXN0aW5nIjp0cnVlfQ==
.watchtowr.com/	1970-01-21 02:06:00	Name: _hjSession_2950076 Value: eyJpZCI6IjU4N2MxZmZiLTQ4ZjktNDY4Ny04MjM0LWYwNGM4ZjU1ZjZhMiIsImMiOjE3MzU1NTgyODMxMTcsInMiOjEsInIiOjEsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=
.linkedin.com/	1970-01-21 10:51:34	Name: bcookie Value: "v=2&986f130f-a12f-48ea-8ad5-b46211935312"
.linkedin.com/	1970-01-21 06:25:10	Name: li_gc Value: MTswOzE3MzU1NTgyODM7MjswMjE4kqkCcAsbPP0nqPQ2kcqj+14GkBfn7FMuB+uMczZy3A==
.linkedin.com/	1970-01-21 02:07:24	Name: lidc Value: "b=VGST03:s=V:r=V:a=V:p=V:g=3373:u=1:x=1:i=1735558283:t=1735644683:v=2:sig=AQGgaMaopBAi9Ba4v4Xix58BMyr6DNLv"
.hs-banner.com/	1970-01-21 02:06:00	Name: __cf_bm Value: Jm979.CgnYbEfJxAU4TrhCqbD2kQpc4slTg1vedA9yc-1735558283-1.0.1.1-cDEIkh.oyUrFC.KW9UNr1ecqrckWvnZLUSVYFlF6akG81XhZhC3okLlf9J6n6zDHBxpLf97PsdnZhd.xww1pAQ
.watchtowr.com/	1970-01-21 11:41:58	Name: _fuid Value: MzdmZGU4ZDgtZWNkNS00ODRiLThlZDEtZjE1NjEyNzM2ZGM2
labs.watchtowr.com/	1970-01-21 02:16:03	Name: slireg Value: https://scout.us3.salesloft.com
.watchtowr.com/	1970-01-21 06:25:10	Name: __hstc Value: 64999280.2d4101a701268494b06e7b027b16f163.1735558283376.1735558283376.1735558283376.1
.watchtowr.com/	1970-01-21 06:25:10	Name: hubspotutk Value: 2d4101a701268494b06e7b027b16f163
.watchtowr.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.watchtowr.com/	1970-01-21 02:06:00	Name: __hssc Value: 64999280.1.1735558283376
labs.watchtowr.com/	1970-01-21 10:51:34	Name: sliguid Value: bae846c8-1454-448f-b561-bfcb69df1b2f
labs.watchtowr.com/	1970-01-21 10:51:34	Name: slirequested Value: true
.watchtowr.com/	1970-01-21 11:41:58	Name: _ga_YE8H14CV4Y Value: GS1.1.1735558283.1.0.1735558283.0.0.0
.watchtowr.com/	1970-01-21 04:15:34	Name: _gcl_au Value: 1.1.857226741.1735558284
.hubspot.com/	1970-01-21 02:06:00	Name: __cf_bm Value: Zl9ra8Rln9LNSNABsu05YffRzfZEcbgS9Ln3ttnUXOY-1735558283-1.0.1.1-VxYLyQCJSE_TiUpEvgXQeIU2goip5rqAGmtIIYwoMQM5zVCkKKha20EDnljWilcs.Gn2T0yQtg6jUKjiHgI0QQ
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: KJfOKjsElnduofoU1HdxW8fqu4Cpl6ck7TFaf3mlA3k-1735558283521-0.0.1.1-604800000
.watchtowr.com/	1970-01-21 08:34:48	Name: intercom-id-yl8vfv7j Value: 8f04fb19-aeb5-42a9-96df-bf946f8a3fad
.watchtowr.com/	1970-01-21 02:16:03	Name: intercom-session-yl8vfv7j Value:
.watchtowr.com/	1970-01-21 08:34:48	Name: intercom-device-id-yl8vfv7j Value: c224ee1b-5ee0-4c1c-bba3-44b32471d9b9

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api-iam.intercom.io
api.factors.ai
api.hubapi.com
app.factors.ai
cdn.jsdelivr.net
cdnjs.cloudflare.com
content.hotjar.io
fonts.googleapis.com
forms.hscollectedforms.net
js-na1.hs-scripts.com
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.hscollectedforms.net
js.intercomcdn.com
labs.watchtowr.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.google-analytics.com
sc.lfeeder.com
scout-cdn.salesloft.com
scout.salesloft.com
script.hotjar.com
snap.licdn.com
static.hotjar.com
tr-rc.lfeeder.com
track.hubspot.com
widget.intercom.io
www.google.com
www.googletagmanager.com
104.17.24.14
108.138.26.124
13.107.42.14
151.101.1.195
172.217.16.196
18.245.46.110
18.245.46.19
18.66.102.11
2001:4860:4802:34::36
2600:9000:2250:f600:4:d7e1:700:93a1
2606:4700:4400::6812:28f0
2606:4700::6810:4869
2606:4700::6810:6dfe
2606:4700::6810:7574
2606:4700::6810:8bd1
2606:4700::6810:a0a8
2606:4700::6811:80ac
2606:4700::6812:f36c
2620:1ec:21::14
2a00:1450:4001:801::200a
2a00:1450:4001:830::2008
2a02:26f0:3500:2b::17cf:d260
2a04:4e42:200::485
2a04:4e42::775
34.160.69.120
44.193.179.36
52.222.236.63
52.3.58.56
63.35.138.184
0a657e6f57bc2213dc6414e93f62110613c4f4cad0ceb93e0855c17bdfab48a3
0f226cc83a8ef2be2af40f20ef5aa1e8c43cb53854e8bb5a916851feb361a870
1102619929d461c761d302e6023c47c0e8440f2c1e6215cced390867bd868e09
1764bc84ea6abe91f1634b73a5a6c0ebff400461dfea6a4040bd0c03d86caa8b
1b15fe2971998a048aebb60f26f6eed76122071db9ef3b995abd003224f52a98
1cdddfc92ae36d4842148e09ddaf830e09b31a4d55692f64f29ca6c0a85f50e7
1cfea949b0b2925d27b84d56d18f2ea1c6b948fdf3ae95c534a14706043da178
1ed9c85e243307e0b584f3d5e4b808c1fa74d922531af140d3e765dbf987179e
1fca19e97c3cbc726acc8d8e5ccb34aa99a0b6153054d724560a53c07a652397
24e648acca09d3d25c65b5c939d25690b900ebce39d1f9613f97ad3055672de8
25ff6776801dfa286a9bdfaca8b6ccee3c610de4d77b8aedc699d3c92915fb5a
274ba032d9071697b02e08b0833af8b4ed90b453740cdc11528b7e058bdb8f36
27c72000333080dee55d65b2323469fa581afe51ee0d5f0653454cc0af078b7e
3033e81c1e014c17da807364c999ae4c4d6480a0ded667df4714ed38c20e39ea
3836f658ace0c39610be52496bf15e445138354e4fe140c1c0db9a47b2e04fcc
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
491866178d9a1a108c5ef0bba9e5ce65342ad1b575b46d271eaf9a99706c68c9
4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440
4b9ee54747beb19126d4829f3bfc45823f5871c145a96256ee14d0000d35bd61
4e4ce82cd52f2c5760ed9bedade870bb483312bd07e4dbfe1571ec7f73d62f31
5457a83229acb39e1625c8e08964a52c5fbd5e604182ca19416cabc2ebb41169
5f13a582e4dd93e0b6e6f7147e788f5a3d679e22f57bf3d2814eb990f137a557
6245ed591dcbcc542299bd620f4c6ac013709369e9e9f39a4dfa1e2a0ef5844e
653dd026068639c920becd532cf32e17cab76ed6de3d821abfc7ba6c49b6ea64
677a138de946a78b69e7c02f7082023ed6a81823499588196cdc41d770903cc3
6c0d4e3bd890a4bf01c9a301d3e3ff127af22636c4f94250cc230815eb701593
6f1db4336845c912f7cfad2978fd2044ce5d361388a7a5f38fdc808c0669eccd
74beaf9148829f7d253d337d715ae6407a39510984c0332bc76a69024e088559
7b257e1e81be5f3928d1fa0dc765a5d77eb818b61d72f940ee947dc955bbbb0b
7e7f73f724d4777cd5cc5c2004f85c3c400d3530ab2d064d3d9558d042677657
7ed5aace5e97d31df74e19a34bf3243c02dfb3b92c5fe3858a921c5e62297977
8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed
94c33d6b7a8a3ec1b2fa2f21d8d13e760f5a2b1d0bcd6bc79040eaf8fc3db99a
9c076c44c2a65588a5171b190d29e39c5542fae2e2fa68550e830d5fb4b8dc65
ad0e16e3e83936688a11f292ef26cd62ff0b2125053c37e9cc8ac41b24f44342
af23249a14edce459b0d198ef8db59080df991d09d630a254545d6c555effb73
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b33b64a601de7635ad9acc7a75e0213f70643f9808f71baed179a591db758a46
bde5702d65117123b38f2bce3c66a4880a246d9ba2055196a43a5be0d2992998
c04c22ec20671d45136ecbb2c6c1729daecf3a089378842a926769966202c863
c76ba4e240932bdc75546be30e550f5ba5e13815ff71511c76e9e27ac3072444
ceaf8255e1258fa5e1e32c9dee6c940e0562695951c628f7415b9a93eb085e95
d77e82654b78a6f97d3b45cacbca5901b92394f5489aed5de07fab2d0efc2015
dba1c596f2785886e854da7993f9e62f17831524432311f1776631ca100ae9f6
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
e2624d4f66cc5f171cd460896b106630f7666a1e638b42dd9ddefd0ca7758683
e38338484d969872e570a554c807dab4a79233b82d64a7cb7028fb459123d44a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f16816fb2242a84c6ff6715a48c6d0a3e469e3250912cb9f1b755ca537d02f48
f7295e1558398f5138bce7483481b07ed8a5faed4c15a1ad690db52cb6cac40c
fa9677c89fe1c6c38c9080eb6c2474a0c34a7c85e1b7d385c56ee9879a78f454
fe75e2f19995bb98fc0cada1a006e5166046dcc40e07c75434893f1f87b7e854

labs.watchtowr.com Open in urlscan Pro 2a04:4e42::775 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

62 Requests

98 %HTTPS

55 %IPv6

23 Domains

30 Subdomains

29 IPs

4 Countries

1144 kBTransfer

3206 kBSize

27 Cookies

12 Outgoing links

Redirected requests

62 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

labs.watchtowr.com Open in urlscan Pro
2a04:4e42::775 Public Scan

Screenshot
Live screenshot

Full Image

62
Requests

98 %
HTTPS

55 %
IPv6

23
Domains

30
Subdomains

29
IPs

4
Countries

1144 kB
Transfer

3206 kB
Size

27
Cookies

62 HTTP transactions
0 data transactions